User Access module implementation with the microsoft identity framework.

.gitignore

@@ -275,3 +275,10 @@ UploadedFiles
 #Nuke working directory
 .nuke-working-directory
 /src/API/CompanyName.MyMeetings.API/tempkey.jwk
+
+
+#Ignore appsettings
+**/appsettings.Development.json
+
+# CodeRush personal settings
+**/.cr/personal

src/API/CompanyName.MyMeetings.API/CompanyName.MyMeetings.API.csproj

@@ -5,7 +5,15 @@
  <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
  <DockerfileContext>..\..</DockerfileContext>
  </PropertyGroup>
- <ItemGroup>
- <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
- </ItemGroup>
+
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+ <DocumentationFile>.\CompanyName.MyMeetings.API.xml</DocumentationFile>
+ <NoWarn>1701;1702;1591</NoWarn>
+ </PropertyGroup>
+
+ <ItemGroup>
+ <Compile Remove="Modules\UserAccess\IdentityServer\AuthenticatedUserController.cs" />
+ <Compile Remove="Modules\UserAccess\IdentityServer\EmailsController.cs" />
+ <Compile Remove="Modules\UserAccess\IdentityServer\UserRegistrationsController.cs" />
+ </ItemGroup>
 </Project>

src/API/CompanyName.MyMeetings.API/Configuration/Authorization/HasPermissionAuthorizationHandler.cs

@@ -1,6 +1,6 @@
 using CompanyName.MyMeetings.BuildingBlocks.Application;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Authorization.GetUserPermissions;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Contracts;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Authorization.GetUserPermissions;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Contracts;
 using Microsoft.AspNetCore.Authorization;
 
 namespace CompanyName.MyMeetings.API.Configuration.Authorization

src/API/CompanyName.MyMeetings.API/Configuration/Authorization/PermissionAuthorizationHandler.cs

@@ -0,0 +1,61 @@
+using CompanyName.MyMeetings.BuildingBlocks.Application;
+using CompanyName.MyMeetings.Modules.UserAccessMI.Application.Authorization.GetPermissions;
+using CompanyName.MyMeetings.Modules.UserAccessMI.Application.Authorization.GetPermissions.ByUserId;
+using CompanyName.MyMeetings.Modules.UserAccessMI.Application.Contracts;
+using Microsoft.AspNetCore.Authorization;
+
+namespace CompanyName.MyMeetings.API.Configuration.Authorization;
+
+internal class PermissionAuthorizationHandler : AttributeAuthorizationHandler<HasPermissionAuthorizationRequirement, HasPermissionAttribute>
+{
+ private readonly IUserAccessModule _userAccessModule;
+ private readonly IExecutionContextAccessor _executionContextAccessor;
+
+ public PermissionAuthorizationHandler(
+ IUserAccessModule userAccessModule,
+ IExecutionContextAccessor executionContextAccessor)
+ {
+ _userAccessModule = userAccessModule;
+ _executionContextAccessor = executionContextAccessor;
+ }
+
+ protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, HasPermissionAuthorizationRequirement requirement, HasPermissionAttribute attribute)
+ {
+ if (!_executionContextAccessor.IsAuthenticated)
+ {
+ context.Fail();
+ return;
+ }
+
+ var userId = _executionContextAccessor.UserId;
+ var response = await _userAccessModule.ExecuteQueryAsync(new GetPermissionsQuery(userId));
+ if (response.HasError)
+ {
+ context.Fail();
+ return;
+ }
+
+ var permissions = response.Value ?? Enumerable.Empty<PermissionDto>();
+
+ // Short circuit if the user owns the administrator privilege.
+ if (permissions.Any(x => x.Code.Equals(ApplicationPermissions.Administrator)))
+ {
+ context.Succeed(requirement);
+ return;
+ }
+
+ // Check if the user owns the necessary rights.
+ if (!IsAuthorized(attribute.Name, permissions))
+ {
+ context.Fail();
+ return;
+ }
+
+ context.Succeed(requirement);
+ }
+
+ private bool IsAuthorized(string permission, IEnumerable<PermissionDto> permissions)
+ {
+ return permissions.Any(x => x.Code == permission);
+ }
+}

src/API/CompanyName.MyMeetings.API/Configuration/ExecutionContext/ExecutionContextAccessor.cs

@@ -15,6 +15,7 @@ public Guid UserId
  {
  get
  {
+ // nameidentifier
  if (_httpContextAccessor
  .HttpContext?
  .User?
@@ -46,5 +47,7 @@ public Guid CorrelationId
  }
 
  public bool IsAvailable => _httpContextAccessor.HttpContext != null;
+
+ public bool IsAuthenticated => IsAvailable && (_httpContextAccessor.HttpContext.User.Identity?.IsAuthenticated ?? false);
  }
 }

src/API/CompanyName.MyMeetings.API/Configuration/Extensions/ConfigurationExtensions.cs

@@ -0,0 +1,15 @@
+using CompanyName.MyMeetings.Modules.UserAccessMI.Infrastructure.Configuration;
+
+namespace CompanyName.MyMeetings.API.Configuration.Extensions
+{
+ internal static class ConfigurationExtensions
+ {
+ public static IUserAccessConfiguration GetUserAccessConfiguration(this IConfiguration configuration)
+ {
+ ArgumentNullException.ThrowIfNull(configuration, nameof(configuration));
+
+ var userManagementSection = configuration.GetSection("Modules:UserAccess");
+ return userManagementSection.Get<UserAccessConfiguration>();
+ }
+ }
+}

src/API/CompanyName.MyMeetings.API/Configuration/Extensions/SwaggerExtensions.cs

@@ -1,4 +1,5 @@
 using System.Reflection;
+using Microsoft.AspNetCore.Mvc.Controllers;
 using Microsoft.OpenApi.Models;
 
 namespace CompanyName.MyMeetings.API.Configuration.Extensions
@@ -16,6 +17,22 @@ internal static IServiceCollection AddSwaggerDocumentation(this IServiceCollecti
  Description = "MyMeetings API for modular monolith .NET application."
  });
  options.CustomSchemaIds(t => t.ToString());
+ options.TagActionsBy(api =>
+ {
+ if (api.GroupName != null)
+ {
+ return new[] { api.GroupName };
+ }
+
+ var controllerActionDescriptor = api.ActionDescriptor as ControllerActionDescriptor;
+ if (controllerActionDescriptor != null)
+ {
+ return new[] { controllerActionDescriptor.ControllerName };
+ }
+
+ throw new InvalidOperationException("Unable to determine tag for endpoint.");
+ });
+ options.DocInclusionPredicate((name, api) => true);
 
  var baseDirectory = AppDomain.CurrentDomain.BaseDirectory;
  var commentsFileName = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";

src/API/CompanyName.MyMeetings.API/Modules/UserAccess/AuthenticatedUserController.cs → src/API/CompanyName.MyMeetings.API/Modules/UserAccess/IdentityServer/AuthenticatedUserController.cs

@@ -1,12 +1,12 @@
 using CompanyName.MyMeetings.API.Configuration.Authorization;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Authorization.GetAuthenticatedUserPermissions;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Authorization.GetUserPermissions;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Contracts;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Users.GetAuthenticatedUser;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Users.GetUser;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Authorization.GetAuthenticatedUserPermissions;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Authorization.GetUserPermissions;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Contracts;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Users.GetAuthenticatedUser;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Users.GetUser;
 using Microsoft.AspNetCore.Mvc;
 
-namespace CompanyName.MyMeetings.API.Modules.UserAccess
+namespace CompanyName.MyMeetings.API.Modules.UserAccess.IdentityServer
 {
  [Route("api/userAccess/authenticatedUser")]
  [ApiController]

src/API/CompanyName.MyMeetings.API/Modules/UserAccess/EmailsController.cs → src/API/CompanyName.MyMeetings.API/Modules/UserAccess/IdentityServer/EmailsController.cs

@@ -1,10 +1,10 @@
 using CompanyName.MyMeetings.API.Configuration.Authorization;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Contracts;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Emails;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Contracts;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Emails;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace CompanyName.MyMeetings.API.Modules.UserAccess
+namespace CompanyName.MyMeetings.API.Modules.UserAccess.IdentityServer
 {
  [Route("api/userAccess/emails")]
  [ApiController]

src/API/CompanyName.MyMeetings.API/Modules/UserAccess/RegisterNewUserRequest.cs → src/API/CompanyName.MyMeetings.API/Modules/UserAccess/IdentityServer/RegisterNewUserRequest.cs

@@ -1,4 +1,4 @@
-namespace CompanyName.MyMeetings.API.Modules.UserAccess
+namespace CompanyName.MyMeetings.API.Modules.UserAccess.IdentityServer
 {
  public class RegisterNewUserRequest
  {

src/API/CompanyName.MyMeetings.API/Modules/UserAccess/ResourceOwnerPasswordValidator.cs → src/API/CompanyName.MyMeetings.API/Modules/UserAccess/IdentityServer/ResourceOwnerPasswordValidator.cs

@@ -1,9 +1,9 @@
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Authentication.Authenticate;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Contracts;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Authentication.Authenticate;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Contracts;
 using IdentityServer4.Models;
 using IdentityServer4.Validation;
 
-namespace CompanyName.MyMeetings.API.Modules.UserAccess
+namespace CompanyName.MyMeetings.API.Modules.UserAccess.IdentityServer
 {
  public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
  {

src/API/CompanyName.MyMeetings.API/Modules/UserAccess/UserAccessAutofacModule.cs → src/API/CompanyName.MyMeetings.API/Modules/UserAccess/IdentityServer/UserAccessAutofacModule.cs

@@ -1,8 +1,8 @@
 using Autofac;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Contracts;
-using CompanyName.MyMeetings.Modules.UserAccess.Infrastructure;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Contracts;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Infrastructure;
 
-namespace CompanyName.MyMeetings.API.Modules.UserAccess
+namespace CompanyName.MyMeetings.API.Modules.UserAccess.IdentityServer
 {
  public class UserAccessAutofacModule : Module
  {

src/API/CompanyName.MyMeetings.API/Modules/UserAccess/UserRegistrationsController.cs → src/API/CompanyName.MyMeetings.API/Modules/UserAccess/IdentityServer/UserRegistrationsController.cs

@@ -1,11 +1,11 @@
 using CompanyName.MyMeetings.API.Configuration.Authorization;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.Contracts;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.UserRegistrations.ConfirmUserRegistration;
-using CompanyName.MyMeetings.Modules.UserAccess.Application.UserRegistrations.RegisterNewUser;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.Contracts;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.UserRegistrations.ConfirmUserRegistration;
+using CompanyName.MyMeetings.Modules.UserAccessIS.Application.UserRegistrations.RegisterNewUser;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace CompanyName.MyMeetings.API.Modules.UserAccess
+namespace CompanyName.MyMeetings.API.Modules.UserAccess.IdentityServer
 {
  [Route("userAccess/[controller]")]
  [ApiController]