Add Identity/Auth to template #300 #487
Conversation
UserEndpoints folder created
Auth folder moved to Core project
|
Hi @ardalis, can you please review it |
There was a problem hiding this comment.
Overall looks great, thanks!
Only request is to don't put Identity stuff in Core (instead you can reference it using a UserId property on an appropriate entity, like in our case perhaps Contributor) and also keep IdentityDbContext separate from the regular/existing AppdbContext. Can you make those changes and I'll merge?
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| //We can use EncryptingCredentials options in SecurityTokenDescriptor and hence our JWT token will not be parsed by jwt.io site and it will only be decrypted only by our code. | ||
| //Hence you can secure your token and who can see it | ||
| var encryptionKey = Encoding.UTF8.GetBytes(_siteSetting.JwtSettings.EncryptKey); //must be 16 character | ||
| var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionKey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); |
Check warning
Code scanning / CodeQL
Useless assignment to local variable
| { | ||
| return async context => | ||
| { | ||
| var signInManager = context.HttpContext.RequestServices.GetRequiredService<SignInManager<User>>(); |
Check warning
Code scanning / CodeQL
Useless assignment to local variable
| catch | ||
| { | ||
| return null; | ||
| } |
Check notice
Code scanning / CodeQL
Generic catch clause
| // context.Fail("This token has no security stamp"); | ||
|
|
||
| //Get UserId and check if user exists in db | ||
| var userId = claimsIdentity.GetUserId<int>(); |
Check warning
Code scanning / CodeQL
Dereferenced variable may be null
| { | ||
| if (request is null) | ||
| ThrowError("Request body is empty"); | ||
| var user = await _userManager.FindByEmailAsync(request.Email); //userName/email can be used to find a unique user |
Check warning
Code scanning / CodeQL
Dereferenced variable may be null
| ThrowError("username or password is incorrect"); | ||
|
|
||
| var jwt = await _jwtService.GenerateAsync(user); | ||
| user.LastLoginDate = DateTime.UtcNow; |
Check warning
Code scanning / CodeQL
Dereferenced variable may be null
| //TODO:CHECK FOR USERNAME EMPTY OR NULL | ||
| var newUser = new User | ||
| { | ||
| Age = request.Age, |
Check warning
Code scanning / CodeQL
Dereferenced variable may be null
|
Can you give me time till sunday?
…On Thu, 13 Apr 2023, 7:14 pm Steve Smith, ***@***.***> wrote:
***@***.**** requested changes on this pull request.
Overall looks great, thanks!
Only request is to don't put Identity stuff in Core (instead you can
reference it using a UserId property on an appropriate entity, like in our
case perhaps Contributor) and also keep IdentityDbContext separate from the
regular/existing AppdbContext. Can you make those changes and I'll merge?
—
Reply to this email directly, view it on GitHub
<#487 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AILYWTSUSE4B4XJVZ7VJTBTXBAC5DANCNFSM6AAAAAATOEIRPM>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
I will try to complete it before sunday
…On Thu, 13 Apr 2023, 7:31 pm Ahmed Anwer, ***@***.***> wrote:
Can you give me time till sunday?
On Thu, 13 Apr 2023, 7:14 pm Steve Smith, ***@***.***>
wrote:
> ***@***.**** requested changes on this pull request.
>
> Overall looks great, thanks!
>
> Only request is to don't put Identity stuff in Core (instead you can
> reference it using a UserId property on an appropriate entity, like in our
> case perhaps Contributor) and also keep IdentityDbContext separate from the
> regular/existing AppdbContext. Can you make those changes and I'll merge?
>
> —
> Reply to this email directly, view it on GitHub
> <#487 (review)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AILYWTSUSE4B4XJVZ7VJTBTXBAC5DANCNFSM6AAAAAATOEIRPM>
> .
> You are receiving this because you authored the thread.Message ID:
> ***@***.***>
>
|
|
No rush, thanks |
|
Great, thanks!
…On Thu, 13 Apr 2023, 7:48 pm Steve Smith, ***@***.***> wrote:
No rush, thanks
—
Reply to this email directly, view it on GitHub
<#487 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AILYWTXEQ3IDQCFZWGXRBF3XBAG3LANCNFSM6AAAAAATOEIRPM>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
@ardalis can you please review it |
| }); | ||
| if (!addRoleResult.Succeeded) { ThrowValidationErrors(addRoleResult.Errors); } | ||
| } | ||
| else |
There was a problem hiding this comment.
This else does not look like it is necessary.
If I read correctly, you check to see if there is a role by that name already, if it doesn't you create it and only if it does exist do you then assign it to that user in this else clause.
Just removing the else around the inner code looks like it will solve the problem.
There was a problem hiding this comment.
Like I mentioned in one of my comments, I've essentially used the code in this pull request to implement Identity in my application which is based on the Clean Arch Template.
I can speak to the fact that the code written does in fact work, so there's that. 😄
For what it's worth, I moved the custom IdentityUser and IdentityRole implementations to the core project instead of the Infrastructure project. To do that, I needed to take a dependency on Microsoft.Extensions.Identity.Stores in the core project. In my eyes, that was a worth tradeoff allowing me to use the existing Event and Handler frameworks for these entities too. I did try to do things within the Infrastructure project but it was never as clearly defined as I wanted it to be.
@ardalis , I'll let you give the final thumbs up, but this is what I can share at least.
I suppose that this will lead to the inevitable ask for clarification on how to connect these two concepts. Tenancy and AppDatabase entity ownership etc...
| /// </summary> | ||
| internal class JwtJwtBearerHelperEvents | ||
| { | ||
| public JwtBearerEvents GetJwtBeareEvents() |
| OnChallenge = OnOnChallengeJwtBearerEvent() | ||
| }; | ||
| } | ||
| private Func<AuthenticationFailedContext, Task> OnAuthenticationFailedJwtBearerEvent() |
There was a problem hiding this comment.
Nit: Not sure what the 'JwtBearerEvent' suffix adds to this, I'd drop it for simplification.
| @@ -0,0 +1,382 @@ | |||
| // <auto-generated /> | |||
There was a problem hiding this comment.
Are these migrations necessary? For what it's worth, I've essentially used this pull request to bootstrap my applications and I do not use Migrations. Will these cause problems or confusion for new users of the template?
|
@ardalis, any plan to review it 😁 |
|
My plan is still to pull this into the new template - just need to find some time. |
|
Okay, then please find some time 🙂 |
Jwt Authentication added with default Microsoft Identity