Aserto.Clients
1.1.2
dotnet add package Aserto.Clients --version 1.1.2
NuGet\Install-Package Aserto.Clients -Version 1.1.2
<PackageReference Include="Aserto.Clients" Version="1.1.2" />
<PackageVersion Include="Aserto.Clients" Version="1.1.2" />
<PackageReference Include="Aserto.Clients" />
paket add Aserto.Clients --version 1.1.2
#r "nuget: Aserto.Clients, 1.1.2"
#:package Aserto.Clients@1.1.2
#addin nuget:?package=Aserto.Clients&version=1.1.2
#tool nuget:?package=Aserto.Clients&version=1.1.2
.NET Client library for Aserto
Aserto.Clients is a library that allows .NET applications to use an Aserto Authorizer and Directory Client.
Installation
Aserto.Clients is provided as a NuGet package.
It can be installed:
- Using Package Manager:
Install-Package Aserto.Clients
- Using .NET CLI
dotnet add package Aserto.Clients
Authorizer Client
A new Authorizer Client can be created as follows:
//Initialize using constructor
AsertoAuthorizerOptions authzOpts = new AsertoAuthorizerOptions();
// Set connection details
authzOpts.AuthorizerApiKey = ConfigurationManager.AppSettings["Authorizer.API.Key"];
authzOpts.TenantID = ConfigurationManager.AppSettings["Authorizer.TenantID"];
authzOpts.ServiceUrl = ConfigurationManager.AppSettings["Authorizer.ServiceURL"];
authzOpts.Insecure = Convert.ToBoolean(ConfigurationManager.AppSettings["Authorizer.Insecure"]);
var authorizerOptions = Options.Create(authzOpts);
var client = new AuthorizerAPIClient(authorizerOptions, new NullLoggerFactory());
Example call:
var result = client.ListPoliciesAsync(new ListPoliciesRequest() { PolicyInstance = new PolicyInstance(){
Name="policy-todo",
InstanceLabel="policy-todo"
}
Directory Client
A new Directory Client can be created as follows:
var logggerFactory = new NullLoggerFactory();
// Initialize options using consttructor.
var options = new AsertoDirectoryOptions("url_and_port_to_directory_service", "directory_api_key", "directory_tenant_id", false);
// Intialize optons reading the appsettings.json file.
var options = new AsertoDirectoryOptions();
Configuration.GetSection("AsertoDirectory").Bind(options);
var directoryClient = new Directory(options, logggerFactory);
you'll need to provide the directory service URL, an API key and the Tenant ID.
The client can be configure to use SSL connection as insecure by providing options.Insecure = true;.
Example call to the directory client:
public async Task GetObject()
{
//...
var directoryClient = new Directory(options, logggerFactory);
// Get an object.
var getObjectResp = await directoryClient.GetObjectAsync("object_key","object_type");
// Get the identities for a user.
var getRelationsResp = await directoryAPI.GetRelationsAsync(subjectType: "user", subjectKey: "userID",relationName: "identifier", relationObjectType: "identity", pageSize: 10);
//...
}
Examples
.NET Middleware library for Aserto
Aserto.AspNetCore.Middleware is a middleware that allows .NET Asp applications to use Topaz Authorizer as the Authorization provider.
Prerequisit* .NET SDK
Installation
Aserto.AspNetCore.Middleware is provided as a NuGet package. [Aserto.Middleware] (https://www.nuget.org/packages/Aserto.Middleware/) is the provided NuGet package that can be used with .Net Framework.
It can be installed:
- Using Package Manager:
Install-Package Aserto.AspNetCore.Middleware
or
Install-Package Aserto.Middleware
- Using .NET CLI
dotnet add package Aserto.AspNetCore.Middleware
or
dotnet add package Aserto.Middleware
Configuration
The following configuration settings are required for Aserto.AspNetCore middleware. You can add them to your appsettings.json:
"Aserto": {
"PolicyRoot": "YOUR_POLICY_ROOT",
}
"AsertoDirectory": {
"DirectoryTenantID": "DIRECTORY_TENANT_ID",
}
The middleware accepts the following optional parameters:
Aserto section
| Parameter name | Default value | Description |
|---|---|---|
| Enabled | true | Enables or disables Aserto Authorization |
| ServiceUrl | "https://localhost:8282" | Sets the URL for the authorizer endpoint. |
| Decision | "allowed" | The decision that will be used by the middleware when creating an authorizer request. |
| AuthorizerApiKey | "" | The authorizer API Key |
| TenantID | "" | The Aserto Tenant ID |
| Insecure | false | Indicates whether insecure service connections are allowed when using SSL |
| PolicyName | "" | The Aserto policy name |
| PolicyInstanceLabel | "" | The label of the active policy runtime |
AsertoDirectory section
| Parameter name | Default value | Description |
|---|---|---|
| DirectoryInsecure | false | Indicates whether insecure directory service connections are allowed when using SSL |
| DirectoryTenantID | "" | The Aserto Tenant ID of the directory service |
| DirectoryServiceUrl | "https://localhost:9292" | Sets the URL for the directory endpoint. |
| DirectoryApiKey | "" | The directory API Key |
Usage for Aserto.AspNetCore.Middleware
To configure Aserto Authorization, the Aserto Authorization Service needs to be added to the ConfigureServices method in Startup.cs
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
//..
// Adds the Aserto Authorization service
services.AddAsertoAuthorization(options => Configuration.GetSection("Aserto").Bind(options));
//..
}
To use the Authorization, you can now define an Authorization policy with the AsertoDecisionRequirement using the following code snippet
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
//..
services.AddAuthorization(options =>
{
options.AddPolicy("Aserto", policy => policy.Requirements.Add(new AsertoDecisionRequirement()));
});
//..
}
To protect your endpoints using Aserto authorization, you need to apply the [Authorize("Aserto")] attribute to them.
Using the following code snippet, you can set Aserto authorization as the default Authorization policy. This will enable Aserto Authorization without having to explicitly specify the policy name in the [Authorize] attribute.
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
//..
// Use Aserto authorization as the default authorization policy.
services.AddAuthorization(options =>
{
// User is authenticated via a cookie.
var policy = new AuthorizationPolicyBuilder(CookieAuthenticationDefaults.AuthenticationScheme);
policy.AddRequirements(new AsertoDecisionRequirement());
options.DefaultPolicy = policy.Build();
});
//..
}
Identity
To determine the identity of the user, the middleware checks the following Claim types:
| Name | Description | URI |
|---|---|---|
| E-Mail Address | The e-mail address of the user | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
| Name | The unique name of the user | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
| Name Identifier | The SAML name identifier of the user | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
These can be overwritten by passing other claim types to the AsertoDecisionRequirement:
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
//..
services.AddAuthorization(options =>
{
options.AddPolicy("Aserto", policy =>
policy.Requirements.Add(new AsertoDecisionRequirement(new List<string>
{
"mytype1",
"mytype2"
})));
});
//..
}
URL path to policy mapping
By default, when computing the policy path, the middleware:
- converts all slashes to dots
- converts any character that is not alpha, digit, dot or underscore to underscore
- converts uppercase characters in the URL path to lowercases
This behavior can be overwritten by providing a custom function to the PolicyPathMapper AsertoAuthorization option:
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
//..
// Adds the Aserto Authorization service
services.AddAsertoAuthorization(options =>
{
Configuration.GetSection("Aserto").Bind(options));
options.PolicyPathMapper = (policyRoot, httpRequest) =>
{
return "custom.policy.path";
};
}
//..
}
Resource Mapper
A resource can be any structured data that the authorization policy uses to evaluate decisions. By default, middleware add to the resource context all the route parameters that start with :.
Resource data can be overwritten by providing a custom function to the ResourceMapper AsertoAuthorization option
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
//..
// Adds the Aserto Authorization service
services.AddAsertoAuthorization(options =>
{
options.ResourceMapper = (policyRoot, httpRequest) =>
{
Struct result = new Struct();
result.Fields["asset"] = Value.ForString("megaSeeds");
return result;
};
Configuration.GetSection("Aserto").Bind(options);
});
//..
}
Directory Client
A new Directory Client can be creating as follows:
var logggerFactory = new NullLoggerFactory();
// Initialize options using consttructor.
var options = new AsertoDirectoryOptions("url_and_port_to_directory_service", "directory_api_key", "directory_tenant_id", false);
// Intialize optons reading the appsettings.json file.
var options = new AsertoDirectoryOptions();
Configuration.GetSection("AsertoDirectory").Bind(options);
var directoryClient = new Directory(options, logggerFactory);
you'll need to provide the directory service URL, an API key and the Tenant ID.
The client can be configure to use SSL connection as insecure by providing options.Insecure = true;.
Example call to the directory client:
public async Task GetObject()
{
//...
var directoryClient = new Directory(options, logggerFactory);
// Get an object.
var getObjectResp = await directoryClient.GetObjectAsync("object_key","object_type");
// Get the identities for a user.
var getRelationsResp = await directoryAPI.GetRelationsAsync(subjectType: "user", subjectKey: "userID",relationName: "identifier", relationObjectType: "identity", pageSize: 10);
//...
}
Building & testing
Note: We recommend using Windows to build and contribute to this project because of the dotnet framework projects present in this solution (Aserto.Middleware, WebAPI and MvCApp examples). If you want to build this project on Linux or macOS, please make sure to remove these projects from the solution, then you can build using the .Net Core SDK:
dotnet build .\aserto-dotnet.sln
dotnet CLI can be used to run the tests from the project:
dotnet test .\aserto-dotnet.sln
Examples
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 was computed. net5.0-windows was computed. net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
| .NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
| .NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
| .NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
| MonoAndroid | monoandroid was computed. |
| MonoMac | monomac was computed. |
| MonoTouch | monotouch was computed. |
| Tizen | tizen40 was computed. tizen60 was computed. |
| Xamarin.iOS | xamarinios was computed. |
| Xamarin.Mac | xamarinmac was computed. |
| Xamarin.TVOS | xamarintvos was computed. |
| Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.0
- Aserto.Authorizer.V2.Client.Grpc (>= 0.0.7)
- Aserto.Directory.V3.Client.Grpc (>= 0.33.0)
- Google.Protobuf (>= 3.28.2)
- Grpc.Net.Client (>= 2.70.0)
- Microsoft.AspNetCore.Http.Abstractions (>= 2.2.0)
- Microsoft.Extensions.Options (>= 8.0.2)
-
net6.0
- Aserto.Authorizer.V2.Client.Grpc (>= 0.0.7)
- Aserto.Directory.V3.Client.Grpc (>= 0.33.0)
- Google.Protobuf (>= 3.28.2)
- Grpc.Net.Client (>= 2.70.0)
- Microsoft.AspNetCore.Http.Abstractions (>= 2.2.0)
- Microsoft.Extensions.Options (>= 8.0.2)
-
net7.0
- Aserto.Authorizer.V2.Client.Grpc (>= 0.0.7)
- Aserto.Directory.V3.Client.Grpc (>= 0.33.0)
- Google.Protobuf (>= 3.28.2)
- Grpc.Net.Client (>= 2.70.0)
- Microsoft.AspNetCore.Http.Abstractions (>= 2.2.0)
- Microsoft.Extensions.Options (>= 8.0.2)
-
net8.0
- Aserto.Authorizer.V2.Client.Grpc (>= 0.0.7)
- Aserto.Directory.V3.Client.Grpc (>= 0.33.0)
- Google.Protobuf (>= 3.28.2)
- Grpc.Net.Client (>= 2.70.0)
- Microsoft.AspNetCore.Http.Abstractions (>= 2.2.0)
- Microsoft.Extensions.Options (>= 8.0.2)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on Aserto.Clients:
| Package | Downloads |
|---|---|
|
Aserto.AspNetCore.Middleware
Aserto Authorization Middleware |
GitHub repositories
This package is not used by any popular GitHub repositories.