IBeam.Identity 2.0.54

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher. 
dotnet add package IBeam.Identity --version 2.0.54
                    


                    

                
NuGet\Install-Package IBeam.Identity -Version 2.0.54
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="IBeam.Identity" Version="2.0.54" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="IBeam.Identity" Version="2.0.54" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="IBeam.Identity" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add IBeam.Identity --version 2.0.54
                    


                    

                
#r "nuget: IBeam.Identity, 2.0.54"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package IBeam.Identity@2.0.54
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=IBeam.Identity&version=2.0.54
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=IBeam.Identity&version=2.0.54
                    


                            Install as a Cake Tool

IBeam.Identity

IBeam.Identity is the contract package for the IBeam identity domain.

Narrative Introduction

This package provides the shared language for identity workflows across API, services, and repository implementations. It contains interfaces, request/response models, options, and event contracts so higher-level packages can evolve independently behind stable abstractions.

Identity Architecture (Simple View)

IBeam identity is intentionally layered:

  1. API Layer (IBeam.Identity.Api)
  • HTTP endpoints, auth middleware, request validation, response mapping.
  • Controllers include OTP/password/OAuth/token/session/tenant-role APIs.
  1. Contract Layer (IBeam.Identity)
  • Interfaces, models, options, events, authorization attributes.
  • No storage or provider-specific logic.
  1. Service Layer (IBeam.Identity.Services)
  • Core auth orchestration: OTP, password, OAuth, token issuing, tenant selection.
  • Uses only contracts (IIdentityUserStore, IOtpChallengeStore, etc.).
  1. Repository Layer (provider implementations)
  • Azure Table provider (IBeam.Identity.Repositories.AzureTable) currently ships complete implementations.
  • Entity Framework provider (IBeam.Identity.Repositories.EntityFramework) exists for EF-based identity paths.
  1. Communications Layer
  • Email/SMS abstractions and providers used by OTP/registration flows.

Features and Components

  • auth service contracts:
    • IIdentityAuthService
    • IIdentityOtpAuthService
    • IIdentityOAuthAuthService
    • ITokenService
  • store contracts:
    • IIdentityUserStore, IOtpChallengeStore, IExternalLoginStore
    • ITenantMembershipStore, ITenantProvisioningService, IAuthSessionStore
    • ITenantRoleStore for tenant-scoped role CRUD and assignment
    • IPermissionAccessStore for tenant permission-to-role mappings
  • service contracts:
    • ITenantRoleService
    • IRoleAccessAuthorizer
    • IPermissionAccessAuthorizer
    • IPermissionCatalogProvider
  • options models (JwtOptions, OtpOptions, OAuthOptions, FeatureOptions, etc.)
  • lifecycle event contracts and default no-op implementations
  • role access attributes (service-safe, no MVC dependency):
    • [RoleAccess("owner", "billing")]
    • [RoleAccessId("3f7a4b4f-8fc5-49bb-b6fe-1f4a9b43a3e9")]
    • [AllowAllRoleAccess]
  • dynamic permission attributes:
    • [PermissionAccess("SavePatient")]
    • [PermissionAccessId("6c76f166-b130-4c80-bf7e-99d38ea1a75f")]

Models vs Entities

  1. Models
  • Defined in IBeam.Identity.Models.
  • Used by API and services (requests/responses/domain contracts).
  • Examples: AuthResultResponse, RegisterUserRequest, TenantInfo.
  1. Entities
  • Provider-specific persistence shapes (e.g., Azure Table entities).
  • Include storage keys (PartitionKey, RowKey) and persistence metadata.
  • Examples in Azure Table provider: TenantEntity, UserTenantEntity, OtpChallengeEntity.

Azure Table Schema (Current Provider)

ElCamino identity tables

  • AspNetUsers: base user identities.
  • AspNetRoles: role definitions.
  • AspNetIndex: identity lookup/index support.

IBeam custom identity tables

  • Tenants: tenant master records.
  • TenantUsers: tenant-to-user membership index.
  • UserTenants: user-to-tenant membership index.
  • TenantRoles: tenant-scoped roles.
  • PermissionRoleMaps: tenant permission mapping to role names/ids.
  • OtpChallenges: OTP lifecycle records (destination, hash, attempts, expiry, consume state).
  • ExternalLogins: OAuth provider-user links.
  • AuthSessions: refresh/session tracking and revocation.
  • Schema: schema version marker for bootstrap.

Table Naming and Prefixing

For Azure Table identity provider, physical table name is:

{TablePrefix}{BaseTableName}

Examples:

  • TablePrefix = "IBeam" + AspNetUsersIBeamAspNetUsers
  • TablePrefix = "Acme" + TenantUsersAcmeTenantUsers

This applies to both ElCamino and custom IBeam identity tables.

Connection String Resolution Cascade

Current implemented behavior

Azure Table providers currently resolve connection strings with fallback precedence.

  1. Identity AzureTable provider (IBeam.Identity.Repositories.AzureTable)
    1. IBeam:Identity:AzureTable:StorageConnectionString
    1. IBeam:AzureTables
    1. IBeam:Repositories:ConnectionString
    1. IBeam:ConnectionString
    1. ConnectionStrings:AzureTables
    1. ConnectionStrings:AzureStorage
    1. ConnectionStrings:IBeam
    1. ConnectionStrings:DefaultConnection
    1. ConnectionStrings:IdentityAzureTable
  1. Generic AzureTables repository provider (IBeam.Repositories.AzureTables)
    1. IBeam:Repositories:AzureTables:ConnectionString
    1. IBeam:AzureTables
    1. IBeam:Repositories:ConnectionString
    1. IBeam:ConnectionString
    1. ConnectionStrings:AzureTables
    1. ConnectionStrings:AzureStorage
    1. ConnectionStrings:IBeam
    1. ConnectionStrings:DefaultConnection
  1. Identity EntityFramework provider (IBeam.Identity.Repositories.EntityFramework)
    1. {configSectionPath}:ConnectionString (default IdentityEf)
    1. IBeam:Identity:EntityFramework:ConnectionString
    1. IBeam:Repositories:EntityFramework:ConnectionString
    1. IBeam:Repositories:ConnectionString
    1. IBeam:ConnectionString
    1. ConnectionStrings:IdentityEf
    1. ConnectionStrings:IdentityEntityFramework
    1. ConnectionStrings:IBeam
    1. ConnectionStrings:DefaultConnection

Configuration Models Exposed

  • IBeam:Identity:Jwt
  • IBeam:Identity:Otp
  • IBeam:Identity:OAuth
  • IBeam:Identity:Features
  • IBeam:Identity:Events
  • IBeam:Identity:EmailTemplates
  • IBeam:Identity:PermissionAccess
  • IBeam:Identity:RoleManagement

Examples

1) API composition in a host app

builder.Services.AddIBeamIdentityApi(builder.Configuration);
builder.Services.AddIBeamIdentityApiControllers();

2) Azure Table identity configuration with prefix and scoped connection

{
  "IBeam": {
    "Identity": {
      "AzureTable": {
        "StorageConnectionString": "UseDevelopmentStorage=true",
        "TablePrefix": "Acme",
        "UserTableName": "AspNetUsers",
        "RoleTableName": "AspNetRoles",
        "IndexTableName": "AspNetIndex"
      }
    }
  }
}

3) Fallback-only configuration (top-level IBeam connection)

{
  "IBeam": {
    "ConnectionString": "UseDevelopmentStorage=true"
  }
}

With AzureTable providers, this can be used when deeper scoped keys are not supplied.

4) Service role access example

[RoleAccess("SavePatient")]
public sealed class PatientService
{
    private readonly IRoleAccessAuthorizer _roleAccess;

    public PatientService(IRoleAccessAuthorizer roleAccess)
    {
        _roleAccess = roleAccess;
    }

    public Task SavePatientAsync(ClaimsPrincipal user, CancellationToken ct = default)
    {
        _roleAccess.EnsureAuthorizedForCurrentMethod(user, this);
        return Task.CompletedTask;
    }
}
Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net10.0

    • No dependencies.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on IBeam.Identity:

Package Downloads
IBeam.Identity.Services

IBeam modular framework components for .NET APIs and services.
IBeam.Identity.Repositories.EntityFramework

IBeam modular framework components for .NET APIs and services.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.0.54 118 5/27/2026
2.0.52 132 5/27/2026
2.0.35 163 5/15/2026
2.0.32 275 3/25/2026
2.0.30 124 3/25/2026
2.0.29 129 3/25/2026
2.0.28 123 3/25/2026
2.0.26 123 3/25/2026
2.0.22 132 3/25/2026