Kephas.Security 11.1.0-dev.3

Prefix Reserved
This is a prerelease version of Kephas.Security.
There is a newer version of this package available.
See the version list below for details.
dotnet add package Kephas.Security --version 11.1.0-dev.3                
NuGet\Install-Package Kephas.Security -Version 11.1.0-dev.3                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Kephas.Security" Version="11.1.0-dev.3" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Kephas.Security --version 11.1.0-dev.3                
#r "nuget: Kephas.Security, 11.1.0-dev.3"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Kephas.Security as a Cake Addin
#addin nuget:?package=Kephas.Security&version=11.1.0-dev.3&prerelease

// Install Kephas.Security as a Cake Tool
#tool nuget:?package=Kephas.Security&version=11.1.0-dev.3&prerelease                

Security

Introduction

This package provides abstractions and base building blocks for authentication, authorization, and cryptography.

Packages providing advanced cryptography:

Cryptography

The encryption service

Usage
// normally you would get the encryption service injected into the service constructor.
var encryptionService = injector.Resolve<IEncryptionService>();
var encrypted = encryptionService.Encrypt("my-password");
var decrypted = encryptionService.Decrypt(encrypted);

Assert.AreEqual("my-password", decrypted);

The hashing service

Authentication

The authentication service

Authorization

The authorization service

The authorization service is used to ensure that a certain context has the required authorization.

IAuthorizationService

This is a singleton application service contract providing a single method:

  • AuthorizeAsync(authContext: IAuthorizationContext, cancellationToken: CancellationToken = default): Task<bool>

IAuthorizationContext

An authorization context contains:

  • Identity (inherited from the base IContext): the identity requesting authorization.
  • RequiredPermissions/RequiredPermissionTypes: the list of permissions to check.
  • Scope (optional): a scope object for which the required permissions apply.
  • ThrowOnFailure (default true): A boolean value indicating whether to throw on authorization failure. If <c>false</c> is indicated, the authorization check will return <c>false</c> upon failure, otherwise an exception will occur.

The permission system

Data must be protected from unauthorized access for different kind of reasons. Kephas brings the required support at multiple levels providing built-in services supporting multiple authorization scenarios.

Permissions

Permissions are basically string tokens required by certain operations in a given context. Permissions:

  • may use an "inheritance" model, with the meaning that if a permission inherits another permission, both of them are granted to the role associated to them.
  • can be scoped to entity hierarchies and further to entity sections, meaning that they are granted only within that specific scope.

Permissions have associated metadata collected by the model space. They may be defined using interfaces with multiple inheritance, or (abstract) classes annotated with [GrantPermission] attributes. To define custom permissions, use the following steps:

  1. Define the type holding the permission metadata.
[PermissionType("admin")]
public interface IAdminPermission : ICrudPermission, IExportImportPermission
{
}

// alternative way using abstract classes.
[PermissionType("admin")]
[GrantsPermission(typeof(CrudPermission), typeof(ExportImportPermission))]
public abstract class AdminPermission
{
}
  1. Annotate the assembly/namespace containing the definitions with [PermissionAssembly] attribute.
[assembly: PermissionAssembly("MyApp.Security.Permissions")]
  1. Use the permission using its .NET type, typically in [RequiresPermission] or [SupportsPermission] attributes. Alternatively, such attributes support also permission names (strings), but it is not that safe for refactorings.
/// <summary>
/// An export hierarchy message.
/// </summary>
[RequiresPermission(typeof(IExportImportPermission))]
public class ExportHierarchyMessage : EntityActionMessage
{
    /// <summary>
    /// Gets or sets the export media type to use.
    /// </summary>
    /// <value>
    /// The export media type.
    /// </value>
    public string MediaType { get; set; }
}

Note: It may be more practical to use interfaces, because this way the inheritance hierarchy can be displayed in a class diagram. Anyway, the interface inheritance model and the grants model can be combined, having the same effect.

Scoping permissions

Permissions may indicate a certain application scope. This can be:

  • Global: No scoping required for this permission type, it will be granted and verified at global level.
  • Type: The scope for this permission is the entity type.
  • Instance: The scope for this permission is the entity instance.

These values are flags which can be combined to provide multiple supported scenarios for a specific permission type.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.1 is compatible. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (8)

Showing the top 5 NuGet packages that depend on Kephas.Security:

Package Downloads
Kephas.Core

Aggregates the most used Kephas infrastructure to provide a . Typically used areas and classes/interfaces/services: - AmbientServices - Data: IIdGenerator, DefaultIdGenerator. Kephas Framework ("stone" in aramaic) aims to deliver a solid infrastructure for applications and application ecosystems.

Kephas.Mail

Provides the abstract infrastructure for mailing. Typically used areas and classes/interfaces/services: - IEmailMessage, IEmailAddress, IEmailAttachment - Services: IEmailSenderService, ISystemEmailSenderService. Kephas Framework ("stone" in aramaic) aims to deliver a solid infrastructure for applications and application ecosystems.

Kephas.Security.Permissions

Provides an infrastructure for permissions. Typically used areas and classes/interfaces/services: - IPermissionService. Kephas Framework ("stone" in aramaic) aims to deliver a solid infrastructure for applications and application ecosystems.

Kephas.Application.Abstractions

Provides abstractions for the application infrastructure. Typically used areas and classes/interfaces/services: - Application management: IAppRuntime, StaticAppRuntime, DynamicAppRuntime, IAppLifecyclebehavior, AppIdentity. Kephas Framework ("stone" in aramaic) aims to deliver a solid infrastructure for applications and application ecosystems.

Kephas.Security.Cryptography

Provides implementations for the cryptographic services. Typically used areas and classes/interfaces/services: - AesEncryptionService. Kephas Framework ("stone" in aramaic) aims to deliver a solid infrastructure for applications and application ecosystems.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
11.1.0 17,708 4/13/2022
11.1.0-dev.4 155 4/6/2022
11.1.0-dev.3 148 3/30/2022
11.1.0-dev.2 140 3/23/2022
11.1.0-dev.1 132 3/23/2022
11.0.0 17,078 3/11/2022
11.0.0-dev.7 152 3/7/2022
11.0.0-dev.6 135 2/28/2022
11.0.0-dev.5 137 2/26/2022
11.0.0-dev.4 144 2/24/2022
11.0.0-dev.3 141 2/23/2022
11.0.0-dev.2 138 2/18/2022
11.0.0-dev.1 139 2/7/2022
10.3.0 16,391 1/18/2022
10.2.0 9,818 12/3/2021
10.1.0 13,987 11/23/2021
10.1.0-dev.7 192 11/17/2021
10.1.0-dev.6 170 11/16/2021
10.1.0-dev.5 169 11/10/2021
10.1.0-dev.4 189 11/8/2021
10.1.0-dev.3 152 11/8/2021
10.1.0-dev.2 169 11/4/2021
10.1.0-dev.1 169 11/3/2021

Please check https://github.com/kephas-software/kephas/releases for the change log.
           Also check the documentation and the samples from https://github.com/kephas-software/kephas/wiki and https://github.com/kephas-software/kephas/tree/master/Samples.