SecurityBlanket 1.0.0
See the version list below for details.
dotnet add package SecurityBlanket --version 1.0.0
NuGet\Install-Package SecurityBlanket -Version 1.0.0
<PackageReference Include="SecurityBlanket" Version="1.0.0" />
paket add SecurityBlanket --version 1.0.0
#r "nuget: SecurityBlanket, 1.0.0"
// Install SecurityBlanket as a Cake Addin #addin nuget:?package=SecurityBlanket&version=1.0.0 // Install SecurityBlanket as a Cake Tool #tool nuget:?package=SecurityBlanket&version=1.0.0
A Security Blanket for your API
When building an API, you have to always worry about data leaks: is it possible for a customer to accidentally view data for another customer? Does your API expose some information they shouldn't be permitted to see?
You can tell your engineers to check their database queries carefully, but even the tiniest mistake can leak customer data in a multi-tenant software-as-a-service environment.
With SecurityBlanket, you can add a second layer of protection: a middleware filter that verifies all your data before the API serves up a response.
Here's how to use it.
Step 1 - Add the middleware to your project
In your Program.cs file, mark all controllers to use the security blanket action filter.
var builder = WebApplication.CreateBuilder(args);
// Add the Security Blanket middleware to all API responses
builder.Services.AddControllersWithViews(options =>
{
options.Filters.Add<SecurityBlanketActionFilter>();
});
var app = builder.Build();
Step 2 - Give your API response objects security rules
Add the IVisibleResult or IVisibleAsyncResult interface to your API response classes.
This interface allows the object to determine whether or not it is permitted to be seen
by the current HttpContext. This independent check will help you ensure that all
database queries produce data the user is entitled to view.
public class MyApiResultObject : IVisibleResult {
public int AccountId { get; set; }
bool IsVisible(HttpContext context)
{
return this.AccountId == context.Session.GetInt32("accountId");
}
}
Step 3 - Monitor your logs for security exceptions
If one of your APIs attempts to show an object to a user who isn't entitled to see it, you will get an exception. Track these exceptions and make sure that you track down all the sources of object visibility errors.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
| .NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
| .NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
| .NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
| MonoAndroid | monoandroid was computed. |
| MonoMac | monomac was computed. |
| MonoTouch | monotouch was computed. |
| Tizen | tizen40 was computed. tizen60 was computed. |
| Xamarin.iOS | xamarinios was computed. |
| Xamarin.Mac | xamarinmac was computed. |
| Xamarin.TVOS | xamarintvos was computed. |
| Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.0
- No dependencies.
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
# 1.0.0
November 16, 2022
Initial release with extremely basic functionality.