SECURITY SERVICE BRICK
Overview
The Security Service Brick has been developed to provide application security. Built on Microsoft ASP.NET Core Identity, it provides authentication and authorization for the application.
Microservices that participate in the SERVICE BRICK infrastructure use JSON web tokens (JWT) for security. Participants only need to add the ServiceBrick.Security.Member NuGet package, instead of the full security stack. Additionally, all member microservices must have the same shared "Token" application configuration settings.
Requirements
- Normal Startup Extensions for AddBrick, RegisterBrick and StartBrick with a storage provider
Developer Notes
Use the IUserManagerApiService for similar methods exposed as the ASP.NET Core Identity UserManager class.
Domain Processes
- ApplicationUserConfirmEmailProcess - When a user clicks the confirm email link. Validates the correct code and sets EmailConfirmed to true.
- ApplicationUserForgotPasswordProcess - When a user forgets their password and an email is sent that contains a link to change their password.
- ApplicationUserInvalidPasswordProcess - When a user submits an invalid password attempt when logging in.
- ApplicationUserLoginProcess - When a user attempts to log into the application.
- ApplicationUserLogoutProcess - When a user logs out of the application.
- ApplicationUserMfaProcess - When a user uses multi-factor authentication to log in.
- ApplicationUserMfaVerifyProcess - When a user verifies the code used for mult-factor authentication.
- ApplicationUserPasswordChangeProcess - When a user attempts to change their password.
- ApplicationUserPasswordResetProcess - When a user clicks the change password link from email and attempts to reset the password.
- ApplicationUserProfileChangeProcess - When a user changes their profile information.
- ApplicationUserRegisterAdminProcess - Registers an existing user with the ADMIN role.
- ApplicationUserRegisterProcess - Registers a new user with the application.
- ApplicationUserResendConfirmationProcess - When a user requests the system to resend a confirmation email.
Service Bus
This service publishes the following domain events:
- ServiceBrick.ServiceBus.CreateApplicationEmailEvent
- ServiceBrick.ServiceBus.CreateApplicationSmsEvent
Background Tasks
None
Interfaces and Data Transfer Objects
using ServiceBrick.Security.Api;
public interface IApplicationUserApiService : IApiService<ApplicationUserDto> { }
public interface IApplicationUserApiClient : IApiClient<ApplicationUserDto>, IApplicationUserApiService { }
public class ApplicationUserDto : DataTransferObject
{
public virtual string UserName { get; set; }
public virtual string NormalizedUserName { get; set; }
public virtual string Email { get; set; }
public virtual string NormalizedEmail { get; set; }
public virtual bool EmailConfirmed { get; set; }
public virtual string PasswordHash { get; set; }
public virtual string SecurityStamp { get; set; }
public virtual string ConcurrencyStamp { get; set; }
public virtual string PhoneNumber { get; set; }
public virtual bool TwoFactorEnabled { get; set; }
public virtual bool PhoneNumberConfirmed { get; set; }
public virtual DateTimeOffset? LockoutEnd { get; set; }
public virtual bool LockoutEnabled { get; set; }
public virtual int AccessFailedCount { get; set; }
public virtual DateTimeOffset CreateDate { get; set; }
public virtual DateTimeOffset UpdateDate { get; set; }
public virtual string TimezoneName { get; set; }
}
public interface IApplicationUserClaimApiService : IApiService<ApplicationUserClaimDto> { }
public interface IApplicationUserClaimApiClient : IApiClient<ApplicationUserClaimDto>, IApplicationUserClaimApiService { }
public class ApplicationUserClaimDto : DataTransferObject
{
public virtual string UserStorageKey { get; set; }
public virtual string ClaimType { get; set; }
public virtual string ClaimValue { get; set; }
}
public interface IApplicationUserRoleApiService : IApiService<ApplicationUserRoleDto> { }
public interface IApplicationUserRoleApiClient : IApiClient<ApplicationUserRoleDto>, IApplicationUserRoleApiService { }
public class ApplicationUserRoleDto : DataTransferObject
{
public virtual string UserStorageKey { get; set; }
public virtual string RoleStorageKey { get; set; }
}
public interface IApplicationUserLoginApiService : IApiService<ApplicationUserLoginDto> { }
public interface IApplicationUserLoginApiClient : IApiClient<ApplicationUserLoginDto>, IApplicationUserLoginApiService { }
public class ApplicationUserLoginDto : DataTransferObject
{
public virtual string LoginProvider { get; set; }
public virtual string ProviderKey { get; set; }
public virtual string ProviderDisplayName { get; set; }
public virtual string UserStorageKey { get; set; }
}
public interface IApplicationRoleApiService : IApiService<ApplicationRoleDto> { }
public interface IApplicationRoleApiClient : IApiClient<ApplicationRoleDto>, IApplicationRoleApiService { }
public class ApplicationRoleDto : DataTransferObject
{
public virtual string Name { get; set; }
public virtual string NormalizedName { get; set; }
public virtual string ConcurrencyStamp { get; set; }
}
public interface IApplicationUserTokenApiService : IApiService<ApplicationUserTokenDto> { }
public interface IApplicationUserTokenApiClient : IApiClient<ApplicationUserTokenDto>, IApplicationUserTokenApiService { }
public class ApplicationUserTokenDto : DataTransferObject
{
public virtual string UserStorageKey { get; set; }
public virtual string LoginProvider { get; set; }
public virtual string Name { get; set; }
public virtual string Value { get; set; }
}
public interface IApplicationRoleClaimApiService : IApiService<ApplicationRoleClaimDto> { }
public interface IApplicationRoleClaimApiClient : IApiClient<ApplicationRoleClaimDto>, IApplicationRoleClaimApiService { }
public class ApplicationRoleClaimDto : DataTransferObject
{
public virtual string RoleStorageKey { get; set; }
public virtual string ClaimType { get; set; }
public virtual string ClaimValue { get; set; }
}
public interface IAuditUserApiService : IApiService<AuditUserDto> {
Task<IResponseList<DomainTypeDto>> GetAuditUserProcessTypesAsync();
}
public interface IAuditUserApiClient : IApiClient<AuditUserDto>, IAuditUserApiService { }
public class AuditUserDto : DataTransferObject
{
public DateTimeOffset CreateDate { get; set; }
public string UserStorageKey { get; set; }
public int AuditUserProcessTypeKey { get; set; }
public string IPAddress { get; set; }
public string Browser { get; set; }
public string Message { get; set; }
public string Comments { get; set; }
}
Application Settings
{
"ServiceBrick": {
"Security": {
"Client": {
"ApiConfig": {
"ServiceUrl": "https://localhost:7000",
"TokenUrl": "https://localhost:7000/api/v1.0/Security/Authentication/AuthenticateUser",
"TokenType": "password",
"TokenClient": "email@servicebrick.com",
"TokenSecret": "mypassword"
}
},
"Token": {
"ValidateIssuer": true,
"ValidIssuer": "https://YourDomain.com",
"ValidateAudience": true,
"ValidAudience": "ServiceBrickAudience",
"ValidateIssuerSigningKey": true,
"ExpireMinutes": 1440,
// Make sure to change this, generate 2 guids and strip characters
"SecretKey": "768446B99503434DBA0EB19804E77763951D9D2D00F24BA4BE460396042FC5EF"
},
// Storage Providers
"AzureDataTables":{
"ConnectionString": ""
},
"EntityFrameworkCore":{
"ConnectionString": ""
},
"MongoDb":{
"ConnectionString": "",
"DatabaseName": ""
}
}
}
}