Allow specifying user roles for ApiKey and Basic Authentication #170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

marcominerva merged 24 commits into master from develop

Oct 16, 2025

Owner

marcominerva commented Oct 16, 2025

This pull request introduces support for assigning roles to users authenticated via API Key and Basic Authentication, enhancing authorization capabilities across the library and its sample projects. The changes include updates to configuration files, controller logic, and data models to enable role-based claims and authorization checks, along with documentation improvements to guide usage.

Role-based authentication and authorization:

Added support for specifying roles in API Key and Basic Authentication credentials via the Roles property in configuration files (appsettings.json). These roles are now added as claims to the user's identity upon successful authentication. [1] [2]
Updated controller and minimal API endpoints in sample projects to extract user roles from claims and demonstrate role-based authorization using [Authorize(Roles = ...)] and policy requirements. The User model now includes a list of roles. [1] [2] [3] [4]

Configuration and extensibility:

Added comments and examples for custom claim types (NameClaimType, RoleClaimType) in API Key and Basic Authentication configuration, allowing further customization of identity claims. [1] [2]
Registered custom validator services (IApiKeyValidator, IBasicAuthenticationValidator) in sample projects to support dynamic authentication scenarios when credentials are not fixed in configuration. [1] [2] [3] [4]

Documentation improvements:

Updated the README.md to document the new role assignment feature for API Key and Basic Authentication, including configuration examples and usage of ASP.NET Core's role-based authorization. Also clarified JWT Bearer registration behavior. [1] [2]

Data model updates:

Extended the ApiKey record to include a Roles property and implemented custom equality logic to ensure role lists do not affect key comparison.

Minor adjustments:

Removed the obsolete EnableJwtBearerService setting from JWT Bearer configuration in sample projects for clarity. [1] [2]

Closes #166
Closes #168

Copilot AI and others added 24 commits

October 8, 2025 15:47


          Initial plan

d4cd6d7


          Add Roles support to ApiKey and Basic Authentication

6442cd6

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Update sample applications to test roles feature and fix project refe…

1f7daa2

…rences

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Address PR feedback: add Roles to single credentials, rename Admin to…

92de02f

… Administrator, use configured RoleClaimType

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Update README to document Roles support for single credentials

113053b

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Move ApiKey and Credential classes to separate files

57fc9b8

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Change Roles type from string[] to IEnumerable&lt;string&gt;

a356735

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Make Roles property non-nullable with empty array default in settings…

01b8ee3

… classes

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Remove WithOpenApi extension method calls from sample endpoints

2128ebc

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Initial plan

66784b8


          Remove EnableJwtBearerService setting and always register IJwtBearerS…

3e14dd7

…ervice

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Merge branch 'develop' to resolve conflicts

1a5e0ae

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Update package references to version 3.0.13

e9accf0

Updated `SimpleAuthentication.Swashbuckle.csproj` to use `SimpleAuthenticationTools.Abstractions` version 3.0.13. Added `SimpleAuthenticationTools.Abstractions` version 3.0.13 to `SimpleAuthentication.csproj`. Removed direct project reference to `SimpleAuthentication.Abstractions` in favor of package dependency.


          Merge branch 'develop' to resolve conflicts with latest changes

c5e8923

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Merge branch 'develop' into copilot/remove-jwt-bearer-setting

afc88fb

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Merge commit

1cfb988


          Merge pull request #168 from marcominerva/copilot/remove-jwt-bearer-s…

0cd22eb

…etting

Remove EnableJwtBearerService setting and always register IJwtBearerService


          Merge branch 'develop' into copilot/add-roles-parameter-authentication

4fe25c2

# Conflicts:
#	src/SimpleAuthentication.Abstractions/ApiKey/ApiKey.cs
#	src/SimpleAuthentication.Abstractions/ApiKey/ApiKeySettings.cs
#	src/SimpleAuthentication.Abstractions/BasicAuthentication/BasicAuthenticationSettings.cs
#	src/SimpleAuthentication.Abstractions/BasicAuthentication/Credential.cs
#	src/SimpleAuthentication.Swashbuckle/SimpleAuthentication.Swashbuckle.csproj
#	src/SimpleAuthentication/SimpleAuthentication.csproj


          Merge develop branch and fix roles configuration binding

1dbe514

Co-authored-by: marcominerva <3522534+marcominerva@users.noreply.github.com>


          Merge pull request #166 from marcominerva/copilot/add-roles-parameter…

278bb18

…-authentication

Add Roles support to ApiKey and Basic Authentication


          Enhance authentication setup and endpoint clarity

6fcbac8

- Ensure roles in `ApiKey` and `Credential` classes are non-optional and add equality/hash code methods.
- Initialize roles and claims with empty lists in settings and validation result classes to prevent null references.
- Simplify role claim addition in authentication handlers by removing null checks.
- Maintain consistency in `SimpleAuthenticationExtensions` by initializing roles with empty lists if null.


          Add role-based authorization to MeController

c80526e

Updated MeController to include role-based authorization by modifying the Get method to accept role settings and return user roles. Added AdministratorOnly and UserOnly endpoints with role-based access. Updated User record to include roles. Extended appsettings.json for role configuration. Adjusted Program.cs for new authorization requirements.


          Enhance parameter validation logic

8943e6d

Replaced `ArgumentNullException.ThrowIfNull` with `ArgumentException.ThrowIfNullOrWhiteSpace` across multiple files to ensure parameters are not null, empty, or whitespace. Updated `SwaggerExtensions.cs` and `OpenApiExtensions.cs` to use this validation for `sectionName`. In `SimpleAuthenticationExtensions.cs`, adjusted `defaultAuthenticationScheme` handling and improved validation for `JwtBearerSettings`, `ApiKeySettings`, and `BasicAuthenticationSettings` properties. These changes prevent runtime errors by ensuring meaningful content in string parameters.


          Merge branch 'master' into develop

9bcf25f

marcominerva merged commit f2b89d1 into master

6 checks passed

This was linked to issues Oct 16, 2025

Allow specifying user roles for ApiKey and Basic Authentication #165

Closed

Remove EnableJwtBearerService from settings and always register the Service #167

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet