casbin-net / casbin-aspnetcore

Casbin.NET integration middleware and sample code for ASP.NET Core
https://github.com/casbin/Casbin.NET
Apache License 2.0
64 stars 20 forks source link
abac acl aspnet aspnetcore auth authorization casbin dotnet rbac security

Casbin.AspNetCore

Actions Status Coverage Status License Nuget

Casbin.AspNetCore is a Casbin.NET integration and extension for ASP.NET Core.

Installation

This project is on developing, You can install the build version to try it.

dotnet add package Casbin.AspNetCore --version <build package version>

Or you create a NuGet.config file on you solution directory like this.

<configuration>
  <packageSources>
    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
  </packageSources>
</configuration>

Quick Start

You should add the service at ConfigureServices method and add MiddleWare at Configure method like this:

public void ConfigureServices(IServiceCollection services)
{
    // Other codes...

    //Add Casbin Authorization
    services.AddCasbinAuthorization(options =>
    {
        options.DefaultModelPath = "<model path>";
        options.DefaultPolicyPath = "<policy path>";
    });
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    // Other codes...

    app.UseCasbinAuthorization();

    // You can add this to support offical authorization too.
    app.UseAuthorization();

    // Other codes...
}

Now you can use the attribute like offical authorization, If you use the Basic Model, It will like this:

[CasbinAuthorize("<obj>", "<act>")]
public IActionResult Index()
{
    return View();
}

How It Works

Here is a sequence chart that can well describe the process of this middleware. In the beginning, It looks like the process of official authorization middleware. It changes in the last half part.

Sequence Chart of Middleware

Samples

Sample applications using Casbin.AspNetCore can be found at sample directory.

Migrate form v0.x to v1.x

  1. Check the interfaces change:
    • IEnforcerProvider
      public interface IEnforcerProvider
      {
      // Before
      public Enforcer? GetEnforcer();
      // Now
      public IEnforcer? GetEnforcer();
      }
    • ICasbinModelProvider
      public interface ICasbinModelProvider
      {
      // Before
      public Model? GetModel();
      // Now
      public IModel? GetModel();
      }

Getting Help

License

This project is under Apache 2.0 License. See the LICENSE file for the full license text.