com-ih-net-api-utils-authorization 1.0.3

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet add package com-ih-net-api-utils-authorization --version 1.0.3
                    


                    

                
NuGet\Install-Package com-ih-net-api-utils-authorization -Version 1.0.3
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="com-ih-net-api-utils-authorization" Version="1.0.3" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="com-ih-net-api-utils-authorization" Version="1.0.3" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="com-ih-net-api-utils-authorization" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add com-ih-net-api-utils-authorization --version 1.0.3
                    


                    

                
#r "nuget: com-ih-net-api-utils-authorization, 1.0.3"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package com-ih-net-api-utils-authorization@1.0.3
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=com-ih-net-api-utils-authorization&version=1.0.3
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=com-ih-net-api-utils-authorization&version=1.0.3
                    


                            Install as a Cake Tool

This utility is to be used as a service in your application, commonly used in .NET Core web application.

The utility was implemented using the Interface concept, so a new instance must always be loaded through its Interface requesting a new (its) Implementation.

For use -> Configure (on Program.cs):

Two additions are needed in the Service:

- IApiSecurityConfigurationService: where the API Authentication settings are located.
- IApiSecuritySessionService: for using Filters in the execution of each call.

builder.Services.AddSingleton<IApiSecurityConfigurationService>(x => new ApiSecurityConfigurationService(new ApiSecurityConfigurationDomain()
{
    Session = new ApiSecurityConfigurationSessionDomain()
    {
        TimeSession = 30 (this will be used in your Service to set the expiration date/time)
    },
    Application = new ApiSecurityConfigurationApplicationDomain()
    {
        Id = "Unique ID for identification the your Application",
        Name = "Name of Application"
    },
    Headers = new ApiSecurityConfigurationHeadersDomain()
    {
        ApiHeaderTokenName = "",
        ValidateHeaderKeys = true/false (whether to validate the keys in the call header),
        ApiKeyName = "my-header-api-key",
        ApiKeyValue = "my-header-api-value",
        ApiSecretName = "my-header-secret-key",
        ApiSecretValue = "my-header-secret-value"
    },
    Cryptography = new ApiSecurityConfigurationCryptographyDomain()
    {
        KeyA = "Encrypt/Decrypt Key A",
        KeyB = "Encrypt/Decrypt Key B",
        KeyC = "Encrypt/Decrypt Key C"
    }
}));
builder.Services.AddSingleton<IApiSecuritySessionService, ApiSecuritySessionService>();

For use -> For generate Bearer Token in your Custom Service:

private readonly IApiSecurityConfigurationService _apiSecurityConfigurationService;
private readonly IApiSecuritySessionService _apiSecuritySessionService;

public UserService(
    IApiSecurityConfigurationService apiSecurityConfigurationService,
    IApiSecuritySessionService apiSecuritySessionService)
{
    _apiSecurityConfigurationService = apiSecurityConfigurationService;
    _apiSecuritySessionService = apiSecuritySessionService;
}

Note: Let's assume that 'user' is our personal User object, and 'session' is our Session object in the Service.

var objectForToken = new ApiSecurityAuthenticationBearerToken()
{
    User = new ApiSecurityAuthenticationBearerUserTokenResponse()
    {
        Id = user.Id.ToString(),
        AccessKey = user.AccessLogin,
        Name = user.Name
    },
    Session = new ApiSecurityAuthenticationBearerSessionTokenResponse()
    {
        Id = session.Id.ToString(),
        Application = application.ToString(),
        AuthenticatedAt = session.RegisteredAt,
        AuthenticationExpiresIn = session.ExpirationAt
    },
    Claims = await MapClaims(user.Id) -> List<string>
};

After the entire process of your method is successful, generate the token to return to the Login operation:

var bearerToken = await _apiSecuritySessionService.GenerateBearerToken(objectForToken);

For use -> Filters for 'controller endpoints', and examples:

Note: regardless of which 'filter' you use, it will only validate the keys in the 'header' when 'ValidateHeaderKeys' is 'true'.

- ApiAuthorizationNotLogged: It will only validate the keys in the 'header'.

Example for use:

[HttpGet("route/sub")]
[ApiAuthorizationNotLogged]
public async Task<Response> EndpointOperation()
{
    return ...
}

- ApiAuthorizationOnlyLogged: 

In addition to the header keys, it will validate the following:
- Whether it is a valid session (it was able to decode the Bearer Token)
- Whether the Expiration Date is still valid

Example for use:

[HttpGet("route/sub")]
[ApiAuthorizationOnlyLogged]
public async Task<Response> EndpointOperation()
{
    return ...
}

- ApiAuthorizationLoggedAndPermission:

In addition to the header keys, it will validate the following:
- Whether it is a valid session (it was able to decode the Bearer Token)
- Whether the Expiration Date is still valid
- Whether at least one of the Permissions defined in the Controller's endpoint is present in the Bearer Token's Claims.

Example for use:

[HttpGet("route/sub")]
[ApiAuthorizationLoggedAndPermission(claims: new []
{
    "Claim1",
    "Claim2",
    "Claim3",
    "Claim4"
})]
public async Task<Response> EndpointOperation()
{
    return ...
}

When execution/session is not successfully validated, the possible error returns will be:

- Unauthorized
- Forbidden
Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.3 119 5/2/2026
1.0.2 97 4/30/2026
1.0.1 114 2/24/2026
1.0.0 103 2/22/2026