Fucu.MinimalAPIsTemplate 1.0.0

There is a newer version of this package available.
See the version list below for details.

dotnet add package Fucu.MinimalAPIsTemplate --version 1.0.0

NuGet\Install-Package Fucu.MinimalAPIsTemplate -Version 1.0.0

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Fucu.MinimalAPIsTemplate" Version="1.0.0" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

paket add Fucu.MinimalAPIsTemplate --version 1.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Fucu.MinimalAPIsTemplate, 1.0.0"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

// Install Fucu.MinimalAPIsTemplate as a Cake Addin
#addin nuget:?package=Fucu.MinimalAPIsTemplate&version=1.0.0

// Install Fucu.MinimalAPIsTemplate as a Cake Tool
#tool nuget:?package=Fucu.MinimalAPIsTemplate&version=1.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

MinimalAPIsTemplate

Complete and working ASP.NET Core Minimal APIs template, with lots of ready to go examples, including OAuth 2.0 Authentication using JSON Web Algorithms and Tokens (JWA, JWT, JWS, JWE) as Bearer.

Examples of services and middlewares in this template:

Architecture based on Minimal APIs pattern with Endpoint Handlers
Asynchronous Service calls with Dependency Injection (DI) and Scoped Services
Authentication with JWT, JWS, JWE and JOSE
Authorization with additional policies using Authorization Handler
Dapper
Docker
Entity Framework Core and LINQ
Exception Handler and error handling
GZipStream compression and decompression
Hangfire
Health Checks
HSTS and HTTPS redirection
NLog and JSON console
OpenAPI Swagger with Swashbuckle
StopWatch

AuthN and AuthZ examples ready to go:

JWT unsigned and not encrypted for basic knowledge
JWS ("alg": "HS512") signed with HMAC SHA-512 using a symmetric key
JWS ("alg": "RS512") signed with RSA SHA-512 using a X509 Certificate asymmetric key
JWE ("enc": "A256CBC-HS512", "alg": "dir") encrypted with AES256 using a symmetric key and signed with HMAC SHA-512 using a symmetric key
JWE ("enc": "A256CBC-HS512", "alg": "dir") encrypted with AES256 using a symmetric key and signed with RSA SHA-512 using a X509 Certificate asymmetric key
JOSE ("enc": "A256CBC-HS512", "alg": "RSA-OAEP") encrypted with RSA-OAEP using a X509 Certificate asymmetric key and signed with RSA-SSA-PSS-SHA512 using another X509 Certificate asymmetric key
Test API for Login, Authentication and Authorization with one of the generated Bearer token

How to use

Call a generate token method and copy the returned Bearer token token
Log in clicking the Authorize green button in the Swagger UI and enter the value: "Bearer token" (without double quotes, replace token with its value)
Call tryToken method. You will get 200 if authenticated, 401 otherwise

How to generate a PFX certificate

If you want to manually generate a .pfx file, you can use the following OpenSSL commands, then copy it to the Certificates folder of the project:

openssl genrsa -aes256 -out sign-key.pem 2048  
openssl req -new -x509 -sha256 -outform pem -key sign-key.pem -days 365 -out sign-cert.pem  
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.pem

How to generate NLog table

You can use the following T-SQL command to generate a table working with this NLog sample:

CREATE TABLE [dbo].[NLog] (
    [ID]        INT            IDENTITY (1, 1) NOT NULL,
    [Logged]    DATETIME       NULL,
    [Level]     NVARCHAR (MAX) NULL,
    [Message]   NVARCHAR (MAX) NULL,
    [Logger]    NVARCHAR (MAX) NULL,
    [Callsite]  NVARCHAR (MAX) NULL,
    [Exception] NVARCHAR (MAX) NULL,
    PRIMARY KEY CLUSTERED ([ID] ASC)
);

Sources and useful links

RFC 8259: The JavaScript Object Notation (JSON) Data Interchange Format - https://www.rfc-editor.org/rfc/rfc8259
RFC 7518: JSON Web Algorithms (JWA) - https://www.rfc-editor.org/rfc/rfc7518
RFC 7520: Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE) - https://www.rfc-editor.org/rfc/rfc7520.html
RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2 - https://www.rfc-editor.org/rfc/rfc8017

FAQ

When sending a JWT (more properly a JWS) from microservice A to microservice B, should microservice A sign the token using its own public key, its own private key, microservice B's public key, or microservice B's private key?

Microservice A should sign the token using its own private key. The digital signature is used to verify the integrity of the token and to prove that it was sent from a trustworthy source. When microservice A sends the JWT to B, it signs the token with its own private key to prove that it was sent by A and that the contents of the token have not been altered during transmission. Microservice B can then verify the signature using A's public key. This way, B can be sure that the token was sent by A and that the contents of the token have not been altered during transmission.

When sending a JWT (more properly a JWE) from microservice A to microservice B, should microservice A encrypt the token using its own public key, its own private key, microservice B's public key, or microservice B's private key?

Microservice A should encrypt the token using microservice B's public key. Encryption is used to protect sensitive data inside the token during transmission from A to B. In an asymmetric encryption system, the public key is used to encrypt data and verify the signature, while the private key is used to decrypt data and sign the token. When microservice A sends the JWT to B, it should encrypt the token using B's public key so that only B, possessing the corresponding private key, can decrypt the sensitive data.

In summary, microservice A should sign the JWT using its own private key, and microservice B should verify the signature using A's public key. Microservice A should encrypt the JWT using B's public key and only B, possessing the corresponding private key, will be able to decrypt the sensitive data.

Product	Compatible and additional computed target framework versions.
.NET	net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net7.0
- Dapper (>= 2.0.123)
- Hangfire.AspNetCore (>= 1.7.32)
- Hangfire.Core (>= 1.7.32)
- Hangfire.MemoryStorage.Core (>= 1.4.0)
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 7.0.2)
- Microsoft.EntityFrameworkCore.SqlServer (>= 7.0.2)
- Microsoft.IdentityModel.Tokens (>= 6.26.0)
- Microsoft.VisualStudio.Azure.Containers.Tools.Targets (>= 1.17.0)
- NLog.Database (>= 5.1.1)
- NLog.Extensions.Logging (>= 5.2.1)
- NLog.Web.AspNetCore (>= 5.2.1)
- Swashbuckle.AspNetCore (>= 6.5.0)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last updated
1.0.4	148	8/17/2023
1.0.3	143	7/26/2023
1.0.2	127	6/8/2023
1.0.1	233	2/16/2023
1.0.0	226	2/7/2023