π Easy Authentication and Authorization with Keycloak in .NET.
For Developer Documentation see: https://nikiforovall.github.io/keycloak-authorization-services-dotnet
See: https://nikiforovall.github.io/keycloak-authorization-services-dotnet-docs
Install packages:
dotnet add package Keycloak.AuthServices.Authentication
// Program.cs
using Keycloak.AuthServices.Authentication;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddKeycloakWebApiAuthentication(builder.Configuration);
builder.Services.AddAuthorization();
var app = builder.Build();
app.UseAuthentication();
app.UseAuthorization();
app.MapGet("/", () => "Hello World!").RequireAuthorization();
app.Run();
In this example, configuration is based on appsettings.json
.
//appsettings.json
{
"Keycloak": {
"realm": "Test",
"auth-server-url": "http://localhost:8080/",
"ssl-required": "none",
"resource": "test-client",
"verify-token-audience": false,
"credentials": {
"secret": ""
},
"confidential-port": 0
}
}
With Keycloak.AuthServices.Authorization
, you can implement role-based authorization in your application. This package allows you to define policies based on roles. Also, you can use Keycloak as Authorization Server. It is a powerful way to organize and apply authorization polices centrally.
var builder = WebApplication.CreateBuilder(args);
var host = builder.Host;
var configuration = builder.Configuration;
var services = builder.Services;
services.AddKeycloakWebApiAuthentication(configuration);
services.AddAuthorization(options =>
{
options.AddPolicy("AdminAndUser", builder =>
{
builder
.RequireRealmRoles("User") // Realm role is fetched from token
.RequireResourceRoles("Admin"); // Resource/Client role is fetched from token
});
})
.AddKeycloakAuthorization(configuration);
var app = builder.Build();
app.UseAuthentication();
app.UseAuthorization();
app.MapGet("/hello", () => "[]")
.RequireAuthorization("AdminAndUser");
app.Run();
var services = new ServiceCollection();
services.AddKeycloakAdminHttpClient(new KeycloakAdminClientOptions
{
AuthServerUrl = "http://localhost:8080/",
Realm = "master",
Resource = "admin-api",
});
var sp = services.BuildServiceProvider();
var client = sp.GetRequiredService<IKeycloakRealmClient>();
var realm = await client.GetRealmAsync("Test");
dotnet cake --target build
dotnet cake --target test
dotnet pack -o ./Artefacts