MiniAuth A Lightweight Core Identity Web Backend Management Middleware Plugin
"One line of code to add Identity system and web backend system for user and permission management to new and old projects.
Out-of-the-box to avoid knock-out rewrites or severe coupling situations
Github: /mini-software/MiniAuth , Gitee: /shps951023/MiniAuth
specificities
- compatibility : be in favor of .NET identity Based on JWT, Cookie, Session et al. (and other authors)
- Simplicity: Plug-and-play design, API, SPA, MVC, Razor Page, etc. out of the box.
- Multi-database support : Support Oracle, SQL Server, MySQL, etc. EF Core
- Non-intrusive: does not affect existing databases, project structure
- Multi-platform : Support Linux, macOS environment
mounting
through (a gap)NuGet Mounting Kit
Quick Start
Add a line of code to Startup()
and run the project, example.
public class Program
{
public static void Main(string[] args)
{
var builder = (args);
(); // <= ❗❗❗
var app = ();
();
}
}
Then go to the administration web page, Link ashttp(s)://yourhost/miniauth/
The default administrator account isadmin@
The password isE7c4f679-f379-42bf-b547-684d456bc37f
(please remember to change your password) to manage your Identity users, roles, and endpoints.
Add to the categories or methods that need to be managed with permissions the[Authorize]
Or role control[Authorize(Roles = "Roles")]
If you are not logged in, you will get a 401 status, and if you do not have permission, you will get a 403 status.
MiniAuth Cookie Identity
MiniAuth is preset as a single Coookie Based identity, if you have a separate front-end and back-end project, please replace it with an Auth such as JWT.
MiniAuth JWT Identity
Simply specify the AuthenticationType as BearerJwt
(options:(options) =>
{
= ;
});
Please remember to customize the JWT Security Key as follows.
(options: (options) =>
{
= new SymmetricSecurityKey(Encoding.("6ee3edbf-488e-4484-9c2c-e3ffa6dcbc09"));
});
How to get user token
Front-end Javascript XHR Examples
var data = ({
"username": "admin@",
"password": "E7c4f679-f379-42bf-b547-684d456bc37f",
"remember": false
});
var xhr = new XMLHttpRequest();
= true;
("readystatechange", function() {
if( === 4) {
();
}
});
("POST", "http://yourhost/miniauth/login");
("Content-Type", "application/json");
(data);
Return results
{
"ok": true,
"code": 200,
"message": null,
"data": {
"tokenType": "Bearer",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiIxZTIxOGY4My1iZjE3LTRhY2YtODhmOS1iOTQ3NjhjOWUwMGMiLCJuYW1lIjoiYWRtaW5AbWluaS1zb2Z0d2FyZS5naXRodWIuaW8iLCJyb2xlIjoibWluaWF1dGgtYWRtaW4iLCJzdWIiOiJhZG1pbkBtaW5pLXNvZnR3YXJlLmdpdGh1Yi5pbyIsIm5iZiI6MTcxODIwNDg5NSwiZXhwIjoxNzE4MjA1Nzk1LCJpYXQiOjE3MTgyMDQ4OTUsImlzcyI6Ik1pbmlBdXRoIn0._-DQ_rcbeju8_nrK2lD5we0rre04_xdDZNF6NhM0Rg0",
"expiresIn": 900
}
}
Save the accessToken in localstorage or a cookie and set it when calling your [Authorize] api.Header Authorization : Bearer + blank space + accessToken
The system will automatically validate it.
Example.
var xhr = new XMLHttpRequest();
= true;
("readystatechange", function() {
if( === 4) {
();
}
});
("GET", "http://yourhost:5014/your/api");
("Authorization", "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiIxZTIxOGY4My1iZjE3LTRhY2YtODhmOS1iOTQ3NjhjOWUwMGMiLCJuYW1lIjoiYWRtaW5AbWluaS1zb2Z0d2FyZS5naXRodWIuaW8iLCJyb2xlIjoibWluaWF1dGgtYWRtaW4iLCJzdWIiOiJhZG1pbkBtaW5pLXNvZnR3YXJlLmdpdGh1Yi5pbyIsIm5iZiI6MTcxODIwNDg5NSwiZXhwIjoxNzE4MjA1Nzk1LCJpYXQiOjE3MTgyMDQ4OTUsImlzcyI6Ik1pbmlBdXRoIn0._-DQ_rcbeju8_nrK2lD5we0rre04_xdDZNF6NhM0Rg0");
();
Set expiration time
= 30 * 60;
NET JWT ClockSkew JwtBearerOptions preset in seconds, preset 30 minutes, also note that .rationale
Refresh Refresh Token API (JWT)
API : /MiniAuth/refreshToken
Body:
{
"refreshToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxZTIxOGY4My1iZjE3LTRhY2YtODhmOS1iOTQ3NjhjOWUwMGMiLCJuYmYiOjE3MTg1MjIxOTEsImV4cCI6MTcxODUyMzk5MSwiaWF0IjoxNzE4NTIyMTkxLCJpc3MiOiJNaW5pQXV0aCJ9.HYBWrM2suDiM4OG0FSlXhNgktZIG9l3ufmIAnwZiIoU"
}
Header:
Authorization:Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYWRtaW5AbWluaS1zb2Z0d2FyZS5naXRodWIuaW8iLCJyb2xlIjoibWluaWF1dGgtYWRtaW4iLCJzdWIiOiIxZTIxOGY4My1iZjE3LTRhY2YtODhmOS1iOTQ3NjhjOWUwMGMiLCJuYmYiOjE3MTg1MjIxOTEsImV4cCI6MTcxODUyNTc5MSwiaWF0IjoxNzE4NTIyMTkxLCJpc3MiOiJNaW5pQXV0aCJ9.rgAgsziAdLqOC9NYra-M9WQl8BJ99sRdfzRKNkMz9dk
Expires on / 2
30 minutes preset
Settings, Options, Customization
default mode
- MiniAuth preset mode for IT Admin centralized user management, user registration, password reset and other operations require Admin privileges account operation, preset Role = miniauth-admin
Close MiniAuth Login
If you only want to use your own login logic, pages, and APIs, you can specify the login path and turn off the switch
// put together service Before registering
(options: (options) =>
{
= "/Identity/Account/Login";
= true;
});
Customizing the preset SQLite Connection String
(options: (options) =>
{
= "Data Source=miniauth_identity.db";
});
Customize databases, users, roles
MiniAuth system preconfigured to use SQLite EF Core, IdentityUser, IdentityRole out of the box
If you need to switch please do so in the The generalization specifies different databases, their own users, and role classes.
<YourDbContext, YourIdentityUser, YourIdentityRole>();
Login, user authentication
Non-ApiController preset login oriented page (determines if way Headers["X-Requested-With"] == "XMLHttpRequest" or ApiControllerAttribute)
The ApiController's Controller preset does not lead to the login page, but returns a 401 status code.
Customized front-end
- The management back-end front-end is in the
/src/Frontend_Identity
The main body uses Vue3 + Vite, and the miniauth UI can be updated by running a build with npm. - The login page doesn't want to use the miniauth preset, mvc can either use identity's own Scaffolded or change the miniauth frontend's , js, css
Customized Routing Prefixes
(options: (options) =>
{
= "YourName";
});
RoutePrefix is preset toMiniAuth
。
Login API (JWT)
API: /MiniAuth/login
Body:
{
"username":"admin@",
"password":"E7c4f679-f379-42bf-b547-684d456bc37f",
"remember":false
}
Response:
{
"ok": true,
"code": 200,
"message": null,
"data": {
"tokenType": "Bearer",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYWRtaW5AbWluaS1zb2Z0d2FyZS5naXRodWIuaW8iLCJyb2xlIjoibWluaWF1dGgtYWRtaW4iLCJzdWIiOiIxZTIxOGY4My1iZjE3LTRhY2YtODhmOS1iOTQ3NjhjOWUwMGMiLCJuYmYiOjE3MTg1MjIxOTEsImV4cCI6MTcxODUyNTc5MSwiaWF0IjoxNzE4NTIyMTkxLCJpc3MiOiJNaW5pQXV0aCJ9.rgAgsziAdLqOC9NYra-M9WQl8BJ99sRdfzRKNkMz9dk",
"expiresIn": 3600,
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxZTIxOGY4My1iZjE3LTRhY2YtODhmOS1iOTQ3NjhjOWUwMGMiLCJuYmYiOjE3MTg1MjIxOTEsImV4cCI6MTcxODUyMzk5MSwiaWF0IjoxNzE4NTIyMTkxLCJpc3MiOiJNaW5pQXV0aCJ9.HYBWrM2suDiM4OG0FSlXhNgktZIG9l3ufmIAnwZiIoU"
}
}
enrollment
Please use Core Identity's own registration API to follow along with the page
forgotten password?
Please use Core Identity's own registration API to follow along with the page
Get user information
Please use Core Identity's own registration API to follow along with the page
caveat
Pay attention to the order
Please put UseMiniAuth after the route generation, otherwise the system can't get the route data for permission judgment, such as.
();
();
Please add a Role rule
Please addAddRoles<IdentityRole>()
or else[Authorize(Roles = "Permissions")]
will not take effect
<IdentityUser>(options => = true)
.AddRoles<IdentityRole>() // ❗❗❗
.AddEntityFrameworkStores<ApplicationDbContext>();
Apply to existing identity projects, customize logic
Turn AddMiniAuth autoUse off, put UseMiniAuth and replace the generic parameter with your own IdentityDBContext, user, permissions authentication after your own Auth, example.
public static void Main(string[] args)
{
var builder = (args);
var connectionString = ("DefaultConnection") ?? throw new InvalidOperationException("Connection string 'DefaultConnection' not found.");
<ApplicationDbContext>(options =>
(connectionString));
();
<IdentityUser>(options => = true)
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>();
();
(autoUse: false); // <= ❗❗❗
var app = ();
<ApplicationDbContext, IdentityUser, IdentityRole>(); // <= ❗❗❗
(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
();
();
}
Ability to switch to use your own user, role, DB, Identity logic.
distributed system
- Please change the database source to SQL Server, MySQL, PostgreSQL, etc.
- It is recommended to change the auth method such as JWT