Skip to content

AuthorizationAndCleanArchitecture

cs
using Api;
using Api.Filters;
using Keycloak.AuthServices.Authentication;
using Keycloak.AuthServices.Authentication.Configuration;
using Keycloak.AuthServices.Authorization;
using Microsoft.AspNetCore.Authorization;


var builder = WebApplication.CreateBuilder(args);

var services = builder.Services;
var configuration = builder.Configuration;
var host = builder.Host;

host.ConfigureLogger();
host.ConfigureKeycloakConfigurationSource("keycloak.json");

services.AddInfrastructure(configuration);

#pragma warning disable ASP0000
DatabaseUtils.MigrateDatabase(services.BuildServiceProvider());
#pragma warning restore ASP0000

services
    .AddApplication()
    .AddSwagger();

// adds client resource claims transformation
services.AddKeycloakWebApiAuthentication(configuration, o =>
{
    o.RequireHttpsMetadata = false;
});

services.AddAuthorization(o =>
{
    o.FallbackPolicy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .Build();

    o.AddPolicy(PolicyConstants.MyCustomPolicy, b =>
    {
        // b.AddRequirements(new DecisionRequirement("workspaces", "workspaces:read"));
        b.RequireProtectedResource("workspaces", "workspaces:read");
    });

    o.AddPolicy(PolicyConstants.CanDeleteAllWorkspaces, b =>
    {
        b.RequireRealmRoles("SuperManager");
    });

    o.AddPolicy(PolicyConstants.AccessManagement, b =>
    {
        b.RequireResourceRoles("Manager");
    });
}).AddKeycloakAuthorization()
.AddAuthorizationServer(configuration);

services.AddSingleton<IAuthorizationPolicyProvider, ProtectedResourcePolicyProvider>();

services.AddControllers(options =>
    options.Filters.Add<ApiExceptionFilterAttribute>());

var app = builder.Build();

app
    .UseSwagger()
    .UseSwaggerUI()
    .UseAuthentication()
    .UseAuthorization();

app.MapControllers();

app.Run();

See sample source code: keycloak-authorization-services-dotnet/tree/main/samples/AuthorizationAndCleanArchitecture