F# WebAPI endpoint protection based on Azure AD roles
The library ships as following packages:
Async
public interfacesTask
public interfacesPartProtector
abstraction, alternatively build on the base AAD.fs ResourceOwner
primitivesNoop.PartProtector
to bypass the verification of demands (for example to implement feature switch)AsyncRequestor
or TaskRequestor
from AAD.fs package or Identity platform SDK library directly.The build requires at least .NET Core SDK 8 installed. When building for the first time restore the local tools, in this directory run:
dotnet tool restore
, thendotnet fsi build.fsx
or try ./build.fsx --list
to see the available targets.The test scenario implements authorization using Azure Application Roles. The sample application can be found in your Azure Active Directory once provisioned:
az login
dotnet fsi build.fsx -t registerSample
dotnet fsi build.fsx -t integration
The build script is implemented using FAKE.
The registrated application and principals are kept in your Azure subscription and information about them - in your dotnet user-secrets
,
when you no longer need them, you can delete them with dotnet fsi build.fsx -t unregisterSample
.
Note: Integration tests demonstrate a couple approaches in requestor error handling:
- Async-based implementation uses custom result type to avoid throwing exceptions
- Task-based implementation depends on the consumer code to handle the exceptions
Either approach can be used with either version of the requestor.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.