Skoruba for Identity Server - a review of authorization module for .NET Applications
.NET Core gives us a lot of possibilities in terms of building business solutions in the logistic, finance or banking sector. Among the most important advantages of this environment are built-in mechanisms of user authentication and authorization, enabling to build requests workflow relying on modules called middleware. These modules can be replaced, to change behavior of our application and way how the application handles incoming requests.
.NET Core also lets us protect our application against attacks such as: XSS, SQL Injection, CSRF or Open Redirect Attacks. Also, we can easily enforce the application to use HTTPS instead of less secure HTTP. Thanks to .NET Core developers can implement the authorization process in many ways, like: role-based authorization, claims-based or policies-based.
For the above reasons, .NET Core solutions are often used in big organizations, corporations and enterprises. Due to the huge amount of users and complicated business processes, these systems require complex and solid mechanisms to protect users accounts and to manage identities in our applications.
Therefore, in this short review post we will provide one the tools we utilized for secure authorization built for one of our corporate clients, namely .NET-based Skoruba.IdentityServer4.Admin project.
What’s Skoruba?
Scoruba is an open-source project providing a user interface that allows for the administration of IdentityServer4 and ASP.NET Core Identity functionalities. Thanks to this project we are relieved in some way from creating the visual side of the functionality related to user management. Main advantage of Scoruba project is the user-friendly interface, which relies on Bootstrap, and let’s us manage users, passwords, two-factor authentication, roles, clients, resources or structure of access tokens and their claims in a very efficient way.
Source: https://github.com/skoruba/IdentityServer4.Admin
In addition, Skoruba also provides an API that we can consume in any way and, on its basis, build the logic related to account management in a way that will better suit our business requirements. All documentation of this API is available thanks to Swagget, which also allows us to test individual actions of the API.
The ability to change the database provider in which we store all of the identity information is also easier and by default we have a choice of such providers as: SqlServer, MySql and PostgreSql.
Another advantage of the Skoruba is the very well developed mechanism of logging events in our application that is based on the Serilog library, which allows for very efficient identification of potential problems occurring while the application is running. You can see the Skoruba’s application visualisation below:
Source: https://github.com/skoruba/IdentityServer4.Admin
How Scoruba handles user roles? Example
We can see here, how the section of interface where user roles can be modified looks like:
If we hadn’t used Scoruba, we’d have to create it all by ourselves including the logic and way how to present it in good manner. So, it gives us a lot of functions that we don’t have to create and be more focused on our business requirements instead of making the whole new user interface to handle IdentityServer4 and ASP.NET Core Identity services. The example logic that shows us how Scoruba generates user roles as presented above, is shown in the code-block below:
public virtual async Task BuildUserRolesViewModel(TKey id, int? page)
{s
var roles = await GetRolesAsync();
var userRoles = await GetUserRolesAsync(id.ToString(), page ?? 1);
userRoles.UserId = id;
userRoles.RolesList = roles.Select(x => new SelectItemDto(x.Id.ToString(), x.Name)).ToList();
return userRoles;
}
public virtual async Task GetUserRolesAsync(string userId, int page = 1, int pageSize = 10)
{
var userExists = await IdentityRepository.ExistsUserAsync(userId);
if (!userExists) throw new UserFriendlyErrorPageException(string.Format(IdentityServiceResources.UserDoesNotExist().Description, userId),
IdentityServiceResources.UserDoesNotExist().Description);
var userIdentityRoles = await IdentityRepository.GetUserRolesAsync(userId, page, pageSize);
var roleDtos = Mapper.Map(userIdentityRoles);
var user = await IdentityRepository.GetUserAsync(userId);
roleDtos.UserName = user.UserName;
await AuditEventLogger.LogEventAsync(new UserRolesRequestedEvent(roleDtos));
return roleDtos;
}
What’s more? If we wish, we can change the appearance of the interface if we want, because the whole page is made with RazorPages in MVC design pattern. We may also modify the content of the site by alternating the logic that will be accurate to our business needs.
If you need more information about the Scoruba project and its power just go to the project site on GitHub: https://github.com/skoruba/IdentityServer4.Admin
Summary
In Inero Software – R&D software house we deal with ambitious and demanding software development projects. In this blog post we showed how quickly one can use ready-to-use existing open-source solutions to provide an efficient way of implementing software security. Apart from presented use-case, Scoruba and Identity Server can be also used for working with mobile devices, IoT systems or withing a M2M communication between machines or robots.
If you want to know more about us or more about how to transform business needs to reliable digital products, visit our blog or read more about us on our webpage:
https://inero-software.com or on our blog site: https://inero-software.com/category/blog/company/
