Nano ASP.NET SaaS Boilerplate
Please allow a few seconds if the app is booting from a cold start.
Admin credentials (all tenants): / Password123!
Sample data resets every hour
Nano ASP.NET SaaS Boilerplate
.NET Solution
Vue UI
React UI
Razor Pages
.NET Solution

Authentication & Authorization

There are a few key components that make Authorization & Authentication work.

Auth Service (Tokens)

Auth is responsible for issuing tokens. Tokens are what users receive when they log in to the app. In Infrastructure/Auth, you’ll find the TokenService service, which exposes the method GetTokenAsync. In GenerateJWTToken, roles and claims are added to the JWT token before it is signed and generated. Two important claims are the user & tenant Id.

Current Tenant User Service

CurrentTenantUserService is a scoped service; it has values for TenantId, UserId, and ConnectionString, and a SetTenantUser method. This method is fired on every request by middleware, TenantResolver.

CurrentTenantUserService is found in WebApi/Services and has access to the HttpContext object. This service will set the tenant id on every request and if a bearer token is present, will also set the user id. These values will be available for the rest of the request lifecycle. The CurrentTenantUserService also plays a role in multi-tenancy, providing the tenant ID for query filters that run in DB contexts.

Identity Service

The Identity Service contains methods for managing users, updating profiles, and forgot / reset password. Data operations are handled with UserManager, a service provided by ASP Identity.

ApplicationUser is the main user class, which inherits from IdentityUser provided by ASP Identity.

Restricting API Controllers

Access control is the responsibility of the API controllers and can be easily handled with [Authorize] attributes.

To allow anonymous access add the [AllowAnonymous] attribute above the controller or specific endpoint. The TokensController is an example of an endpoint that allows anonymous access. When sending an anonymous request, a tenant ID must be present as a request header.

Endpoints require authorization by default. On authenticated requests, the tenant & user Id are read as claims from the token.

You can specify which roles can access a particular endpoint, for example: [Authorize(Roles = “root, admin”)]. The boilerplate has four roles: root, admin, editor, & basic which you can customize as needed.

Identity Configuration

ASP Identity is registered in ConfigureApplicationServices found in WebApi/Extensions.

When ASP Identity is added to services, BaseDbContext is specified as the main context for identity. BaseDbContext inherits from IdentityDbContext. The main user class is ApplicationUser which inherits from IdentityUser, found in Infrastructure/Identity.

JWT Settings are also configured in ConfigureApplicationServices. Certain JWT parameters such as the key and duration are defined in appsettings.json.

Next Steps

That covers everything related to Identity. Next we’ll take a close look at how multi-tenancy works.