Security

Structr.Security package contains classes and extension methods that will help in organization application security infrastructure, such as encryption services and handy Claims extensions.
Installation
Abstractions package is available on NuGet.
dotnet add package Structr.Security
Usage
​Claims​
​Hashes​
​Encryption​
Claims
Claims extension methods are mostly extensions for ClaimsIdentity and collection of Claims that could simplify working with adding, changing and removing claims.
Samples for some of ClaimsIdentity extensions:
var claimsIdentity = new ClaimsIdentity();
​
// Add claims fluently without Claim constructors.
claimsIdentity.AddClaim("SomeClaimType", "1,25")
    .AddClaim("SomeClaimType", "3,57")
    .AddClaim("SomeAnotherClaimType", "value 1")
    .AddClaim("SomeAnotherClaimType", "value 2")
    .AddClaim("AndAnotherClaimType", "True");
​
// Replaces value for claim with type "SomeAnotherClaimType".
claimsIdentity.SetClaim("SomeAnotherClaimType", "1,25");
​
// Getting claim value converted to specified type. 
float someClaimValue = claimsIdentity.GetFirstClaim<float>("SomeClaimType"); // Returns 1.25F
​
// Removes claims with type "SomeClaimType".
claimsIdentity.RemoveAllClaims("SomeClaimType");
​
// Getting all claims values as a string with type "SomeAnotherClaimType".
IEnumerable<string> someAnotherClaimValues = claimsIdentity.FindAllValues("SomeAnotherClaimType");
Samples for some of Claim and collection of Claim extensions:
var claims = new List<Claim>{ new Claim("Type1", "1,25"), new Claim("Type1", "3,57"), new Claim("Type2", "Value3") };
​
// Getting first claim with type "Type1".
Claim claim = claims.FindFirst("Type1"); // Returns `Claim("Type1", "1,25")`
// Get claim value
float claimValue = claim.GetValue<float>(); // Returns 1.25F
​
// Or getting first claim value with type "Type1" directly from collection.
claimValue = claims.GetFirstValue<float>("Type1");  // Returns 1.25F
​
// Or try getting claim value.
if (claims.TryGetFirstValue("Type1", out float value))
{
    claimValue = value;
}
Hashes
Md5Hasher and Pbkdf2Hasher classes provides functionality for hashing input strings and verifying them.
Hashers methods:
Method name
Return type
Description
Hash
string
Hashes specified string using chosen hash algorithm.
Verify
bool
Verifies provided input string with specified hash, using chosen hash algorithm.
Hash and verify password for example using PBKDF2 hash algorithm:
// Sign up new user or change user password.
string email = "[email protected]";
string password = "qwerty";
string passwordHash = Pbkdf2Hasher.Hash(password); // Create password hash.
User user = new User(email, passwordHash);
_dbContext.Users.Add(user);
​
// Sign in user with email and password.
string email = "[email protected]";
string password = "qwerty";
User user = _dbContext.Users.FirstOrDefault(x => x.Email == email);
if (user != null) 
{
    bool isVerified = Pbkdf2Hasher.Verify(password, user.PasswordHash); // Verify input password with user password hash.
    if (isVerified)
    {
        /* Some sign in logic */
    }
}
Encryption
StringEncryptor class provides functionality for encrypting and decrypting strings using passphrase.
StringEncryptor methods:
Method name
Return type
Description
Encrypt
string
Encrypts input string using specified passphrase.
Decrypt
string
Decrypts input encrypted string using specified passphrase.
Encrypt and decrypt secure settings for example:
string clientSecret = "4E46E591-987F-443A-96BA-38804D7E1617";
string passphrase = "Structr";
​
// Encrypt client secret with passphrase
string encryptedClientSecret = StringEncryptor.Encrypt(clientSecret, passphrase);
File.WriteAllText("secrets.config", encryptedClientSecret);
​
encryptedClientSecret = File.ReadlAllText("secrets.config"); 
// Decrypt client secret with passphrase
clientSecret = StringEncryptor.Decrypt(encryptedClientSecret, passphrase);
EncryptingJsonConverter class will be useful when using Newtonsoft.Json package for JSON serialization:
Define typed-class for settings:
using Newtonsoft.Json;
using Structr.Security.Json;
​
public class ClientSettings
{
    public string ClientId { get; set; }
​
    [JsonConverter(typeof(EncryptingJsonConverter))]
    public string ClientSecret { get; set; }
}
Then serialize settings to JSON:
using Newtonsoft.Json;
​
var user = new User 
{ 
    ClientId = "6779ef20e75817b79602",
    ClientSecret = "4E46E591-987F-443A-96BA-38804D7E1617"
};
string encryptedJson = JsonConvert.SerializeObject(user, Formatting.Indented);
File.WriteAllText("secrets.json", encryptedJson);

Method name	Return type	Description
Hash	`string`	Hashes specified string using chosen hash algorithm.
Verify	`bool`	Verifies provided input string with specified hash, using chosen hash algorithm.

Method name	Return type	Description
Encrypt	`string`	Encrypts input string using specified passphrase.
Decrypt	`string`	Decrypts input encrypted string using specified passphrase.

Last modified 6mo ago