Applying Web Security

Learn how to integrate the Keycloak identity service on the web endpoint for access control in the microservice built using the Devprime platform. Auth0 supports OpenID Connect / OAuth 2.0 / JWT in protecting web pages and API’s.

During this scenario we will use the Devprime stack security adapter to enable the security settings so that when there is an access request the user is required to authenticate in a centralized Keycloak database.

Checklist and preperation of the initial environment:

Creating a microservice to use in the example

The first step is to create a new microservice that we can use as a template to publish to the host. The name of this microservice will be set to “ms-order”, as demonstrated in the command below.

  • Building the first microservice
    dp new ms-order --stream rabbitmq --state mongodb
  • Adding an example business rule “Order”
    dp marketplace order
  • Initializing and accelerating microservice deployments
    dp init

After creating the new microservice, enter the “ms-order” project folder and you will be able to view all the implementations through Visual Studio Code as demonstrated in the article related to creation of the first microservice.

After completion it is possible to run the microservice. Then finish.
.\run.ps1 ou ./run.sh (Linux, macOS)

Applying Keycloak settings in the microservice

The security settings on the Devprime platform are applied to the Security Adapter that in the local environment is in the file “src/App/appsettings.json” and at that point we will apply
the same data obtained on the portal to Auth0.

Use the Domain, ClientId, ClientSecret values obtained in your configuration in the portal
from Auth0. In this scenario, we will use EnableOIDC.

Apra pelo pelo Visual Studio Code:
code src/App/appsettings.json

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
  "DevPrime_Security": {
    "Enable": "true",
    "Identity": {
      "Enable": "true",
      "Type": "auth0",
      "Domain": "https://dev-q5z4w4ipzhz581g3.us.auth0.com",
      "ClientId": "a15W9T9UzEA05hcRMM3x4ckfiEzD6CJo",
      "ClientSecret": "-hQtloE4YIF4oJD5cbhDrSVjbZ5IlF-x-UPgeTUZLZArxTRcyHwff6eu5b4IpkHZ",
      "EnableOIDC": "true",
      "AuthenticationScheme": "Auth0",
      "LogoutUri": "https://localhost:5001",
      "Scopes": "openid;email"
    }
  },

Creating a web interface to use in the example

Adding Web template for use in the demo. This will create some web pages for us to use in the demonstration.
dp add web login

After running we will have a new endpoint called “/private” that already has the “Authorize” attribute necessary to indicate that that url requires authentication. The excerpt from the file below “src/Adapters/Web/Pages/Account.cs” demonstrates this scenario
with the /private, /login, and /logout urls.

To view by Visual Studio Code:
code src/Adapters/Web/Pages/Account.cs

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
    public override void Endpoints(WebApplication app)
    {
        app.MapGet("/private", [Authorize]
        (ClaimsPrincipal user) =>
        {
            StringBuilder sb = new StringBuilder();
            foreach (var claim in user.Claims)
            {
                sb.Append($"{claim.Type}={claim.Value}{System.Environment.NewLine}");
            }
            return sb.ToString();
        });
        app.MapGet("/login", async (HttpContext http, string returnUrl) =>
        {
            if (string.IsNullOrWhiteSpace(returnUrl))
                returnUrl = "/";
            await http.ChallengeAsync(SecurityConfig.Identity.AuthenticationScheme, new AuthenticationProperties()
            {RedirectUri = returnUrl});
        });
        app.MapGet("/logout", [Authorize]
        async (HttpContext http) =>
        {
            await http.SignOutAsync(SecurityConfig.Identity.AuthenticationScheme, new AuthenticationProperties{RedirectUri = "/"});
            await http.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
        });
    }

Run the application and open https://localhost:5001 to view the new links added.

Next steps:

You have secured a web application using Keycloak and a microservice using the Devprime platform. Congratulations🚀🚀🚀

Last modified August 20, 2024 (2f9802da)