Enforcing Web Security

Learn how to integrate Keycloak’s identity service into the web endpoint for access control in the microservice developed using the Devprime platform. Auth0 supports OpenID Connect / OAuth 2.0 / JWT in the protection of web pages and API’s.

During this scenario, we will use the Devprime stack’s security adapter to enable security settings so that when there is an access request, user authentication is required on a centralized Keycloak basis.

Cheklist and preperation of the initial environment:

Open an account on Devprime Platform and purchase a Developer/Enterprise) license.
Install an updated version of .NET (Linux, macOS, and Windows)
Install and/or update Visual Studio Code and/or Visual Studio 2023 Community / Professional / Enterprise.
Install and/or update docker (For Windows, use WSL2).
Initialize the MongoDB and RabbitMQ containers in docker and add the queue ‘orderevents’ in RabbitMQ.
Install and activate the latest version of the Devprime CLI.
Create a folder for your projects and set read and write permissions.
See the article “Creating the first microservice” to explore getting started with the Devprime platform.
Create a Host account on Auth0.com.

Creating a microservice to use in the example

The first step is to create a new microservice that we can use as a template to publish to the host. The name of this microservice will be set to “ms-order”, as demonstrated in the command below.

Building the first microservice
dp new ms-order --stream rabbitmq --state mongodb
Adding an example business rule “Order”
dp marketplace order
Initializing and accelerating microservice deployments
dp init

After the creation of the new microservice, enter the “ms-order” project folder and you will be able to view all the implementations by Visual Studio Code, as demonstrated in the article related to creation of the first microservice.

After completion, you can run the microservice. Then finish.
.\run.ps1 ou ./run.sh (Linux, macOS)

Applying Keycloak Settings in the Microservice

The security settings on the Devprime platform are applied in the Security Adapter which in the local environment is in the file “src/App/appsettings.json” and at that point we will apply
the same data obtained in the portal to Auth0.

Use the Domain, ClientId, ClientSecret values obtained in your configuration in the portal
of Auth0. In this scenario, we’ll use EnableOIDC.

By Visual Studio Code:
code src/App/appsettings.json

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14


  "DevPrime_Security": {
    "Enable": "true",
    "Identity": {
      "Enable": "true",
      "Type": "auth0",
      "Domain": "https://dev-q5z4w4ipzhz581g3.us.auth0.com",
      "ClientId": "a15W9T9UzEA05hcRMM3x4ckfiEzD6CJo",
      "ClientSecret": "-hQtloE4YIF4oJD5cbhDrSVjbZ5IlF-x-UPgeTUZLZArxTRcyHwff6eu5b4IpkHZ",
      "EnableOIDC": "true",
      "AuthenticationScheme": "Auth0",
      "LogoutUri": "https://localhost:5001",
      "Scopes": "openid;email"
    }
  },

Creating a web interface to use in the example

Adding web template for use in the demo. This will create a few web pages for us to use in the demonstration.
dp add web login

After running it, we will have a new endpoint called “/private” that already has the “Authorize” attribute necessary to indicate that that url requires authentication. The excerpt from the file below “src/Adapters/Web/Pages/Account.cs” demonstrates this scenario
with the URLs /private, /login, and /logout.

To view from Visual Studio Code:
code src/Adapters/Web/Pages/Account.cs

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26


    public override void Endpoints(WebApplication app)
    {
        app.MapGet("/private", [Authorize]
        (ClaimsPrincipal user) =>
        {
            StringBuilder sb = new StringBuilder();
            foreach (var claim in user.Claims)
            {
                sb.Append($"{claim.Type}={claim.Value}{System.Environment.NewLine}");
            }
            return sb.ToString();
        });
        app.MapGet("/login", async (HttpContext http, string returnUrl) =>
        {
            if (string.IsNullOrWhiteSpace(returnUrl))
                returnUrl = "/";
            await http.ChallengeAsync(SecurityConfig.Identity.AuthenticationScheme, new AuthenticationProperties()
            {RedirectUri = returnUrl});
        });
        app.MapGet("/logout", [Authorize]
        async (HttpContext http) =>
        {
            await http.SignOutAsync(SecurityConfig.Identity.AuthenticationScheme, new AuthenticationProperties{RedirectUri = "/"});
            await http.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
        });
    }

Run the application and open https://localhost:5001 to view the new links added.

Next Steps:

You’ve secured a web application using Keycloak and a microservice using the Devprime platform. Congratulations🚀🚀🚀

Last modified April 11, 2024 (cc33f7e6)