The OwinFramework.Facilities.IdentityStore.Prius Project
The authorization repository readme
file contains documentation on the key concepts around authorization in the Owin Framework. It is strongly
recommended that you read it before using this assembly.
This package provides an implementation of the following interfaces:
-
IIdentityStore provides a persistence mechanism for agents that
can identify themselves to the system. This includes username/password combinations, shared
secrets, certificates and OAuth tokens.
-
IIdentityDirectory provides a way for administrators to search for an
identity so that they can assign permissions. For example you might want to search your Active
Directory for users. In the case of this implementation it searches the SQL database that was
populated by calls to the IIdentityStore interface.
-
IPasswordHasher provides a versioned password hashing algorithm. When
users update their password it will be hashed with the latest version. When users login the
version of the hashing algorithm that was used to store their password will be used to validate
their password.
To make these implementations available to other packages that need these interfaces you just need to add
the NuGet package to the project - that's it, there is nothing else to do.
You can override these interface implementations individually within your application by adding
your application assembly to Ioc Modules explicitly after probing the bin folder. For example you
might want to just override the password hasher but use the other implementations from this assembly.
This package persists identity data using the Prius ORM. You will need to create a database
and configure Prius within your application for this to work. The source code for this project
includes an SqlScripts folder containing the SQL scrips you need to create the database.
Default Configuration
The configuration below is the configuration you will get by default if you do not provide
a configuration for this package.
{
"owinFramework": {
"facility": {
"identityStore.Prius": {
"priusRepositoryName": "IdentityStore",
"identityUrnNamespace": "identity",
"mixedCaseTokens": false,
"mixedCaseIdentity": false,
"mixedCaseSharedSecret": true,
"minimumUserNameLength": 3,
"maximumUserNameLength": 80,
"userNameRegex ": "^[a-zA-Z0-9@_.-]*$",
"minimumPasswordLength": 8,
"maximumPasswordLength": 160,
"passwordRegex": ".*",
"failedLoginsToLock": 5,
"lockDuration": "04:00:00",
"rememberMeFor": "90"
}
}
}
}
Configuration notes
-
Mixed case identifiers are slightly shorter but you must ensure that the casing is preserved
throughout the rest of your code. All lower case identifiers are only slightly longer.
-
The identityUrnNamespace will be used to construct URNs that uniquely
identifiy identities. The default value of "identity" means that URNs will be similar to
"urn:identity:abc123".