Skip to content

UserAccess module based on Microsoft Identity (second edition) #346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

UserAccess module based on Microsoft Identity (second edition) #346

wants to merge 3 commits into from

Conversation

@jfstirn
Copy link

@jfstirn jfstirn commented Oct 31, 2025

🧩 Summary
This PR refactors the UserAccess module to introduce a second implementation based on Microsoft Identity, improve module isolation, and streamline module initialization within the host application.

🚀 Key Changes

  • Added a second UserAccess module based on Microsoft Identity.
  • Introduced a dedicated WebAPI project inside the original UserAccess (IdentityServer) module to move controllers out of the Host API.
  • Moved module initialization logic from the Host API into the module’s infrastructure assembly.
  • Implemented module loading via ModuleLoader (BuildingBlocks.Infrastructure.ModuleHosting) in the application startup.
  • Added UserAccessModuleSelector to configure and start either the IdentityServer or Microsoft Identity module via configuration.

🧠 Rationale
These changes improve modularity, decouple user access responsibilities from the Host API, and allow selecting between identity providers (IdentityServer or Microsoft Identity) through configuration.

Architectural Note
The new Microsoft Identity–based module differs from existing modules in that it relies on Result-based communication between layers rather than exception handling.

  • The Web API sends a command or query to the Application layer.
  • The Application returns a Result (e.g., Result.Ok, Result.Created, Result.Forbidden, ...) instead of throwing exceptions.
  • The Web API then converts this Result to an Http.IResult and sends the response to the client.

Next Steps / Notes

  • Verify Database scripts.
  • Extend the Nuke build to include tests for the Microsoft Identity UserAccess module.
  • Consider removing the SDK and Contracts projects.
    • The Contracts project was originally added to demonstrate how to implement an Anti-Corruption Layer (ACL), avoiding direct exposure of DTOs from the Application layer.
  • Feedback and suggestions are welcome — let me know what you think.

@jfstirn
UserAccess module based on Microsoft Identity
72a6ea8
@jfstirn
fix: improve Swagger docs, password hashing, and module documentation
22a0b32 
- Fixed Swagger documentation generation by extending Module and ModuleLoader
  to include XML comments from each Web API assembly.
- Fixed password hashing behavior during password reset.
- Added action-level documentation to the UserAccess (Microsoft Identity) module.
@jfstirn
feat(security): enforce global authorization and improve permission h…
0632e0f 
…andler

- Enforced global authorization by applying `.RequireAuthorization()` to all
  controller endpoints. Anonymous access must now be explicitly allowed via
  [AllowAnonymous] on controllers or actions.
- Added `AuthorizationChecker.CheckAllEndpoints(WebApiAssembly)` to validate
  endpoint security during module registration.
- Refactored `HasPermissionAuthorizationHandler`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jfstirn