Add ASP.NET Core Identity with OIDC/OAuth2 support #5
Description
Summary
Add proper authentication with ASP.NET Core Identity and OIDC/OAuth2 support while maintaining backward compatibility with API key authentication.
Current State
- Simple API key authentication only (
X-NuGet-ApiKeyheader) - Single global API key from configuration
- No user accounts or roles
Target State
- ASP.NET Core Identity for user management
- OIDC/OAuth2 for SSO integration
- Per-user API keys stored in database
- Backward compatible with existing API key auth
New Packages
Microsoft.AspNetCore.Identity.EntityFrameworkCore9.0.0Microsoft.AspNetCore.Authentication.OpenIdConnect9.0.0
Tasks
- Add Identity packages to
BaGet.Core.csprojandBaGet.csproj - Create
BaGetUserentity (extends IdentityUser) - Create
UserApiKeyentity for per-user API keys - Update
AbstractContextto inherit fromIdentityDbContext<BaGetUser> - Configure Identity in
Startup.cs - Configure OIDC authentication
- Create
CompositeAuthenticationService(supports multiple auth methods) - Add Login/Logout Razor Pages
- Add API Key management page
- Generate database migration for Identity tables
- Update authorization on controllers
New Entities
public class BaGetUser : IdentityUser
{
public ICollection<UserApiKey> ApiKeys { get; set; }
}
public class UserApiKey
{
public int Id { get; set; }
public string Key { get; set; }
public string Description { get; set; }
public DateTime Created { get; set; }
public DateTime? Expires { get; set; }
public string UserId { get; set; }
public BaGetUser User { get; set; }
}Configuration
{
"Authentication": {
"Type": "None",
"ApiKey": "",
"OIDC": {
"Authority": "",
"ClientId": "",
"ClientSecret": ""
}
}
}Files to Modify
src/BaGet.Core/BaGet.Core.csprojsrc/BaGet/BaGet.csprojsrc/BaGet.Core/Entities/AbstractContext.cssrc/BaGet/Startup.cssrc/BaGet/appsettings.jsonsrc/BaGet.Core/Authentication/(new files)src/BaGet.Web/Pages/Account/(new pages)
Dependencies
- Depends on .NET 9 upgrade
- Depends on PostgreSQL migration