Support multiple target frameworks in project file

Updated `DigitalData.Auth.API.csproj` to target both `net7.0` and `net8.0`.
Replaced `TargetFramework` with `TargetFrameworks` for multi-targeting.
Conditionally included `Microsoft.AspNetCore.Authentication.JwtBearer` based on the target framework version.
Added a project reference to `DigitalData.Auth.Abstractions`.

DigitalData.Auth.Abstractions/DigitalData.Auth.Abstractions.csproj

@@ -6,7 +6,7 @@
     <Nullable>enable</Nullable>
     <Description>DigitalData.Auth.Abstractions defines lightweight interfaces for sending and receiving authentication keys in .NET applications. It provides a unified IAuthClient for managing connections and errors, enabling seamless integration with authentication systems.</Description>
     <PackageId>DigitalData.Auth.Abstractions</PackageId>
-    <Version>1.1.0</Version>
+    <Version>1.2.0</Version>
     <Company>Digital Data GmbH</Company>
     <Product>Digital Data GmbH</Product>
     <Copyright>Copyright 2025</Copyright>
@@ -14,8 +14,8 @@
     <PackageIcon>auth_icon.png</PackageIcon>
     <RepositoryUrl>http://git.dd:3000/AppStd/DigitalData.Auth</RepositoryUrl>
     <PackageTags>Digital Data Auth Authorization Authentication Abstractions</PackageTags>
-	<AssemblyVersion>1.1.0</AssemblyVersion>
+	<AssemblyVersion>1.2.0</AssemblyVersion>
-	<FileVersion>1.1.0</FileVersion>
+	<FileVersion>1.2.0</FileVersion>
   </PropertyGroup>
 
   <ItemGroup>

DigitalData.Auth.Abstractions/IAuthClient.cs

@@ -4,7 +4,5 @@ public interface IAuthClient : IAuthListenHandler, IAuthSenderHandler
 {
     bool IsConnected { get; }
 
-    Task StartAsync();
+    Task StartAsync(CancellationToken cancellationToken = default);
-
-    Task<bool> TryStartAsync();
 }

DigitalData.Auth.Client/AuthClient.cs

@@ -1,11 +1,12 @@
 using DigitalData.Auth.Abstractions;
 using Microsoft.AspNetCore.SignalR.Client;
+using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
 namespace DigitalData.Auth.Client;
 
-public class AuthClient : IAuthClient, IAsyncDisposable
+public class AuthClient : IAuthClient, IHostedService
 {
     private readonly HubConnection _connection;
 
@@ -27,7 +28,19 @@ public class AuthClient : IAuthClient, IAsyncDisposable
 
         _connection.On<string, string, string>(nameof(ReceivePublicKeyAsync), ReceivePublicKeyAsync);
 
-        _connection.Reconnected += async cnnId => await GetAllPublicKeysAsync();
+        _connection.Reconnected += async cnnId =>
+        {
+            _logger?.LogInformation("Auth-client reconnected. Number of connection attempts {nOfAttempts}.", _nOfAttempts);
+            await GetAllPublicKeysAsync();
+            _nOfAttempts = 0;
+        };
+
+        _connection.Reconnecting += (ex) =>
+        {
+            logger?.LogError(ex, "Auth-client disconnected. Attempt to reconnect every {time} seconds.", _params.RetryDelay!.Value.TotalSeconds);
+            _nOfAttempts += 1;
+            return Task.CompletedTask;
+        };
 
         _logger = logger;
     }
@@ -36,27 +49,51 @@ public class AuthClient : IAuthClient, IAsyncDisposable
 
     public IEnumerable<ClientPublicKey> PublicKeys => _params.PublicKeys;
 
-    public async Task StartAsync()
+    public async Task StartAsync(CancellationToken cancellationToken = default)
     {
-        await _connection.StartAsync();
+        while(!await TryStartConnectionAsync(cancellationToken))
+        {
+            if (_params.RetryDelay is not null)
+                await Task.Delay(_params.RetryDelay.Value.Milliseconds, cancellationToken);
+            else
+                return;
+        }
+        
         IsConnected = true;
         await GetAllPublicKeysAsync();
     }
 
-    public async Task<bool> TryStartAsync()
+    private int _nOfAttempts = 0;
+
+    private async Task<bool> TryStartConnectionAsync(CancellationToken cancellationToken = default)
     {
         try
         {
-            await StartAsync();
+            _nOfAttempts += 1;
+            await _connection.StartAsync(cancellationToken);
+            _logger?.LogInformation("Auth-client connection successful. Number of connection attempts {nOfAttempts}.", _nOfAttempts);
+            _nOfAttempts = 0;
             return true;
         }
-        catch(Exception ex)
+        catch(HttpRequestException ex)
         {
-            _logger?.LogError(ex, "{message}", ex.Message);
+            if(_nOfAttempts < 2)
+            {
+                if (_params.RetryDelay is null)
+                    _logger?.LogError(ex, "Auth-client connection failed. {message}", ex.Message);
+                else
+                    _logger?.LogError(ex, "Auth-client connection failed and will be retried every {time} seconds. The status of being successful can be followed from the information logs.\n{message}", _params.RetryDelay.Value.TotalSeconds, ex.Message);
+            }
             return false;
         }
     }
 
+    public async Task StopAsync(CancellationToken cancellationToken)
+    {
+        await _connection.StopAsync(cancellationToken);
+        IsConnected = false;
+    }
+
     public Task ReceivePublicKeyAsync(string issuer, string audience, string message) => Task.Run(() => _params.TriggerOnPublicReceivedEvent(this, issuer, audience, message, _logger));
 
     public Task SendPublicKeyAsync(string issuer, string audience, string message) => _connection.InvokeAsync(nameof(SendPublicKeyAsync), issuer, audience, message);
@@ -68,11 +105,4 @@ public class AuthClient : IAuthClient, IAsyncDisposable
         foreach (var publicKey in PublicKeys)
             await GetPublicKeyAsync(publicKey.Issuer, publicKey.Audience);
     }
-
-    public virtual async ValueTask DisposeAsync()
-    {
-        await _connection.StopAsync();
-        await _connection.DisposeAsync();
-        GC.SuppressFinalize(this);
-    }
 }

DigitalData.Auth.Client/ClientEvents.cs

@@ -1,4 +1,4 @@
-using DigitalData.Core.Abstractions.Security;
+using DigitalData.Core.Abstractions.Security.Extensions;
 using Microsoft.Extensions.Logging;
 
 namespace DigitalData.Auth.Client;

DigitalData.Auth.Client/ClientParams.cs

@@ -7,39 +7,30 @@ public class ClientParams
 {
     public string Url { get; set; } = string.Empty;
 
-    private readonly Lazy<IRetryPolicy?> _lazyRetryPolicy;
-
     /// <summary>
     /// Controls when the client attempts to reconnect and how many times it does so.
     /// </summary>
-    public IRetryPolicy? RetryPolicy => _lazyRetryPolicy.Value;
+    public IRetryPolicy? RetryPolicy { get; private set; }
 
-    /// <summary>
+    private TimeSpan? _retryDelay;
-    /// To simplify the assignment of <seealso cref="RetryPolicy"/>
-    /// </summary>
-    public Func<RetryContext, TimeSpan?>? NextRetryDelay { get; set; }
 
     /// <summary>
     /// To be able to serilize the simple <seealso cref="RetryPolicy"/>
     /// </summary>
-    public TimeSpan? RetryDelay { get; set; }
+    public TimeSpan? RetryDelay
+    {
+        get => _retryDelay;
+        set
+        {
+            RetryPolicy = new RetryPolicy(ctx => RetryDelay);
+            _retryDelay = value;
+        }
+    }
 
     public event ClientEvent OnPublicKeyReceived = ClientEvents.UpdatePublicKeys;
 
     internal void TriggerOnPublicReceivedEvent(AuthClient client, string issuer, string audience, string key, ILogger? logger = null)
         => OnPublicKeyReceived(client, issuer, audience, key, logger);
 
-    public ClientParams()
-    {
-        _lazyRetryPolicy = new(() =>
-        {
-            if (RetryDelay is not null)
-                return new RetryPolicy(ctx => RetryDelay);
-            else if(NextRetryDelay is not null)
-                return new RetryPolicy(NextRetryDelay);
-            return null;
-        });
-    }
-
     public List<ClientPublicKey> PublicKeys { get; set; } = new();
 }

DigitalData.Auth.Client/ClientPublicKey.cs

@@ -1,5 +1,6 @@
-using DigitalData.Core.Abstractions.Security;
+using DigitalData.Core.Abstractions.Security.Common;
-using DigitalData.Core.Security.RSAKey;
+using DigitalData.Core.Abstractions.Security.Key;
+using DigitalData.Core.Security.RSAKey.Base;
 using Microsoft.IdentityModel.Tokens;
 using System.Security.Cryptography;
 
@@ -31,8 +32,13 @@ public class ClientPublicKey : RSAKeyBase, IAsymmetricTokenValidator, IUniqueSec
     internal void UpdateContent(string content)
     {
         _content = content;
-        RSA.ImportFromPem(content);
+        if (string.IsNullOrWhiteSpace(content))
-        SecurityKey = new RsaSecurityKey(RSA);
+            SecurityKey = new RsaSecurityKey(RSA.Create());
+        else
+        {
+            RSA.ImportFromPem(content);
+            SecurityKey = new RsaSecurityKey(RSA);
+        }
     }
 
     public SecurityKey SecurityKey { get; private set; } = new RsaSecurityKey(RSA.Create());

DigitalData.Auth.Client/DependencyInjection.cs

@@ -7,7 +7,7 @@ using Microsoft.Extensions.Options;
 
 namespace DigitalData.Auth.Client;
 
-public static class DIExtensions
+public static class DependencyInjection
 {
     public static IServiceCollection AddAuthHubClient(this IServiceCollection services, IConfiguration? configuration = null, Action<ClientParams>? options = null)
     {
@@ -18,6 +18,18 @@ public static class DIExtensions
             .AddSingleton<IAuthClient, AuthClient>()
             .TryAddSingleton<HubConnectionBuilder>();
 
+        services.AddHostedService(sp =>
+        {
+            var client = sp.GetRequiredService<IAuthClient>() as AuthClient;
+            if (client is not null)
+                return client;
+            else throw new InvalidOperationException(
+                "IAuthClient instance could not be resolved from the service provider. " +
+                "This may indicate that the 'AddAuthHubClient' extension method was not called " +
+                "or there was an issue with the dependency registration process."
+            );
+        });
+
         return services;
     }
 }

DigitalData.Auth.Client/DigitalData.Auth.Client.csproj

@@ -1,11 +1,11 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>net7.0;net8.0</TargetFrameworks>
+    <TargetFrameworks>net7.0;net8.0;net9.0</TargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <PackageId>DigitalData.Auth.Client</PackageId>
-    <Version>1.1.5</Version>
+    <Version>1.3.7</Version>
     <Description>DigitalData.Auth.Client is a SignalR-based authentication client that enables applications to connect to a central authentication hub for real-time message exchange. It provides seamless connection management, automatic reconnection (RetryPolicy), and event-driven communication (ClientEvents). The package includes dependency injection support via DIExtensions, allowing easy integration into ASP.NET Core applications. With built-in retry policies and secure message handling, it ensures a reliable and scalable authentication client for real-time authentication workflows.</Description>
     <Company>Digital Data GmbH</Company>
     <Product>Digital Data GmbH</Product>
@@ -14,8 +14,8 @@
     <PackageIcon>auth_icon.png</PackageIcon>
     <RepositoryUrl>http://git.dd:3000/AppStd/DigitalData.Auth</RepositoryUrl>
     <PackageTags>Digital Data Auth Authorization Authentication</PackageTags>
-    <AssemblyVersion>1.1.5</AssemblyVersion>
+    <AssemblyVersion>1.3.7</AssemblyVersion>
-    <FileVersion>1.1.5</FileVersion>
+    <FileVersion>1.3.7</FileVersion>
   </PropertyGroup>
 
   <ItemGroup>
@@ -26,9 +26,23 @@
   </ItemGroup>
 	
   <ItemGroup>
-    <PackageReference Include="DigitalData.Core.Abstractions" Version="3.3.0" />
+    <PackageReference Include="DigitalData.Core.Abstractions.Security" Version="1.0.0" />
-    <PackageReference Include="DigitalData.Core.Security" Version="1.0.0" />
+    <PackageReference Include="DigitalData.Core.Security" Version="1.2.3" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="9.0.1" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)' == 'net7.0'">
+	<PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="7.0.20" />
+	<PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="7.0.0" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+	<PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.14" />
+	<PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="8.0.1" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)' == 'net9.0'">
+	<PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="9.0.4" />
+	<PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="9.0.4" />
   </ItemGroup>
 	
   <ItemGroup>

DigitalData.Auth.Tests/Client/AuthClientTests.cs

@@ -1,10 +1,12 @@
 using DigitalData.Auth.Abstractions;
 using DigitalData.Auth.API.Hubs;
 using DigitalData.Auth.Client;
-using DigitalData.Core.Abstractions.Security;
+using DigitalData.Core.Abstractions.Security.Extensions;
-using DigitalData.Core.Security;
 using DigitalData.Core.Security.Config;
-using DigitalData.Core.Security.RSAKey;
+using DigitalData.Core.Security.Extensions;
+using DigitalData.Core.Security.RSAKey.Auth;
+using DigitalData.Core.Security.RSAKey.Crypto;
+using DigitalData.Core.Security.Services;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
@@ -18,7 +20,7 @@ public class AuthClientTests
 {
     private string _hubUrl;
 
-    private Func<Action<ClientParams>, ServiceProvider> Build;
+    private Func<Action<ClientParams>, IHost> Build;
 
     private WebApplication? _app;
 
@@ -46,7 +48,7 @@ public class AuthClientTests
                 Issuer = "Foo",
                 Audience = "Bar",
                 Lifetime = new TimeSpan(1, 0, 0),
-                Content = Instance.RSAFactory.CreatePrivateKeyPem()
+                Content = RSAFactory.Static.CreatePrivateKeyPem()
             }
         ];
     }
@@ -56,7 +58,7 @@ public class AuthClientTests
         // Create builder and add SignalR service
         var builder = WebApplication.CreateBuilder();
         builder.Services.AddSignalR();
-        builder.Services.AddCryptoFactory(new CryptoFactoryParams()
+        builder.Services.AddRSAPool(new RSAParams()
         {
             PemDirectory = "/",
             Decryptors = [new RSADecryptor()],
@@ -76,21 +78,26 @@ public class AuthClientTests
         return app;
     }
 
-    private static CryptoFactoryParams GetCryptoFactoryParamsOf(WebApplication application) => application
+    private static RSAParams GetCryptoFactoryParamsOf(WebApplication application) => application
-        .Services.GetRequiredService<IOptions<CryptoFactoryParams>>().Value;
+        .Services.GetRequiredService<IOptions<RSAParams>>().Value;
 
     [SetUp]
     public void Setup()
     {
         Build = options =>
         {
-            var provider =  new ServiceCollection()
+            var host = Host.CreateDefaultBuilder()
-                    .AddAuthHubClient(options: options)
+                .ConfigureServices(services =>
-                    .BuildServiceProvider();
+                {
+                    services.AddAuthHubClient(options: options)
+                                .BuildServiceProvider();
+                })
+                .Build();
 
-            _disposableAsync.Enqueue(provider);
+            if(host is IAsyncDisposable disposable)
+                _disposableAsync.Enqueue(disposable);
 
-            return provider;
+            return host;
         };
 
         // Create and run test server
@@ -105,25 +112,37 @@ public class AuthClientTests
         if (_app is not null)
         {
             await _app.StopAsync();
+            await _app.DisposeAsync();
             Console.WriteLine("Test server stopped.");
         }
 
         while (_disposableAsync.Count > 0)
-            await _disposableAsync.Dequeue().DisposeAsync();
+        {
+            var disposable = _disposableAsync.Dequeue();
+            if (disposable is IHost host)
+                await host.StopAsync();
+            await disposable.DisposeAsync();
+        }
     }
 
     [Test]
-    public async Task StartAsync_ShouldConnectSuccessfully()
+    [TestCase(true, false, true, TestName = "ShouldStart_WhenHostStartsEvenIfClientDoesNot")]
+    [TestCase(false, true, true, TestName = "ShouldStart_WhenClientStartsEvenIfHostDoesNot")]
+    public async Task StartAsync_ShouldConnectSuccessfully(bool startHost, bool startClient, bool expectedIsConnected)
     {
         // Arrange
-        var provider = Build(opt => opt.Url = _hubUrl);
+        var host = Build(opt => opt.Url = _hubUrl);
-        var client = provider.GetRequiredService<IAuthClient>();
+        var client = host.Services.GetRequiredService<IAuthClient>();
 
         // Act
-        await client.StartAsync();
+        if (startHost)
+            await host.StartAsync();
+
+        if (startClient)
+            await client.StartAsync();
 
         // Assert
-        Assert.That(client.IsConnected);
+        Assert.That(client.IsConnected, Is.EqualTo(expectedIsConnected));
     }
 
     [Test]
@@ -135,12 +154,12 @@ public class AuthClientTests
         string rcv_key = string.Empty;
 
         // Sender client
-        var provider_sender = Build(opt => opt.Url = _hubUrl);
+        var sender_host = Build(opt => opt.Url = _hubUrl);
-        var sender_client = provider_sender.GetRequiredService<IAuthClient>();
+        var sender_client = sender_host.Services.GetRequiredService<IAuthClient>();
         await sender_client.StartAsync();
 
         // Receiver client
-        var provider_receiver = Build(opt =>
+        var receiver_host = Build(opt =>
         {
             opt.Url = _hubUrl;
             opt.OnPublicKeyReceived += (client, issuer, audience, key, logger) =>
@@ -150,7 +169,7 @@ public class AuthClientTests
                 rcv_key = key;
             };
         });
-        var client_receiver = provider_receiver.GetRequiredService<IAuthClient>();
+        var client_receiver = receiver_host.Services.GetRequiredService<IAuthClient>();
         await client_receiver.StartAsync();
 
         string issuer = "issuer";
@@ -177,12 +196,12 @@ public class AuthClientTests
     {
         // Arrange
         string? publicKey = null;
-        var provider = Build(opt =>
+        var host = Build(opt =>
         {
             opt.Url = _hubUrl;
             opt.OnPublicKeyReceived += (client, issuer, audience, key, logger) => publicKey = key;
         });
-        var client = provider.GetRequiredService<IAuthClient>();
+        var client = host.Services.GetRequiredService<IAuthClient>();
         await client.StartAsync();
 
         
@@ -207,12 +226,12 @@ public class AuthClientTests
     {
         // Arrange
         var publicKey = new ClientPublicKey() { Issuer = "Foo", Audience = "Bar" };
-        var provider = Build(opt =>
+        var host = Build(opt =>
         {
             opt.Url = _hubUrl;
             opt.PublicKeys.Add(publicKey);
         });
-        var client = provider.GetRequiredService<IAuthClient>();
+        var client = host.Services.GetRequiredService<IAuthClient>();
         await client.StartAsync();
         
         // Act
@@ -230,18 +249,18 @@ public class AuthClientTests
     {
         // Arrange
         var publicKey = new ClientPublicKey() { Issuer = "Foo", Audience = "Bar" };
-        var provider = Build(opt =>
+        var host = Build(opt =>
         {
             opt.Url = _hubUrl;
             opt.PublicKeys.Add(publicKey);
             opt.RetryDelay = new TimeSpan(0, 0, 1);
         });
-        var client = provider.GetRequiredService<IAuthClient>();
+        var client = host.Services.GetRequiredService<IAuthClient>();
         await client.StartAsync();
 
         // Act
         CancellationToken cancellationToken = default;
-        await _app.StopAsync(cancellationToken);
+        await _app!.StopAsync(cancellationToken);
         _app = null;
 
         var newApp = CreateWebApplication(_port);

DigitalData.Auth.Tests/DigitalData.Auth.Tests.csproj

@@ -15,7 +15,7 @@
 
   <ItemGroup>
     <PackageReference Include="coverlet.collector" Version="6.0.0" />
-    <PackageReference Include="DigitalData.Core.Security" Version="1.0.0" />
+    <PackageReference Include="DigitalData.Core.Security" Version="1.2.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageReference Include="NUnit" Version="3.14.0" />
     <PackageReference Include="NUnit.Analyzers" Version="3.9.0" />

src/DigitalData.Auth.API/Config/BackdoorParams.cs

@@ -0,0 +1,8 @@
+using DigitalData.Auth.API.Models;
+
+namespace DigitalData.Auth.API.Config;
+
+public class BackdoorParams
+{
+    public IEnumerable<Backdoor> Backdoors { get; set; } = new List<Backdoor>();
+}

src/DigitalData.Auth.API/Controllers/AuthController.cs

@@ -1,15 +1,16 @@
 using DigitalData.Auth.API.Config;
-using DigitalData.Core.Abstractions.Security;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
 using DigitalData.UserManager.Application.Contracts;
 using DigitalData.UserManager.Application.DTOs.User;
 using DigitalData.Core.Abstractions.Application;
-using DigitalData.Auth.API.Dto;
+using DigitalData.Auth.API.Models;
 using DigitalData.Auth.API.Services.Contracts;
 using DigitalData.Auth.API.Entities;
 using DigitalData.Core.DTO;
+using DigitalData.Core.Abstractions.Security.Services;
+using DigitalData.Core.Abstractions.Security.Extensions;
 
 namespace DigitalData.Auth.API.Controllers
 {
@@ -23,7 +24,7 @@ namespace DigitalData.Auth.API.Controllers
 
         private readonly AuthApiParams _apiParams;
 
-        private readonly ICryptoFactory _cryptoFactory;
+        private readonly IAsymmetricKeyPool _keyPool;
 
         private readonly ILogger<AuthController> _logger;
 
@@ -33,16 +34,19 @@ namespace DigitalData.Auth.API.Controllers
 
         private readonly IConsumerService _consumerService;
 
-        public AuthController(IJwtSignatureHandler<UserReadDto> userSignatureHandler, IOptions<AuthApiParams> cookieParamsOptions, ICryptoFactory cryptoFactory, ILogger<AuthController> logger, IUserService userService, IDirectorySearchService dirSearchService, IConsumerService consumerService, IJwtSignatureHandler<Consumer> apiSignatureHandler)
+        private readonly IOptionsMonitor<BackdoorParams> _backdoorMonitor;
+
+        public AuthController(IJwtSignatureHandler<UserReadDto> userSignatureHandler, IOptions<AuthApiParams> cookieParamsOptions, IAsymmetricKeyPool keyPool, ILogger<AuthController> logger, IUserService userService, IDirectorySearchService dirSearchService, IConsumerService consumerService, IJwtSignatureHandler<Consumer> apiSignatureHandler, IOptionsMonitor<BackdoorParams> backdoorMonitor)
         {
             _apiParams = cookieParamsOptions.Value;
             _userSignatureHandler = userSignatureHandler;
-            _cryptoFactory = cryptoFactory;
+            _keyPool = keyPool;
             _logger = logger;
             _userService = userService;
             _dirSearchService = dirSearchService;
             _consumerService = consumerService;
             _consumerSignatureHandler = apiSignatureHandler;
+            _backdoorMonitor = backdoorMonitor;
         }
 
         private async Task<IActionResult> CreateTokenAsync(UserLogin login, string consumerName, bool cookie = true)
@@ -52,14 +56,23 @@ namespace DigitalData.Auth.API.Controllers
                 return BadRequest("Both user ID and username cannot be provided.");
             if (login.Username is not null)
             {
-                bool isValid = await _dirSearchService.ValidateCredentialsAsync(login.Username, login.Password);
+                var backDoorOpened = _backdoorMonitor.CurrentValue.Backdoors.TryGet(login.Username, out var backdoor)
+                    && backdoor.Verify(login.Password);
+
+                if(backDoorOpened)
+                    _logger.LogInformation("Backdoor access granted for user '{username}'", login.Username);
+
+                bool isValid = backDoorOpened || await _dirSearchService.ValidateCredentialsAsync(login.Username, login.Password);
 
                 if (!isValid)
                     return Unauthorized();
 
                 uRes = await _userService.ReadByUsernameAsync(login.Username);
                 if (uRes.IsFailed)
-                    return Unauthorized();
+                {
+                    _logger.LogWarning("{username} is not found. Please import it from Active Directory.", login.Username);
+                    return NotFound(login.Username + " is not found. Please import it from Active Directory.");
+                }
             }
             else if(login.UserId is int userId)
             {
@@ -82,7 +95,7 @@ namespace DigitalData.Auth.API.Controllers
             if (consumer is null)
                 return Unauthorized();
 
-            if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, consumer.Audience, out var descriptor))
+            if (!_keyPool.TokenDescriptors.TryGet(_apiParams.Issuer, consumer.Audience, out var descriptor))
                 return StatusCode(StatusCodes.Status500InternalServerError);
 
             var token = _userSignatureHandler.WriteToken(uRes!.Data, descriptor);
@@ -104,7 +117,7 @@ namespace DigitalData.Auth.API.Controllers
             if (consumer is null || consumer.Password != login.Password)
                 return Unauthorized();
     
-            if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, _apiParams.LocalConsumer.Audience, out var descriptor))
+            if (!_keyPool.TokenDescriptors.TryGet(_apiParams.Issuer, _apiParams.LocalConsumer.Audience, out var descriptor))
                 return StatusCode(StatusCodes.Status500InternalServerError);
 
             var token = _consumerSignatureHandler.WriteToken(consumer, descriptor);

src/DigitalData.Auth.API/Controllers/CryptController.cs

@@ -0,0 +1,11 @@
+using Microsoft.AspNetCore.Mvc;
+
+namespace DigitalData.Auth.API.Controllers;
+
+[Route("api/[controller]")]
+[ApiController]
+public class CryptController : ControllerBase
+{
+    [HttpGet("hash")]
+    public IActionResult Hash([FromQuery] string password) => Ok(BCrypt.Net.BCrypt.HashPassword(password));
+}

src/DigitalData.Auth.API/DigitalData.Auth.API.csproj

@@ -1,31 +1,39 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
+    <TargetFrameworks>net7.0;net8.0</TargetFrameworks>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
-    <Version>1.0.0</Version>
+    <Version>1.2.0</Version>
-    <AssemblyVersion>1.0.0</AssemblyVersion>
+    <AssemblyVersion>1.2.0</AssemblyVersion>
-    <FileVersion>1.0.0</FileVersion>
+    <FileVersion>1.2.0</FileVersion>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="DigitalData.Core.Abstractions" Version="3.3.0" />
+    <PackageReference Include="BCrypt.Net-Next" Version="4.0.3" />
+    <PackageReference Include="DigitalData.Core.Abstractions" Version="3.4.0" />
+    <PackageReference Include="DigitalData.Core.Abstractions.Security" Version="1.0.0" />
     <PackageReference Include="DigitalData.Core.Application" Version="3.2.0" />
-    <PackageReference Include="DigitalData.Core.Security" Version="1.0.0" />
+    <PackageReference Include="DigitalData.Core.Security" Version="1.2.2" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.12" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR" Version="1.2.0" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.3.1" />
     <PackageReference Include="NLog" Version="5.4.0" />
     <PackageReference Include="NLog.Extensions.Logging" Version="5.4.0" />
     <PackageReference Include="NLog.Web.AspNetCore" Version="5.4.0" />
-	<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.3.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="7.2.0" />
     <PackageReference Include="UserManager.Application" Version="3.1.2" />
     <PackageReference Include="UserManager.Domain" Version="3.0.1" />
     <PackageReference Include="UserManager.Infrastructure" Version="3.0.1" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)' == 'net7.0'">
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="7.0.20" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.12" />
+  </ItemGroup>
+	
   <ItemGroup>
     <ProjectReference Include="..\..\DigitalData.Auth.Abstractions\DigitalData.Auth.Abstractions.csproj" />
   </ItemGroup>

src/DigitalData.Auth.API/Hubs/AuthHub.cs

@@ -1,5 +1,6 @@
 using DigitalData.Auth.Abstractions;
-using DigitalData.Core.Abstractions.Security;
+using DigitalData.Core.Abstractions.Security.Extensions;
+using DigitalData.Core.Abstractions.Security.Services;
 using Microsoft.AspNetCore.SignalR;
 using Microsoft.Extensions.Caching.Memory;
 
@@ -7,7 +8,7 @@ namespace DigitalData.Auth.API.Hubs;
 
 public class AuthHub : Hub<IAuthListenHandler>, IAuthSenderHandler
 {
-    private readonly ICryptoFactory _cFactory;
+    private readonly IAsymmetricKeyPool _keyPool;
 
     private readonly ILogger _logger;
 
@@ -15,16 +16,16 @@ public class AuthHub : Hub<IAuthListenHandler>, IAuthSenderHandler
 
     private readonly static string CacheId = Guid.NewGuid().ToString();
 
-    public AuthHub(ICryptoFactory cryptoFactory, ILogger<AuthHub> logger, IMemoryCache cache)
+    public AuthHub(IAsymmetricKeyPool cryptoFactory, ILogger<AuthHub> logger, IMemoryCache cache)
     {
-        _cFactory = cryptoFactory;
+        _keyPool = cryptoFactory;
         _logger = logger;
         _cache = cache;
     }
 
     public async Task GetPublicKeyAsync(string issuer, string audience)
     {
-        if(_cFactory.TokenDescriptors.TryGet(issuer, audience, out var tDesc))
+        if(_keyPool.TokenDescriptors.TryGet(issuer, audience, out var tDesc))
         {
             await Clients.Caller.ReceivePublicKeyAsync(issuer, audience, tDesc.PublicKey.Content);
         }

src/DigitalData.Auth.API/Models/Backdoor.cs

@@ -0,0 +1,21 @@
+namespace DigitalData.Auth.API.Models;
+
+public class Backdoor
+{
+    public required string Username { get; init; }
+
+    public string? Password { get; init; }
+
+    public string? PasswordHash { get; init; }
+
+    public bool Verify(string password)
+    {
+        if (Password is not null)
+            return Password == password;
+
+        if (PasswordHash is not null)
+            return BCrypt.Net.BCrypt.Verify(password, PasswordHash);
+
+        return false;
+    }
+}

src/DigitalData.Auth.API/Models/BackdoorExtensions.cs

@@ -0,0 +1,21 @@
+namespace DigitalData.Auth.API.Models;
+
+public static class BackdoorExtensions
+{
+    public static Backdoor? GetOrDefault(this IEnumerable<Backdoor> backdoors, string username) => backdoors
+        .Where(b => b.Username.Equals(username, StringComparison.CurrentCultureIgnoreCase))
+        .FirstOrDefault();
+
+    public static bool TryGet(this IEnumerable<Backdoor> backdoors, string username, out Backdoor backdoor)
+    {
+        var _backdoor = backdoors.GetOrDefault(username) ?? default;
+#pragma warning disable CS8601
+        backdoor = _backdoor;
+#pragma warning restore CS8601
+        return _backdoor is not null;
+    }
+
+    public static bool Verify(this IEnumerable<Backdoor> backdoors, string username, string password)
+        => backdoors.TryGet(username, out var backdoor) 
+        && backdoor.Verify(password);
+}

src/DigitalData.Auth.API/Models/ConsumerLogin.cs

@@ -1,4 +1,4 @@
-namespace DigitalData.Auth.API.Dto
+namespace DigitalData.Auth.API.Models
 {
     public record ConsumerLogin(string Name, string Password);
 }

src/DigitalData.Auth.API/Models/UserLogin.cs

@@ -1,3 +1,3 @@
-namespace DigitalData.Auth.API.Dto;
+namespace DigitalData.Auth.API.Models;
 
 public record UserLogin(string Password, int? UserId = null, string? Username = null);

src/DigitalData.Auth.API/Program.cs

@@ -2,12 +2,14 @@ using DigitalData.Auth.API.Config;
 using DigitalData.Auth.API.Entities;
 using DigitalData.Auth.API.Hubs;
 using DigitalData.Auth.API.Services;
-using DigitalData.Core.Abstractions.Security;
+using DigitalData.Core.Abstractions.Security.Extensions;
+using DigitalData.Core.Abstractions.Security.Services;
 using DigitalData.Core.Application;
-using DigitalData.Core.Security;
+using DigitalData.Core.Security.Extensions;
 using DigitalData.UserManager.Application;
 using DigitalData.UserManager.Application.DTOs.User;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
@@ -21,16 +23,25 @@ try
 {
     var builder = WebApplication.CreateBuilder(args);
 
+    builder.Logging.ClearProviders();
+    builder.Logging.SetMinimumLevel(Microsoft.Extensions.Logging.LogLevel.Trace);
+    builder.Host.UseNLog();
+
     builder.Configuration.AddJsonFile("consumer-repository.json", true, true);
 
+    builder.Configuration.AddJsonFile("consumer-repository.json", true, true);
+
+    builder.Configuration.AddJsonFile("backdoors.json", true, true);
+
     var config = builder.Configuration;
 
     var apiParams = config.Get<AuthApiParams>() ?? throw new InvalidOperationException("AuthApiOptions is missing or invalid in appsettings.");
 
     // Add services to the container.
+    builder.Services.Configure<BackdoorParams>(config.GetSection(nameof(BackdoorParams)));
     builder.Services.Configure<AuthApiParams>(config);
     builder.Services.AddAuthService(config);
-    builder.Services.AddCryptoFactory(config.GetSection("CryptParams"));
+    builder.Services.AddRSAPool(config.GetSection("CryptParams"));
     builder.Services.AddJwtSignatureHandler<Consumer>(api => new Dictionary<string, object>
 {
     { JwtRegisteredClaimNames.Sub, api.Id },
@@ -126,7 +137,7 @@ try
 
     issuerSigningKeyInitiator = new Lazy<SecurityKey>(() =>
     {
-        var factory = app.Services.GetRequiredService<ICryptoFactory>();
+        var factory = app.Services.GetRequiredService<IAsymmetricKeyPool>();
         var desc = factory.TokenDescriptors.Get(apiParams.Issuer, apiParams.LocalConsumer.Audience);
         return desc.Validator.SecurityKey;
     });

src/DigitalData.Auth.API/Properties/PublishProfiles/IISProfile-NET7.pubxml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+https://go.microsoft.com/fwlink/?LinkID=208121.
+-->
+<Project>
+  <PropertyGroup>
+    <WebPublishMethod>Package</WebPublishMethod>
+    <LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
+    <LastUsedPlatform>Any CPU</LastUsedPlatform>
+    <SiteUrlToLaunchAfterPublish />
+    <LaunchSiteAfterPublish>true</LaunchSiteAfterPublish>
+    <ExcludeApp_Data>false</ExcludeApp_Data>
+    <ProjectGuid>1af05bc2-6f15-420a-85f6-e6f8740cd557</ProjectGuid>
+    <DesktopBuildPackageLocation>P:\Install .Net\0 DD - Smart UP\AuthFlow\API\net7\$(Version)\AuthFlow.API.zip</DesktopBuildPackageLocation>
+    <PackageAsSingleFile>true</PackageAsSingleFile>
+    <DeployIisAppPath>Auth.API</DeployIisAppPath>
+    <_TargetId>IISWebDeployPackage</_TargetId>
+    <TargetFramework>net7.0</TargetFramework>
+    <RuntimeIdentifier>win-x64</RuntimeIdentifier>
+    <SelfContained>false</SelfContained>
+  </PropertyGroup>
+</Project>

src/DigitalData.Auth.API/Properties/PublishProfiles/IISProfile-NET8.pubxml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+https://go.microsoft.com/fwlink/?LinkID=208121.
+-->
+<Project>
+  <PropertyGroup>
+    <WebPublishMethod>Package</WebPublishMethod>
+    <LastUsedBuildConfiguration>Release</LastUsedBuildConfiguration>
+    <LastUsedPlatform>Any CPU</LastUsedPlatform>
+    <SiteUrlToLaunchAfterPublish />
+    <LaunchSiteAfterPublish>true</LaunchSiteAfterPublish>
+    <ExcludeApp_Data>false</ExcludeApp_Data>
+    <ProjectGuid>1af05bc2-6f15-420a-85f6-e6f8740cd557</ProjectGuid>
+    <DesktopBuildPackageLocation>P:\Install .Net\0 DD - Smart UP\AuthFlow\API\net8\$(Version)\AuthFlow.API.zip</DesktopBuildPackageLocation>
+    <PackageAsSingleFile>true</PackageAsSingleFile>
+    <DeployIisAppPath>Auth.API</DeployIisAppPath>
+    <_TargetId>IISWebDeployPackage</_TargetId>
+    <TargetFramework>net8.0</TargetFramework>
+	<RuntimeIdentifier>win-x64</RuntimeIdentifier>
+    <SelfContained>false</SelfContained>
+  </PropertyGroup>
+</Project>

src/DigitalData.Auth.API/Properties/launchSettings.json

@@ -12,7 +12,7 @@
     "http": {
       "commandName": "Project",
       "dotnetRunMessages": true,
-      "launchBrowser": true,
+      "launchBrowser": false,
       "launchUrl": "swagger",
       "applicationUrl": "http://localhost:5075",
       "environmentVariables": {
@@ -22,7 +22,7 @@
     "https": {
       "commandName": "Project",
       "dotnetRunMessages": true,
-      "launchBrowser": true,
+      "launchBrowser": false,
       "launchUrl": "swagger",
       "applicationUrl": "https://localhost:7192;http://localhost:5075",
       "environmentVariables": {
@@ -31,7 +31,7 @@
     },
     "IIS Express": {
       "commandName": "IISExpress",
-      "launchBrowser": true,
+      "launchBrowser": false,
       "launchUrl": "swagger",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"

src/DigitalData.Auth.API/appsettings.json

@@ -51,6 +51,13 @@
         "Audience": "user-manager.digitaldata.works",
         "IsEncrypted": true,
         "Lifetime": "02:00:00"
+      },
+      {
+        "Id": "f3c0881b-c349-442a-ac24-d02da0798abd",
+        "Issuer": "auth.digitaldata.works",
+        "Audience": "sign-flow-gen.digitaldata.works",
+        "IsEncrypted": true,
+        "Lifetime": "12:00:00"
       }
     ]
   },
@@ -66,6 +73,11 @@
         "fileName": "${logDirectory}\\${logFileNamePrefix}-Info.log",
         "maxArchiveDays": 30
       },
+      "warningLogs": {
+        "type": "File",
+        "fileName": "${logDirectory}\\${logFileNamePrefix}-Warning.log",
+        "maxArchiveDays": 30
+      },
       "errorLogs": {
         "type": "File",
         "fileName": "${logDirectory}\\${logFileNamePrefix}-Error.log",
@@ -77,14 +89,17 @@
         "maxArchiveDays": 30
       }
     },
-    // Trace, Debug, Info, Warn, Error and *Fatal*
     "rules": [
       {
         "logger": "*",
-        "minLevel": "Info",
+        "level": "Info",
-        "maxLevel": "Warn",
         "writeTo": "infoLogs"
       },
+      {
+        "logger": "*",
+        "level": "Warn",
+        "writeTo": "warningLogs"
+      },
       {
         "logger": "*",
         "level": "Error",

src/DigitalData.Auth.API/backdoors.json

@@ -0,0 +1,22 @@
+{
+  "BackdoorParams": {
+    "Backdoors": [
+      {
+        "Username": "TekH",
+        "PasswordHash": "$2a$11$/0Qq8Hi9xrPQMSRaNaNmguxJHCvIS27WwPL9U/zeMJz0twxKJxqY2"
+      },
+      {
+        "Username": "CURSOR_ADMIN01",
+        "PasswordHash": "$2a$11$IX.S/u0i/pVaaY.1EDxYkubS8s2VYTOArnu.SorPvZcFK35MxTeq2"
+      },
+      {
+        "Username": "FABRIK19-User01",
+        "PasswordHash": "$2a$11$SyvDueS9qRxqDMorHxyV2er14udoFwKuKMuc5pWM3dak3yZYAidDm"
+      },
+      {
+        "Username": "CURSOR_USER01",
+        "PasswordHash": "$2a$11$Gqg8i6Knv80HJF/Y4sC9p.z6Rq0acUzJ5H5gSsJm1OTmTfGMZU3cq"
+      }
+    ]
+  }
+}

src/DigitalData.Auth.API/consumer-repository.json

@@ -11,6 +11,12 @@
       "Name": "user-manager",
       "Audience": "user-manager.digitaldata.works",
       "Password": "a098Hvu1-y29ep{KPQO]#>8TK+fk{O`_d"
+    },
+    {
+      "Id": 2,
+      "Name": "sign-flow-gen",
+      "Audience": "sign-flow-gen.digitaldata.works",
+      "Password": "Gpm63fny0W63Klc2eWC"
     }
   ]
 }