fix(ConfiguredConsumerService): Dienst als Liste anstelle von IEnumerable hinzufügen

- Entfernt den unnötigen Aufruf von `GetSection(nameof(ClientParams))` beim Abrufen von `ClientParams` aus der Konfiguration, was die Logik vereinfacht und die Klarheit verbessert.

DigitalData.Auth.Client/ClientPublicKey.cs

@@ -28,7 +28,7 @@ public class ClientPublicKey : RSAKeyBase, IAsymmetricTokenValidator, IUniqueSec
         }
     }
 
-    public void UpdateContent(string content)
+    internal void UpdateContent(string content)
     {
         _content = content;
         RSA.ImportFromPem(content);

DigitalData.Auth.Client/DIExtensions.cs

@@ -11,7 +11,7 @@ public static class DIExtensions
 {
     public static IServiceCollection AddAuthHubClient(this IServiceCollection services, IConfiguration? configuration = null, Action<ClientParams>? options = null)
     {
-        var clientParams = configuration?.GetSection(nameof(ClientParams)).Get<ClientParams>() ?? new ClientParams();
+        var clientParams = configuration?.Get<ClientParams>() ?? new ClientParams();
         options?.Invoke(clientParams);
         services
             .AddSingleton(Options.Create(clientParams))

DigitalData.Auth.Client/DigitalData.Auth.Client.csproj

@@ -5,7 +5,7 @@
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <PackageId>DigitalData.Auth.Client</PackageId>
-    <Version>1.1.4.1</Version>
+    <Version>1.1.5</Version>
     <Description>DigitalData.Auth.Client is a SignalR-based authentication client that enables applications to connect to a central authentication hub for real-time message exchange. It provides seamless connection management, automatic reconnection (RetryPolicy), and event-driven communication (ClientEvents). The package includes dependency injection support via DIExtensions, allowing easy integration into ASP.NET Core applications. With built-in retry policies and secure message handling, it ensures a reliable and scalable authentication client for real-time authentication workflows.</Description>
     <Company>Digital Data GmbH</Company>
     <Product>Digital Data GmbH</Product>
@@ -14,8 +14,8 @@
     <PackageIcon>auth_icon.png</PackageIcon>
     <RepositoryUrl>http://git.dd:3000/AppStd/DigitalData.Auth</RepositoryUrl>
     <PackageTags>Digital Data Auth Authorization Authentication</PackageTags>
-    <AssemblyVersion>1.1.4.1</AssemblyVersion>
+    <AssemblyVersion>1.1.5</AssemblyVersion>
-    <FileVersion>1.1.4.1</FileVersion>
+    <FileVersion>1.1.5</FileVersion>
   </PropertyGroup>
 
   <ItemGroup>

src/DigitalData.Auth.API/Controllers/AuthController.cs

@@ -3,13 +3,13 @@ using DigitalData.Core.Abstractions.Security;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
-using DigitalData.UserManager.Application.DTOs.Auth;
 using DigitalData.UserManager.Application.Contracts;
 using DigitalData.UserManager.Application.DTOs.User;
 using DigitalData.Core.Abstractions.Application;
 using DigitalData.Auth.API.Dto;
 using DigitalData.Auth.API.Services.Contracts;
 using DigitalData.Auth.API.Entities;
+using DigitalData.Core.DTO;
 
 namespace DigitalData.Auth.API.Controllers
 {
@@ -45,18 +45,39 @@ namespace DigitalData.Auth.API.Controllers
             _consumerSignatureHandler = apiSignatureHandler;
         }
 
-        private async Task<IActionResult> CreateTokenAsync(LogInDto login, string consumerName, bool cookie = true)
+        private async Task<IActionResult> CreateTokenAsync(UserLogin login, string consumerName, bool cookie = true)
         {
-            bool isValid = await _dirSearchService.ValidateCredentialsAsync(login.Username, login.Password);
+            DataResult<UserReadDto>? uRes;
+            if(login.Username is not null && login.UserId is not null)
+                return BadRequest("Both user ID and username cannot be provided.");
+            if (login.Username is not null)
+            {
+                bool isValid = await _dirSearchService.ValidateCredentialsAsync(login.Username, login.Password);
 
-            if (!isValid)
+                if (!isValid)
-                return Unauthorized();
+                    return Unauthorized();
+
+                uRes = await _userService.ReadByUsernameAsync(login.Username);
+                if (uRes.IsFailed)
+                    return Unauthorized();
+            }
+            else if(login.UserId is int userId)
+            {
+                uRes = await _userService.ReadByIdAsync(userId);
+                if (uRes.IsFailed)
+                    return Unauthorized();
+
+                bool isValid = await _dirSearchService.ValidateCredentialsAsync(uRes.Data.Username, login.Password);
+
+                if (!isValid)
+                    return Unauthorized();
+            }
+            else
+            {
+                return BadRequest("User ID or username should be provided.");
+            }
 
             //find the user
-            var uRes = await _userService.ReadByUsernameAsync(login.Username);            
-            if (uRes.IsFailed)
-                return Unauthorized();
-
             var consumer = await _consumerService.ReadByNameAsync(consumerName);
             if (consumer is null)
                 return Unauthorized();
@@ -64,7 +85,7 @@ namespace DigitalData.Auth.API.Controllers
             if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, consumer.Audience, out var descriptor))
                 return StatusCode(StatusCodes.Status500InternalServerError);
 
-            var token = _userSignatureHandler.WriteToken(uRes.Data, descriptor);
+            var token = _userSignatureHandler.WriteToken(uRes!.Data, descriptor);
 
             //set cookie
             if (cookie)
@@ -102,7 +123,7 @@ namespace DigitalData.Auth.API.Controllers
         //TODO: Add role depends on group name
         [HttpPost("{consumerName}/login")]
         [AllowAnonymous]
-        public async Task<IActionResult> Login([FromForm] LogInDto login, [FromRoute] string consumerName)
+        public async Task<IActionResult> Login([FromForm] UserLogin login, [FromRoute] string consumerName)
         {
             try
             {
@@ -146,7 +167,7 @@ namespace DigitalData.Auth.API.Controllers
         }
 
         [HttpPost("{consumerName}")]
-        public async Task<IActionResult> CreateTokenViaBody([FromBody] LogInDto login, [FromRoute] string consumerName, [FromQuery] bool cookie = false)
+        public async Task<IActionResult> CreateTokenViaBody([FromBody] UserLogin login, [FromRoute] string consumerName, [FromQuery] bool cookie = false)
         {
             try
             {

src/DigitalData.Auth.API/DigitalData.Auth.API.csproj

@@ -16,6 +16,9 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.12" />
     <PackageReference Include="Microsoft.AspNetCore.SignalR" Version="1.2.0" />
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.3.1" />
+    <PackageReference Include="NLog" Version="5.4.0" />
+    <PackageReference Include="NLog.Extensions.Logging" Version="5.4.0" />
+    <PackageReference Include="NLog.Web.AspNetCore" Version="5.4.0" />
 	<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.3.1" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="7.2.0" />
     <PackageReference Include="UserManager.Application" Version="3.1.2" />

src/DigitalData.Auth.API/Dto/UserLogin.cs

@@ -0,0 +1,3 @@
+namespace DigitalData.Auth.API.Dto;
+
+public record UserLogin(string Password, int? UserId = null, string? Username = null);

src/DigitalData.Auth.API/Program.cs

@@ -11,25 +11,32 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
+using NLog;
+using NLog.Web;
 
-var builder = WebApplication.CreateBuilder(args);
+var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
+logger.Info("Logging initialized.");
 
-builder.Configuration.AddJsonFile("consumer-repository.json", true, true);
+try
+{
+    var builder = WebApplication.CreateBuilder(args);
 
-var config = builder.Configuration;
+    builder.Configuration.AddJsonFile("consumer-repository.json", true, true);
 
-var apiParams = config.Get<AuthApiParams>() ?? throw new InvalidOperationException("AuthApiOptions is missing or invalid in appsettings.");
+    var config = builder.Configuration;
 
-// Add services to the container.
+    var apiParams = config.Get<AuthApiParams>() ?? throw new InvalidOperationException("AuthApiOptions is missing or invalid in appsettings.");
-builder.Services.Configure<AuthApiParams>(config);
+
-builder.Services.AddAuthService(config);
+    // Add services to the container.
-builder.Services.AddCryptoFactory(config.GetSection("CryptParams"));
+    builder.Services.Configure<AuthApiParams>(config);
-builder.Services.AddJwtSignatureHandler<Consumer>(api => new Dictionary<string, object>
+    builder.Services.AddAuthService(config);
+    builder.Services.AddCryptoFactory(config.GetSection("CryptParams"));
+    builder.Services.AddJwtSignatureHandler<Consumer>(api => new Dictionary<string, object>
 {
     { JwtRegisteredClaimNames.Sub, api.Id },
     { JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds() }
 });
-builder.Services.AddJwtSignatureHandler<UserReadDto>(user => new Dictionary<string, object>
+    builder.Services.AddJwtSignatureHandler<UserReadDto>(user => new Dictionary<string, object>
 {
     { JwtRegisteredClaimNames.Sub, user.Id },
     { JwtRegisteredClaimNames.UniqueName, user.Username },
@@ -38,29 +45,29 @@ builder.Services.AddJwtSignatureHandler<UserReadDto>(user => new Dictionary<stri
     { JwtRegisteredClaimNames.FamilyName, user.Name ?? string.Empty },
     { JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds() }
 });
-builder.Services.AddDirectorySearchService(config.GetSection("DirectorySearchOptions"));
+    builder.Services.AddDirectorySearchService(config.GetSection("DirectorySearchOptions"));
-builder.Services.AddSignalR();
+    builder.Services.AddSignalR();
 
-var cnn_str = builder.Configuration.GetConnectionString("Default") ?? throw new InvalidOperationException("Default connection string is not found.");
+    var cnn_str = builder.Configuration.GetConnectionString("Default") ?? throw new InvalidOperationException("Default connection string is not found.");
 
-builder.Services.AddUserManager(cnn_str);
+    builder.Services.AddUserManager(cnn_str);
 
-builder.Services.AddControllers();
+    builder.Services.AddControllers();
 
-builder.Services.AddEndpointsApiExplorer();
+    builder.Services.AddEndpointsApiExplorer();
-builder.Services.AddSwaggerGen(options =>
+    builder.Services.AddSwaggerGen(options =>
-{
-    options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
     {
-        Name = "Authorization",
+        options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
-        Type = SecuritySchemeType.Http,
+        {
-        Scheme = "bearer",
+            Name = "Authorization",
-        BearerFormat = "JWT",
+            Type = SecuritySchemeType.Http,
-        In = ParameterLocation.Header,
+            Scheme = "bearer",
-        Description = "Enter 'Bearer' [space] and then your valid token."
+            BearerFormat = "JWT",
-    });
+            In = ParameterLocation.Header,
+            Description = "Enter 'Bearer' [space] and then your valid token."
+        });
 
-    options.AddSecurityRequirement(new OpenApiSecurityRequirement
+        options.AddSecurityRequirement(new OpenApiSecurityRequirement
     {
         {
             new OpenApiSecurityScheme
@@ -77,69 +84,75 @@ builder.Services.AddSwaggerGen(options =>
             new List<string>()
         }
     });
-});
-
-// Add authentication
-Lazy<SecurityKey>? issuerSigningKeyInitiator = null;
-
-builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
-    .AddJwtBearer(options =>
-    {
-        options.RequireHttpsMetadata = apiParams!.RequireHttpsMetadata;
-        options.ClaimsIssuer = apiParams!.Issuer;
-        options.Audience = apiParams.LocalConsumer.Audience;
-        options.TokenValidationParameters = new()
-        {
-            ValidateIssuer = true,
-            ValidIssuer = apiParams!.Issuer,
-            ValidateAudience = true,
-            ValidAudience = apiParams.LocalConsumer.Audience,
-            ValidateLifetime = true,
-            IssuerSigningKey = issuerSigningKeyInitiator?.Value
-        };
-
-        options.Events = new JwtBearerEvents
-        {
-            OnMessageReceived = context =>
-            {
-                // if there is no token read related cookie or query string
-                if (context.Token is null)   // if there is no token
-                {
-                    if (context.Request.Cookies.TryGetValue(apiParams!.DefaultCookieName, out var cookieToken) && cookieToken is not null)
-                        context.Token = cookieToken;
-                    else if (context.Request.Query.TryGetValue(apiParams.DefaultQueryStringKey, out var queryStrToken))
-                        context.Token = queryStrToken;
-                }
-                return Task.CompletedTask;
-            }
-        };
     });
 
-var app = builder.Build();
+    // Add authentication
+    Lazy<SecurityKey>? issuerSigningKeyInitiator = null;
 
-issuerSigningKeyInitiator = new Lazy<SecurityKey>(() =>
+    builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
-{
+        .AddJwtBearer(options =>
-    var factory = app.Services.GetRequiredService<ICryptoFactory>();
+        {
-    var desc = factory.TokenDescriptors.Get(apiParams.Issuer, apiParams.LocalConsumer.Audience);
+            options.RequireHttpsMetadata = apiParams!.RequireHttpsMetadata;
-    return desc.Validator.SecurityKey;
+            options.ClaimsIssuer = apiParams!.Issuer;
-});
+            options.Audience = apiParams.LocalConsumer.Audience;
+            options.TokenValidationParameters = new()
+            {
+                ValidateIssuer = true,
+                ValidIssuer = apiParams!.Issuer,
+                ValidateAudience = true,
+                ValidAudience = apiParams.LocalConsumer.Audience,
+                ValidateLifetime = true,
+                IssuerSigningKey = issuerSigningKeyInitiator?.Value
+            };
 
-// Configure the HTTP request pipeline.
+            options.Events = new JwtBearerEvents
-var use_swagger = config.GetValue<bool>("UseSwagger");
+            {
-if (app.Environment.IsDevelopment() || use_swagger)
+                OnMessageReceived = context =>
-{
+                {
-    app.UseSwagger();
+                    // if there is no token read related cookie or query string
-    app.UseSwaggerUI();
+                    if (context.Token is null)   // if there is no token
+                    {
+                        if (context.Request.Cookies.TryGetValue(apiParams!.DefaultCookieName, out var cookieToken) && cookieToken is not null)
+                            context.Token = cookieToken;
+                        else if (context.Request.Query.TryGetValue(apiParams.DefaultQueryStringKey, out var queryStrToken))
+                            context.Token = queryStrToken;
+                    }
+                    return Task.CompletedTask;
+                }
+            };
+        });
+
+    var app = builder.Build();
+
+    issuerSigningKeyInitiator = new Lazy<SecurityKey>(() =>
+    {
+        var factory = app.Services.GetRequiredService<ICryptoFactory>();
+        var desc = factory.TokenDescriptors.Get(apiParams.Issuer, apiParams.LocalConsumer.Audience);
+        return desc.Validator.SecurityKey;
+    });
+
+    // Configure the HTTP request pipeline.
+    var use_swagger = config.GetValue<bool>("UseSwagger");
+    if (app.Environment.IsDevelopment() || use_swagger)
+    {
+        app.UseSwagger();
+        app.UseSwaggerUI();
+    }
+
+    app.UseHttpsRedirection();
+
+    app.UseAuthentication();
+
+    app.UseAuthorization();
+
+    app.MapControllers();
+
+    app.MapHub<AuthHub>("/auth-hub");
+
+    app.Run();
 }
-
+catch(Exception ex)
-app.UseHttpsRedirection();
+{
-
+    logger.Error(ex, "Stopped program because of exception.");
-app.UseAuthentication();
+    throw;
-
+}
-app.UseAuthorization();
-
-app.MapControllers();
-
-app.MapHub<AuthHub>("/auth-hub");
-
-app.Run();

src/DigitalData.Auth.API/Services/ConfiguredConsumerService.cs

@@ -1,5 +1,4 @@
-using DigitalData.Auth.API.Config;
+using DigitalData.Auth.API.Entities;
-using DigitalData.Auth.API.Entities;
 using DigitalData.Auth.API.Services.Contracts;
 using Microsoft.Extensions.Options;
 
@@ -9,7 +8,7 @@ namespace DigitalData.Auth.API.Services
     {
         private readonly IEnumerable<Consumer> _consumers;
 
-        public ConfiguredConsumerService(IOptions<IEnumerable<Consumer>> consumeroptions)
+        public ConfiguredConsumerService(IOptions<List<Consumer>> consumeroptions)
         {
             _consumers = consumeroptions.Value;
         }

src/DigitalData.Auth.API/appsettings.json

@@ -53,5 +53,48 @@
         "Lifetime": "02:00:00"
       }
     ]
+  },
+  "NLog": {
+    "throwConfigExceptions": true,
+    "variables": {
+      "logDirectory": "E:\\LogFiles\\Digital Data\\Auth.API",
+      "logFileNamePrefix": "${shortdate}-Auth.API"
+    },
+    "targets": {
+      "infoLogs": {
+        "type": "File",
+        "fileName": "${logDirectory}\\${logFileNamePrefix}-Info.log",
+        "maxArchiveDays": 30
+      },
+      "errorLogs": {
+        "type": "File",
+        "fileName": "${logDirectory}\\${logFileNamePrefix}-Error.log",
+        "maxArchiveDays": 30
+      },
+      "criticalLogs": {
+        "type": "File",
+        "fileName": "${logDirectory}\\${logFileNamePrefix}-Critical.log",
+        "maxArchiveDays": 30
+      }
+    },
+    // Trace, Debug, Info, Warn, Error and *Fatal*
+    "rules": [
+      {
+        "logger": "*",
+        "minLevel": "Info",
+        "maxLevel": "Warn",
+        "writeTo": "infoLogs"
+      },
+      {
+        "logger": "*",
+        "level": "Error",
+        "writeTo": "errorLogs"
+      },
+      {
+        "logger": "*",
+        "level": "Fatal",
+        "writeTo": "criticalLogs"
+      }
+    ]
   }
 }