This boilerplate code provides access rights to different parts of RESTApi. The authorization is performed based on the Active Directory Group membership of a user.
This can be used for protecting the backend services for your home automation projects or for internal business applications. Since Active Directory is used as repository for users and groups, it removes the development overhead of having extra user database, authentication and additional functionality such as registration, forgot password etc.
In business scenarios, it can save IT efforts to maintain users in additional resources. Users can be assigned rights based on the group.
In home automation scenarios, you give certain access rights to kids (e.g. turn lights on/off) and certain rights to adults (e.g. vault keys).
The backbone of this solution is Active Directory. Create your active directory using Azure portal and groups in it. Register your service and client application in it. Use the ids and other values from your directory in the solution. (The details will be provided in my blog. Stay tuned!)
This consists of two controllers:
-
LightsController – This demonstrates access at Anonymous level, Authorized level and at “Level1” Group.
-
VaultController – This demonstrated access at “SecretLevel” Group.
The service has two custom Authorization attributes. These attributes protect API from the access by unauthorized users.
This uses the client side keys from the Active Directory. It lets user sign-in and acquire the token. The token is passed to the services by the common client library. The results are then displayed in a message box.
This is a PCL library that hosts the models used to communicate data between the front end and the backend.
This is a PCL library that provide client side APIs to call RESTApis. The APIs internally use HttpClient to make calls to the RESTApi.
This folder consists of apps that have been developed using Xamarin forms for iOS and Android. It is equivalent of the WPF client on mobile platform. It's Xaml is different from WPF due to compatibility. Azure Active Directory is implemented differently on iOS and Android platforms. It uses IOC pattern to access the functionality from the forms PCL.
More details are on my blog: https://sameer.blog/2017/01/11/protecting-your-rest-apis/