FusionAuth .NET Core Client Library
.NET Core Client Library
The .NET Core client library allows you to integrate FusionAuth with your .NET Core application.
Source Code:
NuGet Package:
To install the FusionAuth Client from NuGet run the following command.
Install-Package FusionAuth.Client
Usage Suggestions
FusionAuth client libraries are a thin wrapper around the REST API. Client libraries are typically used in two different ways.
First, they can be used to access the FusionAuth APIs in a familiar format, leveraging language features like auto-completion. When used for this, they can be helpful to script FusionAuth configuration, automate common tasks, and create copies of existing applications, groups and more.
To use the client libraries effectively in this way, it is helpful to review the source code of the client library and the API documentation, which contains the JSON structure. The API documentation is very thorough about the JSON objects it expects as part of the payload as well as what parameters are required when.
Second, client libraries can exchange a token to let a user to log in via the Authorization Code Grant. This is a secondary use of these libraries. This process is best done by using a language specific OAuth library, which will work with FusionAuth. Here is a community curated list of such libraries.
Client libraries do not currently provide higher level functionality such as token management. Here is an open issue detailing some requested higher level functionality. Please feel free to file an issue or upvote this one if you desire it.
You can always directly call the REST API if the client library functionality doesn’t work for you. All the client libraries use the REST API.
In general, the request object will either be string parameters or a complex object depending on the type of API call being made. Any request object will be mapped by the library to a JSON object required by the corresponding API method. Examining the API documents for the operations you’re trying to call will therefore be useful, especially if you are using language without static typing.
The response object will typically contain:
- a status corresponding to the HTTP status code returned by the API. It may also be -1 if no HTTP request was successfully made
- a JSON success object if the call succeeded.
- a JSON error object with an intelligible message if the status code is
4xx
or5xx
. - an exception object if there was no HTTP request sent or there was no reasonable response from the server.
PATCH requests
Available Since Version 1.14.0
PATCH
requests are handled differently than you might expect. PATCH
operations allow you to modify only parts of an object in FusionAuth.
In client libraries with static typing, such as this one for .NET Core, there are no strongly typed objects set as part of a PATCH
request. Instead, a hash, dictionary or map object is used. Ensure that you are using multi level dictionaries that create JSON with nested keys, otherwise the PATCH
request will fail. This allows use of key value pairs to build a PATCH
request.
For example, if you want to change only the name of an application using PATCH
, you would want the JSON that is sent across the wire to look like this:
Example PATCH Application JSON
{
"application": {
"name": "hooli-bought-us"
}
}
If you built a typed application request object and then serialized it, it would contain empty arrays or other default values. This would modify the object you were changing in ways you didn’t expect. This would likely cause the system behave in ways you don’t want.
By requiring you to build nested key value pairs, the JSON serialization works correctly. This is essentially a limitation of the current implementation in .NET Core and FusionAuth PATCH
support.
For this behavior to work correctly with typed objects, FusionAuth would need to ensure the domain object had no default values, and then instruct the serializer to omit empty objects, empty arrays and other values from the resulting JSON. This would ensure that the PATCH
was performed correctly with no unwanted side effects.
Once support for RFC 7396 lands in FusionAuth, there may be some additional options for configuring a JSON serializer to allow use of typed domain objects for PATCH
.
An alternative that allows you to use typed objects immediately is to perform a retrieve operation, modify the object in memory, and then execute an update operation. These are functionally equivalent to a single PATCH
operation.
FusionAuth Templates for .NET
FusionAuth has a collection of .NET templates available as a NuGet package. Quickly create new secured .NET applications with FusionAuth templates using the .NET CLI or Visual Studio. The new applications are pre-configured to use FusionAuth for authentication and authorization. Only standard .NET security libraries are used in the templates.
Currently, the following .NET templates are implemented:
- FusionAuth Blazor Server Application.
- FusionAuth MVC Application.
- FusionAuth Web API Application.
Requirements
- A FusionAuth installation. You can install FusionAuth locally, or sign up for a hosted account.
- .NET Core 7.0 SDK or higher.
- Visual Studio 2022 for Mac, version 17.6 and above (optional).
- Visual Studio 2022 for Windows, version 17.6 and above (optional).
Installing the Templates
FusionAuth .NET templates are available on NuGet. You can install them by running the following command in your terminal.
dotnet new install FusionAuth.Templates::1.0.0
When installed successfully, the templates will be available in the .NET CLI and Visual Studio. The installation is the same for both Windows and macOS.
Using the Templates
To help you set up a valid application in FusionAuth, we have created a FusionAuth Kickstart, available on GitHub. Follow the instructions in the https://github.com/FusionAuth/fusionauth-example-client-libraries/tree/main/dotnet/templates/README.md[README.md] file to set up FusionAuth for your project. If you don’t want to use the Kickstart file, you can set up your application manually in FusionAuth, using the values referenced in the https://github.com/FusionAuth/fusionauth-example-client-libraries/tree/main/kickstart/kickstart.json[kickstart.json] file.
Note that the Kickstart is designed to be used when starting up FusionAuth for the first time using docker compose up
.
The FusionAuth instance created by the Kickstart assumes that your .NET project will be running on HTTPS
on port 5001
. Your project might not run on the same port, as Visual Studio will randomly choose a port if the chosen one is already in use by another project. It may also be a different port if you run the project through IIS or another web server. In this case, update the authorizedRedirectURL
and logoutURL
variables in the kickstart.json file to that of your project. You can also update the URLs on the Application settings page in the FusionAuth admin UI on the OAuth tab at any time after the Kickstart has run.
Some templates will ask for a FusionAuth Client Secret when initializing a new project. Use a non-sensitive secret from a local FusionAuth installation. If you use the Kickstart to set up your FusionAuth instance, the Client Secret will be change-this-in-production-to-be-a-real-secret
.
Do not use a production or sensitive Client Secret in the template prompts, as it is stored in the appsettings.Development.json
file, and will be available in plain text and committed to your repo. To provide the Client Secret to your application in production, you should use one of the secure methods recommended by Microsoft. The platform-independent key for the Client Secret setting is FusionAuth__ClientSecret
if you want to provide the Client Secret via an environment variable.
.NET CLI
To create a new project from a template, navigate to your new project directory and run the following command.
dotnet new [template-name] [options]
Where [template-name]
is the name of the template you want to use from one of the following:
fusionauthblazorserver
creates a new Blazor Server application with FusionAuth authentication and authorization.fusionauthmvcwebapp
creates a new MVC application with FusionAuth authentication and authorization.fusionauthwebapi
creates a new Web API application with FusionAuth authentication and authorization.
Use [options]
to provide your FusionAuth URL and FusionAuth Application Client Id. The following options are available:
--issuer
is the fully qualified URL to your FusionAuth server. The default value ishttp://localhost:9011
.--client-id
is the Client Id associated with your application. The default value is3c219e58-ed0e-4b18-ad48-f4f92793ae32
.--port
is the port to run on under Kestrel, using HTTPS. The default value is5001
. This can be changed after installation in theappsettings.Development.json
file in the root directory of the project andlaunchSettings.json
in theProperties
directory of the project.
Visual Studio for macOS
FusionAuth .NET templates require Visual Studio for macOS version 17.6 or higher.
To create a new project from a template, first create or open a Solution. Then select File -> New Project. In the “New Project” dialog, select Custom from the left-hand menu. Select the FusionAuth template you want to use and click Continue. Fill in the required information, including the fully qualified URL to your FusionAuth server and your FusionAuth Application Client Id. Click Continue.
Set the project name and click Create.
Visual Studio for Windows
FusionAuth .NET templates require Visual Studio for Windows version 17.6 or higher.
To create a new project from a template, first create or open a Solution. Then select File -> New Project. In the “New Project” dialog, select “FusionAuth” from the “All project types” dropdown. Select the FusionAuth template you want to use. Set the project name and click Next. Fill in the required information, including the fully qualified URL to your FusionAuth server and your FusionAuth Application Client Id.
Click Create.
Testing
To test projects created using the .NET templates, refer to the testing section in the README.md file.
Uninstalling the Templates
You can uninstall the templates using the following command.
dotnet new uninstall FusionAuth.Templates
You will need to restart Visual Studio for the changes to take effect.
Example Apps
- .NET API quickstart - .NET API quickstart tutorial showing how to integrate FusionAuth with a .NET API
- .NET quickstart - .NET quickstart tutorial showing how to integrate FusionAuth with a .NET application
- ASP.NET Core webapp - An ASP.NET Core 3.1 web application using FusionAuth as the identity server
- Example Windows Forms Application Using FusionAuth APIs - This application uses C# to call the FusionAuth APIs to create a user, delete a user, and add a user to a group in a Windows Form application.
- User management - Using the FusionAuth .NET client library to add and remove users and applications
Upgrade Policy
Besides the releases made to keep track of the FusionAuth API as mentioned above, SDKs and Client Libraries may periodically receive updates with bug fixes, security patches, tests, code samples, or documentation changes.
These releases may also update dependencies, language engines, and operating systems, as we’ll follow the deprecation and sunsetting policies of the underlying technologies that the libraries use.
This means that after a language, framework, or operating system is deprecated by their own maintainer, our SDKs and Client Libraries that depend on it will also be deprecated by us, and will eventually be updated to use a newer version.