Fresh on the heels of kicking off our .NET development in a big way, I’m happy to announce that the second release of our .NET authentication SDK is ready for prime time.
In this release, we’ve added some new features to help with authorization and social login. Plus, there are a few more goodies under the hood.
Getting the Newest Release of the .NET SDK As always, installing the SDK is as easy as:
install-package Stormpath.SDK
If you’re already using the SDK, then this release should be a drop-in upgrade:
update-package Stormpath.SDK
Fine-Grained Permissions with Custom Data
With Stormpath, you can store key-value pairs called Custom Data on resources like Accounts. This can be used for anything (you decide what’s stored!), but many of our customers find custom data is an easy way to store fine-grained permissions alongside the user accounts themselves.
In this release, it’s simple! You can create an account with custom data easily:
|
1 2 3 4 |
var tk421 = await myApp.CreateAccountAsync( new { isAdmin = false, access = "read,write" }); |
Then, when you authenticate a user account, you can retrieve the stored custom data values and use them to grant or restrict access in your application:
|
1 2 3 4 |
var customData = await tk421.GetCustomDataAsync(); var isAdmin = (bool)customData["isAdmin"]; var accessFlags = (string)customData["access"]; |
Profile Data Storage with Custom Data
Custom data isn’t just for storing authorization data, though! Another popular use case is storing additional profile data with each user account, saving you the overhead of maintaining a separate database.
|
1 2 3 4 5 6 7 |
// Add profile information to an existing user account tk421.CustomData.Put("location", "Death Star"); tk421.CustomData.Put("cellblockNumber", 1138); tk421.CustomData.Put("troopType", "stormtrooper"); await tk421.SaveAsync(); |
Every resource can store up to 10MB of custom data, and it’s not just limited to user accounts! The .NET SDK supports saving and retrieving custom data for every Stormpath resource that has a linked customData resource. For more information, see the Custom Data documentation.
Role-Based Authorization with Groups
This release also adds support for Stormpath Groups, which make it easy to implement role-based access control.
Creating a group and assigning users to it can be accomplished with a few lines of code:
|
1 2 3 4 5 6 7 8 9 |
// Create a group var admins = client.Instantiate<IGroup>(); admins.SetName("Administrators"); admins.SetDescription("Users who have administrator access"); await directory.CreateGroupAsync(admins); // Assign a user await tk421.AddGroupAsync(admins); |
When handling a user request, group membership can be used to grant or restrict access:
|
1 2 3 4 5 |
bool isAdmin = await tk421.IsMemberOfGroupAsync("Administrators"); if (isAdmin) { // Just admin things } |
If you need even further control, you can also use custom data to store fine-grained permission rules on the accounts, or even on the groups themselves. This makes modeling complex permissions models for your application a cinch.
Easy Facebook, Google, Github, and LinkedIn Login
If you’re building a web application and want to add social login support, rolling your own code to interact with the specific authentication flows for each provider can be a pain. Stormpath abstracts away a lot of that complexity, letting you focus on actually building your application instead.
With this release, we’ve added support for exchanging a token from a social login provider for a Stormpath user account. All you have to do is redirect the user to the appropriate social login page, and capture the callback token that is sent back to you. Then, create a request to Stormpath. For example, for Facebook login:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
// accessToken = the callback token provided by Facebook var request = client.Providers().Facebook().Account() .SetAccessToken(accessToken) .Build(); var result = await application.GetAccountAsync(request); // true if this account didn't previously exist in Stormpath bool isNewAccount = result.IsNewAccount; // the Stormpath account details, pulled from Facebook IAccount account = result.Account; |
That’s it! For more information on how social login works in Stormpath, refer to the documentation.
In our forthcoming ASP.NET integration, this process will be even easier, with drop-in support for Facebook, Google, Github, and LinkedIn login buttons.
New Account Email Verification
This release also adds support for verifying that the e-mail address of a new account is valid.
If an account is created in a Stormpath Directory that has the Verification workflow enabled, an e-mail will automatically be sent to the new user with a callback URL that includes an sptoken parameter. This token can be used to verify that the user’s email address is correct.
When your application receives the token, you simply have to send it back to Stormpath:
|
1 2 3 |
// token = the ?sptoken parameter passed to your application var verifiedAccount = await client.VerifyAccountEmailAsync(token); |
If the token is valid, the account details are returned and the account is marked as verified in Stormpath. For more information on how the verification flow works, see the documentation.
What’s Next
There’s plenty more to come! Here’s what’s on the roadmap:
Is there something specific you want to see? Join the conversation on Github or shoot us an email.
Viva .NET!