Bulk Load admin

AuthP has a way to load Roles, Tenants, and AuthP's Users on startup, as long as there are any Roles, Tenants, and AuthP's Users are already in the AuthP's database. Bulk Load is used to set up the various examples in the AuthP's repo, but for you it can help you when deploying a new application.

The problem that Bulk Load can fix is when a new application is deployed it to production for the first time. In this case the database is empty so there isn't any user, which means you so to can’t log in to add users – this is a catch-22 problem. AuthP's solution is Bulk Load plus a special permission that allows a user to access to ALL the features that are protected by the HasPermission attribute / method.

The steps below show how to add a user, referred to as Super Admin user, that can be used to set up the the initial Roles, Admin Users etc. Typically the Super Admin user only used for the initial setup or in extreme situations such as someone deleting an admin role.

1. Setup the AssessAll member in your Permissions

The AuthP's Permission with the value of ushort.MaxValue is designed to give access to every feature. This member normally named as AssessAll, but its value is the important. Here is the end of a Permissions enum only showing the AssessAll member.

public enum Example1Permissions : ushort
{
    // ... other enum members left out


    //Useful for setting up an SuperAdmin user
    //Setting the AutoGenerateFilter to true in the display makes any Role with this enum member 
    //is hidden from tenant users.
    [Display(GroupName = "SuperAdmin", Name = "AccessAll", 
        Description = "This allows the user to access every feature", AutoGenerateFilter = true)]
    AccessAll = ushort.MaxValue,
}

2. Create the bulk load data

You need to create the bulk load data for adding a SuperUser.

public static class SuperAdminBulkLoadData
{
    public static readonly List<BulkLoadRolesDto> RolesDefinition = new()
    {
        new("SuperAdmin", "Super admin - only use for setup", "AccessAll"),
    };

    public static readonly List<BulkLoadUserWithRolesTenant> UsersWithRolesDefinition = new()
    {
        new ( "[email protected]", "Super Admin", "SuperAdmin"),
    };
}

Note that the email in the UsersWithRolesDefinition is the email of the user you want to be the SuperAdmin user.

3. Add the bulk load to the registering of the AuthP library

You need to use the AddRolesPermissionsIfEmpty and AddAuthUsersIfEmpty extensions methods to the AuthP's registration, with the data in step 2.

services.RegisterAuthPermissions<Example1Permissions>()
    .UsingEfCoreSqlServer(connectionString)
    .AddRolesPermissionsIfEmpty(AppAuthSetupData.RolesDefinition)
    .AddAuthUsersIfEmpty(AppAuthSetupData.UsersWithRolesDefinition)
    //... rest of the registration left out

4. You need to link the AuthP SuperUser to the authentication provider

You need to give the AuthP bulk load a way to get the userId of the user in the authentication provider. This depends on the type of authentication provider you are using. Here are the options.

4.a. Using an external authentication provider like Azure Active Directory (Azure AD), Google, etc.

In this case you can copy the userId from that source and add it to the bulk load setup data, for instance in Example5 which uses Azure AD and by inspecting the Azure AD via the Azure Portal I could get the email and userId of user. The code below shows how I updated the Bulk Load data to add the userId.

public static readonly List<BulkLoadUserWithRolesTenant> UsersWithRolesDefinition = new ()
{
    new ("[email protected]", "Admin User", "Admin Role",
        "a5a10d86-27cf-4fff-8bdd-ca6ee9c93f27"), //This optional parameter holds the user's UserId
};

4.b. Using an internal authentication provider like individual users account

In the case that you are using an authentication provider that uses a local database, then you need to add the user to that database, and get the UserId created by the authentication provider. To do this you need to:

Add the new user to the authentication provider
Implement a class that matches the IFindUserInfoService which finds the UserId from the email (or name)
Register your IFindUserInfoService class using the RegisterFindUserInfoService extension method

This process is needed with ASP.NET Core individual users account provider and AuthP has created classes to handle this. The code below shows the registration of the AuthP library, when using individual users account authentication provider.

services.RegisterAuthPermissions<Example1Permissions>()
    .UsingEfCoreSqlServer(connectionString)
    .IndividualAccountsAuthentication()
    .AddRolesPermissionsIfEmpty(AppAuthSetupData.RolesDefinition)
    .AddAuthUsersIfEmpty(AppAuthSetupData.UsersWithRolesDefinition) 
    .RegisterFindUserInfoService<IndividualAccountUserLookup>() //Register individual users account IFindUserInfoService class
    .AddSuperUserToIndividualAccounts() // Adds a user using data in the appsettings.json file
    //... rest of the registration left out

Bulk Load admin

1. Setup the AssessAll member in your Permissions

2. Create the bulk load data

3. Add the bulk load to the registering of the AuthP library

4. You need to link the AuthP SuperUser to the authentication provider

4.a. Using an external authentication provider like Azure Active Directory (Azure AD), Google, etc.

4.b. Using an internal authentication provider like individual users account

Additional resources

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Articles / Videos

Concepts

Setup

Usage

Admin

SupportCode

Clone this wiki locally