Dangl.RestClient

Build Status

Changelog
Online Documentation

This project provides DanglHttpClient to easily interact with all Dangl web services. To avoid TCP exhaustion, HttpClients and derived types should always be used as singletons.

ITokenHandler

The ITokenHandler is an interface that be be used to support the automatic obtaining of Tokens and refreshing them. It can be configured to support either of the functionalities or none at all. If none is supplied, by default a NoOpTokenHandler is used that does not perform any operations.

It can be used, for example, in server backends that use the ClientCredentials grant.

ITokenStorage

The ITokenStorage is an interface that is used to store and persist tokens, e.g. it could use the local app storage on a mobile app or the database in a server application. It is used so that only tokens and not the full user credentials need to be stored. By default, there's an InMemoryTokenStorage for non-persisting use available.

DanglHttpClientAccessor

This is a simple class that only keeps a reference to an HttpClient. When the HttpClientFactory pattern is used, this class can be specified as a dependency to be able to have easy access via dependency injection to a correctly lifetime-managed HttpClient.

FallbackHandler

The FallbackHandler is a DelegatingHandler that can be configured with multiple baseUrls. If a request is returning an error that can possibly be recovered from by pointing to a fallback, the request is sent again to the next available fallback url.

AuthenticationHandler

The AuthenticationHandler internally uses ITokenHandler and ITokenStorage to append OAuth2 Bearer authentication to whitelisted urls.

GzipHandler

The GzipHandler is an implementation of DelegatingHandler that sends requests gzip compressed.

DependencyInjection

The AddDanglHttpClient<T>() method can be used to register an HttpClient with both an AuthenticationHandler and a FallbackHandler via the HttpClientFactory pattern.

Dangl.RestClient.Identity.Server

The Dangl.RestClient.Identity.Server package contains a DanglIdentityServerTokenHandler which can be used in server-side applications that want to authenticate with ClientCredentials grant against Dangl.Identity.

It works based on the passed-in ITokenStorage and is safe to use as a singleton throughout the app lifetime.

Dangl.RestClient.Identity.TrustedServer

This is intended to be used in server-based applications developed by DanglIT. Dangl.Identity clients may make inter-service calls that are authenticated via the OAuth2 ClientCredentials grant type, meaning the services authenticate as themselves and do not have a user context. Some calls, however, are made on behalf of the user. In some cases, you want to transmit user ids along with the request to indicate who initiated the action. For example, Dangl.AVACloud conversions may be called by the Dangl.WebGAEB service. In such cases, Dangl.WebGAEB may say "I'm doing the conversion for user Bob". This can be done between trusted clients when using Dangl.Identity authentication.

The Dangl.Identity.Client.Mvc package has a UserInformationTransmissionHttpHandler that will append the user information of the currently authenticated user to outgoing Http calls for trusted domains.

The acceptance of this transmitted data depends on the client having the user_delegation_allowed claim. This claim is only available for trusted projects by DanglIT and not available for external customers.

Setup

The extension class Dangl.RestClient.Identity.TrustedServer.ServiceCollectionExtensions.AddTransientTrustedDanglRestClient() allows you to add an implementation of the DanglHttpClient to the service collection. It will be registered as type of TrustedDanglHttpClient, so services that want to use it should define it as such a dependency or you must provide a custom factory method in the dependency injection for it to resolve correctly. This means that a service that is intended to be used for inter-service communication should have a constructor signature like public MyService(TrustedDanglHttpClient httpClient).

Internally, the provisioning works in two ways:

  • The inner http handler is kept around as singleton, to avoid TCP congestion / exhaustion that commonly occurs when quickly creating and disposing HttpClients.
  • Transiently, meaning for every request to the DI resolver, a new UserInformationTransmissionHttpHandler will be created that gets its IUserInfoService for the current request, so that the correct user information is read.

Dangl.RestClient.Identity.App

The Dangl.RestClient.Identity.App package contains a DanglIdentityAppTokenHandler which can be used in client-side applications, meaning applications that are distributed to clients. It offers functionality to integrate with web apps that make use of the Dangl.Identity.Client.Mvc package to delegate login to Dangl.Identity.

It works based on the passed-in ITokenStorage and is safe to use as a singleton throughout the app lifetime.

While it is possible to instantiate this with username / email and password, it is advised that this is not done. A typical workflow in an app should be:

  1. On the login screen, ask the user to provide his credentials
  2. Perform a token-based authentication with the Dangl.Identity.Client.App package and store the token in the used ITokenStore instance.
  3. Let the DanglIdentityAppTokenHandler handle only token refresh.

Assembly Strong Naming & Usage in Signed Applications

This module produces strong named assemblies when compiled. When consumers of this package require strongly named assemblies, for example when they themselves are signed, the outputs should work as-is. The key file to create the strong name is adjacent to the csproj file in the root of the source project. Please note that this does not increase security or provide tamper-proof binaries, as the key is available in the source code per Microsoft guidelines