Acl.Net.Core is a C# library that provides a simple and flexible way to manage Access Control Lists (ACLs). It is designed to be used with Entity Framework Core and allows you to easily define and manage Users, Roles, and Resources in your application.
Note
Acl.Net.Core
NuGet package not supporting starting with v1.0.0. This package has been split to two packageAcl.Net.Core.Database
andAcl.Net.Core.Managers
To use Acl.Net.Core
, need to install one of two package Acl.Net.Core.Database
or Acl.Net.Core.Managers
Acl.Net.Core.Database
: provides EFCore DbContext for ACL system.Acl.Net.Core.Managers
: provides AclManager for AclDbContext.
.NET CLI
dotnet add package Acl.Net.Core.Database
dotnet add package Acl.Net.Core.Managers
Package Manager
Install-Package Acl.Net.Core.Database
Install-Package Acl.Net.Core.Managers
The library provides several classes and interfaces that you can use to manage access control in your application.
The library defines three main entities: User
, Role
, and Resource
.
Each of these entities has a generic version that allows you to specify the type of the ID.
The library provides default implementations that use int
as the ID type.
The User
entity represents a user in your application.
It has an Id
, a Name
, and a RoleId
property.
The RoleId
property is used to associate the user with a role.
Example using generic version
var user = new User<Guid>
{
Id = Guid.NewGuid(),
Name = "John Doe",
RoleId = ROLE_GUID_HERE
};
The Role
entity represents a role in your application.
It has an Id
and a Name
property.
Example using generic version
var role = new Role<Guid>
{
Id = Guid.NewGuid(),
Name = "MyRole"
};
The Resource
entity represents a resource in your application.
It has an Id
, a Name
, and a RoleId
property.
The RoleId
property is used to associate the resource with a role.
Example using generic version
var resource = new Resource<Guid>
{
Id = Guid.NewGuid(),
Name = "MyResource",
RoleId = ROLE_GUID_HERE
};
The library provides a AclDbContext
class that you can use to manage the entities in your application.
This class is a subclass of DbContext
and provides DbSet
properties for the User
, Role
, and Resource
entities.
The AclDbContext
class also has a generic version that allows you to specify the types of the entities.
This can be useful if you want to use your own entity classes that inherit from the provided entities.
The AclDbContext
class uses an IInitialDataSeeder
to seed initial data into the database.
The library provides a RoleDataSeeder
class that seeds two roles: Admin
and User
.
Example using generic version
public class MyDbContext : AclDbContext<Guid, MyUser, MyRole, MyResource>
{
public MyDbContext(DbContextOptions options, IInitialDataSeeder<Guid, MyRole> seeder)
: base(options, seeder)
{ }
}
In this example, MyDbContext
is a subclass of AclDbContext
that uses Guid
as the ID type and MyUser
, MyRole
, and MyResource
as the entity types.
The IInitialDataSeeder
interface is a crucial part of the Acl.Net.Core
library.
It is used to seed initial data into the database when the migrations applied.
The library provides a default implementation, RoleDataSeeder
, which seeds role: Admin
.
The IInitialDataSeeder
interface is used in the AclDbContext
and AclManager
classes to seed the initial roles and to check permissions.
In the AclManager
class, if a user has the Admin
role, they are allowed access to any resource.
The IInitialDataSeeder
interface defines method: SeedAdminRole
.
These methods return instances of the Role
entity that represent the admin role, respectively.
public interface IInitialDataSeeder<TKey, out TRole>
where TKey : IEquatable<TKey>
where TRole : Role<TKey>
{
TRole SeedAdminRole();
}
In the RoleDataSeeder
class, the SeedAdminRole
method returns a new Role
with Id set to 1 and Name
set to "Admin".
public class RoleDataSeeder : IInitialDataSeeder<int, Role<int>>
{
public Role<int> SeedAdminRole()
{
return new Role<int> { Id = 1, Name = "Admin" };
}
}
Note
By default, for
Admin
allows any resource!
The library provides a AclManager
class that you can use to manage access control in your application.
This class provides methods to check if a user is permitted to access a resource or resource list.
The AclManager
class also has a generic version that allows you to specify the types of the entities.
This can be useful if you want to use your own entity classes that inherit from the provided entities.
The AclManager
class provide methods to process users and resources, and to check if a user is permitted to access a resource.
// Check if user "userName" permitted for call "resourceName"
var context = new MyDbContext();
var aclManager = new AclManager<Guid, MyUser, MyRole, MyResource>(context);
bool isPermitted = aclManager.IsPermitted("userName", "resourceName");