SecuritySettings

Namespace: ASPSecurityKit
Assembly: ASPSecurityKit.dll

Summary

Implements the ISecuritySettings to enable configuration of various security settings used by the security pipeline.

Constructors

#ctor(config)

Summary

Initializes a new instance of the SecuritySettings class.

Parameters
Name Type Description
config ASPSecurityKit.IConfig The config.

Properties

LetSuspendedAuthenticate

Summary

Gets or sets a value indicating whether suspended users should be allowed to successfully authenticate. The default is false.

Value

true if suspended users should be allowed to successfully authenticate; otherwise, false.

MustHaveBeenVerified

Summary

Gets or sets a value indicating whether user must have been verified to execute requests. The default is true.

Value

true if user must have been verified; otherwise, false.

Remarks

If MustHaveBeenVerified is true and if current user is not verified, operation execution is halted and an unauthorized response is returned. You can explicitly opt out operations from verification by using VerificationNotRequired. See your platform specific ASK library docs to learn how operations can be marked with request features.

HmacMaxAgeInSeconds

Summary

Gets or sets the HMAC maximum age in seconds. Set it as low as possible to prevent replay attacks. Default is 300 (5 minutes).

Value

The HMAC maximum age in seconds. Set it as low as possible to prevent replay attacks.

Exceptions
Type Description
System.ArgumentException When value is not a positive integer (>= 1).
Remarks

The default value is 300 (5 minutes). If there’s no value provided or the value provided is less than or equal to 0, the default value will be returned. To configure this setting in configuration file, provide a value for the key by the same name HmacMaxAgeInSeconds in the appSettings section.

IsDevelopmentEnvironment

Summary

Gets or sets a value indicating whether current application execution environment is development. The default is false. Used by such things as WriteToResponse to decide how much error details to emit to response.

Value

true if current application execution environment is development; otherwise, false.

FirewallEnabled

Summary

Gets or sets a value indicating whether IP firewall is enabled. The default is true.

Value

true if IP firewall is enabled; otherwise, false.

IgnoreFirewallWithServiceHMacToken

Summary

Gets or sets a value indicating whether IP firewall check should be ignored when service hmac token is being used. The default is true.

Value

true if IP firewall check should be ignored when service hmac token is being used; otherwise, false.

AllowedVerbsForQSToken

Summary

Gets or sets the verbs (HTTP methods) allowed for embedding HMAC tokens QSHmac in queryString. Default is GET.

Value

The verbs (HTTP methods) allowed for embedding HMAC tokens QSHmac in queryString.

AllowedOperationsForImpersonation

Summary

Gets or sets a list of ImpersonateAllowOperation rules that determines which operations are allowed during impersonation without needing to explicitly indicate the same on the operation. The default is GET (for read-only impersonation).

Value

A list of ImpersonateAllowOperation rules that determines which operations are allowed during impersonation.

MFAAliveForMinutes

Summary

Gets or sets the duration in minutes of inactivity after which MFA is required again. The minimum is 5 and the default is 30.

Exceptions
Type Description
System.ArgumentException When value is less than 5.
Remarks

The default value is 30 minutes. If there’s no value provided or the value provided is less than 5, the default value will be returned. To configure this setting in configuration file, provide a value for the key by the same name MFAAliveForMinutes in the appSettings section.

PasswordResetTokenExpirationInMinutes

Summary

Gets or sets the time interval, in minutes, the password reset token is valid after it is generated.

Value

The time interval, in minutes, the password reset token is valid after it is generated.

Exceptions
Type Description
System.ArgumentException When value is not a positive integer.
Remarks

The default value is 30. If there’s no value provided or the value provided is less than or equal to 0, the default value will be returned. To configure this setting in configuration file, provide a value for the key by the same name PasswordResetTokenExpirationInMinutes in the appSettings section.

RememberMeTimeoutInMinutes

Summary

Gets or sets the timeout period in minutes for persistent authentication cookie (when remember me is true).

Value

The timeout period in minutes for persistent authentication cookie (when remember me is true).

Exceptions
Type Description
System.ArgumentException When value is not a positive integer.
Remarks

The default value is 21600 (15 days). If there’s no value provided or the value provided is less than or equal to 0, the default value will be returned. To configure this setting in configuration file, provide a value for the key by the same name RememberMeTimeoutInMinutes in the appSettings section.

PasswordHashingIterations

Summary

Gets or sets the iteration count to use when computing password hash with PBKDF2. This shouldn’t be lower than 1000 for production environment. Don’t compromise hash strength to speed up execution. For test environments this can be lowered down to minimum expectable value.

Value

The iteration count to use when computing password hash with PBKDF2.

Exceptions
Type Description
System.ArgumentException When value is not a positive integer.
Remarks

The default value is 1000. If there’s no value provided or the value provided is less than or equal to 0, the default value will be returned. This shouldn’t be lower than 1000 for production environment. Don’t compromise hash strength to speed up execution. For test environments this can be lowered down to minimum expectable value. To configure this setting in configuration file, provide a value for the key by the same name PasswordHashingIterations in the appSettings section.

ThrowSecurityFailureAsException

Summary

Gets or sets a value indicating whether security failure should be thrown as AuthFailedException. The default is false.

Value

true if security failure should be thrown as AuthFailedException; otherwise, false.

AuthCookieOptions

Summary

Gets or sets the default options for the Cookie.

Value

The default options for the Cookie.

Exceptions
Type Description
System.ArgumentNullException When value is null.
Remarks

The default is new CookieOptions { HttpOnly = true, SameSite = SameSiteOption.Lax, Path = “/” }. The ExpiresIn isn’t set by default because RememberMeTimeoutInMinutes is already there to define the timeout default for all kinds of login schemes.

Methods

IsMFAEnabled()

Summary

Determines whether or not multi-factor authentication is enabled. The default is true.

Returns

true if multi-factor authentication is enabled; otherwise, false.

Parameters

This method has no parameters.

GetMFAWhitelistedIPRanges()

Summary

Gets the IP ranges through which any originating request does not go through MFA at all. The default is null (MFA is not skipped for any traffic).

Returns

The IP ranges through which any originating request does not go through MFA at all.

Parameters

This method has no parameters.

GetPasswordExpirationIntervalInDays(user)

Summary

Gets the number of days after which password will expire for the user. The default is null (no expiration).

Returns

The number of days after which password will expire for the user.

Parameters
Name Type Description
user ASPSecurityKit.IUser The user instance for which password expiration needs to be updated; help in determine password expiration policy in a multi-tenant environment.

IsMFAEnabledAsync()

Summary

Determines whether or not multi-factor authentication is enabled. The default is true.

Returns

true if multi-factor authentication is enabled; otherwise, false.

Parameters

This method has no parameters.

IsMFAEnabledAsync(cancellationToken)

Summary

Determines whether or not multi-factor authentication is enabled. The default is true.

Returns

true if multi-factor authentication is enabled; otherwise, false.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.

GetMFAWhitelistedIPRangesAsync()

Summary

Gets the IP ranges through which any originating request does not go through MFA at all. The default is null (MFA is not skipped for any traffic).

Returns

The IP ranges through which any originating request does not go through MFA at all.

Parameters

This method has no parameters.

GetMFAWhitelistedIPRangesAsync(cancellationToken)

Summary

Gets the IP ranges through which any originating request does not go through MFA at all. The default is null (MFA is not skipped for any traffic).

Returns

The IP ranges through which any originating request does not go through MFA at all.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.

GetPasswordExpirationIntervalInDaysAsync(user)

Summary

Gets the number of days after which password will expire for the user. The default is null (no expiration).

Returns

The number of days after which password will expire for the user.

Parameters
Name Type Description
user ASPSecurityKit.IUser The user instance for which password expiration needs to be updated; help in determine password expiration policy in a multi-tenant environment.

GetPasswordExpirationIntervalInDaysAsync(user,cancellationToken)

Summary

Gets the number of days after which password will expire for the user. The default is null (no expiration).

Returns

The number of days after which password will expire for the user.

Parameters
Name Type Description
user ASPSecurityKit.IUser The user instance for which password expiration needs to be updated; help in determine password expiration policy in a multi-tenant environment.
cancellationToken System.Threading.CancellationToken The cancellation token.