Guides

Flex DI Extensions (.NET)

Let's plug in the component to make users and access control management super easy

Suggest Edits

Flex platform is neutral and can be used from any language, OS platform and environment. But as many of our partners use .NET in their products, we provide them with a component which is very easy to integrate into .NET Core web applications. It implements the non-interactive authentication and provides higher level functionality to synchronise users and to manage resources managed by the partner. It also brings in API clients for all areas of Flex API.

There isn't anything magic about this component. It only uses API described in this documentation. If you use other language or framework, it will be easy to develop equivalent functionality. Using generated code based on the OpenAPI definitions is certainly recommanded.

DI Extensions NuGet Package:
https://www.nuget.org/packages/Xbim.Flex.DI.Extensions

The minimal .NET Core web application setup without any customization looks like this:

using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using System;

namespace Your.Great.Service
{
    internal class Startup
    {
        private readonly IConfiguration configuration;

        public Startup(IConfiguration configuration)
        {
            this.configuration = configuration ?? 
              throw new ArgumentNullException(nameof(configuration));
        }

        public void ConfigureServices(IServiceCollection services)
        {
            // this adds all Flex services and required application scopes
            services.AddXbimFlex(configuration)
                .AddIdentityAPI()
                .AddCommsAPI()
                .AddAimAPI();
        }

        public void Configure(IApplicationBuilder app)
        {
            // This set up the endpoint where current user can get their 
            // Flex access token at /flex/auth/token (from config)
            app.UseXbimFlex();
        }
    }
}

{
  "Flex": {
    "ClientID": "your-client-id",
    "ClientSecret": "your-client-secret",
    "FlexServiceBase": "https://api.xbim.net",
    "FlexAuthPath": "/flex/auth/token",
  }
}

Optionally, you can configure authorization policy to constrain users which can get access to Flex.

Several services are injected by the component. These are the three main objects exposed through the dependency injection:

  • IFlexAdmin - Provides high level functionality to create users and to manage users access to resources. Use with care.
  • IFlexAdminClientsProvider - Factory for Flex API clients which operate in the super administrator scope. Use with care.
  • IFlexClientsProvider - Factory for Flex API clients which operate in the current user scope. This is safe to use as it will only allow users to perform operations within their roles and access control restrictions

If you want to customize the external ID, email or other information used to create Flex user identities, you can override the implementation of IFlexUserProfileProvider. If you only want to make minor changes, you can override methods in the DefaultFlexUserProfileProvider. By default, this uses HttpContext and current user claims to extract user name and ID with this logic:

var id = User.Claims.FirstOrDefault(c =>
  string.Equals(c.Type, JwtClaimTypes.Subject, StringComparison.OrdinalIgnoreCase) ||
  string.Equals(c.Type, ClaimTypes.NameIdentifier, StringComparison.OrdinalIgnoreCase))?.Value;

Updated over 1 year ago

What’s Next