Intent.Application.Identity

What This Module Does

Generates application-level identity and security contracts + services: current user access, authorization attribute, result modelling, and exceptions for forbidden access. It centralizes user context retrieval and guards application service operations with role/permission checks.

Generated Artifacts

  • ICurrentUser interface (async accessors for Id, Name, Roles/Claims).
  • ICurrentUserService + implementation (distribution/services layer) bridging framework identity principal to application abstraction.
  • AuthorizeAttribute (contracts layer) for annotating application services/operations.
  • ForbiddenAccessException standardized exception type for authorization failures.
  • ResultModel (success/fail payload pattern).
  • Security configuration class (ApplicationSecurityConfiguration) to compose DI registration and settings.

Settings

Group: Identity Settings

  • UserId Type (guid/int/long/string): Adjusts generated interface property and conversion logic.
  • Keep Sync Accessors: Controls inclusion of synchronous helpers alongside async variants.

Usage Pattern

  1. Inject ICurrentUserService or ICurrentUser in application services / behaviours.
  2. Apply [Authorize(...)] attribute to service operation methods or classes.
  3. Throw ForbiddenAccessException in manual policy checks; upstream behaviours translate to proper response codes (with MediatR behaviours / presentation layer integration).
  4. Use ResultModel for operations requiring success + error semantics beyond exceptions.

Interoperability

Detects optional security provider modules (JWT, MSAL) and MediatR behaviours; ensures they are installed with compatible versions for integration (e.g., pipeline authorization behaviour leveraging ICurrentUser).

Customization Points

  • Extend ICurrentUser with additional claims (tenant, locale) via partial interface + service merge.
  • Enhance ApplicationSecurityConfiguration to register additional policies or claim mappings.
  • Wrap ResultModel with generic payload types (e.g. ResultModel<T>) if needed; follow merge mode.

When To Use

  • Any application requiring standardized identity abstraction independent of hosting (ASP.NET Core, functions).
  • Testing contexts where injecting a mock current user is desirable.

When Not To Use

  • Systems with external identity fully resolved at edge and no need for application-level access beyond simple UserId propagation.
  • Intent.Application.MediatR.Behaviours (AuthorizationBehaviour integration)
  • Intent.Security.JWT, Intent.Security.MSAL (providers for actual authentication & token resolution)