Search
K
  1. Get Started

Get Started

Follow the steps below to add AuthorizationHub to an MVC web application.

Create Project & Install Packages

terminal 
dotnet new web -n MyWebApp

cd MyWebApp

dotnet add package AuthorizationHub
dotnet add package AuthorizationHub.UI
dotnet add package AuthorizationHub.Data.SqlServer

Prepare Startup

After installation, update your Program.cs file:

Program.cs 
using AuthorizationHub;
using AuthorizationHub.Data.SqlServer;
using AuthorizationHub.UI.Extensions;

var builder = WebApplication.CreateBuilder(args);

// Sets up DI and needed authorization policies.
builder.Services.AddAuthorizationHub();  

// Configures AuthorizationHub to use SQL Server
builder.Services.AddSQLServerToAuthorizationHub();  

var app = builder.Build();

app.UseRouting();
app.UseAuthorization();

// Adds routes for UI and rest endpoints.
app.UseAuthorizationHubUI();  

app.Run();

Configuration Data

Configuration data is stored in the app.config file, in a section called "AuthorizationHubOptions". You need to provide a connection string to the database, user ids for anyone who should be an administrator, and a license key.

We need a way to tell AuthorizationHub who the administrators are before the application has ever started. It’s a chicken before the egg sort of problem. When a user logs into your application, AuthorizationHub will look to see if the user has a "NameIdentifier" claim. In the case of ASP.NET Core Identity, that value would be the "AspNetUsers.Id" field. If the value in that claim is found in the list of administrators in the app.config file, the user is given access to edit data in AuthorizationHub.

AspNetUsersTable

The license key is provided when you purchase a license to use AuthorizationHub.

App.Config 
  "AuthorizationHubOptions": {
    "SqlServerConnection": "Server=localhost;Database=AuthorizationHub;User ID=;Password=;MultipleActiveResultSets=true;TrustServerCertificate=True",
    "Administrators": [
      "b52d1aef-cf08-41dc-8e39-be197be6874c",
      "0478bd7d-9ae8-4657-8d58-2b418f00cab7",
      "2e0c5e52-31d3-405f-b880-619e92c66047"
    ],
    "LicenseKey": "FFFFFF-FFFFFF-FFFFFF-FFFFFF-FFFFFF-FF"
  }

Database Options

There are three storage options for you to choose from.

  1. Microsoft SqlServer (AuthorizationHub.Data.SqlServer)
  2. PostgreSQL (AuthorizationHub.Data.Postgres)
  3. SQLite (AuthorizationHub.Data.Sqlite)

Simply add the appropriate nuget package, and include a connection string inside the app.config file.

Here are examples of connection strings for each. Obviously, you should only use one.

App.Config 
  "AuthorizationHubOptions": {
    "SqlServerConnection": "Server=localhost;Database=AuthorizationHub;User ID=;Password=;MultipleActiveResultSets=true;TrustServerCertificate=True",
    "PostgresConnection": "Host=localhost;Port=5432;Database=AuthorizationHub-DB;Username=;Password=",
    "SqliteConnection": "Data Source = AuthorizationHubDatabase.sqlite",
    "Administrators": [
      "b52d1aef-cf08-41dc-8e39-be197be6874c",
      "0478bd7d-9ae8-4657-8d58-2b418f00cab7",
      "2e0c5e52-31d3-405f-b880-619e92c66047"
    ],
    "LicenseKey": "FFFFFF-FFFFFF-FFFFFF-FFFFFF-FFFFFF-FF"
  }

Unauthenticated Requests

Adding the AuthorizationHub UI to a web application includes REST endpoints. If your application is configured to redirect unauthenticated requests to a login page, you’ll need to add some configuration that allows unauthenticated requests sent to AuthorizationHub’s REST endpoints to return an unauthenticated response.

OnRedirectToLogin 
builder.Services.ConfigureApplicationCookie(_ =>
{
    _.Events.OnRedirectToLogin = context =>
    {
        var options = new AuthorizationHub.UI.Configuration.Options();

        if (context.Request.Path.Value.StartsWith(options.ApiPath))
        {
            context.Response.Headers["Location"] = context.RedirectUri;
            context.Response.StatusCode = 401;
        }

        return Task.CompletedTask;
    };
});

Routing Fallback

At the end of the Program.cs file, you may have a fallback file defined to service requests that don't match a route. A common example would be to default to a root level index.html file.

MapFallbackToFile 
MapFallbackToFile(“index.html”)

The requests to the AuthorizationHub UI will not have a route defined, so if you use a fallback, you'll need to make an exception for AuthorizationHub.

OnRedirectToLogin 
app.MapFallbackToFile("{*path:regex(^(?!ui/resources/authorizationhub-bundle.js$|authorizationhub).*$)}", "index.html");
TIP

More Coming...

Next Creating A Tenant ->
© AuthorizationHub 2025
AuthorizationHub