Redeon.SuperSiteEngineCore.Web.Eltheon.Core.Features.Identity

Purpose

The Identity feature extends ASP.NET Core Identity with Eltheon specific factories, repositories and middleware. It centralizes role/permission modeling, conversion helpers and DI ready managers so that hosts and plugins can share the same authorization surface without duplicating scaffolding.

Building Blocks

• v1/Interfaces define repositories (IAuthRepository), managers and permission helpers that wrap the default UserManager/RoleManager.
• v1/Models (AuthRole, RolePermission, Permission) capture role metadata and grant matrices that can be serialized, seeded or exposed via APIs.
• Converter and enum types (PermissionTypeConverter, PermissionType) make it simple to map between persisted values and domain friendly enums.
• Middleware and factories (e.g. for claims transformation or sign-in managers) encapsulate the glue needed to hook Identity into the rest of the framework.

Usage

1. Register the Identity feature alongside ASP.NET Core Identity in your host:

builder.Services.AddScoped<IAuthRepository, AuthRepository>();
builder.Services.AddScoped<IPermissionManager, PermissionManager>();

2. Reference the shared models in Razor pages, controllers or APIs when exposing role/permission settings.
3. Use the provided converters when persisting or reading permission values from configuration stores.

Integration Notes

• Depends on the InMemory feature for caching permission lookups.
• Ships as a pure class library; it does not register Identity itself. Continue to call AddIdentity / AddIdentityCore in your host and then use these abstractions to interact with it.
• The package is designed to be consumed by both web hosts and plugins, allowing consistent enforcement of authorization policies.
• Defines canonical Identity event names and safe payload/options contracts for preparatory eventification. Hosts that already reference the Eltheon event bus can publish these signals from the mutation owner without including passwords, reset tokens, confirmation tokens, reset links or raw email addresses.

Diagnostics

Loggers are injected throughout repository and manager classes. Enable the category Redeon.SuperSiteEngineCore.Web.Eltheon.Core.Features.Identity to observe user, role or permission operations during troubleshooting.

Metrics (via Features.Metrik)

• eltheon_identity_login_attempts_total{outcome="success|failed|lockedout|requires2fa"} – emitted by CustomSignInManager for every sign-in attempt.
• eltheon_identity_user_registered_total – emitted on successful registration.
• eltheon_identity_roles_created_total{outcome="success|failed"} – emits when roles are created via AuthRepository.
• eltheon_identity_user_role_assignments_total{outcome="success|failed"} – emits when users are added to roles via AuthRepository.

Events

Identity event emission is enabled by default through IdentityEventOptions.EnableEvents.

Canonical events currently prepared for hosts and templates:

• Eltheon.Identity.UserCreated
• Eltheon.Identity.UserUpdated
• Eltheon.Identity.UserDeleted
• Eltheon.Identity.RoleCreated
• Eltheon.Identity.RoleUpdated
• Eltheon.Identity.RoleDeleted
• Eltheon.Identity.UserRoleAssigned
• Eltheon.Identity.UserRoleRemoved
• Eltheon.Identity.LoginSucceeded
• Eltheon.Identity.LoginFailed
• Eltheon.Identity.PasswordResetRequested
• Eltheon.Identity.PasswordResetCompleted