Skip to content

Identity

PackageMaturityWhat it brings
Cephalon.IdentityM2Host-agnostic identity + authorization primitives. Principal model, scope/role decisions, claim contracts.
Cephalon.Identity.AspNetCoreM2AspNetCore adapter — wires the principal from the HTTP context, plugs into the behavior pipeline.
Cephalon.AuditM2Host-agnostic audit recording + runtime catalog. Tamper-evident audit trail.
Cephalon.Audit.EntityFrameworkM2EF-backed durable audit storage.
appsettings.json
{
"Engine": {
"Identity": { "Enabled": true, "Provider": "Bearer", "Authority": "https://login.acme.example/" },
"Audit": { "Enabled": true, "Provider": "EntityFramework" }
}
}
Program.cs
builder.Services
.AddCephalonAspNetCore()
.AddIdentity(options => options.UseBearer("https://login.acme.example/"))
.AddAudit(options => options.UseEntityFramework<AuditDbContext>())
.AddModulesFromAssemblies(/* ... */);
Behaviors/DeleteProductBehavior.cs
public RestRoute Route => RestRoute.Delete("/products/{id}")
.WithRequireScope("products:write")
.WithRequireRole("admin");

The behavior pipeline rejects unauthorised callers before the handler runs and emits an audit entry with the principal, the failed claim, and the trace context.