E.System.Security Wiki

Brought to you by: richardsonmich

Home

E.System.Security - Security & Service Mesh Integration Library for ASP.NET Core

Overview
E.System.Security is an actively developed library for .NET that simplifies integrating your microservices with a Service Mesh and provides enterprise-grade security. Forget about complex configurations and boilerplate code - focus on your business logic while we handle the security and reliability of inter-service communication.

Why E.System.Security?

Zero-Trust Security: Automatic application of zero-trust principles in a microservices architecture

Service Mesh Ready: Ready to work in environments with Istio, Linkerd, as well as custom Service Mesh solutions

Performance First: Minimal overhead with maximum security

Developer Friendly: Simple API, familiar from standard .NET patterns

Installation

# NuGet Package Manager
Install-Package E.System.Security

# .NET CLI
dotnet add package E.System.Security

Requirements:

.NET 6.0+
ASP.NET Core
Microsoft.Extensions.DependencyInjection

Usage

Basic Setup in Program.cs

using E.System.Security;

var builder = WebApplication.CreateBuilder(args);

// Add basic security services
builder.Services.AddIntegrity();

// Register a secured HTTP client
builder.Services.AddSecuredHttpClient<IUserService, UserService>(
    configuration: builder.Configuration.GetSection("UserService"),
    defaultSettings: new DefaultHttpClientSettings
    {
        BaseAddress = "https://users-service.internal",
        Timeout = TimeSpan.FromSeconds(30)
    })
.AddBearerAuthorization<JwtTokenProvider>();

var app = builder.Build();

Configuration in appsettings.json

{
  "UserService": {
    "BaseAddress": "https://users-service.internal",
    "Timeout": "00:00:30",
    "DefaultHeaders": {
      "X-Service-Version": "1.0",
      "X-Environment": "production"
    }
  }
}

Key Features

Secured HTTP Clients with Automatic Configuration
The library provides an intelligent system of secured HTTP clients that are automatically configured according to security best practices.

// Automatic configuration with Configuration support
services.AddSecuredHttpClient<IPaymentService, PaymentService>(
    configuration: Configuration.GetSection("PaymentService"))
.AddBearerAuthorization<OAuthTokenProvider>();

// Advanced configuration with custom handlers
services.AddSecuredHttpClient<INotificationService, NotificationService>()
.AddCircuitBreakerPolicy()
.AddRetryPolicy()
.AddDistributedTracing();

Advantages:

Automatic connection lifetime management
Built-in support for retry and resilience policies
Integration with distributed tracing systems
Centralized configuration management via IConfiguration
Microservice Assembly Integrity Control
An integrity monitoring system that prevents the execution of unauthorized or modified code in a production environment.

// Register the integrity checking service
services.AddIntegrity();

// Usage in middleware or background tasks
app.Use(async (context, next) =>
{
    var integrityChecker = context.RequestServices.GetRequiredService<IIntegrityChecker>();

    if (!integrityChecker.Verify)
    {
        context.Response.StatusCode = 503;
        await context.Response.WriteAsync("Service integrity check failed");
        return;
    }

    await next();
});

Capabilities:

Runtime assembly hash verification
Detection of unauthorized code injection
Monitoring of critical executable file changes
Integration with Security Information and Event Management (SIEM) systems
Automatic Security Token Management
Simplified work with JWT, OAuth, and custom tokens for inter-service authentication.

public class CustomTokenProvider : ITokenProvider
{
    public async Task<string> GetTokenAsync()
    {
        // Automatic token acquisition and refresh
        return await GetServiceMeshToken();
    }
}

Advanced Telemetry and Monitoring
Built-in metrics collection system, specifically designed for Service Mesh environments.

services.AddSecurityTelemetry()
    .AddMeshAwareMetrics()
    .AddSecurityEventsLogging()
    .AddPerformanceCounters();

Planned for Future Versions

Dynamic Security Configuration
Ability to hot-reload security policies without restarting the application.

services.AddDynamicSecurityConfig(configuration =>
{
    configuration.EnableAutoRefresh = true;
    configuration.RefreshInterval = TimeSpan.FromMinutes(5);
});

Service Mesh Integration

// Automatic Service Mesh context detection
services.AddServiceMeshIntegration()
    .DetectMeshEnvironment()
    .ConfigureSidecarCommunication()
    .EnableMutualTLS();

Custom Security Policies

services.AddSecurityPolicies()
    .AddPolicy<RateLimitingPolicy>()
    .AddPolicy<DataValidationPolicy>()
    .AddPolicy<EncryptionPolicy>();

Reporting
To report security vulnerabilities, bugs, or to suggest new features, please contact:
Michael Richardson
Email: richardsonmich70@gmail.com
We welcome community feedback and contributions to help improve E.System.Security for all developers working with microservices and Service Mesh technologies.

You can access the full version of the source code within three years from the date of receipt of the software by contacting the author: Michael Richardson, richardsonmich70@gmail.com.