ActiveLogin.Authentication enables an application to support Swedish BankID's (svenskt BankIDs) authentication workflow in .NET. Built on NET Standard and packaged as NuGet-packages they are easy to install and use on multiple platforms.
- 🆔 Supports BankID both natively and through GrandID
- 🐧 Cross platform: Targets .NET Standard 2.0 and .NET Framework 4.6.1
- ✔️ Strong named
- 🔒 GDPR Compliant
- ☁️ Great support for Microsoft Azure
- 🌎 Multi language support with English and Swedish out of the box
- 🔧 Customizable UI
Project | Description | NuGet |
---|---|---|
ActiveLogin.Authentication.BankId.Api | API client for Swedish BankID's REST API. | |
ActiveLogin.Authentication.BankId.AspNetCore | ASP.NET Core authentication module for Swedish BankID. | |
ActiveLogin.Authentication.BankId.AspNetCore.Azure | Azure integrations for ActiveLogin.Authentication.BankId.AspNetCore. | |
ActiveLogin.Authentication.GrandId.Api | API client for GrandID (Svensk E-identitet) REST API. | |
ActiveLogin.Authentication.GrandId.AspNetCore | ASP.NET Core authentication module for GrandID (Svensk E-identitet). |
First of all, you need to decide if you want to use native BankID or BankID through GrandID (Svensk E-identitet).
- Native BankID gives you full flexibility, including custom UI but requires issuing a certificate through a bank and usually takes some time to sort out.
- GrandID (Svensk E-identitet) uses a predefined UI and does not support all functionalities of the BankID API, but is really easy to get started with and does not require any certificates.
Screenshots on how the default UI for Native BankID looks.
ActiveLogin.Authentication is distributed as packages on NuGet, install using the tool of your choice, for example dotnet cli.
Note: The packages relfecting the documentation are currently in alpha, so make sure to search for the pre release packages.
dotnet add package ActiveLogin.Authentication.BankId.AspNetCore -Version 1.0.0-rc-1
dotnet add package ActiveLogin.Authentication.GrandId.AspNetCore -Version 1.0.0-rc-1
It is expected that you have a basic understanding of how ASP.NET Core, ASP.NET Core MVC and ASP.NET Core Authentication works before getting started.
The authentication modules for BankID and GrandID are registered in ConfigureServices( ... )
in your Startup.cs
. Depending on your setup, you will probably have to configure challenge and callbacks in AccountController.cs
or similar.
Both BankID and GrandID requires you to receive either certificates or API-keys, but to get started and try it out the experience there are development environment options available that uses an in-memory implementation.
services
.AddAuthentication()
.AddBankId(builder =>
{
builder
.UseDevelopmentEnvironment()
.AddSameDevice()
.AddOtherDevice();
});
services
.AddAuthentication()
.AddGrandId(builder =>
{
builder
.UseDevelopmentEnvironment()
.AddBankIdSameDevice(options => { })
.AddBankIdOtherDevice(options => { });
});
To authenticate using a real BankID you need to receive a certificate or API-keys, depending on what solution you choose. The details are described in these documents:
- Getting started with BankID in Test and Production
- Getting started with GrandID in Test and Production
Samples on how to use them in production are:
services
.AddAuthentication()
.AddBankId(builder =>
{
builder
.UseProductionEnvironment()
.UseClientCertificateFromAzureKeyVault(Configuration.GetSection("ActiveLogin:BankId:ClientCertificate"))
.UseRootCaCertificate(Path.Combine(_environment.ContentRootPath, Configuration.GetValue<string>("ActiveLogin:BankId:CaCertificate:FilePath")))
.AddSameDevice()
.AddOtherDevice();
});
services
.AddAuthentication()
.AddGrandId(builder =>
{
builder
.UseProductionEnvironment(Configuration.GetValue<string>("ActiveLogin:GrandId:ApiKey"))
.AddBankIdSameDevice(options =>
{
options.GrandIdAuthenticateServiceKey = Configuration.GetValue<string>("ActiveLogin:GrandId:BankIdSameDeviceServiceKey");
})
.AddBankIdOtherDevice(options =>
{
options.GrandIdAuthenticateServiceKey = Configuration.GetValue<string>("ActiveLogin:GrandId:BankIdOtherDeviceServiceKey");
});
});
For more use cases, samples and inspiration; feel free to browse our unit tests and samples:
- IdentityServerSample
- MvcClientSample
- AzureProvisioningSample
- ActiveLogin.Authentication.BankId.Api.Test
The samples are configured to run in development mode (no BankID certificates or GrandID keys required) by default. The MVC Client sample is using the Identity Server Sample as its identity provider. So to run the MVC Client, the Identity Server Sample needs to be running first.
The easiest way to try the sample out is to:
- Configure the solution to use Multiple startup projects, and set it to start both IdentityServerSample and MvcClientSample
- Press F5
Yes! They are available here. Please note that MvcClientSample uses IdentityServerSample as the IdentityProvider, so the MvcClientSample is a good place to start.
- MvcClientSample: https://al-samples-mvcclient.azurewebsites.net
- IdentityServerSample: https://al-samples-identityserver.azurewebsites.net
Yes you can! If you provide an authentication property item named swedishPersonalIdentityNumber
(available as constants BankIdAuthenticationConstants.AuthenticationPropertyItemSwedishPersonalIdentityNumber
or GrandIdAuthenticationConstants.AuthenticationPropertyItemSwedishPersonalIdentityNumber
) that value will be used and sent to BankID/GrandID.
Example usage:
public IActionResult ExternalLogin(string provider, string returnUrl, string personalIdentityNumber)
{
var props = new AuthenticationProperties
{
RedirectUri = Url.Action(nameof(ExternalLoginCallback)),
Items =
{
{"returnUrl", returnUrl},
{"scheme", provider},
{ BankIdAuthenticationConstants.AuthenticationPropertyItemSwedishPersonalIdentityNumber, personalIdentityNumber }
}
};
return Challenge(props, provider);
}
It seems that the name for some persons are returned in all capitalized letters (like ALICE SMITH
), the data is probably stored that way at BankID.
We have choosen not to normalize the capitalization of the names as it´s hard or impossible to do so in a general way. If you really need to, this code is a good start at least:
private string NormalizeName(string name)
{
return CultureInfo.CurrentCulture.TextInfo.ToTitleCase(name.ToLowerInvariant());
}
Integrating your systems with market leading authentication services.
Active Login is an Open Source project built on .NET Standard that makes it easy to integrate with leading Swedish authentication services like BankID.
It also provide examples of how to use it with the popular OpenID Connect & OAuth 2.0 Framework IdentityServer and provides a template for hosting the solution in Microsoft Azure. In addition, Active Login also contain convenient modules that help you work with and handle validation of Swedish Personal Identity Number (svenskt personnummer).
We are very open to community contributions to Active Login. You'll need a basic understanding of Git and GitHub to get started. The easiest way to contribute is to open an issue and start a discussion. If you make code changes, submit a pull request with the changes and a description. Don’t forget to always provide tests that cover the code changes.
Active Login is licensed under the very permissive MIT license for you to be able to use it in commercial or non-commercial applications without many restrictions.
Active Login is built on or uses the following great open source products: