C# MAUI Identity Access Management — สร้างแอป
MAUI Identity Access Management
.NET MAUI C# Cross-Platform Identity Access Management OAuth2 RBAC Authentication Authorization Biometric MSAL Token Android iOS Windows macOS
| Framework | Language | Platforms | UI Approach | เหมาะกับ |
|---|---|---|---|---|
| .NET MAUI | C#/XAML | Android/iOS/Win/Mac | Native Controls | Enterprise .NET |
| Flutter | Dart | Android/iOS/Web/Desktop | Custom Render | Startup Mobile |
| React Native | JavaScript | Android/iOS | Native Bridge | Web Developer |
| Kotlin Multiplatform | Kotlin | Android/iOS/Desktop | Shared Logic | Android Developer |
MAUI App กับ Authentication
=== .NET MAUI Authentication ===
dotnet new maui -n SecureApp
cd SecureApp
dotnet add package Microsoft.Identity.Client
dotnet add package CommunityToolkit.Mvvm
MauiProgram.cs
using Microsoft.Identity.Client;
public static class MauiProgram
{
public static MauiApp CreateMauiApp()
{
var builder = MauiApp.CreateBuilder();
builder.UseMauiApp<App>();
Register MSAL
var pca = PublicClientApplicationBuilder
.Create("your-client-id")
.WithRedirectUri("msauth://callback")
.WithAuthority("https://login.microsoftonline.com/common")
.Build();
builder.Services.AddSingleton(pca);
builder.Services.AddSingleton<IAuthService, AuthService>();
builder.Services.AddTransient<LoginViewModel>();
return builder.Build();
}
}
AuthService.cs
public class AuthService : IAuthService
{
private readonly IPublicClientApplication _pca;
private readonly string[] _scopes = { "User.Read", "api://app/access" };
public async Task<AuthResult> LoginAsync()
{
try
{
var result = await _pca.AcquireTokenInteractive(_scopes)
.WithParentActivityOrWindow(Platform.CurrentActivity)
.ExecuteAsync();
await SecureStorage.SetAsync("access_token", result.AccessToken);
return new AuthResult(true, result.Account.Username);
}
catch (MsalException ex)
{
return new AuthResult(false, ex.Message);
}
}
public async Task<string> GetTokenSilentAsync()
{
var accounts = await _pca.GetAccountsAsync();
var result = await _pca.AcquireTokenSilent(_scopes, accounts.FirstOrDefault())
.ExecuteAsync();
return result.AccessToken;
}
}
from dataclasses import dataclass
from typing import List
@dataclass
class AuthFlow:
name: str
use_case: str
security: str
complexity: str
flows = [
AuthFlow("Authorization Code + PKCE", "Mobile App", "สูงมาก", "ปานกลาง"),
AuthFlow("Device Code", "TV/IoT", "สูง", "ง่าย"),
AuthFlow("Client Credentials", "Service-to-Service", "สูง", "ง่าย"),
AuthFlow("Biometric + Token", "High Security App", "สูงมาก", "สูง"),
]
print("=== OAuth2 Flows for MAUI ===")
for f in flows:
print(f" [{f.name}]")
print(f" Use: {f.use_case} | Security: {f.security} | Complexity: {f.complexity}")
RBAC และ Authorization
=== Role-Based Access Control ===
Models/User.cs
public class AppUser
{
public string Id { get; set; }
public string Name { get; set; }
public string Email { get; set; }
public List<string> Roles { get; set; }
public List<string> Permissions { get; set; }
}
Services/AuthorizationService.cs
public class AuthorizationService
{
public bool HasRole(AppUser user, string role)
=> user.Roles.Contains(role);
public bool HasPermission(AppUser user, string permission)
=> user.Permissions.Contains(permission);
public bool CanAccess(AppUser user, string resource)
{
return resource switch
{
"admin-panel" => HasRole(user, "Admin"),
"reports" => HasRole(user, "Manager") || HasRole(user, "Admin"),
"profile" => true, // All authenticated users
_ => false,
};
}
}
XAML — Conditional UI based on Role
<Button Text="Admin Panel"
IsVisible="{Binding IsAdmin}"
Command="{Binding NavigateAdminCommand}" />
<Button Text="Reports"
IsVisible="{Binding CanViewReports}"
Command="{Binding NavigateReportsCommand}" />
@dataclass
class RBACConfig:
role: str
permissions: List[str]
users: int
roles = [
RBACConfig("Admin", ["read", "write", "delete", "manage_users", "view_reports"], 3),
RBACConfig("Manager", ["read", "write", "view_reports"], 10),
RBACConfig("Editor", ["read", "write"], 25),
RBACConfig("Viewer", ["read"], 100),
RBACConfig("Guest", ["read_public"], 500),
]
print("\n=== RBAC Configuration ===")
for r in roles:
perms = ", ".join(r.permissions)
print(f" [{r.role}] Users: {r.users}")
print(f" Permissions: {perms}")
Biometric Authentication
=== Biometric Login ===
dotnet add package Plugin.Fingerprint
BiometricService.cs
using Plugin.Fingerprint;
using Plugin.Fingerprint.Abstractions;
public class BiometricService
{
public async Task<bool> AuthenticateAsync()
{
var isAvailable = await CrossFingerprint.Current.IsAvailableAsync();
if (!isAvailable) return false;
var request = new AuthenticationRequestConfiguration(
"Biometric Login",
"ยืนยันตัวตนด้วยลายนิ้วมือหรือ Face ID"
);
var result = await CrossFingerprint.Current.AuthenticateAsync(request);
return result.Authenticated;
}
}
LoginViewModel.cs
public partial class LoginViewModel : ObservableObject
{
[ObservableProperty] string email;
[ObservableProperty] string password;
[ObservableProperty] bool isBusy;
[RelayCommand]
async Task BiometricLoginAsync()
{
IsBusy = true;
var biometric = new BiometricService();
if (await biometric.AuthenticateAsync())
{
var token = await SecureStorage.GetAsync("access_token");
if (token != null)
await Shell.Current.GoToAsync("//main");
}
IsBusy = false;
}
}
security_features = {
"SecureStorage": "เก็บ Token ใน Keychain/Keystore Encrypted",
"Biometric": "ลายนิ้วมือ Face ID ก่อนเข้าแอป",
"Certificate Pinning": "ป้องกัน MITM ตรวจ SSL Certificate",
"App Obfuscation": "ป้องกัน Reverse Engineering",
"Token Rotation": "Refresh Token อัตโนมัติ ลด Risk",
"Jailbreak Detection": "ตรวจ Rooted/Jailbroken Device",
"Secure Communication": "HTTPS TLS 1.3 ทุก API Call",
}
print("Security Features:")
for feature, desc in security_features.items():
print(f" [{feature}]: {desc}")
เคล็ดลับ
- PKCE: ใช้ Authorization Code + PKCE สำหรับ Mobile OAuth2
- SecureStorage: เก็บ Token ใน SecureStorage ไม่ใช่ Preferences
- Biometric: เพิ่ม Biometric Gate ก่อนเข้าถึง Sensitive Data
- MVVM: ใช้ MVVM Pattern แยก Logic จาก UI
- DI: ใช้ Dependency Injection สำหรับ Services ทั้งหมด
.NET MAUI คืออะไร
Cross-Platform C# XAML Android iOS Windows macOS Codebase เดียว Hot Reload MVVM Native API Dependency Injection