Skip to content

IEvangelist/pwned-client

Repository files navigation

';-- have i been pwned? — .NET HTTP client.

build code analysis NuGet nuget downloads

HaveIBeenPwned.Client is a .NET HTTP client for the "have i been pwned" API service from Troy Hunt. This library is comprised of three NuGet packages:

Consumers of the API can use the abstractions for the models returned from the API, while server APIs can consume and wrap the client.

Getting started

Install from the .NET CLI:

dotnet add package HaveIBeenPwned.Client

Alternatively add manually to your consuming .csproj:

<PackageReference Include="HaveIBeenPwned.Client" Version="{VersionNumber}" />

Or, install using the NuGet Package Manager:

Install-Package HaveIBeenPwned.Client

Dependency injection

To add all of the services to the dependency injection container, call one of the AddPwnedServices overloads. From Minimal APIs for example, with using a named configuration section:

builder.Services.AddPwnedServices(
    builder.Configuration.GetSection(nameof(HibpOptions)));

From a ConfigureServices method, with an IConfiguration instance:

services.AddPwnedServices(options =>
    {
        options.ApiKey = _configuration["HibpOptions:ApiKey"];
        options.UserAgent = _configuration["HibpOptions:UserAgent"];
    });

Then you can require any of the available DI-ready types:

  • IPwnedBreachesClient: Breaches API.
  • IPwnedPastesClient: Pastes API.
  • IPwnedPasswordsClient: Pwned Passwords API.
  • IPwnedClient: Marker interface, for conveniently injecting all of the above clients into a single client.

Without dependency injection

If you're not using the DI approach, simply instantiate PwnedClient with your API key and use it as you see fit.

IPwnedClient client = new PwnedClient("<API Key>");
// TODO: Use client...

Example Minimal APIs

Minimal APIs example code.

Configuration

To configure the HaveIBeenPwned.Client, the following table identifies the well-known configuration object:

Well-known keys

Depending on the .NET configuration provider your app is using, there are several well-known keys that map to the HibpOptions that configure your usage of the HTTP client. When using environment variables, such as those in Azure App Service configuration or Azure Key Vault secrets, the following keys map to the HibpOption instance:

Key Data type Default value
HibpOptions__ApiKey string null
HibpOptions__UserAgent string ".NET HIBP Client/{AssemblyFileVersion}"

The ApiKey is required, to get one — sign up here: https://haveibeenpwned.com/api/key

Example appsettings.json

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*",
  "HibpOptions": {
    "ApiKey": "<YourApiKey>",
    "UserAgent": "<YourUserAgent>"
  }
}

For more information, see JSON configuration provider.