Class PlatformAdminBootstrap
- Namespace
- KadicAuth.Api.Infrastructure
- Assembly
- KadicAuth.Api.dll
One-time bootstrap of the very first platform admin at application startup.
Rules:
- Reads
Platform:BootstrapAdminUserIdfrom configuration. - Runs ONLY when
Platform:EnableBootstrapis true (false by default). In production, leave it false and grant the first admin manually via SQL on the day of deployment. - Idempotent: if ANY active platform admin already exists, it does nothing. You cannot use this to add a second admin — that's what the controller is for.
- Never throws on misconfiguration. Logs and moves on, so a missing or invalid value cannot take down the API.
- Always runs a database integrity scan: every active PlatformAdmin row must have a corresponding audit log entry. Missing entries emit a critical security alert (but do not block startup — Mitigation 1 already blocks hot-path access for tampered rows).
public sealed class PlatformAdminBootstrap
- Inheritance
-
objectPlatformAdminBootstrap
Constructors
PlatformAdminBootstrap(IPlatformAdminService, IPlatformAdminRepository, IConfiguration, ILogger<PlatformAdminBootstrap>)
public PlatformAdminBootstrap(IPlatformAdminService service, IPlatformAdminRepository repository, IConfiguration configuration, ILogger<PlatformAdminBootstrap> logger)
Parameters
serviceIPlatformAdminServicerepositoryIPlatformAdminRepositoryconfigurationIConfigurationloggerILogger<PlatformAdminBootstrap>
Methods
EnsureBootstrapAdminAsync(CancellationToken)
public Task EnsureBootstrapAdminAsync(CancellationToken cancellationToken = default)
Parameters
cancellationTokenCancellationToken
Returns
- Task