System Design

License Platform Architecture

Clean architecture with CQRS, domain-driven design, dual authentication, and cryptographic token management.

System Overview

Consumer App

Rdn.Identity

License Web

Next.js 16

License API

.NET 10

Endpoints

MediatR

Domain

SQL Server

EF Core 10

Consumer

Rdn.Identity

License Web

Next.js 16

License API

.NET 10

12 Controllers

45 Handlers

8 Entities

SQL Server

EF Core 10

Backend Architecture

Endpoints Layer

12 RESTful API controllers organized by resource (Products, PricingTiers, LicenseKeys, Customers, Activations, PendingClaims, User, Registration, SystemLogs, WellKnown). Versioned routes with Swagger documentation. Thin controllers that dispatch to MediatR handlers.

CQRS Handlers

45 MediatR command and query handlers organized by feature area. Each operation gets its own subfolder with a request class (IRequest<IActionResult>) and handler class extending ApiRequestHandlerBase. Pipeline behaviors for logging and exception handling.

Domain Layer

8 core entities (Product, ProductFeature, PricingTier, PricingTierFeature, Customer, LicenseKey, LicenseActivation, PendingLicenseClaim) with EF Core configurations, soft-delete support via ISoftDeletable, audit tracking via IAuditable, and EntityBase (Guid Id, string Name).

Persistence Layer

Entity Framework Core 10 with SQL Server. Dapper for raw queries. Data Protection encryption via [Protected] attribute with custom EF Core value converter. IDesignTimeDbContextFactory for migration CLI tooling.

Authentication Pipeline

Dual auth schemes: JWT Bearer for admin/user sessions (via Rdn.Identity OIDC) and API Key scheme (X-Api-Key header) for machine-to-machine calls from consuming applications. 38 permissions across 8 categories enforced via [HasPermission] attribute.

Token Signing Service

RSA-256 JWT signing with configurable key source: local PEM file for development or Azure Key Vault for production. Key Vault integration delegates signing remotely so the private key never leaves the vault. JWKS endpoint serves public keys for token verification.

Handler Convention

project-structure

// Backend — Feature-based folders

Endpoints/

├── Products/

│ ├── ProductsController.cs

│ └── Handlers/

│ ├── GetProducts/

│ │ ├── GetProducts.cs

│ │ └── GetProductsHandler.cs

│ ├── CreateProduct/

│ ├── UpdateProduct/

│ └── DeleteProduct/

├── LicenseKeys/

│ ├── LicenseKeysController.cs

│ └── Handlers/

│ ├── CreateLicenseKey/

│ ├── ValidateLicenseKey/

│ ├── HeartbeatLicenseKey/

│ ├── RevokeLicenseKey/

│ ├── RegenerateLicenseKey/

│ └── AuditLicenseKey/

// Frontend — Route groups

app/

├── (site)/ # Public catalog

│ ├── page.tsx # Home

│ ├── products/

│ │ ├── page.tsx # Product grid

│ │ └── [productId]/ # Pricing tiers

│ └── register/

├── (dashboard)/ # User portal

│ └── dashboard/

│ ├── page.tsx # My Licenses

│ ├── account/

│ └── products/

├── (admin)/ # Admin panel

│ └── admin/

│ ├── products/

│ ├── pricing-tiers/

│ ├── customers/

│ ├── licenses/

│ ├── pending-claims/

│ └── system-logs/

└── api/ # 32 API routes

Project Structure

Rdn.License.Api

.NET 10 backend with 12 controllers, 45 MediatR handlers, token signing service, Data Protection encryption, dual auth schemes, pipeline behaviors (logging, exception handling), and Swagger documentation.

Rdn.License.Domain

8 core entities with EF Core 10 configurations, ApplicationDbContext, IAuditable and ISoftDeletable interfaces, EntityBase abstraction, value converters, and SQL Server migrations with IDesignTimeDbContextFactory.

rdn-license-web

Next.js 16 dashboard with 36 components across 30 pages in three route groups. NextAuth.js v5 OIDC, 32 API routes, DataGrid tables, cascading forms, drag-and-drop feature management, and copy-to-clipboard credentials display.

Rdn.Platform.Authorization

Shared NuGet package providing JWT validation, permission-based access control via [HasPermission] attribute, and authorization policy builders used across all RDN services.

Rdn.License.Api.Tests

19 test files covering MediatR handler behavior, pipeline behaviors (logging, exception handling), and shared helpers. Uses custom TestDbContextFactory, TestDataSeeder, and TestMapperFactory infrastructure.

Rdn.License.Domain.Tests

7 test files covering domain entity validation, entity configuration, and persistence behavior with xUnit test framework.

Frontend Architecture

Public (site)

Unauthenticated

Product catalog with pricing tiers
PricingTierCards with Monthly/Annual toggle
Self-service /register with email invite
Privacy policy and terms pages

User Dashboard

Authenticated

LicenseCard with credentials (Client ID + Token)
License claiming for free tiers
AccountTabs (profile, security, settings)
Auto-provisioned customer via EnsureCustomer

Admin Panel

Permission-Protected

GenerateLicenseForm (cascading selects)
ProductFeatureManager (drag-and-drop)
LicenseKeyActions (revoke, regenerate, audit)
DataGrid tables with search and pagination
LogLevelSelector for runtime log control

Technology Stack

Backend

.NET 10

ASP.NET Core

EF Core 10

Dapper

MediatR 14

AutoMapper 16

FluentValidation 12

Serilog

Azure Key Vault

Data Protection

Asp.Versioning

Swashbuckle

Frontend

Next.js 16

React 19

TypeScript 5.9

Tailwind CSS 4

NextAuth.js v5

React Icons

@dnd-kit

App Router

@tailwindcss/typography

@tailwindcss/postcss

Server Organization

Authentication/

JWT and auth scheme configuration

Authorization/

Permission definitions, 38 permissions across 8 categories

Behaviors/

MediatR pipeline: LoggingBehavior, ExceptionHandlingBehavior

Configuration/

Static configurators: EF, Serilog, CORS, rate limiting

Mappings/

AutoMapper profiles for entity/DTO projection

Middleware/

Request/response logging, custom middleware

Services/

Application services (email, background tasks)

Swagger/

API documentation configuration

Quick Start

Clone Repo

git clone github.com/jreidell/rdn-license

Configure

Edit .env + user secrets

Run API

dotnet run --project src/Rdn.License.Api

Run Web

cd src/rdn-license-web && npm run dev