public EmbedIOAuthServer(Uri baseUri, int port, Assembly resourceAssembly, string resourcePath)
{
BaseUri = baseUri;
Port = port;
_webServer = new WebServer(port)
.WithModule(new ActionModule("/", HttpVerbs.Get, (ctx) =>
{
var query = ctx.Request.QueryString;
AuthorizationCodeReceived?.Invoke(this, new AuthorizationCodeResponse(query["code"] !)
{
State = query["state"]
});
public EmbedIOAuthServer(Uri baseUri, int port, Assembly resourceAssembly, string resourcePath)
{
Ensure.ArgumentNotNull(baseUri, nameof(baseUri));
BaseUri = baseUri;
Port = port;
_webServer = new WebServer(port)
.WithModule(new ActionModule("/", HttpVerbs.Post, (ctx) =>
{
var query = ctx.Request.QueryString;
if (query["error"] != null)
{
throw new AuthException(query["error"], query["state"]);
}
var requestType = query.Get("request_type");
if (requestType == "token")
{
ImplictGrantReceived?.Invoke(this, new ImplictGrantResponse(
query["access_token"], query["token_type"], int.Parse(query["expires_in"])
)
{
State = query["state"]
});
}
if (requestType == "code")
{
AuthorizationCodeReceived?.Invoke(this, new AuthorizationCodeResponse(query["code"])
{
State = query["state"]
});
}
return(ctx.SendStringAsync("OK", "text/plain", Encoding.UTF8));
}))
.WithEmbeddedResources("/auth_assets", Assembly.GetExecutingAssembly(), AssetsResourcePath)
.WithEmbeddedResources(baseUri.AbsolutePath, resourceAssembly, resourcePath);
}
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
// preserve OIDC state in cache (solves problems with AAD and URL lenghts)
services.AddOidcStateDataFormatterCache();
// cookie policy to deal with temporary browser incompatibilities
services.AddSameSiteCookiePolicy();
// configures IIS out-of-proc settings (see https://github.com/aspnet/AspNetCore/issues/14882)
services.Configure <IISOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
// configures IIS in-proc settings
services.Configure <IISServerOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
services.AddDbContext <ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("Users")));
services.AddIdentity <ApplicationUser, IdentityRole>(options => {
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireDigit = false;
options.Password.RequiredLength = 2;
options.Lockout.AllowedForNewUsers = true;
})
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
var connectionString = Configuration.GetConnectionString("Configuration");
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
var builder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.UserInteraction = new UserInteractionOptions
{
LogoutUrl = "/Account/Logout",
LoginUrl = "/Account/Login",
LoginReturnUrlParameter = "returnUrl"
};
})
.AddAspNetIdentity <ApplicationUser>()
// this adds the config data from DB (clients, resources)
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
})
// this adds the operational data from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 30;
});
// not recommended for production - you need to store your key material somewhere secure
builder.AddDeveloperSigningCredential();
services.AddAuthentication()
//.AddGoogle(options =>
//{
// // register your IdentityServer with Google at https://console.developers.google.com
// // enable the Google+ API
// // set the redirect URI to http://localhost:5000/signin-google
// options.ClientId = "copy client ID from Google here";
// options.ClientSecret = "copy client secret from Google here";
//})
.AddOpenIdConnect("AAD", "Azure Active Directory", options =>
{
options.SignInScheme = IdentityConstants.ExternalScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.Authority = Globals.Authority;
options.ClientId = Globals.ClientId;
options.ClientSecret = Globals.ClientSecret;
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false,
NameClaimType = "name",
RoleClaimType = "role"
};
options.Events.OnAuthorizationCodeReceived =
async(ctx) => await AuthorizationCodeReceived.CodeRedemptionAsync(ctx);
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
});
//services.UseAdminUI();
////services.AddScoped<IdentityExpressDbContext, SqlServerIdentityDbContext>(sp => new SqlServerIdentityDbContext(Configuration.GetConnectionString("Users")));
//services.AddScoped<IdentityExpressDbContext, SqlServerIdentityDbContext>();
}
