public void Configure(IApplicationBuilder app) { if (_IsDev) { app.ApplicationServices.GetService <TestJwtGeneratorService>(); app.UseDeveloperExceptionPage(); app.UseSwagger(); app.UseSwaggerUI(o => { o.SwaggerEndpoint("v1/swagger.json", Title); }); } app.UseForwardedHeaders(); if (app == null) { throw new ArgumentNullException(nameof(app)); } var iccPortalConfig = new IccPortalConfig(_Configuration); var corsOptions = new CorsOptions(iccPortalConfig); app.UseCors(corsOptions.Build); app.Use((context, next) => { if (context.Request.Headers.TryGetValue("X-Forwarded-Proto", out var protoHeaderValue)) { context.Request.Scheme = protoHeaderValue; } if (context.Request.Headers.TryGetValue("X-FORWARDED-HOST", out var hostHeaderValue)) { context.Request.Host = new HostString(hostHeaderValue); } return(next()); }); // HttpsRedirection will be handled at the infrastructure level app.UseHttpsRedirection(); app.UseSerilogRequestLogging(); app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.UseCookiePolicy(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}"); }); }
private void StartupIdentityHub(IServiceCollection services) { var iccIdentityHubConfig = new IccIdentityHubConfig(_Configuration); services .AddAuthentication(auth => { auth.DefaultChallengeScheme = TheIdentityHubDefaults.AuthenticationScheme; auth.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; auth.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie() .AddTheIdentityHubAuthentication(options => { options.TheIdentityHubUrl = new Uri(iccIdentityHubConfig.BaseUrl); options.Tenant = iccIdentityHubConfig.Tenant; options.ClientId = iccIdentityHubConfig.ClientId; options.ClientSecret = iccIdentityHubConfig.ClientSecret; options.CallbackPath = iccIdentityHubConfig.CallbackPath; }); var iccPortalConfig = new IccPortalConfig(_Configuration); var policyAuthorizationOptions = new PolicyAuthorizationOptions(_WebHostEnvironment, iccPortalConfig); services.AddAuthorization(policyAuthorizationOptions.Build); services.AddScoped <ITheIdentityHubService, TheIdentityHubService>(); services.AddMvc(config => { config.EnableEndpointRouting = false; var policy = new AuthorizationPolicyBuilder() .AddAuthenticationSchemes(TheIdentityHubDefaults.AuthenticationScheme) .RequireAuthenticatedUser() .Build(); config.Filters.Add(new AuthorizeFilter(policy)); }); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.Configure <ForwardedHeadersOptions>(options => { options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost; }); services.AddControllersWithViews(); // In production, the Angular files will be served from this directory services.AddSpaStaticFiles(configuration => { configuration.RootPath = "ClientApp/dist"; }); var iccPortalConfig = new IccPortalConfig(_configuration); services.AddRestApiClient(iccPortalConfig); services.AddTransient <IUtcDateTimeProvider, StandardUtcDateTimeProvider>(); services.AddTransient <IRandomNumberGenerator, StandardRandomNumberGenerator>(); services.AddTransient <IAuthCodeGenerator, AuthCodeGenerator>(); services.AddSingleton <IAuthCodeService, AuthCodeService>(); services.AddScoped <HttpGetLogoutCommand>(); services.AddScoped <HttpGetUserClaimCommand>(); services.AddScoped <HttpPostAuthorizationTokenCommand>(); services.AddScoped <HttpGetAuthorisationRedirectCommand>(); services.AddScoped <HttpGetAccessDeniedCommand>(); services.AddSingleton <IIccPortalConfig, IccPortalConfig>(); services.AddTransient <IJsonSerializer, StandardJsonSerializer>(); services.AddTransient <ILuhnModNConfig, LuhnModNConfig>(); services.AddTransient <ILuhnModNValidator, LuhnModNValidator>(); services.AddTransient <ILuhnModNGenerator, LuhnModNGenerator>(); services.AddTransient <IJwtService, JwtService>(); services.AddSingleton <IAuthCodeService, AuthCodeService>(); services.AddTransient <ILabConfirmationIdService, LabConfirmationIdService>(); services.AddCors(); if (_useTestJwtClaims) { services.AddTransient <IJwtClaimValidator, TestJwtClaimValidator>(); services.AddSingleton <TestJwtGeneratorService>(); } else { services.AddTransient <IJwtClaimValidator, JwtClaimValidator>(); } services.AddDistributedSqlServerCache(options => { options.ConnectionString = _configuration.GetConnectionString(DatabaseConnectionStringNames.IccDistMemCache); options.SchemaName = "dbo"; options.TableName = "Cache"; }); services.AddTransient(x => x.CreateDbContext(y => new WorkflowDbContext(y), DatabaseConnectionStringNames.Workflow)); services.AddTransient <WriteNewPollTokenWriter>(); services.AddTransient <IPollTokenService, PollTokenService>(); services.Configure <CookiePolicyOptions>(options => { options.HttpOnly = HttpOnlyPolicy.Always; options.Secure = CookieSecurePolicy.Always; }); StartupIdentityHub(services); StartupAuthenticationScheme(services.AddAuthentication(JwtAuthenticationHandler.SchemeName)); }
public static IServiceCollection AddRestApiClient(this IServiceCollection services, IccPortalConfig configuration, string userAgent = null) { services.AddTransient <IHttpContextAccessor, HttpContextAccessor>(); var userAgentValue = userAgent ?? Assembly.GetCallingAssembly().GetName().Name; services.AddHttpClient <IRestApiClient, RestApiClient>(client => { client.BaseAddress = new Uri(configuration.BackendBaseUrl); client.DefaultRequestHeaders.Add("User-Agent", userAgentValue); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); }); return(services); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { if (services == null) { throw new ArgumentNullException(nameof(services)); } services.AddLogging(); services.AddScoped <IJsonSerializer, StandardJsonSerializer>(); services.AddControllers(options => { options.RespectBrowserAcceptHeader = true; }); IIccPortalConfig iccPortalConfig = new IccPortalConfig(_Configuration, "IccPortalConfig"); services.AddSingleton(iccPortalConfig); // Database Scoping services.AddScoped(x => { var config = new StandardEfDbConfig(_Configuration, "WorkFlow"); var builder = new SqlServerDbContextOptionsBuilder(config); var result = new WorkflowDbContext(builder.Build()); result.BeginTransaction(); return(result); }); services.AddScoped <HttpPostAuthoriseCommand>(); services.AddScoped <HttpPostLabVerifyCommand>(); services.AddScoped <AuthorisationWriterCommand>(); services.AddScoped <IUtcDateTimeProvider, StandardUtcDateTimeProvider>(); services.AddScoped <IRandomNumberGenerator, RandomNumberGenerator>(); services.AddScoped <JwtService>(); services.AddScoped <LabVerificationAuthorisationCommand>(); services.AddScoped <PollTokens>(); services.AddScoped <HttpGetLogoutCommand>(); services.AddScoped <HttpGetUserClaimCommand>(); services.AddScoped <HttpGetAuthorisationRedirectCommand>(); services.AddMvc(config => { config.EnableEndpointRouting = false; var policy = new AuthorizationPolicyBuilder() .AddAuthenticationSchemes(TheIdentityHubDefaults.AuthenticationScheme) .RequireAuthenticatedUser() .Build(); config.Filters.Add(new AuthorizeFilter(policy)); // .RequireClaim(ClaimTypes.Role) //TODO still needed or dead line? }); services.AddCors(); services.AddSwaggerGen(o => { o.SwaggerDoc("v1", new OpenApiInfo { Title = "Dutch Exposure Notification ICC API (inc. dev support)", Version = "v1", Description = "This specification describes the interface between the Dutch exposure notification app backend, ICC Webportal and the ICC backend service.", Contact = new OpenApiContact { Name = "Ministerie van Volksgezondheid Welzijn en Sport backend repository", //TODO looks wrong? Url = new Uri("https://github.com/minvws/nl-covid19-notification-app-backend"), }, License = new OpenApiLicense { Name = "European Union Public License v. 1.2", //TODO this should be https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12 Url = new Uri("https://github.com/minvws/nl-covid19-notification-app-backend/blob/master/LICENSE.txt") }, }); o.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "NL.Rijksoverheid.ExposureNotification.BackEnd.Components.xml")); o.AddSecurityDefinition("Icc", new OpenApiSecurityScheme { Description = "Icc Code Authentication", Name = "Authorization", In = ParameterLocation.Header, Type = SecuritySchemeType.ApiKey, Scheme = "IccAuthentication" }); o.OperationFilter <SecurityRequirementsOperationFilter>(); }); services.Configure <CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); // TODO: Make service for adding authentication + configuration model services .AddAuthentication(auth => { auth.DefaultChallengeScheme = TheIdentityHubDefaults.AuthenticationScheme; auth.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; auth.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie() .AddTheIdentityHubAuthentication(options => { if (!string.IsNullOrWhiteSpace(iccPortalConfig.IdentityHubConfig.BaseUrl)) { options.TheIdentityHubUrl = new Uri(iccPortalConfig.IdentityHubConfig.BaseUrl); } //TODO if the Url is not set is there any sense to setting these? options.Tenant = iccPortalConfig.IdentityHubConfig.Tenant; options.ClientId = iccPortalConfig.IdentityHubConfig.ClientId; options.ClientSecret = iccPortalConfig.IdentityHubConfig.ClientSecret; }); services.AddMvc(config => { config.EnableEndpointRouting = false; var policy = new AuthorizationPolicyBuilder() .AddAuthenticationSchemes(TheIdentityHubDefaults.AuthenticationScheme) .RequireAuthenticatedUser() .Build(); config.Filters.Add(new AuthorizeFilter(policy)); // .RequireClaim(ClaimTypes.Role) }); services .AddAuthentication("jwt") .AddScheme <AuthenticationSchemeOptions, StandardJwtAuthenticationHandler>("jwt", null); }