private static X509Certificate2 GetCertificate(IWebHostEnvironment environment, IConfiguration configuration) { X509Certificate2 cert; var useLocalCertStore = Convert.ToBoolean(configuration["UseLocalCertStore"]); var certificateThumbprint = configuration["CertificateThumbprint"]; if (environment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(environment.ContentRootPath, "sts_dev_cert.pfx"), "1234"); } return(cert); }
public static async Task <(X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)> GetCertificates(CertificateConfiguration certificateConfiguration) { (X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)certs = (null, null); if (certificateConfiguration.UseLocalCertStore) { using X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); var storeCerts = store.Certificates.Find(X509FindType.FindByThumbprint, certificateConfiguration.CertificateThumbprint, false); certs.ActiveCertificate = storeCerts[0]; store.Close(); } else { if (!string.IsNullOrEmpty(certificateConfiguration.KeyVaultEndpoint)) { var credential = new DefaultAzureCredential(); var keyVaultCertificateService = new KeyVaultCertificateService( certificateConfiguration.KeyVaultEndpoint, certificateConfiguration.CertificateNameKeyVault); var secretClient = new SecretClient( vaultUri: new Uri(certificateConfiguration.KeyVaultEndpoint), credential); var certificateClient = new CertificateClient( vaultUri: new Uri(certificateConfiguration.KeyVaultEndpoint), credential); certs = await keyVaultCertificateService.GetCertificatesFromKeyVault(secretClient, certificateClient).ConfigureAwait(false); } } // search for local PFX with password, usually local dev if (certs.ActiveCertificate == null) { certs.ActiveCertificate = new X509Certificate2( certificateConfiguration.DevelopmentCertificatePfx, certificateConfiguration.DevelopmentCertificatePassword); } return(certs); }
private X509Certificate2 LoadSigningCertificate() { var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["KeyVault:AzureADCertThumbprint"]; X509Certificate2 cert; if (_environment.IsStaging() || _environment.IsProduction()) { if (useLocalCertStore) { Log.Information("Loading signing certificate from local certification store"); using (var store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { Log.Information("Loading signing certificate from key vault"); var vaultConfigSection = Configuration.GetSection("KeyVault"); Log.Information($"Key vault configurations. KeyVaultName: {vaultConfigSection["KeyVaultName"]}; " + $"CertificateName: {vaultConfigSection["CertificateName"]}"); var keyVaultService = new KeyVaultCertificateService($"https://{vaultConfigSection["KeyVaultName"]}.vault.azure.net/", vaultConfigSection["AzureADApplicationId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { Log.Information("Loading signing certificate from file"); cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "keyvault-myCompany-ch-20191219.pfx"), ""); } return(cert); }
public void ConfigureServices(IServiceCollection services) { var connection = Configuration.GetConnectionString("DefaultConnection"); var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert; if (_env.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_env.ContentRootPath, "damienbodserver.pfx"), ""); } // Important The folderForKeyStore needs to be backed up. // services.AddDataProtection() // .SetApplicationName("ResourceServer") // .PersistKeysToFileSystem(new DirectoryInfo(folderForKeyStore)) // .ProtectKeysWithCertificate(cert); services.AddDataProtection() .SetApplicationName("ResourceServer") .ProtectKeysWithCertificate(cert) .AddKeyManagementOptions(options => options.XmlRepository = new SqlXmlRepository( new DataProtectionDbContext( new DbContextOptionsBuilder <DataProtectionDbContext>().UseSqlite(connection).Options ) ) ); services.AddDbContext <DataEventRecordContext>(options => options.UseSqlite(connection) ); services.AddCors(); var policy = new Microsoft.AspNetCore.Cors.Infrastructure.CorsPolicy(); policy.Headers.Add("*"); policy.Methods.Add("*"); policy.Origins.Add("*"); policy.SupportsCredentials = true; services.AddCors(x => x.AddPolicy("corsGlobalPolicy", policy)); var guestPolicy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .RequireClaim("scope", "dataEventRecords") .Build(); services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddIdentityServerAuthentication(options => { options.Authority = "https://localhost:44318/"; options.ApiName = "dataEventRecords"; options.ApiSecret = "dataEventRecordsSecret"; }); services.AddAuthorization(options => { options.AddPolicy("dataEventRecordsAdmin", policyAdmin => { policyAdmin.RequireClaim("role", "dataEventRecords.admin"); }); options.AddPolicy("dataEventRecordsUser", policyUser => { policyUser.RequireClaim("role", "dataEventRecords.user"); }); options.AddPolicy("dataEventRecords", policyUser => { policyUser.RequireClaim("scope", "dataEventRecords"); }); }); services.AddMvc(options => { options.Filters.Add(new AuthorizeFilter(guestPolicy)); }).SetCompatibilityVersion(CompatibilityVersion.Version_2_2).AddJsonOptions(options => { options.SerializerSettings.ContractResolver = new DefaultContractResolver(); }); services.AddScoped <IDataEventRecordRepository, DataEventRecordRepository>(); }
public void ConfigureServices(IServiceCollection services) { var stsConfig = Configuration.GetSection("StsConfig"); _clientId = Configuration["MicrosoftClientId"]; _clientSecret = Configuration["MircosoftClientSecret"]; var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert; if (_environment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "damienbodserver.pfx"), ""); } services.AddCors(options => { options.AddPolicy("AllowAllOrigins", builder => { builder .AllowCredentials() .WithOrigins("https://localhost:44311", "https://localhost:44390", "https://localhost:44395", "https://localhost:44318") .SetIsOriginAllowedToAllowWildcardSubdomains() .AllowAnyHeader() .AllowAnyMethod(); }); }); services.AddDbContext <ApplicationDbContext>(options => options.UseSqlite(Configuration.GetConnectionString("DefaultConnection"))); services.Configure <StsConfig>(Configuration.GetSection("StsConfig")); services.Configure <EmailSettings>(Configuration.GetSection("EmailSettings")); services.AddSingleton <LocService>(); services.AddLocalization(options => options.ResourcesPath = "Resources"); services.AddIdentity <ApplicationUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>() .AddErrorDescriber <StsIdentityErrorDescriber>() .AddDefaultTokenProviders(); services.AddScoped <IUserClaimsPrincipalFactory <ApplicationUser>, AdditionalUserClaimsPrincipalFactory>(); services.AddTransient <IProfileService, IdentityWithAdditionalClaimsProfileService>(); services.AddTransient <IEmailSender, EmailSender>(); services.AddSingleton <IAuthorizationHandler, IsAdminHandler>(); services.AddAuthentication() .AddOpenIdConnect("aad", "Login with Azure AD", options => { options.Authority = $"https://login.microsoftonline.com/common"; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false }; options.ClientId = "99eb0b9d-ca40-476e-b5ac-6f4c32bfb530"; options.CallbackPath = "/signin-oidc"; }); services.AddAuthorization(options => { options.AddPolicy("IsAdmin", policyIsAdminRequirement => { policyIsAdminRequirement.Requirements.Add(new IsAdminRequirement()); }); }); services.Configure <RequestLocalizationOptions>( options => { var supportedCultures = new List <CultureInfo> { new CultureInfo("en-US"), new CultureInfo("de-CH"), new CultureInfo("fr-CH"), new CultureInfo("it-CH") }; options.DefaultRequestCulture = new RequestCulture(culture: "de-CH", uiCulture: "de-CH"); options.SupportedCultures = supportedCultures; options.SupportedUICultures = supportedCultures; var providerQuery = new LocalizationQueryProvider { QureyParamterName = "ui_locales" }; options.RequestCultureProviders.Insert(0, providerQuery); }); services.AddControllersWithViews(options => { options.Filters.Add(new SecurityHeadersAttribute()); }) .SetCompatibilityVersion(CompatibilityVersion.Version_3_0) .AddViewLocalization() .AddDataAnnotationsLocalization(options => { options.DataAnnotationLocalizerProvider = (type, factory) => { var assemblyName = new AssemblyName(typeof(SharedResource).GetTypeInfo().Assembly.FullName); return(factory.Create("SharedResource", assemblyName.Name)); }; }); services.AddIdentityServer() .AddSigningCredential(cert) .AddInMemoryIdentityResources(Config.GetIdentityResources()) .AddInMemoryApiResources(Config.GetApiResources()) .AddInMemoryClients(Config.GetClients()) .AddAspNetIdentity <ApplicationUser>() .AddProfileService <IdentityWithAdditionalClaimsProfileService>(); }
public void ConfigureServices(IServiceCollection services) { _clientId = Configuration["MicrosoftClientId"]; _clientSecret = Configuration["MircosoftClientSecret"]; var authConfigurations = Configuration.GetSection("AuthConfigurations"); var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert; if (_environment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "sts_dev_cert.pfx"), "1234"); } services.AddDbContext <ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))); services.Configure <AuthConfigurations>(Configuration.GetSection("AuthConfigurations")); services.Configure <EmailSettings>(Configuration.GetSection("EmailSettings")); services.AddTransient <IProfileService, IdentityWithAdditionalClaimsProfileService>(); services.AddSingleton <LocService>(); services.AddLocalization(options => options.ResourcesPath = "Resources"); if (_clientId != null) { services.AddAuthentication() .AddOpenIdConnect("Azure AD / Microsoft", "Azure AD / Microsoft", options => // Microsoft common { // https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration options.ClientId = _clientId; options.ClientSecret = _clientSecret; options.SignInScheme = "Identity.External"; options.RemoteAuthenticationTimeout = TimeSpan.FromSeconds(30); options.Authority = "https://login.microsoftonline.com/common/v2.0/"; options.ResponseType = "code"; options.Scope.Add("profile"); options.Scope.Add("email"); options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, NameClaimType = "email", }; options.CallbackPath = "/signin-microsoft"; options.Prompt = "login"; // login, consent }); } else { services.AddAuthentication(); } services.AddIdentity <ApplicationUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>() .AddErrorDescriber <StsIdentityErrorDescriber>() .AddDefaultTokenProviders(); services.Configure <RequestLocalizationOptions>( options => { var supportedCultures = new List <CultureInfo> { new CultureInfo("en-US"), new CultureInfo("de-DE"), new CultureInfo("de-CH"), new CultureInfo("it-IT"), new CultureInfo("gsw-CH"), new CultureInfo("fr-FR"), new CultureInfo("zh-Hans") }; options.DefaultRequestCulture = new RequestCulture(culture: "de-DE", uiCulture: "de-DE"); options.SupportedCultures = supportedCultures; options.SupportedUICultures = supportedCultures; var providerQuery = new LocalizationQueryProvider { QureyParamterName = "ui_locales" }; options.RequestCultureProviders.Insert(0, providerQuery); }); services.AddControllersWithViews(options => { options.Filters.Add(new SecurityHeadersAttribute()); }) .SetCompatibilityVersion(CompatibilityVersion.Version_3_0) .AddViewLocalization() .AddDataAnnotationsLocalization(options => { options.DataAnnotationLocalizerProvider = (type, factory) => { var assemblyName = new AssemblyName(typeof(SharedResource).GetTypeInfo().Assembly.FullName); return(factory.Create("SharedResource", assemblyName.Name)); }; }); services.AddTransient <IEmailSender, EmailSender>(); services.AddIdentityServer() .AddSigningCredential(cert) .AddInMemoryIdentityResources(Config.GetIdentityResources()) .AddInMemoryApiResources(Config.GetApiResources()) .AddInMemoryClients(Config.GetClients(authConfigurations)) .AddAspNetIdentity <ApplicationUser>() .AddProfileService <IdentityWithAdditionalClaimsProfileService>(); }
public void ConfigureServices(IServiceCollection services) { var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert; if (_environment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "damienbodserver.pfx"), ""); } services.AddCors(options => { options.AddPolicy("AllowAllHeaders", builder => { builder .AllowAnyOrigin() .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials() .WithExposedHeaders("X-Pagination"); }); }); services.AddDbContext <ApplicationDbContext>(options => options.UseSqlite(Configuration.GetConnectionString("DefaultConnection"))); services.Configure <EmailSettings>(Configuration.GetSection("EmailSettings")); services.AddIdentity <ApplicationUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>(); var guestPolicy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .RequireClaim("scope", "dataEventRecords") .Build(); services.AddTransient <IProfileService, IdentityWithAdditionalClaimsProfileService>(); services.AddIdentityServer() .AddSigningCredential(cert) .AddInMemoryIdentityResources(Config.GetIdentityResources()) .AddInMemoryApiResources(Config.GetApiResources()) .AddInMemoryClients(Config.GetClients()) .AddAspNetIdentity <ApplicationUser>() .AddProfileService <IdentityWithAdditionalClaimsProfileService>(); services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddIdentityServerAuthentication(options => { options.Authority = Config.HOST_URL + "/"; options.ApiName = "dataEventRecords"; options.ApiSecret = "dataEventRecordsSecret"; options.SupportedTokens = SupportedTokens.Both; }); //JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); services.AddTransient <IEmailSender, EmailSender>(); //IdentityServerAuthenticationOptions identityServerValidationOptions = new IdentityServerAuthenticationOptions //{ // Authority = Config.HOST_URL + "/", // AllowedScopes = new List<string> { "dataEventRecords" }, // ApiSecret = "dataEventRecordsSecret", // ApiName = "dataEventRecords", // AutomaticAuthenticate = true, // SupportedTokens = SupportedTokens.Both, // // TokenRetriever = _tokenRetriever, // // required if you want to return a 403 and not a 401 for forbidden responses // AutomaticChallenge = true, //}; //app.UseIdentityServerAuthentication(identityServerValidationOptions); services.AddAuthorization(options => { options.AddPolicy("dataEventRecordsAdmin", policyAdmin => { policyAdmin.RequireClaim("role", "dataEventRecords.admin"); }); options.AddPolicy("admin", policyAdmin => { policyAdmin.RequireClaim("role", "admin"); }); options.AddPolicy("dataEventRecordsUser", policyUser => { policyUser.RequireClaim("role", "dataEventRecords.user"); }); options.AddPolicy("dataEventRecords", policyUser => { policyUser.RequireClaim("scope", "dataEventRecords"); }); }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); }
public void ConfigureServices(IServiceCollection services) { var connection = Configuration.GetConnectionString("DefaultConnection"); var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert; if (_webHostEnvironment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_webHostEnvironment.ContentRootPath, "damienbodserver.pfx"), ""); } // Important The folderForKeyStore needs to be backed up. // services.AddDataProtection() // .SetApplicationName("ResourceServer") // .PersistKeysToFileSystem(new DirectoryInfo(folderForKeyStore)) // .ProtectKeysWithCertificate(cert); services.AddDataProtection() .SetApplicationName("ResourceServer") .ProtectKeysWithCertificate(cert) .AddKeyManagementOptions(options => options.XmlRepository = new SqlXmlRepository( new DataProtectionDbContext( new DbContextOptionsBuilder <DataProtectionDbContext>().UseSqlite(connection).Options ) ) ); services.AddDbContext <DataEventRecordContext>(options => options.UseSqlite(connection) ); services.AddCors(options => { options.AddPolicy("AllowAllOrigins", builder => { builder .AllowCredentials() .WithOrigins( "https://localhost:44311", "https://localhost:44352", "https://localhost:44372", "https://localhost:44378", "https://localhost:44390") .SetIsOriginAllowedToAllowWildcardSubdomains() .AllowAnyHeader() .AllowAnyMethod(); }); }); var guestPolicy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .RequireClaim("scope", "dataEventRecords") .Build(); services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddIdentityServerAuthentication(options => { options.Authority = "https://localhost:44318/"; options.ApiName = "dataEventRecords"; options.ApiSecret = "dataEventRecordsSecret"; }); services.AddAuthorization(options => { options.AddPolicy("dataEventRecordsAdmin", policyAdmin => { policyAdmin.RequireClaim("role", "dataEventRecords.admin"); }); options.AddPolicy("dataEventRecordsUser", policyUser => { policyUser.RequireClaim("role", "dataEventRecords.user"); }); options.AddPolicy("dataEventRecords", policyUser => { policyUser.RequireClaim("scope", "dataEventRecords"); }); }); services.AddControllers() .AddNewtonsoftJson() .SetCompatibilityVersion(CompatibilityVersion.Version_3_0); services.AddScoped <IDataEventRecordRepository, DataEventRecordRepository>(); }
public void ConfigureServices(IServiceCollection services) { var stsConfig = Configuration.GetSection("StsConfig"); var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert; if (_environment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "sts_dev_cert.pfx"), "1234"); } services.AddDbContext <ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))); services.Configure <StsConfig>(Configuration.GetSection("StsConfig")); services.Configure <EmailSettings>(Configuration.GetSection("EmailSettings")); services.AddTransient <IEndSessionRequestValidator, MyEndSessionRequestValidator>(); services.AddSingleton <LocService>(); services.AddLocalization(options => options.ResourcesPath = "Resources"); services.AddAuthentication() .AddOpenIdConnect("aad", "Login with Azure AD", options => { options.Authority = $"https://login.microsoftonline.com/common"; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false }; options.ClientId = "99eb0b9d-ca40-476e-b5ac-6f4c32bfb530"; options.CallbackPath = "/signin-oidc"; }); services.AddIdentity <ApplicationUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>() .AddErrorDescriber <StsIdentityErrorDescriber>() .AddDefaultTokenProviders(); services.Configure <RequestLocalizationOptions>( options => { var supportedCultures = new List <CultureInfo> { new CultureInfo("en-US"), new CultureInfo("de-DE"), new CultureInfo("de-CH"), new CultureInfo("it-IT"), new CultureInfo("gsw-CH"), new CultureInfo("fr-FR"), new CultureInfo("zh-Hans") }; options.DefaultRequestCulture = new RequestCulture(culture: "de-DE", uiCulture: "de-DE"); options.SupportedCultures = supportedCultures; options.SupportedUICultures = supportedCultures; var providerQuery = new LocalizationQueryProvider { QureyParamterName = "ui_locales" }; options.RequestCultureProviders.Insert(0, providerQuery); }); services.AddMvc(options => { options.Filters.Add(new SecurityHeadersAttribute()); }).SetCompatibilityVersion(CompatibilityVersion.Version_2_2) .AddViewLocalization() .AddDataAnnotationsLocalization(options => { options.DataAnnotationLocalizerProvider = (type, factory) => { var assemblyName = new AssemblyName(typeof(SharedResource).GetTypeInfo().Assembly.FullName); return(factory.Create("SharedResource", assemblyName.Name)); }; }); services.AddTransient <IProfileService, IdentityWithAdditionalClaimsProfileService>(); services.AddTransient <IEmailSender, EmailSender>(); var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; services.AddIdentityServer() .AddSigningCredential(cert) .AddInMemoryIdentityResources(Config.GetIdentityResources()) .AddInMemoryApiResources(Config.GetApiResources()) .AddInMemoryClients(Config.GetClients(stsConfig)) .AddAspNetIdentity <ApplicationUser>() .AddProfileService <IdentityWithAdditionalClaimsProfileService>() .AddOperationalStore(options => { options.ConfigureDbContext = builder => builder.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"), sql => sql.MigrationsAssembly(migrationsAssembly)); // this enables automatic token cleanup. this is optional. options.EnableTokenCleanup = true; options.TokenCleanupInterval = 30; // interval in seconds }); }
public void ConfigureServices(IServiceCollection services) { var stsConfig = Configuration.GetSection("StsConfig"); var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert; if (_environment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "sts_dev_cert.pfx"), "1234"); } services.AddDbContext <ApplicationDbContext>(options => options.UseSqlite(Configuration.GetConnectionString("DefaultConnection"))); services.Configure <StsConfig>(Configuration.GetSection("StsConfig")); services.Configure <EmailSettings>(Configuration.GetSection("EmailSettings")); services.AddSingleton <LocService>(); services.AddLocalization(options => options.ResourcesPath = "Resources"); // TODO: Google Auth Config: services.AddAuthentication() .AddGoogle(options => { options.ClientId = "[ClientId]"; options.ClientSecret = "[ClientSecret]"; }); services.AddIdentity <ApplicationUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>() .AddErrorDescriber <StsIdentityErrorDescriber>() .AddDefaultTokenProviders(); services.Configure <RequestLocalizationOptions>( options => { var supportedCultures = new List <CultureInfo> { new CultureInfo("en-US"), new CultureInfo("de-DE"), new CultureInfo("de-CH"), new CultureInfo("it-IT"), new CultureInfo("gsw-CH"), new CultureInfo("fr-FR"), new CultureInfo("zh-Hans") }; options.DefaultRequestCulture = new RequestCulture(culture: "de-DE", uiCulture: "de-DE"); options.SupportedCultures = supportedCultures; options.SupportedUICultures = supportedCultures; var providerQuery = new LocalizationQueryProvider { QureyParamterName = "ui_locales" }; options.RequestCultureProviders.Insert(0, providerQuery); }); services.AddMvc(options => { options.Filters.Add(new SecurityHeadersAttribute()); }).SetCompatibilityVersion(CompatibilityVersion.Version_2_2) .AddViewLocalization() .AddDataAnnotationsLocalization(options => { options.DataAnnotationLocalizerProvider = (type, factory) => { var assemblyName = new AssemblyName(typeof(SharedResource).GetTypeInfo().Assembly.FullName); return(factory.Create("SharedResource", assemblyName.Name)); }; }); services.AddTransient <IProfileService, IdentityWithAdditionalClaimsProfileService>(); services.AddTransient <IEmailSender, EmailSender>(); services.AddIdentityServer() .AddSigningCredential(cert) .AddInMemoryIdentityResources(Config.GetIdentityResources()) .AddInMemoryApiResources(Config.GetApiResources()) .AddInMemoryClients(Config.GetClients()) .AddAspNetIdentity <ApplicationUser>() .AddProfileService <IdentityWithAdditionalClaimsProfileService>(); }
/// <summary> /// Add custom signing certificate from certification store according thumbprint or from file /// </summary> /// <param name="builder"></param> /// <param name="configuration"></param> /// <param name="logger"></param> /// <returns></returns> public static IIdentityServerBuilder AddCustomSigningCredential(this IIdentityServerBuilder builder, IConfiguration configuration, ILogger logger) { var certificateConfiguration = configuration.GetSection(nameof(CertificateConfiguration)).Get <CertificateConfiguration>(); if (certificateConfiguration.UseSigningCertificateThumbprint) { if (string.IsNullOrWhiteSpace(certificateConfiguration.SigningCertificateThumbprint)) { throw new Exception(SigningCertificateThumbprintNotFound); } var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine); certStore.Open(OpenFlags.ReadOnly); var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, certificateConfiguration.SigningCertificateThumbprint, true); if (certCollection.Count == 0) { throw new Exception(CertificateNotFound); } var certificate = certCollection[0]; builder.AddSigningCredential(certificate); } else if (certificateConfiguration.UseSigningCertificatePfxFile) { if (string.IsNullOrWhiteSpace(certificateConfiguration.SigningCertificatePfxFilePath)) { throw new Exception(SigningCertificatePathIsNotSpecified); } if (File.Exists(certificateConfiguration.SigningCertificatePfxFilePath)) { logger.LogInformation("inside signing certificate "); try { builder.AddSigningCredential(new X509Certificate2(certificateConfiguration.SigningCertificatePfxFilePath, certificateConfiguration.SigningCertificatePfxFilePassword)); logger.LogInformation("AddSigningCredential "); } catch (CryptographicException e) { logger.LogError($"There was an error adding the key file - during the creation of the signing key {e.Message}"); } } else { throw new Exception($"Signing key file: {certificateConfiguration.SigningCertificatePfxFilePath} not found"); } } else if (certificateConfiguration.AzureKeyVault) { // Azure deployment, will be used if deployed to Azure var keyVaultService = new KeyVaultCertificateService(certificateConfiguration.AzureKeyVaultEndPoint, certificateConfiguration.AzureKeyVaultClientId, certificateConfiguration.AzureKeyVaultClientSecret, logger); builder.AddSigningCredential(keyVaultService.GetCertificateFromKeyVault(certificateConfiguration.AzureKeyVaultCertificateName)); } else if (certificateConfiguration.UseTemporarySigningKeyForDevelopment) { builder.AddDeveloperSigningCredential(); } return(builder); }
public void ConfigureServices(IServiceCollection services) { var stsConfig = Configuration.GetSection("StsConfig"); var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert = null; if (_environment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "sts_dev_cert.pfx"), "1234"); } services.AddDbContext <ApplicationDbContext>(options => options.UseLazyLoadingProxies().UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))); services.Configure <StsConfig>(stsConfig); services.Configure <EmailSettings>(Configuration.GetSection("EmailSettings")); services.AddSingleton <LocService>(); services.AddLocalization(options => options.ResourcesPath = "Resources"); services.AddAuthentication() .AddOpenIdConnect("aad", "Login with Azure AD", options => { options.Authority = $"https://login.microsoftonline.com/common"; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false }; options.ClientId = "99eb0b9d-ca40-476e-b5ac-6f4c32bfb530"; options.CallbackPath = "/signin-oidc"; }); services.AddIdentity <ApplicationUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>() .AddErrorDescriber <StsIdentityErrorDescriber>() .AddDefaultTokenProviders(); services.Configure <IdentityOptions>(options => { // Password settings. options.Password.RequireDigit = false; options.Password.RequireLowercase = false; options.Password.RequireNonAlphanumeric = false; options.Password.RequireUppercase = false; options.Password.RequiredLength = 6; }); services.Configure <RequestLocalizationOptions>( options => { var supportedCultures = new List <CultureInfo> { new CultureInfo("en-US"), new CultureInfo("zh-Hans") }; options.DefaultRequestCulture = new RequestCulture(culture: "en-US", uiCulture: "en-US"); options.SupportedCultures = supportedCultures; options.SupportedUICultures = supportedCultures; var providerQuery = new LocalizationQueryProvider { QureyParamterName = "ui_locales" }; options.RequestCultureProviders.Insert(0, providerQuery); }); //services.AddCors(options => options.AddPolicy("SelfOwner", b => // b.WithOrigins("http://localhost:4200", // "https://localhost:4200", // "http://localhost:5001", // "https://localhost:44344") // .AllowAnyMethod() // .AllowAnyHeader())); services.AddMvc(options => { options.Filters.Add(new SecurityHeadersAttribute()); }).SetCompatibilityVersion(CompatibilityVersion.Version_2_2) .AddViewLocalization() .AddDataAnnotationsLocalization(options => { options.DataAnnotationLocalizerProvider = (type, factory) => { var assemblyName = new AssemblyName(typeof(SharedResource).GetTypeInfo().Assembly.FullName); return(factory.Create("SharedResource", assemblyName.Name)); }; }); services.AddTransient <IEmailSender, EmailSender>(); services.AddIdentityServer() .AddSigningCredential(cert) .AddInMemoryIdentityResources(IdentityServerConfig.GetIdentityResources()) .AddInMemoryApiResources(IdentityServerConfig.GetApiResources()) .AddInMemoryClients(IdentityServerConfig.GetClients(stsConfig)) .AddAspNetIdentity <ApplicationUser>() .AddProfileService <IdentityWithAdditionalClaimsProfileService>(); }
public void ConfigureServices(IServiceCollection services) { var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert; if (_environment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "damienbodserver.pfx"), ""); } services.AddDbContext <ApplicationDbContext>(options => options.UseSqlite(Configuration.GetConnectionString("DefaultConnection"))); services.Configure <EmailSettings>(Configuration.GetSection("EmailSettings")); services.AddIdentity <ApplicationUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>(); services.AddCors(options => { options.AddPolicy("AllowAllOrigins", builder => { builder .AllowCredentials() .WithOrigins( "https://localhost:44311", "https://localhost:44352", "https://localhost:44372", "https://localhost:44378", "https://localhost:44390") .SetIsOriginAllowedToAllowWildcardSubdomains() .AllowAnyHeader() .AllowAnyMethod(); }); }); var guestPolicy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .RequireClaim("scope", "dataEventRecords") .Build(); services.AddTransient <IProfileService, IdentityWithAdditionalClaimsProfileService>(); services.AddIdentityServer() .AddSigningCredential(cert) .AddInMemoryIdentityResources(Config.GetIdentityResources()) .AddInMemoryApiResources(Config.GetApiResources()) .AddInMemoryClients(Config.GetClients()) .AddAspNetIdentity <ApplicationUser>() .AddProfileService <IdentityWithAdditionalClaimsProfileService>(); services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddIdentityServerAuthentication(options => { options.Authority = Config.HOST_URL + "/"; options.ApiName = "dataEventRecords"; options.ApiSecret = "dataEventRecordsSecret"; options.SupportedTokens = SupportedTokens.Both; }); services.AddTransient <IEmailSender, EmailSender>(); services.AddAuthorization(options => { options.AddPolicy("dataEventRecordsAdmin", policyAdmin => { policyAdmin.RequireClaim("role", "dataEventRecords.admin"); }); options.AddPolicy("admin", policyAdmin => { policyAdmin.RequireClaim("role", "admin"); }); options.AddPolicy("dataEventRecordsUser", policyUser => { policyUser.RequireClaim("role", "dataEventRecords.user"); }); options.AddPolicy("dataEventRecords", policyUser => { policyUser.RequireClaim("scope", "dataEventRecords"); }); }); services.AddControllers() .AddNewtonsoftJson() .SetCompatibilityVersion(CompatibilityVersion.Version_3_0); services.AddControllersWithViews() .SetCompatibilityVersion(CompatibilityVersion.Version_3_0) .AddViewLocalization(); }
public void ConfigureServices(IServiceCollection services) { var stsConfig = Configuration.GetSection("StsConfig"); var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert; if (_environment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "damienbodserver.pfx"), ""); } services.AddDbContext <ApplicationDbContext>(options => options.UseSqlite(Configuration.GetConnectionString("DefaultConnection"))); services.Configure <StsConfig>(Configuration.GetSection("StsConfig")); services.Configure <EmailSettings>(Configuration.GetSection("EmailSettings")); services.AddSingleton <LocService>(); services.AddLocalization(options => options.ResourcesPath = "Resources"); services.AddAuthentication() .AddOpenIdConnect("aad", "Login with Azure AD", options => { options.Authority = $"https://login.microsoftonline.com/common"; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false }; options.ClientId = "99eb0b9d-ca40-476e-b5ac-6f4c32bfb530"; options.CallbackPath = "/signin-oidc"; }); services.AddIdentity <ApplicationUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>() .AddDefaultTokenProviders(); services.Configure <RequestLocalizationOptions>( options => { var supportedCultures = new List <CultureInfo> { new CultureInfo("en-US"), new CultureInfo("de-CH"), new CultureInfo("fr-CH"), new CultureInfo("it-CH") }; options.DefaultRequestCulture = new RequestCulture(culture: "de-CH", uiCulture: "de-CH"); options.SupportedCultures = supportedCultures; options.SupportedUICultures = supportedCultures; var providerQuery = new LocalizationQueryProvider { QureyParamterName = "ui_locales" }; // Cookie is required for the logout, query parameters at not supported with the endsession endpoint // Only works in the same domain var providerCookie = new LocalizationCookieProvider { CookieName = "defaultLocale" }; // options.RequestCultureProviders.Insert(0, providerCookie); options.RequestCultureProviders.Insert(0, providerQuery); }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1) .AddViewLocalization() .AddDataAnnotationsLocalization(options => { options.DataAnnotationLocalizerProvider = (type, factory) => { var assemblyName = new AssemblyName(typeof(SharedResource).GetTypeInfo().Assembly.FullName); return(factory.Create("SharedResource", assemblyName.Name)); }; }); services.AddTransient <IProfileService, IdentityWithAdditionalClaimsProfileService>(); services.AddTransient <IEmailSender, EmailSender>(); services.AddIdentityServer() .AddSigningCredential(cert) .AddInMemoryIdentityResources(Config.GetIdentityResources()) .AddInMemoryApiResources(Config.GetApiResources()) .AddInMemoryClients(Config.GetClients(stsConfig)) .AddAspNetIdentity <ApplicationUser>() .AddProfileService <IdentityWithAdditionalClaimsProfileService>(); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { //services.Configure<CookiePolicyOptions>(options => //{ // // This lambda determines whether user consent for non-essential cookies is needed for a given request. // options.CheckConsentNeeded = context => true; // options.MinimumSameSitePolicy = SameSiteMode.None; //}); var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert; if (_environment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "damienbodserver.pfx"), ""); } services.Configure <GeneralConfig>(Configuration.GetSection("GeneralConfig")); services.Configure <EmailSettings>(Configuration.GetSection("EmailSettings")); services.Configure <SmtpEmailSettings>(Configuration.GetSection("SmtpEmailSettings")); services.AddSingleton <SmtpClient>((serviceProvider) => { var config = serviceProvider.GetRequiredService <IConfiguration>(); return(new SmtpClient() { Host = config.GetValue <String>("SmtpEmailSettings:Host"), Port = config.GetValue <int>("SmtpEmailSettings:Port"), Credentials = new NetworkCredential( config.GetValue <String>("SmtpEmailSettings:Username"), config.GetValue <String>("SmtpEmailSettings:Password") ), EnableSsl = true, DeliveryMethod = SmtpDeliveryMethod.Network }); }); //services.AddDbContext<ApplicationDbContext>(options => // options.UseSqlite(Configuration.GetConnectionString("DefaultConnection"))); string connectionString = Configuration.GetConnectionString("DefaultConnection"); var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; services.AddDbContext <ApplicationDbContext>(options => options.UseSqlServer(connectionString)); services.AddIdentity <ApplicationUser, IdentityRole>( config => { config.SignIn.RequireConfirmedEmail = true; config.Password.RequireDigit = false; config.Password.RequiredLength = 7; config.Password.RequireLowercase = false; config.Password.RequireNonAlphanumeric = false; config.Password.RequireUppercase = false; }) .AddEntityFrameworkStores <ApplicationDbContext>() .AddDefaultTokenProviders(); var guestPolicy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .RequireClaim("scope", "dataEventRecords") .Build(); services.AddTransient <IProfileService, IdentityWithAdditionalClaimsProfileService>(); services.Configure <IISOptions>(iis => { iis.AuthenticationDisplayName = "Windows"; iis.AutomaticAuthentication = false; }); services.AddIdentityServer(options => { options.Events.RaiseErrorEvents = true; options.Events.RaiseInformationEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseSuccessEvents = true; }) .AddSigningCredential(cert) .AddAspNetIdentity <ApplicationUser>() // this adds the config data from DB (clients, resources) .AddConfigurationStore(options => { options.ConfigureDbContext = b => b.UseSqlServer(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly)); }) // this adds the operational data from DB (codes, tokens, consents) .AddOperationalStore(options => { options.ConfigureDbContext = b => b.UseSqlServer(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly)); // this enables automatic token cleanup. this is optional. options.EnableTokenCleanup = true; // options.TokenCleanupInterval = 15; // frequency in seconds to cleanup stale grants. 15 is useful during debugging }) .AddProfileService <IdentityWithAdditionalClaimsProfileService>(); //services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) // .AddIdentityServerAuthentication(options => // { // options.Authority = Config.HOST_URL + "/"; // options.ApiName = "dataEventRecords"; // options.ApiSecret = "dataEventRecordsSecret"; // options.SupportedTokens = SupportedTokens.Both; // }); //JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); services.AddTransient <IEmailSender, EmailSender>(); //IdentityServerAuthenticationOptions identityServerValidationOptions = new IdentityServerAuthenticationOptions //{ // Authority = Config.HOST_URL + "/", // AllowedScopes = new List<string> { "dataEventRecords" }, // ApiSecret = "dataEventRecordsSecret", // ApiName = "dataEventRecords", // AutomaticAuthenticate = true, // SupportedTokens = SupportedTokens.Both, // // TokenRetriever = _tokenRetriever, // // required if you want to return a 403 and not a 401 for forbidden responses // AutomaticChallenge = true, //}; //app.UseIdentityServerAuthentication(identityServerValidationOptions); services.AddAuthorization(options => { options.AddPolicy("dataEventRecordsAdmin", policyAdmin => { policyAdmin.RequireClaim("role", "dataEventRecords.admin"); }); options.AddPolicy("admin", policyAdmin => { policyAdmin.RequireClaim("role", "admin"); }); options.AddPolicy("dataEventRecordsUser", policyUser => { policyUser.RequireClaim("role", "dataEventRecords.user"); }); options.AddPolicy("dataEventRecords", policyUser => { policyUser.RequireClaim("scope", "dataEventRecords"); }); }); services.AddAuthentication() .AddGoogle(options => { options.ClientId = "708996912208-9m4dkjb5hscn7cjrn5u0r4tbgkbj1fko.apps.googleusercontent.com"; options.ClientSecret = "wdfPY6t8H8cecgjlxud__4Gh"; }); //.AddOpenIdConnect("oidc", "OpenID Connect", options => //{ // options.Authority = "https://demo.identityserver.io/"; // options.ClientId = "implicit"; // options.SaveTokens = true; // options.TokenValidationParameters = new TokenValidationParameters // { // NameClaimType = "name", // RoleClaimType = "role" // }; //}).AddOpenIdConnect("aad", "Login with Azure AD", options => //{ // options.Authority = $"https://login.microsoftonline.com/common"; // options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false }; // options.ClientId = "99eb0b9d-ca40-476e-b5ac-6f4c32bfb530"; // options.CallbackPath = "/signin-oidc"; //}); services.AddSingleton <LocService>(); services.AddLocalization(options => options.ResourcesPath = "Resources"); services.Configure <RequestLocalizationOptions>( options => { var supportedCultures = new List <CultureInfo> { new CultureInfo("ar"), new CultureInfo("en-US"), new CultureInfo("de-CH"), new CultureInfo("fr-CH"), new CultureInfo("it-CH") }; options.DefaultRequestCulture = new RequestCulture(culture: "de-CH", uiCulture: "de-CH"); options.SupportedCultures = supportedCultures; options.SupportedUICultures = supportedCultures; var providerQuery = new LocalizationQueryProvider { QureyParamterName = "ui_locales" }; options.RequestCultureProviders.Insert(0, providerQuery); }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1) .AddViewLocalization() .AddDataAnnotationsLocalization(options => { options.DataAnnotationLocalizerProvider = (type, factory) => { var assemblyName = new AssemblyName(typeof(SharedResource).GetTypeInfo().Assembly.FullName); return(factory.Create("SharedResource", assemblyName.Name)); }; }); }