public static void UseConfigurationService(this IApplicationBuilder app, Oauth2IntrospectionOptions options)
{
// Display status code page
app.UseStatusCodePages();
// Enable CORS
app.UseCors("AllowAll");
// Enable custom exception handler
app.UseSimpleIdentityServerManagerExceptionHandler(new ExceptionHandlerMiddlewareOptions
{
ConfigurationEventSource = app.ApplicationServices.GetService <ConfigurationEventSource>()
});
// Enable authentication
app.UseAuthenticationWithIntrospection(options);
// Launch ASP.NET MVC
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action}/{id?}");
});
}
public async Task When_No_Client_Secret_Is_Passed_Then_Not_Authorized_Is_Returned()
{
// ARRANGE
var introspectionResponse = new IntrospectionResponse
{
Active = true,
Scope = new List <string> {
"GetMethod"
}
};
var options = new Oauth2IntrospectionOptions
{
InstrospectionEndPoint = "http://localhost:5000/introspect",
ClientId = "client_id"
};
var createServer = CreateServer(options);
var client = createServer.CreateClient();
var httpRequestMessage = new HttpRequestMessage();
httpRequestMessage.Headers.Add("Authorization", "Bearer accessToken");
httpRequestMessage.Method = HttpMethod.Get;
httpRequestMessage.RequestUri = new Uri("http://localhost/protectedoperation");
// ACT
var result = await client.SendAsync(httpRequestMessage).ConfigureAwait(false);
// ASSERT
Assert.NotNull(result);
Assert.True(result.StatusCode == HttpStatusCode.Unauthorized);
}
private static TestServer CreateServer(Oauth2IntrospectionOptions options)
{
var builder = new WebHostBuilder()
.ConfigureServices((services) =>
{
InitializeServices(services, options);
})
.UseStartup(typeof(FakeStartup));
return(new TestServer(builder));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
var introspectionUrl = Configuration["OpenId:IntrospectEndPoint"];
var clientId = Configuration["OpenId:ClientId"];
var clientSecret = Configuration["OpenId:ClientSecret"];
var isDataMigrated = Configuration["DATA_MIGRATED"] == null ? false : bool.Parse(Configuration["DATA_MIGRATED"]);
loggerFactory.AddSerilog();
// 1. Display status code page
app.UseStatusCodePages();
// 2. Enable OAUTH authentication
var introspectionOptions = new Oauth2IntrospectionOptions
{
InstrospectionEndPoint = introspectionUrl,
ClientId = clientId,
ClientSecret = clientSecret
};
app.UseAuthenticationWithIntrospection(introspectionOptions);
// 3. Insert seed data
if (isDataMigrated)
{
using (var serviceScope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var simpleIdServerUmaContext = serviceScope.ServiceProvider.GetService <SimpleIdServerUmaContext>();
simpleIdServerUmaContext.Database.EnsureCreated();
simpleIdServerUmaContext.EnsureSeedData();
}
}
// 4. Enable CORS
app.UseCors("AllowAll");
// 5. Display exception
app.UseUmaExceptionHandler(new ExceptionHandlerMiddlewareOptions
{
UmaEventSource = app.ApplicationServices.GetService <IUmaServerEventSource>()
});
// 6. Launch ASP.NET MVC
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action}/{id?}");
});
}
public static void UseSimpleIdentityServerManager(
this IApplicationBuilder applicationBuilder,
ILoggerFactory loggerFactory,
ManagerOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (options.Introspection == null)
{
throw new ArgumentNullException(nameof(options.Introspection));
}
// 1. Use log.
loggerFactory.AddSerilog();
// 2. Display status code page.
applicationBuilder.UseStatusCodePages();
// 3. Enable CORS
applicationBuilder.UseCors("AllowAll");
// 4. Enable custom exception handler
applicationBuilder.UseSimpleIdentityServerManagerExceptionHandler(new ExceptionHandlerMiddlewareOptions
{
ManagerEventSource = (IManagerEventSource)applicationBuilder.ApplicationServices.GetService(typeof(IManagerEventSource))
});
// 5. Enable introspection.
var introspectionOptions = new Oauth2IntrospectionOptions
{
InstrospectionEndPoint = options.Introspection.IntrospectionUrl,
ClientId = options.Introspection.ClientId,
ClientSecret = options.Introspection.ClientSecret
};
applicationBuilder.UseAuthenticationWithIntrospection(introspectionOptions);
// 6. Launch ASP.NET API
applicationBuilder.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action}/{id?}");
});
}
public async Task When_Passing_NotWellFormed_TokenIntrospectionEndPoint_Then_Exception_Is_Thrown()
{
// ARRANGE
var introspectionResponse = new IntrospectionResponse
{
Active = true,
Scope = new List <string> {
"GetMethod"
}
};
var json = JsonConvert.SerializeObject(introspectionResponse);
var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(json)
};
var fakeHttpHandler = new FakeHttpMessageHandler(httpResponseMessage);
var options = new Oauth2IntrospectionOptions
{
InstrospectionEndPoint = "invalid_url",
ClientId = "MyBlog",
ClientSecret = "MyBlog",
BackChannelHttpHandler = fakeHttpHandler
};
var createServer = CreateServer(options);
var client = createServer.CreateClient();
var httpRequestMessage = new HttpRequestMessage();
httpRequestMessage.Headers.Add("Authorization", "Bearer accessToken");
httpRequestMessage.Method = HttpMethod.Get;
httpRequestMessage.RequestUri = new Uri("http://localhost/protectedoperation");
// ACT
var result = await client.SendAsync(httpRequestMessage).ConfigureAwait(false);
// ASSERTS
Assert.NotNull(result);
Assert.True(result.StatusCode == HttpStatusCode.Unauthorized);
}
private static void InitializeServices(IServiceCollection services, Oauth2IntrospectionOptions options)
{
services.AddSingleton(options);
}
