public static void AddDataProtectRedisProvider(this IServiceCollection services, string host, string port)
{
var redisConnection = RedisCacheHelper.ConnectToRedisServer(host, port);
services.AddSingleton(options => redisConnection.GetDatabase());
services.AddDataProtection()
.SetApplicationName(SecurityConstant.AQSecurityMasterAppName)
.PersistKeysToStackExchangeRedis(redisConnection, SecurityConstant.AQSecurityMasterKeyRedis)
.SetDefaultKeyLifetime(TimeSpan.FromDays(365 * 10));
}
public static IDataProtectionProvider CreateRedisProvider(IServiceCollection services)
{
var redisConnection = RedisCacheHelper.ConnectToRedisServer(ApiUrlHelper.RedisCacheSrv.Host, ApiUrlHelper.RedisCacheSrv.Port);
services.AddSingleton(options => redisConnection.GetDatabase());
return(new ServiceCollection()
.AddDataProtection()
.SetApplicationName(SecurityConstant.AQSecurityMasterAppName)
.PersistKeysToStackExchangeRedis(redisConnection, SecurityConstant.AQSecurityMasterKeyRedis)
.SetDefaultKeyLifetime(TimeSpan.FromDays(365 * 10))
.Services
.BuildServiceProvider()
.GetRequiredService <IDataProtectionProvider>());
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddOption(Configuration);
services.AddSSOPortalService();
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
//**********Note: Please don't remove this line or move to anywhere*****************
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
//***************Data protection master key***********************
var protectionProvider = Helpers.PersistentProviderHelper.CreateRedisProvider(services);
var redisConnection = RedisCacheHelper.ConnectToRedisServer(ApiUrlHelper.RedisCacheSrv.Host, ApiUrlHelper.RedisCacheSrv.Port);
services.Configure <KeyManagementOptions>(opt =>
{
opt.XmlRepository = new RedisXmlRepository(() => redisConnection.GetDatabase(), SecurityConstant.AQSecurityMasterKeyRedis);
opt.AutoGenerateKeys = true; //*********Master Redis Balancer: must stast first before run other project**********
});
services.Configure <SecurityStampValidatorOptions>(options =>
options.ValidationInterval = TimeSpan.FromMinutes(15)
);
//**********Note: Please don't remove this line or move to anywhere*****************
var _provider = DependencyInjectionHelper.GetService <IDataProtectionProvider>();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.Cookie.Name = CookiesAuthenticationDomainConstant.AQSSOPortal; //Aq booking shared cookie,Require same name for all service use with the same account system
options.Cookie.Domain = GetCookieDomain();
options.Cookie.HttpOnly = false;
options.Cookie.IsEssential = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
options.Cookie.SameSite = SameSiteMode.Lax;
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromDays(60);
options.Cookie.Expiration = TimeSpan.FromDays(60);
options.DataProtectionProvider = _provider;
options.TicketDataFormat = new TicketDataFormat(_provider.CreateProtector(SecurityConstant.AQSecurityMasterProtector));
options.Events.OnValidatePrincipal = PrincipalSecurityStampValidator.ValidatePrincipalAsync;
});
services.ConfigureApplicationCookie(options => {
options.Cookie.Name = CookiesAuthenticationDomainConstant.AQSSOPortal; // Aq booking shared cookie , Require same name for all service use with the same account system
options.Cookie.Domain = GetCookieDomain();
options.Cookie.HttpOnly = false;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
options.SlidingExpiration = true;
options.ExpireTimeSpan = TimeSpan.FromDays(60);
options.Cookie.Expiration = TimeSpan.FromDays(60);
options.DataProtectionProvider = _provider;
options.TicketDataFormat = new TicketDataFormat(_provider.CreateProtector(SecurityConstant.AQSecurityMasterProtector));
options.Events.OnValidatePrincipal = PrincipalSecurityStampValidator.ValidatePrincipalAsync;
});
services.AddDistributedRedisCache(option =>
{
option.Configuration = $"{ApiUrlHelper.RedisCacheSrv.Host}:{ApiUrlHelper.RedisCacheSrv.Port}";
option.InstanceName = ApiUrlHelper.RedisCacheSrv.InstanceName;
});
services.AddSession(option =>
{
option.Cookie.SameSite = SameSiteMode.Lax;
option.IdleTimeout = TimeSpan.FromMinutes(20);
option.Cookie.Name = $"{CookiesAuthenticationDomainConstant.AQSSOPortal}_PK";
option.Cookie.IsEssential = true;
});
services.AddHttpContextAccessor();
services.AddPortalIdentityWebService(Configuration, ApiUrlHelper.IdentityApiUrl);
}
