/// <summary>
/// Configure Services
/// </summary>
/// <param name="services"></param>
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext <DemoDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")))
.AddDbContext <DemoDbContext>(o => o.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddMvc(opt =>
{
opt.Filters.Add(typeof(ValidatorActionFilter));
});
// For Cross-orgin
services.AddCors(o => o.AddPolicy("MyPolicy", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
//.WithOrigins("http://example.com");
}));
//Swagger Configuration and Add Swagger generation Document
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "Demo API V1.0", Version = "v1"
});
// Set the comments path for the Swagger JSON and UI.
var basePath = PlatformServices.Default.Application.ApplicationBasePath;
var xmlPath = Path.Combine(basePath, "Demo.API.xml");
c.IncludeXmlComments(xmlPath);
});
services.AddMvc();
// Config IOC
IOCConfig.Register(services);
}
/// <summary>
/// Configure Services
/// </summary>
/// <param name="services"></param>
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure <BearerTokensOptions>(options => Configuration.GetSection("BearerTokens").Bind(options));
services.Configure <ApiSettings>(options => Configuration.GetSection("ApiSettings").Bind(options));
services.AddDbContext <DemoDbContext>(options =>
{
options.UseSqlServer(
Configuration.GetConnectionString("DefaultConnection"),
serverDbContextOptionsBuilder =>
{
var minutes = (int)TimeSpan.FromMinutes(3).TotalSeconds;
serverDbContextOptionsBuilder.CommandTimeout(minutes);
serverDbContextOptionsBuilder.EnableRetryOnFailure();
});
});
//services.AddDbContext<DemoDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")))
// .AddDbContext<DemoDbContext>(o => o.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
//services.AddIdentity<User, Role>()
// .AddEntityFrameworkStores<DemoDbContext>()
// .AddDefaultTokenProviders();
services.AddMvc(opt =>
{
opt.Filters.Add(typeof(ValidatorActionFilter));
opt.Filters.Add(typeof(CustomExceptionFilter));
});
//Swagger Configuration and Add Swagger generation Document
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "Demo API V1.0", Version = "v1"
});
// Add jwt token in heaer.
c.AddSecurityDefinition("Bearer", new ApiKeyScheme {
In = "header", Description = "Please enter JWT with Bearer into field", Name = "Authorization", Type = "apiKey"
});
c.AddSecurityRequirement(new Dictionary <string, IEnumerable <string> > {
{ "Bearer", Enumerable.Empty <string>() }
});
// Set the comments path for the Swagger JSON and UI.
var basePath = PlatformServices.Default.Application.ApplicationBasePath;
var xmlPath = Path.Combine(basePath, "Demo.API.xml");
c.IncludeXmlComments(xmlPath);
});
services.AddMvcCore(options =>
{
//options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
}).AddAuthorization(options =>
{
options.AddPolicy(CustomRoles.Admin.ConvertToString(), policy => policy.RequireRole(CustomRoles.Admin.ConvertToString()));
options.AddPolicy(CustomRoles.User.ConvertToString(), policy => policy.RequireRole(CustomRoles.User.ConvertToString()));
options.AddPolicy(CustomRoles.Editor.ConvertToString(), policy => policy.RequireRole(CustomRoles.Editor.ConvertToString()));
});
//.AddJsonFormatters(options => options.ContractResolver = new CamelCasePropertyNamesContractResolver()); ;
// Needed for jwt auth.
services
.AddAuthentication(options =>
{
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddJwtBearer(cfg =>
{
cfg.RequireHttpsMetadata = false;
cfg.SaveToken = true;
cfg.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = Configuration["BearerTokens:Issuer"], // site that makes the token
ValidateIssuer = false, // TODO: change this to avoid forwarding attacks
ValidAudience = Configuration["BearerTokens:Audience"], // site that consumes the token
ValidateAudience = false, // TODO: change this to avoid forwarding attacks
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["BearerTokens:Key"])),
ValidateIssuerSigningKey = true, // verify signature to avoid tampering
ValidateLifetime = true, // validate the expiration
ClockSkew = TimeSpan.Zero // tolerance for the expiration date
};
cfg.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
var logger = context.HttpContext.RequestServices.GetRequiredService <ILoggerFactory>().CreateLogger(nameof(JwtBearerEvents));
logger.LogError("Authentication failed.", context.Exception);
return(Task.CompletedTask);
},
OnTokenValidated = context =>
{
var tokenValidatorService = context.HttpContext.RequestServices.GetRequiredService <ITokenValidatorService>();
return(tokenValidatorService.ValidateAsync(context));
},
OnMessageReceived = context =>
{
return(Task.CompletedTask);
},
OnChallenge = context =>
{
var logger = context.HttpContext.RequestServices.GetRequiredService <ILoggerFactory>().CreateLogger(nameof(JwtBearerEvents));
logger.LogError("OnChallenge error", context.Error, context.ErrorDescription);
return(Task.CompletedTask);
}
};
});
services.AddDataProtection()
.UseCryptographicAlgorithms(
new AuthenticatedEncryptorConfiguration()
{
EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,
ValidationAlgorithm = ValidationAlgorithm.HMACSHA256
})
.SetDefaultKeyLifetime(TimeSpan.FromDays(7));
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder
.WithOrigins("http://localhost:4200") //Note: The URL must be specified without a trailing slash (/).
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
//services.AddAntiforgery(x =>
//{
// x.HeaderName = "X-XSRF-TOKEN";
// x.SuppressXFrameOptionsHeader = false;
//});
// Config IOC
IOCConfig.Register(services);
}
