public void ConfigureServices(IServiceCollection services)
{
services
.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(IdentityConfig.GetApiResources())
.AddInMemoryClients(IdentityConfig.GetClients())
.AddTestUsers(IdentityConfig.GetUsers());
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddTemporarySigningCredential()
.AddTestUsers(IdentityConfig.GetTestUsers())
.AddInMemoryApiResources(IdentityConfig.GetApiResources())
.AddInMemoryIdentityResources(IdentityConfig.GetIdentityResources())
.AddInMemoryClients(IdentityConfig.GetClients());
services.AddMvc();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.AddSingleton <IConfiguration>(Configuration);
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddAzureAd(Configuration.GetSection("IdentityProvider:AzureAd").Get <AzureAdConfig>())
.AddAzureAdB2C(Configuration.GetSection("IdentityProvider:AzureAdB2C").Get <AzureAdB2CConfig>())
.AddCookie(options =>
{
options.Events.OnRedirectToLogin = context =>
{
context.Response.Headers["Location"] = context.RedirectUri;
context.Response.StatusCode = 401;
return(Task.CompletedTask);
};
});
// Identity Server
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
.AddInMemoryIdentityResources(IdentityConfig.GetIdentityResources())
.AddInMemoryApiResources(IdentityConfig.GetApiResources(Configuration))
.AddInMemoryClients(IdentityConfig.GetClients(Configuration))
.AddProfileService <IdentityWithAdditionalClaimsProfileService>();
services.AddDistributedMemoryCache();
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromHours(1);
options.Cookie.HttpOnly = true;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1)
.AddSessionStateTempDataProvider();;
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMultiTenancy <TenantResolutionFromTokenValidationLibrary>();
services.AddEarlyLogging(out var earlyLogger);
earlyLogger.LogInformation("starting to configure services...");
services.AddCors(options => options.AddPolicy("mycustomcorspolicy", b => b.WithOrigins("http://meinetollewebsite.de").AllowAnyMethod().AllowAnyHeader()));
services.AddMvc();
services.AddSingleton <IConfigureOptions <CookieAuthenticationOptions>, ConfigureCookieOptions>();
services.AddIdentityServer()
.AddSigningCredentialFromKeyVault(config, earlyLogger)
.AddInMemoryIdentityResources(IdentityConfig.GetIdentityResources())
.AddInMemoryApiResources(IdentityConfig.GetApis())
.AddInMemoryApiScopes(IdentityConfig.GetScopes())
.AddInMemoryClients(IdentityConfig.GetClients())
.AddTestUsers(IdentityConfig.GetTestUsers())
;
services.AddScoped <DisposeTest>();
services.AddAuthentication();
services.AddAuthorization(o =>
{
o.AddPolicy("default", b =>
{
b.RequireAuthenticatedUser();
b.RequireClaim(JwtClaimTypes.Subject);//windows authenticated but no authenticated cookie (logged out) shouldbe treated as unauthenticated.
});
});
services.AddTransient <RequestFromOnPremise>();
services.AddTransientDecorator <ICorsPolicyProvider, CorsPolicyProvider>();
services.AddTransientDecorator <IAuthorizeRequestValidator, ExtendedAuthorizeRequestValidator>();
services.AddSingleton <IResolvedTenant>(new ResolvedTenant("default"));
earlyLogger.LogInformation("done configuring general services :)");
}
/// <summary>
/// Configures the services.
/// </summary>
/// <param name="services">The services.</param>
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext <IdentityDbContext>(o =>
{
o.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"),
sqlOptions => sqlOptions.EnableRetryOnFailure(50, TimeSpan.FromSeconds(30), null));
});
services.AddScoped <DbContext, IdentityDbContext>();
services.AddScoped <IIdentityUserService, IdentityUserService>();
services.AddScoped <IIdentityUserRepository, IdentityUserRepository>();
// configures the OpenIdConnect handlers to persist the state parameter into the server-side IDistributedCache.
services.AddOidcStateDataFormatterCache();
services.AddControllersWithViews();
IIdentityServerBuilder builder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents =
true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.PublicOrigin = Config.Self.PublicOrigin;
if (Environment.IsDevelopment())
{
options.IssuerUri = Config.Self.IssuerUri;
}
});
builder.AddInMemoryIdentityResources(IdentityConfig.GetIdentityResources());
builder.AddInMemoryApiResources(IdentityConfig.Apis);
builder.AddInMemoryClients(IdentityConfig.Clients(Config));
builder.Services.AddTransient <IProfileService, ProfileService>();
services.AddSingleton(Config);
// sets the authentication schema.
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityServerConstants.DefaultCookieAuthenticationScheme;
options.DefaultSignInScheme = IdentityServerConstants.DefaultCookieAuthenticationScheme;
options.DefaultChallengeScheme = IdentityServerConstants.DefaultCookieAuthenticationScheme;
})
// Adds Fontys Single Sign On authentication.
.AddOpenIdConnect("FHICT", "Fontys", options =>
{
options.ClientId = Config.FfhictOIDC.ClientId;
options.ClientSecret = Config.FfhictOIDC.ClientSecret;
options.Authority = Config.FfhictOIDC.Authority;
options.ResponseType = "code";
options.Scope.Clear();
string[] scopes = Config.FfhictOIDC.Scopes.Split(" ");
foreach (string scope in scopes)
{
options.Scope.Add(scope);
}
// Set this flow to get the refresh token.
// options.Scope.Add("offline_access");
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
// This sets the redirect uri, this is needed because the blackbox implementation does not implement fontys SSO.
options.Events.OnRedirectToIdentityProvider = async n =>
{
n.ProtocolMessage.RedirectUri = Config.FfhictOIDC.RedirectUri;
await Task.FromResult(0);
};
}
// Add jwt validation this is so that the DGS can authenticate.
).AddJwtBearer(o =>
{
o.SaveToken = true;
o.Authority = Config.Self.JwtAuthority;
o.RequireHttpsMetadata = false;
o.TokenValidationParameters = new TokenValidationParameters()
{
ValidateActor = false,
ValidateAudience = false,
NameClaimType = "name",
RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
};
})
.AddCookie();
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(
X509FindType.FindByIssuerName,
"Let's Encrypt Authority X3",
false
);
if (certCollection.Count > 0)
{
X509Certificate2 certificate = certCollection[0];
builder.AddSigningCredential(certificate);
}
}
// TODO tighten cors
services.AddCors(options =>
{
options.AddPolicy("dex-api",
policy =>
{
policy.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
}
public IdentityServerParameters(IOptions <IdentityConfig> configuration)
{
this.Configuration = configuration.Value;
}
