public static void UseSimpleIdentityServerManager(
this IApplicationBuilder applicationBuilder,
ILoggerFactory loggerFactory,
ManagerOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (options.Introspection == null)
{
throw new ArgumentNullException(nameof(options.Introspection));
}
// 1. Use log.
loggerFactory.AddSerilog();
// 2. Display status code page.
applicationBuilder.UseStatusCodePages();
// 3. Enable CORS
applicationBuilder.UseCors("AllowAll");
// 4. Enable custom exception handler
applicationBuilder.UseSimpleIdentityServerManagerExceptionHandler(new ExceptionHandlerMiddlewareOptions
{
ManagerEventSource = (IManagerEventSource)applicationBuilder.ApplicationServices.GetService(typeof(IManagerEventSource))
});
// 5. Enable introspection.
var introspectionOptions = new Oauth2IntrospectionOptions
{
InstrospectionEndPoint = options.Introspection.IntrospectionUrl,
ClientId = options.Introspection.ClientId,
ClientSecret = options.Introspection.ClientSecret
};
applicationBuilder.UseAuthenticationWithIntrospection(introspectionOptions);
// 6. Launch ASP.NET API
applicationBuilder.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action}/{id?}");
});
}
public static void AddSimpleIdentityServerManager(this IServiceCollection serviceCollection, ManagerOptions managerOptions)
{
if (managerOptions == null)
{
throw new ArgumentNullException(nameof(managerOptions));
}
// 1. Add the dependencies needed to enable CORS
serviceCollection.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()));
// 2. Register all the dependencies.
serviceCollection.AddSimpleIdentityServerCore();
serviceCollection.AddSimpleIdentityServerManagerCore();
// 3. Add authorization policies
serviceCollection.AddAuthorization(options =>
{
options.AddPolicy("manager", policy =>
{
policy.AddAuthenticationSchemes("UserInfoIntrospection", "OAuth2Introspection");
policy.RequireAssertion(p =>
{
if (p.User == null || p.User.Identity == null || !p.User.Identity.IsAuthenticated)
{
return(false);
}
var claimRole = p.User.Claims.FirstOrDefault(c => c.Type == "role");
var claimScope = p.User.Claims.FirstOrDefault(c => c.Type == "scope");
if (claimRole == null && claimScope == null)
{
return(false);
}
return(claimRole != null && claimRole.Value == "administrator" || claimScope != null && claimScope.Value == "manager");
});
});
});
// 5. Add JWT parsers.
serviceCollection.AddSimpleIdentityServerJwt();
// 6. Add the dependencies needed to run MVC
serviceCollection.AddTechnicalLogging();
serviceCollection.AddManagerLogging();
serviceCollection.AddOAuthLogging();
serviceCollection.AddOpenidLogging();
// TH : REMOVE THIS SERVICE LATER...
serviceCollection.AddTransient <IPasswordService, DefaultPasswordService>();
}
public static void AddSimpleIdentityServerManager(
this IServiceCollection serviceCollection,
ManagerOptions managerOptions)
{
if (managerOptions == null)
{
throw new ArgumentNullException(nameof(managerOptions));
}
if (managerOptions.Logging == null)
{
throw new ArgumentNullException(nameof(managerOptions.Logging));
}
if (managerOptions.PasswordService == null)
{
serviceCollection.AddTransient <IPasswordService, DefaultPasswordService>();
}
else
{
serviceCollection.AddSingleton(managerOptions.PasswordService);
}
if (managerOptions.AuthenticateResourceOwnerService == null)
{
serviceCollection.AddTransient <IAuthenticateResourceOwnerService, DefaultAuthenticateResourceOwerService>();
}
else
{
serviceCollection.AddSingleton(managerOptions.AuthenticateResourceOwnerService);
}
// 1. Add the dependencies needed to enable CORS
serviceCollection.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()));
// 2. Register all the dependencies.
serviceCollection.AddSimpleIdentityServerCore();
serviceCollection.AddSimpleIdentityServerManagerCore();
serviceCollection.AddConfigurationClient();
serviceCollection.AddIdServerClient();
// 3. Register the dependencies to run the authentication.
serviceCollection.AddAuthentication();
// 4. Add authorization policies
serviceCollection.AddAuthorization(options =>
{
options.AddPolicy("manager", policy => policy.RequireClaim("scope", "openid_manager"));
});
// 5. Add JWT parsers.
serviceCollection.AddSimpleIdentityServerJwt();
// 6. Add the dependencies needed to run MVC
serviceCollection.AddMvc();
// 7. Configure Serilog
Func <LogEvent, bool> serilogFilter = (e) =>
{
var ctx = e.Properties["SourceContext"];
var contextValue = ctx.ToString()
.TrimStart('"')
.TrimEnd('"');
return(contextValue.StartsWith("SimpleIdentityServer") ||
e.Level == LogEventLevel.Error ||
e.Level == LogEventLevel.Fatal);
};
var logger = new LoggerConfiguration()
.MinimumLevel.Information()
.Enrich.FromLogContext()
.WriteTo.ColoredConsole();
if (managerOptions.Logging.FileLogOptions != null &&
managerOptions.Logging.FileLogOptions.IsEnabled)
{
logger.WriteTo.RollingFile(managerOptions.Logging.FileLogOptions.PathFormat);
}
if (managerOptions.Logging.ElasticsearchOptions != null &&
managerOptions.Logging.ElasticsearchOptions.IsEnabled)
{
logger.WriteTo.Elasticsearch(new ElasticsearchSinkOptions(new Uri(managerOptions.Logging.ElasticsearchOptions.Url))
{
AutoRegisterTemplate = true,
IndexFormat = "manager-{0:yyyy.MM.dd}",
TemplateName = "manager-events-template"
});
}
var log = logger.Filter.ByIncludingOnly(serilogFilter)
.CreateLogger();
Log.Logger = log;
serviceCollection.AddLogging();
serviceCollection.AddTransient <IManagerEventSource, ManagerEventSource>();
serviceCollection.AddTransient <ISimpleIdentityServerEventSource, SimpleIdentityServerEventSource>();
}