/// <summary>
/// Adds the default secret validators.
/// </summary>
/// <param name="builder">The builder.</param>
/// <returns></returns>
public static IIdentityServerBuilder AddDefaultSecretValidators(this IIdentityServerBuilder builder)
{
builder.Services.AddTransient <ISecretValidator, HashedSharedSecretValidator>();
return(builder);
}
/// <summary>
/// Adds a CORS policy service.
/// </summary>
/// <typeparam name="T">The type of the concrete scope store class that is registered in DI.</typeparam>
/// <param name="builder">The builder.</param>
/// <returns></returns>
public static IIdentityServerBuilder AddCorsPolicyService <T>(this IIdentityServerBuilder builder)
where T : class, ICorsPolicyService
{
builder.Services.AddTransient <ICorsPolicyService, T>();
return(builder);
}
/// <summary>
/// Configure API & Resources
/// Note: Api's have also to be configured for clients as part of allowed scope for a given clientID
/// </summary>
/// <param name="builder"></param>
/// <returns></returns>
public static IIdentityServerBuilder AddIdentityApiResources(this IIdentityServerBuilder builder)
{
builder.Services.AddTransient <IResourceStore, CustomResourceStore>();
return(builder);
}
/// <summary>
/// Configure Grants
/// </summary>
/// <param name="builder">The builder.</param>
/// <returns></returns>
public static IIdentityServerBuilder AddPersistedGrants(this IIdentityServerBuilder builder)
{
builder.Services.TryAddSingleton <IPersistedGrantStore, CustomPersistedGrantStore>();
return(builder);
}
/// <summary>
/// Configure ClientId / Secrets
/// </summary>
/// <param name="builder"></param>
/// <param name="configurationOption"></param>
/// <returns></returns>
public static IIdentityServerBuilder AddClients(this IIdentityServerBuilder builder)
{
builder.Services.AddTransient <IClientStore, CustomClientStore>();
builder.Services.AddTransient <ICorsPolicyService, InMemoryCorsPolicyService>();
return(builder);
}
/// <summary>
/// Adds mongodb implementation for the "Asp Net Core Identity" part (saving user and roles)
/// </summary>
/// <remarks><![CDATA[
/// Contains implemenations for
/// - IUserStore<T>
/// - IRoleStore<T>
/// ]]></remarks>
public static IIdentityServerBuilder AddMongoDbForAspIdentity <TIdentity, TRole>(this IIdentityServerBuilder builder, IConfigurationRoot configurationRoot) where
TIdentity : IdentityUser where TRole : IdentityRole
{
//User Mongodb for Asp.net identity in order to get users stored
var configurationOptions = configurationRoot.Get <ConfigurationOptions>();
var client = new MongoClient(configurationOptions.MongoConnection);
var database = client.GetDatabase(configurationOptions.MongoDatabaseName);
// Configure Asp Net Core Identity / Role to use MongoDB
builder.Services.AddSingleton <IUserStore <TIdentity> >(x =>
{
var usersCollection = database.GetCollection <TIdentity>("Identity_Users");
IndexChecks.EnsureUniqueIndexOnNormalizedEmail(usersCollection);
IndexChecks.EnsureUniqueIndexOnNormalizedUserName(usersCollection);
return(new UserStore <TIdentity>(usersCollection));
});
builder.Services.AddSingleton <IRoleStore <TRole> >(x =>
{
var rolesCollection = database.GetCollection <TRole>("Identity_Roles");
IndexChecks.EnsureUniqueIndexOnNormalizedRoleName(rolesCollection);
return(new RoleStore <TRole>(rolesCollection));
});
builder.Services.AddIdentity <TIdentity, TRole>();
return(builder);
}
/// <summary>
/// Adds mongo repository (mongodb) for IdentityServer
/// </summary>
/// <param name="builder"></param>
/// <returns></returns>
public static IIdentityServerBuilder AddMongoRepository(this IIdentityServerBuilder builder)
{
builder.Services.AddTransient <IRepository, MongoRepository>();
return(builder);
}
/// <summary>
/// Add custom signing certificate from certification store according thumbprint or from file
/// </summary>
/// <param name="builder"></param>
/// <param name="configuration"></param>
/// <returns></returns>
public static IIdentityServerBuilder AddCustomSigningCredential(this IIdentityServerBuilder builder, IConfiguration configuration)
{
var certificateConfiguration = configuration.GetSection(nameof(CertificateConfiguration)).Get <CertificateConfiguration>();
var azureKeyVaultConfiguration = configuration.GetSection(nameof(AzureKeyVaultConfiguration)).Get <AzureKeyVaultConfiguration>();
if (certificateConfiguration.UseSigningCertificateThumbprint)
{
if (string.IsNullOrWhiteSpace(certificateConfiguration.SigningCertificateThumbprint))
{
throw new Exception(SigningCertificateThumbprintNotFound);
}
StoreLocation storeLocation = StoreLocation.LocalMachine;
bool validOnly = certificateConfiguration.CertificateValidOnly;
// Parse the Certificate StoreLocation
string certStoreLocationLower = certificateConfiguration.CertificateStoreLocation.ToLower();
if (certStoreLocationLower == StoreLocation.CurrentUser.ToString().ToLower() ||
certificateConfiguration.CertificateStoreLocation == ((int)StoreLocation.CurrentUser).ToString())
{
storeLocation = StoreLocation.CurrentUser;
}
else if (certStoreLocationLower == StoreLocation.LocalMachine.ToString().ToLower() ||
certStoreLocationLower == ((int)StoreLocation.LocalMachine).ToString())
{
storeLocation = StoreLocation.LocalMachine;
}
else
{
storeLocation = StoreLocation.LocalMachine; validOnly = true;
}
// Open Certificate
var certStore = new X509Store(StoreName.My, storeLocation);
certStore.Open(OpenFlags.ReadOnly);
var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, certificateConfiguration.SigningCertificateThumbprint, validOnly);
if (certCollection.Count == 0)
{
throw new Exception(CertificateNotFound);
}
var certificate = certCollection[0];
builder.AddSigningCredential(certificate);
}
else if (certificateConfiguration.UseSigningCertificateForAzureKeyVault)
{
var x509Certificate2Certs = AzureKeyVaultHelpers.GetCertificates(azureKeyVaultConfiguration).GetAwaiter().GetResult();
builder.AddSigningCredential(x509Certificate2Certs.ActiveCertificate);
}
else if (certificateConfiguration.UseSigningCertificatePfxFile)
{
if (string.IsNullOrWhiteSpace(certificateConfiguration.SigningCertificatePfxFilePath))
{
throw new Exception(SigningCertificatePathIsNotSpecified);
}
if (File.Exists(certificateConfiguration.SigningCertificatePfxFilePath))
{
try
{
builder.AddSigningCredential(new X509Certificate2(certificateConfiguration.SigningCertificatePfxFilePath, certificateConfiguration.SigningCertificatePfxFilePassword));
}
catch (Exception e)
{
throw new Exception("There was an error adding the key file - during the creation of the signing key", e);
}
}
else
{
throw new Exception($"Signing key file: {certificateConfiguration.SigningCertificatePfxFilePath} not found");
}
}
else if (certificateConfiguration.UseTemporarySigningKeyForDevelopment)
{
builder.AddDeveloperSigningCredential();
}
else
{
throw new Exception("Signing credential is not specified");
}
return(builder);
}
/// <summary>
/// Adds the keys rotation.
/// </summary>
/// <param name="builder">The builder.</param>
/// <param name="configureRsa">The configure RSA.</param>
/// <returns></returns>
public static IKeyRotationBuilder AddKeysRotation(this IIdentityServerBuilder builder, Action <KeyRotationOptions> configureKeysRotation = null)
{
return(builder.Services.AddKeysRotation(configureKeysRotation));
}
