public void ConfigureServices(IServiceCollection services)
{
var connectionString = configuration.GetConnectionString("CatalogueUsers");
var cookieExpiration = configuration.GetSection("cookieExpiration").Get <CookieExpirationSettings>();
cookieExpiration.ConsentExpiration = configuration.GetValue <TimeSpan>(Cookies.BuyingCatalogueConsentExpiration);
var clients = configuration.GetSection("clients").Get <ClientSettingCollection>();
var apiResources = configuration.GetSection("resources").Get <ApiResourceSettingCollection>();
var disabledErrorMessage = configuration.GetSection("disabledErrorMessage").Get <DisabledErrorMessageSettings>();
var identityResources = configuration.GetSection("identityResources").Get <IdentityResourceSettingCollection>();
var passwordResetSettings = configuration.GetSection("passwordReset").Get <PasswordResetSettings>();
var dataProtectionAppName = configuration.GetValue <string>("dataProtection:applicationName");
var allowInvalidCertificate = configuration.GetValue <bool>("AllowInvalidCertificate");
var certificateSettings = configuration.GetSection("certificateSettings").Get <CertificateSettings>();
var certificate = new Certificate(certificateSettings, Log.Logger);
var smtpSettings = configuration.GetSection("SmtpServer").Get <SmtpSettings>();
smtpSettings.AllowInvalidCertificate ??= allowInvalidCertificate;
var registrationSettings = configuration.GetSection("Registration").Get <RegistrationSettings>();
var issuerUrl = configuration.GetValue <string>("issuerUrl");
var issuerSettings = new IssuerSettings {
IssuerUrl = new Uri(issuerUrl)
};
var publicBrowseSettings = configuration.GetSection("publicBrowse").Get <PublicBrowseSettings>();
Log.Logger.Information("Clients: {@clients}", clients);
Log.Logger.Information("Api Resources: {@resources}", apiResources);
Log.Logger.Information("Identity Resources: {@identityResources}", identityResources);
Log.Logger.Information("Issuer Url on IdentityAPI is: {@issuerUrl}", issuerUrl);
Log.Logger.Information("Certificate Settings on IdentityAPI is: {@settings}", certificateSettings);
Log.Logger.Information("Data protection app name is: {dataProtectionAppName}", dataProtectionAppName);
Log.Logger.Information("Public Browse settings: {@publicBrowseSettings}", publicBrowseSettings);
services.AddEmailClient(smtpSettings);
services.AddSingleton(passwordResetSettings);
services.AddSingleton(cookieExpiration);
services.AddSingleton(disabledErrorMessage);
services.AddSingleton(registrationSettings);
services.AddSingleton(issuerSettings);
services.AddSingleton <IScopeRepository>(new ScopeRepository(apiResources, identityResources));
services.AddSingleton(publicBrowseSettings);
services.AddTransient <IUsersRepository, UsersRepository>();
services.AddTransient <IOrganisationRepository, OrganisationRepository>();
services
.AddTransient <IRegistrationService, RegistrationService>()
.AddTransient <ICreateBuyerService, CreateBuyerService>()
.AddScoped <IAgreementConsentService, AgreementConsentService>()
.AddScoped <ILoginService, LoginService>()
.AddScoped <ILogoutService, LogoutService>()
.AddScoped <IPasswordService, PasswordService>()
.AddScoped <IPasswordResetCallback, PasswordResetCallback>();
services.AddTransient <IApplicationUserValidator, ApplicationUserValidator>();
services.AddDbContext <ApplicationDbContext>(options =>
options.UseSqlServer(connectionString));
services.AddIdentity <ApplicationUser, IdentityRole>(
options =>
{
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireDigit = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
options.Password.RequiredLength = 10;
})
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddTokenProvider <DataProtectorTokenProvider <ApplicationUser> >(TokenOptions.DefaultProvider)
.AddPasswordValidator <PasswordValidator>();
services.AddIdentityServer(options =>
{
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true;
options.Events.RaiseSuccessEvents = true;
options.IssuerUri = issuerUrl;
options.UserInteraction.ErrorUrl = "/Error";
options.UserInteraction.ErrorIdParameter = "errorId";
})
.AddInMemoryIdentityResources(identityResources.Select(s => s.ToIdentityResource()))
.AddInMemoryApiResources(apiResources.Select(s => s.ToResource()))
.AddInMemoryClients(clients.Select(s => s.ToClient()))
.AddAspNetIdentity <ApplicationUser>()
.AddProfileService <ProfileService>()
.AddCustomSigningCredential(certificate, Log.Logger);
services.AddTransient <IUserConsentStore, CatalogueAgreementConsentStore>();
services.ConfigureApplicationCookie(options =>
{
options.ExpireTimeSpan = cookieExpiration.ExpireTimeSpan;
options.SlidingExpiration = cookieExpiration.SlidingExpiration;
});
services.AddHealthChecks(connectionString)
.AddSmtpHealthCheck(smtpSettings);
services.AddSwaggerDocumentation();
services.AddAuthentication()
.AddIdentityServerAuthentication(options =>
{
options.Authority = issuerUrl;
options.ApiName = "Organisation";
options.RequireHttpsMetadata = false;
if (allowInvalidCertificate)
{
options.JwtBackChannelHandler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
};
}
});
services.AddAuthorization(options =>
{
options.AddPolicy(PolicyName.CanAccessOrganisationUsers, policyBuilder =>
{
policyBuilder.RequireClaim(ApplicationClaimTypes.Organisation);
policyBuilder.RequireClaim(ApplicationClaimTypes.Account);
});
options.AddPolicy(PolicyName.CanManageOrganisationUsers, policyBuilder =>
{
policyBuilder.RequireClaim(ApplicationClaimTypes.Organisation, ApplicationPermissions.Manage);
policyBuilder.RequireClaim(ApplicationClaimTypes.Account, ApplicationPermissions.Manage);
});
});
services.AddControllers()
.AddJsonOptions(options => options.JsonSerializerOptions.IgnoreNullValues = true);
services.AddControllersWithViews();
services.AddDataProtection(dataProtectionAppName, certificate);
if (environment.IsDevelopment())
{
services.AddDatabaseDeveloperPageExceptionFilter();
}
}
public PasswordResetCallback(IHttpContextAccessor accessor, LinkGenerator generator, IssuerSettings issuerSettings)
{
this.accessor = accessor ?? throw new ArgumentNullException(nameof(accessor));
this.generator = generator ?? throw new ArgumentNullException(nameof(generator));
this.issuerSettings = issuerSettings ?? throw new ArgumentNullException(nameof(issuerSettings));
}
