private static void ConnectToKeyVaultAndSetApplicationInsights(IConfigurationBuilder config)
{
IConfiguration stageOneConfig = config.Build();
KeyVaultSettings keyVaultSettings = new KeyVaultSettings();
stageOneConfig.GetSection("kvSetting").Bind(keyVaultSettings);
if (!string.IsNullOrEmpty(keyVaultSettings.ClientId) &&
!string.IsNullOrEmpty(keyVaultSettings.TenantId) &&
!string.IsNullOrEmpty(keyVaultSettings.ClientSecret) &&
!string.IsNullOrEmpty(keyVaultSettings.SecretUri))
{
_logger.LogInformation("Program // Configure key vault client // App");
string connectionString = $"RunAs=App;AppId={keyVaultSettings.ClientId};" +
$"TenantId={keyVaultSettings.TenantId};" +
$"AppKey={keyVaultSettings.ClientSecret}";
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider(connectionString);
KeyVaultClient keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
config.AddAzureKeyVault(
keyVaultSettings.SecretUri, keyVaultClient, new DefaultKeyVaultSecretManager());
try
{
SecretBundle secretBundle = keyVaultClient
.GetSecretAsync(keyVaultSettings.SecretUri, Startup.VaultApplicationInsightsKey).Result;
Startup.ApplicationInsightsKey = secretBundle.Value;
}
catch (Exception vaultException)
{
_logger.LogError($"Unable to read application insights key {vaultException}");
}
}
}
/// <summary>
/// This method gets called by the runtime. Use this method to add services to the container.
/// </summary>
/// <param name="services"></param>
public void ConfigureServices(IServiceCollection services)
{
ConfigureSession(services);
services.AddMvc();
IKeyVaultSettings keyVaultSettings = new KeyVaultSettings(Configuration.GetSection("KeyVault"));
services.AddSingleton(keyVaultSettings);
services.AddSingleton <IHttpClientService, HttpClientService>();
services.AddSingleton <IServiceProvidersBusinessLogic, ServiceProvidersBusinessLogic>();
ConfigureCosmosDb(services);
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "Access2Justice Integration API", Version = "1.0.0", Description = "Access2Justice APIs for integration with external partners.", TermsOfService = "None"
});
c.TagActionsBy(api => api.GroupName);
c.DescribeAllEnumsAsStrings();
c.OrderActionsBy((apiDesc) => $"{apiDesc.RelativePath}_{apiDesc.HttpMethod}");
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
});
}
/// <summary>
/// Initialize a new instance of <see cref="JwtSigningCertificateProvider"/> with settings for accessing a key vault and file system.
/// </summary>
/// <param name="keyVaultSettings">Settings required to access a certificate stored in a key vault.</param>
/// <param name="certificateSettings">Settings required to access a certificate stored on a file system.</param>
public JwtSigningCertificateProvider(
IOptions <KeyVaultSettings> keyVaultSettings,
IOptions <CertificateSettings> certificateSettings)
{
_keyVaultSettings = keyVaultSettings.Value;
_certificateSettings = certificateSettings.Value;
}
private static IConfiguration BuildAppConfiguration(IConfigurationBuilder builder, WebHostBuilderContext hostingContext)
{
var environment = hostingContext.HostingEnvironment;
IConfiguration configuration = builder.Build();
if (environment.IsDevelopment())
{
builder.AddUserSecrets(Assembly.Load(new AssemblyName(environment.ApplicationName)), optional: true);
}
// TODO : Work out why the instrumentation key below is ignored, the correct instrumentation key seems to be only
// set if it is present in the appsettings.json or is passed to the overloaded extensions method on IWebHostBuilder called UseApplicationInsights.
var applicationInsightsSettings = new ApplicationInsightsSettings();
configuration.BindOrThrow("ApplicationInsights", applicationInsightsSettings);
builder.AddApplicationInsightsSettings(developerMode: environment.IsDevelopment(), instrumentationKey: applicationInsightsSettings.InstrumentationKey);
KeyVaultSettings keyVaultSettings = new KeyVaultSettings();
configuration.BindOrThrow("KeyVaultSettings", keyVaultSettings);
builder.AddAzureKeyVault(
keyVaultSettings.DnsName,
keyVaultSettings.AppUserClientId,
keyVaultSettings.AppUserClientSecret);
return(configuration);
}
public TokenService(IOptionsMonitor <KeyVaultSettings> keyVaultSettings,
IOptionsMonitor <BearerSecurityKey> bearerSecurityKey,
IKeyVaultSecretManager keyVaultSecretManager)
{
_keyVaultSecretManager = keyVaultSecretManager;
_keyVaultSettings = keyVaultSettings.CurrentValue;
_bearerSecurityKey = bearerSecurityKey.CurrentValue;
}
private static async Task LoadSecretSettings(
StorageSettings storageSettings,
AppSettings appSettings,
KeyVaultSettings keyVaultSettings)
{
var store = new SecretsStore(appSettings.KeyVaultBaseUrl, keyVaultSettings.ClientId, keyVaultSettings.ClientSecret);
storageSettings.ConnectionString = await store.GetOrLoadSettingAsync(storageSettings.ConnectionString);
}
public EncryptionService(
KeyVaultClient keyVaultClient,
Link4PaySettings link4PaySettings,
KeyVaultSettings keyVaultSettings
)
{
_keyVaultClient = keyVaultClient;
_accessToken = link4PaySettings.AccessToken;
_clientId = link4PaySettings.ClientId;
}
/// <summary>
/// The default constructor
/// </summary>
/// <param name="options">The options</param>
/// <param name="logger">The logger</param>
/// <param name="encoder">The Url encoder</param>
/// <param name="clock">The system clock</param>
/// <param name="keyVaultSettings">The key vault settings</param>
/// <param name="certSettings">The certification settings</param>
public JwtCookieHandler(
IOptionsMonitor <JwtCookieOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
ISystemClock clock,
IOptions <KeyVaultSettings> keyVaultSettings,
IOptions <CertificateSettings> certSettings)
: base(options, logger, encoder, clock)
{
_keyVaultSettings = keyVaultSettings.Value;
_certificateSettings = certSettings.Value;
}
public static async Task <string> GetAccessToken(
AadAppSettings settings,
KeyVaultSettings vaultSettings = null,
IKeyVaultClient kvClient = null)
{
if (!string.IsNullOrEmpty(settings.ClientCertName))
{
if (kvClient == null)
{
throw new ArgumentNullException(nameof(kvClient));
}
if (vaultSettings == null)
{
throw new ArgumentNullException(nameof(vaultSettings));
}
}
IConfidentialClientApplication app;
if (!string.IsNullOrEmpty(settings.ClientCertName) && vaultSettings != null)
{
var cert = await kvClient.GetCertificateAsync(vaultSettings.VaultUrl, settings.ClientCertName);
var pfx = new X509Certificate2(cert.Cer);
app = ConfidentialClientApplicationBuilder.Create(settings.ClientId)
.WithCertificate(pfx)
.WithAuthority(settings.Authority)
.Build();
}
else
{
throw new ArgumentException("Either client secret or cert must be specified", nameof(settings));
}
try
{
var result = await app.AcquireTokenForClient(settings.Scopes).ExecuteAsync();
return(result.AccessToken);
}
catch (MsalServiceException ex) when(ex.Message.Contains("AADSTS70011"))
{
// Invalid scope. The scope has to be of the form "https://resourceurl/.default"
// Mitigation: change the scope to be as expected
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Scope provided is not supported");
Console.ResetColor();
}
return(null);
}
/// <summary>
/// Initializes a new instance of the <see cref="AccessTokenProvider"/> class.
/// </summary>
/// <param name="keyVaultService">The key vault service.</param>
/// <param name="accessTokenGenerator">The access token generator.</param>
/// <param name="accessTokenSettings">The access token settings.</param>
/// <param name="keyVaultSettings">The key vault settings.</param>
/// <param name="platformSettings">The platform settings.</param>
public AccessTokenProvider(
IKeyVaultService keyVaultService,
IAccessTokenGenerator accessTokenGenerator,
IOptions <AccessTokenSettings> accessTokenSettings,
IOptions <KeyVaultSettings> keyVaultSettings,
IOptions <PlatformSettings> platformSettings)
{
_keyVaultService = keyVaultService;
_accessTokenGenerator = accessTokenGenerator;
_platformSettings = platformSettings.Value;
_accessTokenSettings = accessTokenSettings.Value;
_keyVaultSettings = keyVaultSettings.Value;
}
public void AssertVault_SettingsClassFromConfiguration()
{
KeyVaultConfigurationElement element = KeyVaultConfigurationSection.Instance.Vaults["TestVault"];
KeyVaultSettings settings = new KeyVaultSettings(element);
WhiteStrike.KeyVaultConnector.Model.KeyVaultConfigurationSettings config = settings.kvConfiguration;
Assert.AreEqual(element.Credential, config.ConnectingAccountCredential, "Credential is not consistent after translation to Connector settings");
Assert.AreEqual(element.AuthenticationUrl, config.AuthURL, "AuthenticationUrl is not consistent after translation to Connector settings");
Assert.AreEqual(element.Identity, config.ConnectingAccountIdentity, "Identity is not consistent after translation to Connector settings");
Assert.AreEqual(element.VaultUrl, config.VaultURL, "VaultUrl is not consistent after translation to Connector settings");
Assert.AreEqual(element.SecretPrefix, config.SecretPrefix, "SecretPrefix is not consistent after translation to Connector settings");
Assert.AreEqual(KeyVaultConnector.Authentication.AuthenticationType.Certificate, config.CredentialType, "CredentialType is not consistent after translation to Connector settings");
}
private X509Certificate2 GetTokenCertificate()
{
if (string.IsNullOrEmpty(keyVaultSettings.ClientId) || string.IsNullOrEmpty(keyVaultSettings.ClientSecret))
{
return(new X509Certificate2(certSettings.CertificatePath, certSettings.CertificatePwd));
}
KeyVaultClient client = KeyVaultSettings.GetClient(keyVaultSettings.ClientId, keyVaultSettings.ClientSecret);
CertificateBundle certificate = client.GetCertificateAsync(keyVaultSettings.SecretUri, certSettings.CertificateName).GetAwaiter().GetResult();
SecretBundle secret = client.GetSecretAsync(certificate.SecretIdentifier.Identifier).GetAwaiter().GetResult();
byte[] pfxBytes = Convert.FromBase64String(secret.Value);
return(new X509Certificate2(pfxBytes));
}
public StartupManager(
Server grpcServer,
KeyVaultSettings keyVaultSettings,
IEncryptionService encryptionService,
ICqrsEngine cqrsEngine,
ILogFactory logFactory
)
{
_grpcServer = grpcServer;
_keyVaultSettings = keyVaultSettings;
_encryptionService = encryptionService;
_cqrsEngine = cqrsEngine;
_log = logFactory.CreateLog(this);
}
/// <summary>
/// Initializes a new instance of the <see cref="ValidateSubscriptionService"/> class.
/// </summary>
public ValidateSubscriptionService(
HttpClient httpClient,
IAccessTokenGenerator accessTokenGenerator,
IKeyVaultService keyVaultService,
IOptions <PlatformSettings> eventsConfig,
IOptions <KeyVaultSettings> keyVaultSettings,
ILogger <IPushEventsService> logger)
{
_platformSettings = eventsConfig.Value;
_keyVaultSettings = keyVaultSettings.Value;
httpClient.BaseAddress = new Uri(_platformSettings.ApiEventsEndpoint);
_client = httpClient;
_accessTokenGenerator = accessTokenGenerator;
_keyVaultService = keyVaultService;
_logger = logger;
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, config) =>
{
var kvSettings = new KeyVaultSettings();
config.Build().GetSection("KeyVault").Bind(kvSettings);
if (kvSettings.Enabled)
{
config.AddAzureKeyVault(kvSettings.Uri, kvSettings.ClientId, kvSettings.ClientSecret);
}
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseKestrel(options => options.AddServerHeader = false);
webBuilder.UseStartup <Startup>();
});
private static void ConfigureSettings(HostBuilderContext hostContext, IServiceCollection services)
{
var storageSettings = new StorageSettings();
var appSettings = new AppSettings();
var keyVaultSettings = new KeyVaultSettings();
hostContext.Configuration.GetSection(nameof(StorageSettings)).Bind(storageSettings);
hostContext.Configuration.GetSection(nameof(AppSettings)).Bind(appSettings);
hostContext.Configuration.GetSection(nameof(KeyVaultSettings)).Bind(keyVaultSettings);
LoadSecretSettings(storageSettings, appSettings, keyVaultSettings)
.GetAwaiter()
.GetResult();
services.AddSingleton(storageSettings);
services.AddSingleton(appSettings);
}
private async Task <List <X509Certificate2> > GetAllCertificateVersions(string keyVaultUrl, string certificateName)
{
List <X509Certificate2> certificates = new List <X509Certificate2>();
KeyVaultClient client = KeyVaultSettings.GetClient(_keyVaultSettings.ClientId, _keyVaultSettings.ClientSecret);
// Get the first page of certificates
IPage <CertificateItem> certificateItemsPage = await client.GetCertificateVersionsAsync(keyVaultUrl, certificateName);
while (true)
{
foreach (var certificateItem in certificateItemsPage)
{
// Ignore disabled or expired certificates
if (certificateItem.Attributes.Enabled == true &&
(certificateItem.Attributes.Expires == null ||
certificateItem.Attributes.Expires > DateTime.UtcNow))
{
CertificateBundle certificateVersionBundle =
await client.GetCertificateAsync(certificateItem.Identifier.Identifier);
SecretBundle certificatePrivateKeySecretBundle =
await client.GetSecretAsync(certificateVersionBundle.SecretIdentifier.Identifier);
byte[] privateKeyBytes = Convert.FromBase64String(certificatePrivateKeySecretBundle.Value);
X509Certificate2 certificateWithPrivateKey = new X509Certificate2(privateKeyBytes);
certificates.Add(certificateWithPrivateKey);
}
}
if (certificateItemsPage.NextPageLink == null)
{
break;
}
certificateItemsPage = await client.GetCertificateVersionsNextAsync(certificateItemsPage.NextPageLink);
}
return(certificates);
}
/// <summary>
/// Obtain the <see cref="SigningCredentials"/> to be used when signing a new JSON Web Token.
/// </summary>
/// <param name="keyVaultSettings">Settings that can be used to access a key vault with the signing certificate.</param>
/// <param name="certificateSettings">Settings to identify a certificate stored on the file system.</param>
/// <returns>The <see cref="SigningCredentials"/>.</returns>
public static async Task <SigningCredentials> GetSigningCredentials(KeyVaultSettings keyVaultSettings, CertificateSettings certificateSettings)
{
await Semaphore.WaitAsync();
try
{
if (_signingCredentialsUpdateTime > DateTime.Now && _signingCredentials != null)
{
return(_signingCredentials);
}
X509Certificate2 cert;
if (string.IsNullOrEmpty(keyVaultSettings.ClientId) || string.IsNullOrEmpty(keyVaultSettings.ClientSecret))
{
cert = new X509Certificate2(certificateSettings.CertificatePath, certificateSettings.CertificatePwd);
}
else
{
KeyVaultClient client = KeyVaultSettings.GetClient(keyVaultSettings.ClientId, keyVaultSettings.ClientSecret);
CertificateBundle certificate = await client.GetCertificateAsync(keyVaultSettings.SecretUri, certificateSettings.CertificateName);
SecretBundle secret = await client.GetSecretAsync(certificate.SecretIdentifier.Identifier);
byte[] pfxBytes = Convert.FromBase64String(secret.Value);
cert = new X509Certificate2(pfxBytes);
}
_signingCredentials = new X509SigningCredentials(cert, SecurityAlgorithms.RsaSha256);
// Reuse the same SigningCredentials for 30 minutes
_signingCredentialsUpdateTime = DateTime.Now.AddMinutes(30);
return(_signingCredentials);
}
finally
{
Semaphore.Release();
}
}
/// <inheritdoc />
public async Task <List <X509Certificate2> > GetCertificates()
{
await _semaphore.WaitAsync();
try
{
if (_certificateUpdateTime > DateTime.Now && _certificates != null)
{
return(_certificates);
}
_certificates = new List <X509Certificate2>();
if (string.IsNullOrEmpty(_keyVaultSettings.ClientId) || string.IsNullOrEmpty(_keyVaultSettings.ClientSecret))
{
_certificates.Add(new X509Certificate2(_certificateSettings.CertificatePath, _certificateSettings.CertificatePwd));
}
else
{
KeyVaultClient client = KeyVaultSettings.GetClient(_keyVaultSettings.ClientId, _keyVaultSettings.ClientSecret);
CertificateBundle certificate = await client.GetCertificateAsync(_keyVaultSettings.SecretUri, _certificateSettings.CertificateName);
SecretBundle secret = await client.GetSecretAsync(certificate.SecretIdentifier.Identifier);
byte[] pfxBytes = Convert.FromBase64String(secret.Value);
_certificates.Add(new X509Certificate2(pfxBytes));
}
// Reuse the same list of certificates for 30 minutes.
_certificateUpdateTime = DateTime.Now.AddMinutes(30);
return(_certificates);
}
finally
{
_semaphore.Release();
}
}
public static IWebHostBuilder UseCustomConfiguration(this IWebHostBuilder host)
{
host.ConfigureAppConfiguration((hostingContext, config) =>
{
config
.AddJsonFile("appsettings.json", optional: false)
.AddEnvironmentVariables(ConfigPrefix);
var tmpConfig = config.Build();
var keyVault = new KeyVaultSettings(tmpConfig);
if (keyVault.Enabled)
{
config
.AddAzureKeyVault(
keyVault.Vault,
keyVault.ClientId,
keyVault.ClientSecret,
new KeyVaultManager(ConfigPrefix));
}
});
return(host);
}
/// <summary>
/// Get the correct certificate from the keyvault
/// </summary>
/// <param name="issuer">The org or platform identificator</param>
/// <returns>returns a cert</returns>
private async Task <X509Certificate2> GetSigningCertFromKeyVault(string issuer)
{
string cacheKey = $"cert-access-token-{issuer}";
if (!_memoryCache.TryGetValue(cacheKey, out X509Certificate2 cert))
{
// Key not in cache, set getting the secret from KeyVault
string secretName = $"{issuer}-access-token-public-cert";
KeyVaultClient client = KeyVaultSettings.GetClient(_keyVaultSettings.ClientId, _keyVaultSettings.ClientSecret);
SecretBundle secret = await client.GetSecretAsync(_keyVaultSettings.SecretUri, secretName);
byte[] certBytes = Convert.FromBase64String(secret.Value);
cert = new X509Certificate2(certBytes);
// Set the cache options
MemoryCacheEntryOptions cacheEntryOptions = new MemoryCacheEntryOptions()
.SetPriority(CacheItemPriority.High)
.SetAbsoluteExpiration(new TimeSpan(0, 0, _accessTokenSettings.CacheCertLifetimeInSeconds));
_memoryCache.Set(cacheKey, cert, cacheEntryOptions);
}
return(cert);
}
public static IServiceCollection AddDataProtection(this IServiceCollection services, IConfiguration configuration)
{
var protectionSettings = new DataProtectionSettings(configuration);
if (protectionSettings.Enabled)
{
var protection = services
.AddDataProtection()
.PersistKeysToAzureBlobStorage(protectionSettings.BlobUriWithSas);
var vaultSettings = new KeyVaultSettings(configuration);
if (vaultSettings.Enabled)
{
protection.ProtectKeysWithAzureKeyVault(
protectionSettings.VaultKeyIdentifier,
vaultSettings.ClientId,
vaultSettings.ClientSecret);
}
return(protection.Services);
}
return(services);
}
/// <summary>
/// Initialise a new instance of <see cref="OpenIdController"/> with the given input values.
/// </summary>
/// <param name="generalSettings">The application general settings.</param>
/// <param name="certSettings">The settings section for certificate information.</param>
/// <param name="keyVaultSettings">The settings section for the platform key vault.</param>
public OpenIdController(IOptions <GeneralSettings> generalSettings, IOptions <CertificateSettings> certSettings, IOptions <KeyVaultSettings> keyVaultSettings)
{
this.generalSettings = generalSettings.Value;
this.certSettings = certSettings.Value;
this.keyVaultSettings = keyVaultSettings.Value;
}
private static IKeyVaultSecretClientFactory InitializeSecretClientInstance(IConfiguration configuration, KeyVaultSettings keyVaultSettings)
{
TokenCredential credential = new DefaultAzureCredential();
#if DEBUG
credential = new ClientSecretCredential(keyVaultSettings.AzureTenantId, keyVaultSettings.AzureApplicationClientId, keyVaultSettings.AzureApplicationClientSecret);
#endif
var secretClient = new SecretClient(new Uri(keyVaultSettings.KeyVaultUrl), credential);
return(new KeyVaultSecretClientFactory(secretClient));
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
var cfgBuilder = new ConfigurationBuilder()
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile($"appsettings.json", true, true)
.AddJsonFile($"appsettings.dev.json", true, true)
.AddJsonFile($"local.settings.json", true, true)
.AddEnvironmentVariables();
var configuration = cfgBuilder.Build();
var stravaSettings = new StravaSettings();
configuration.GetSection("strava").Bind(stravaSettings);
var logSettings = new LogSettings();
configuration.GetSection("logging").Bind(logSettings);
var apiSettings = new CotacolApiSettings();
configuration.GetSection("api").Bind(apiSettings);
var kvSettings = new KeyVaultSettings();
configuration.GetSection("keyvault").Bind(kvSettings);
services.AddDbContext <ApplicationDbContext>(options =>
options.UseSqlite(
Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity <CotacolUser>(options =>
{
options.SignIn.RequireConfirmedAccount = false;
options.SignIn.RequireConfirmedEmail = false;
options.SignIn.RequireConfirmedPhoneNumber = false;
})
.AddEntityFrameworkStores <ApplicationDbContext>();
services.AddRazorPages();
services.AddServerSideBlazor().AddHubOptions(config => config.MaximumReceiveMessageSize = 1048576);
if (!string.IsNullOrEmpty(kvSettings?.KeySasBlobUri))
{
services.AddDataProtection()
// .PersistKeysToFileSystem(new DirectoryInfo("/Users/samvanhoutte/Temp/bbb/ee"));
.PersistKeysToAzureBlobStorage(new Uri($"{kvSettings.KeySasBlobUri}"))
.ProtectKeysWithAzureKeyVault(new Uri(kvSettings.KeyKeyvaultUri), new DefaultAzureCredential());
// .PersistKeysToFileSystem(new DirectoryInfo(Configuration["KeyPersistenceLocation"]));
}
// Strava authentication
services.AddAuthentication(options =>
{
//options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
//options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "Strava";
})
.AddCookie()
.AddOAuth("Strava", "Strava",
options =>
{
options.ClientId = stravaSettings.ClientId;
options.ClientSecret = stravaSettings.ClientOauthSecret;
options.CallbackPath = "/stravalogin"; //"/signin-strava";
options.SaveTokens = true; // Save the auth/refresh token for later retrieval
options.SignInScheme = IdentityConstants.ExternalScheme;
options.AuthorizationEndpoint = "https://www.strava.com/oauth/authorize";
options.TokenEndpoint = stravaSettings.AccessTokenUrl;
options.UserInformationEndpoint = "https://www.strava.com/api/v3/athlete";
options.Scope.Clear();
options.Scope.Add(
"read,read_all,activity:read_all,activity:read,activity:write,profile:write");
options.Events = new OAuthEvents
{
OnCreatingTicket = async context =>
{
var request = new HttpRequestMessage(HttpMethod.Get,
context.Options.UserInformationEndpoint);
request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
request.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", context.AccessToken);
var response = await context.Backchannel.SendAsync(request,
HttpCompletionOption.ResponseHeadersRead, context.HttpContext.RequestAborted);
response.EnsureSuccessStatusCode();
var claimsJson = await response.Content.ReadAsStringAsync();
//context.RunClaimActions(user.RootElement);
var userSettings = context.AddClaims(claimsJson);
}
};
options.Validate();
});
services.AddHttpContextAccessor();
// Dependency injection
services
.AddScoped <AuthenticationStateProvider, RevalidatingIdentityAuthenticationStateProvider <CotacolUser>
>();
services.AddDatabaseDeveloperPageExceptionFilter();
services.AddOptions();
services.AddLogging(loggingbuilder =>
{
loggingbuilder.ClearProvidersExceptFunctionProviders();
if (!string.IsNullOrEmpty(logSettings.ApplicationInsightsInstrumentationKey))
{
loggingbuilder.AddSerilog(
CreateLogConfiguration(logSettings.ApplicationInsightsInstrumentationKey));
}
});
services.AddScoped <IUserProfileManager, CotacolProfileManager>();
services.AddSingleton <WeatherForecastService>();
services.AddSingleton <ICotacolClient, CotacolApiClient>();
services.AddSingleton <ICotacolUserClient, CotacolApiUserClient>();
services.AddSingleton <ISecretReader, KeyVaultReader>();
services.AddMatBlazor();
services
.Configure <CotacolApiSettings>(options => configuration.GetSection("api").Bind(options))
.Configure <StravaSettings>(options => configuration.GetSection("strava").Bind(options))
.Configure <KeyVaultSettings>(options => configuration.GetSection("keyvault").Bind(options));
// Inject HttpClient, required by MatBlazor components
if (services.All(x => x.ServiceType != typeof(HttpClient)))
{
services.AddScoped(
s =>
{
var navigationManager = s.GetRequiredService <NavigationManager>();
return(new HttpClient
{
BaseAddress = new Uri(navigationManager.BaseUri)
});
});
}
}
public KeyVaultTaskSettings(KeyVaultSettings keyVaultSettings)
{
ClientId = keyVaultSettings.ClientId;
ClientSecret = keyVaultSettings.Secret;
VaultBaseUrl = keyVaultSettings.BaseUrl;
}
/// <summary>
/// Default constructor
/// </summary>
/// <param name="keyVaultSettings">The keyvault settings</param>
/// <param name="accessTokenSettings">Settings for access token</param>
/// <param name="memoryCache">Memory cache</param>
public SigningKeysResolver(IOptions <KeyVaultSettings> keyVaultSettings, IOptions <AccessTokenSettings> accessTokenSettings, IMemoryCache memoryCache)
{
_accessTokenSettings = accessTokenSettings.Value;
_keyVaultSettings = keyVaultSettings.Value;
_memoryCache = memoryCache;
}
public KeyVaultModule(
IReloadingManager <AppSettings> appSettings)
{
_keyVaultSettings = appSettings.CurrentValue.QuorumTransactionSignerService.KeyVault;
}
public void ConfigureServices(IServiceCollection services)
{
ConfigureSession(services);
services.AddMvc();
ILuisSettings luisSettings = new LuisSettings(Configuration.GetSection("Luis"));
services.AddSingleton(luisSettings);
IBingSettings bingSettings = new BingSettings(Configuration.GetSection("Bing"));
services.AddSingleton(bingSettings);
IShareSettings shareSettings = new ShareSettings(Configuration.GetSection("Share"));
services.AddSingleton(shareSettings);
IKeyVaultSettings keyVaultSettings = new KeyVaultSettings(Configuration.GetSection("KeyVault"));
services.AddSingleton(keyVaultSettings);
IAdminSettings adminSettings = new AdminSettings(Configuration.GetSection("Admin"));
services.AddSingleton(adminSettings);
IOnboardingInfoSettings onboardingInfoSettings = new OnboardingInfoSettings(Configuration.GetSection("EmailService"), Configuration.GetSection("KeyVault"));
services.AddSingleton(onboardingInfoSettings);
IQnAMakerSettings qnAMakerSettings = new QnAMakerSettings(Configuration.GetSection("QnAMaker"));
services.AddSingleton(qnAMakerSettings);
services.AddSingleton <ILuisProxy, LuisProxy>();
services.AddSingleton <ILuisBusinessLogic, LuisBusinessLogic>();
services.AddSingleton <ITopicsResourcesBusinessLogic, TopicsResourcesBusinessLogic>();
services.AddSingleton <IWebSearchBusinessLogic, WebSearchBusinessLogic>();
services.AddSingleton <ICuratedExperienceConvertor, A2JAuthorBusinessLogic>();
services.AddSingleton <ICuratedExperienceBusinessLogic, CuratedExperienceBuisnessLogic>();
services.AddTransient <IHttpClientService, HttpClientService>();
services.AddSingleton <IUserProfileBusinessLogic, UserProfileBusinessLogic>();
services.AddSingleton <IPersonalizedPlanBusinessLogic, PersonalizedPlanBusinessLogic>();
services.AddSingleton <IStaticResourceBusinessLogic, StaticResourceBusinessLogic>();
services.AddSingleton <IShareBusinessLogic, ShareBusinessLogic>();
services.AddSingleton <ICuratedExperienceConvertor, A2JAuthorBusinessLogic>();
services.AddSingleton <IPersonalizedPlanEngine, PersonalizedPlanEngine>();
services.AddSingleton <IA2JAuthorLogicParser, LogicParser>();
services.AddSingleton <IA2JAuthorLogicInterpreter, LogicInterpreter>();
services.AddSingleton <IPersonalizedPlanViewModelMapper, PersonalizedPlanViewModelMapper>();
services.AddSingleton <IUserRoleBusinessLogic, UserRoleBusinessLogic>();
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.AddSingleton <ISessionManager, SessionManager>();
services.AddSingleton <IAdminBusinessLogic, AdminBusinessLogic>();
services.AddSingleton <IStateProvinceBusinessLogic, StateProvinceBusinessLogic>();
services.AddSingleton <IOnboardingInfoBusinessLogic, OnboardingInfoBusinessLogic>();
services.AddSingleton <IQnABotBusinessLogic, QnABotBusinessLogic>();
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddAzureAdBearer(options => Configuration.Bind("AzureAd", options));
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
});
ConfigureCosmosDb(services);
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "Access2Justice API", Version = "1.0.0", Description = "List of all APIs for Access2Justice", TermsOfService = "None"
});
c.TagActionsBy(api => api.GroupName);
c.DescribeAllEnumsAsStrings();
c.OrderActionsBy((apiDesc) => $"{apiDesc.RelativePath}_{apiDesc.HttpMethod}");
c.OperationFilter <FileUploadOperation>(); //Register File Upload Operation Filter
c.OperationFilter <FileUploadOperationResource>();
c.CustomSchemaIds(x => x.FullName);
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
});
}
public static KeyVaultTaskSettings Set(this KeyVaultTaskSettings keyVaultTaskSettings, KeyVaultSettings settings)
{
keyVaultTaskSettings = keyVaultTaskSettings.NewInstance();
keyVaultTaskSettings.ClientId = settings.ClientId;
keyVaultTaskSettings.ClientSecret = settings.Secret;
keyVaultTaskSettings.VaultBaseUrl = settings.BaseUrl;
return(keyVaultTaskSettings);
}
