public void Configure(
IApplicationBuilder app,
IHostingEnvironment env,
ILoggerFactory loggerFactory,
EmailService emailService,
UserManager <ApplicationUser> userManager,
RoleManager <ApplicationRole> roleManager)
{
string prefix = nameof(Configure) + Constants.FNSUFFIX;
loggerFactory.AddLog4Net(emailService);
_logger = loggerFactory.CreateLogger <Startup>();
///////////////////////////////////////////////////////////////////
// HTTPS SSL
app.UseRewriter(new RewriteOptions().AddRedirectToHttps());
//
///////////////////////////////////////////////////////////////////
app.UseMiddleware <NZ01.LogRequestAndResponseMiddleware>();
app.UseStatusCodePages();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseStaticFiles();
///////////////////////////////////////////////////////////////////
// HTTPS SSL (certification requirement)
//
// LetsEncrypt Acme Challenge:
// Let's Encrypt will test whether or not you own a website by writing something to the
// site and expecting it to be available. You have to create that directory and make that directory available.
// Ref: https://www.softfluent.com/blog/dev/Using-Let-s-encrypt-with-ASP-NET-Core
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(Path.Combine(Directory.GetCurrentDirectory(), @".well-known")),
RequestPath = new PathString("/.well-known"),
ServeUnknownFileTypes = true // serve extensionless file
});
//
///////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////
// JWT
// Authenticate before identity
string secret = _configuration[Constants.SECRET_ENV_VAR] ?? "DEFAULT_SECRET_KEY"; // SECRET KEY MUST BE 16 CHARS OR MORE
SymmetricSecurityKey signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secret.PadRight(16)));
var jwtAppSettingOptions = _configuration.GetSection(nameof(JwtIssuerOptions));
var accessClockSkew = jwtAppSettingOptions[nameof(JwtIssuerOptions.AccessClockSkew)] ?? "";
UInt32 iAccessClockSkew = 0;
UInt32.TryParse(accessClockSkew, out iAccessClockSkew);
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)],
ValidateAudience = true,
ValidAudience = jwtAppSettingOptions[nameof(JwtIssuerOptions.Audience)],
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
RequireExpirationTime = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromSeconds(iAccessClockSkew)
};
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters
});
//
///////////////////////////////////////////////////////////////////
app.UseIdentity();
///////////////////////////////////////////////////////////////////
// AspNetCoreRateLimit;
// Note: Check ConfigureServices() has required objects inst'd.
//app.UseClientRateLimiting();
app.UseIpRateLimiting();
///////////////////////////////////////////////////////////////////
app.UseMvcWithDefaultRoute();
//ExamplePrepareData.Init(userManager, roleManager);
PrepareData.Init(userManager, roleManager, loggerFactory.CreateLogger <PrepareData>());
_logger.LogWarning(prefix + $"Application Started [{env.EnvironmentName}]");
}
