Ejemplo n.º 1
0
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            _appConfig.ConfigureIdentitySearchProviderServiceUrl();
            var identityServerApiSettings = _appConfig.IdentityServerConfidentialClientSettings;

            services.TryAddSingleton(_appConfig.HostingOptions);
            services.TryAddSingleton <IConnectionStrings>(_appConfig.ConnectionStrings);


            var hostingOptions    = services.BuildServiceProvider().GetRequiredService <HostingOptions>();
            var connectionStrings = services.BuildServiceProvider().GetRequiredService <IConnectionStrings>();

            var eventLogger      = LogFactory.CreateEventLogger(_loggingLevelSwitch, hostingOptions, connectionStrings);
            var serilogEventSink = new SerilogEventSink(eventLogger);

            var settings        = _appConfig.IdentityServerConfidentialClientSettings;
            var tokenUriAddress = $"{settings.Authority.EnsureTrailingSlash()}connect/token";

            services.AddTransient <IHttpRequestMessageFactory>(serviceProvider => new HttpRequestMessageFactory(
                                                                   tokenUriAddress,
                                                                   FabricIdentityConstants.FabricIdentityClient,
                                                                   settings.ClientSecret,
                                                                   null,
                                                                   null));

            services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>()
            .AddSingleton <HttpClient>()
            .AddSingleton <IEventSink>(serilogEventSink)
            .AddSingleton(_appConfig)
            .AddSingleton(_logger)
            .AddIdentityServer(_appConfig, _certificateService, _logger, hostingOptions, connectionStrings)
            .AddAuthorizationServices()
            .AddScoped <IUserResolverService, UserResolverService>()
            .AddSingleton <ISerializationSettings, SerializationSettings>()
            .AddSingleton <ILdapConnectionProvider, LdapConnectionProvider>()
            .AddSingleton <IExternalIdentityProviderServiceResolver, ExternalIdentityProviderServiceResolver>()
            .AddSingleton <IExternalIdentityProviderService, IdPSearchServiceProvider>()
            .AddSingleton <LdapProviderService>()
            .AddSingleton <PolicyProvider>()
            .AddSingleton <IHealthCheckerService, HealthCheckerService>()
            .AddFluentValidations();

            // filter settings
            var filterSettings = _appConfig.FilterSettings ??
                                 new FilterSettings {
                GroupFilterSettings = new GroupFilterSettings()
            };

            filterSettings.GroupFilterSettings = filterSettings.GroupFilterSettings ?? new GroupFilterSettings();
            services.TryAddSingleton(filterSettings.GroupFilterSettings);

            services.AddSingleton <GroupFilterService>();
            services.TryAddSingleton(_appConfig.LdapSettings);
            services.TryAddSingleton(new IdentityServerAuthenticationOptions
            {
                Authority            = identityServerApiSettings.Authority,
                RequireHttpsMetadata = false,
                ApiName = identityServerApiSettings.ClientId
            });
            services.AddTransient <IIdentityProviderConfigurationService, IdentityProviderConfigurationService>();
            services.AddTransient <AccountService>();

            services.AddMvc(options => { options.Conventions.Add(new CommaSeparatedQueryStringConvention()); })
            .AddJsonOptions(x =>
            {
                x.SerializerSettings.ReferenceLoopHandling =
                    new SerializationSettings().JsonSettings.ReferenceLoopHandling;
            });

            services.AddApiVersioning(options =>
            {
                options.AssumeDefaultVersionWhenUnspecified = true;
                options.DefaultApiVersion = new ApiVersion(1, 0);
                options.ReportApiVersions = true;
            });

            // Swagger
            services.AddSwaggerGen(c =>
            {
                // this defines the Swagger doc (1 call to SwaggerDoc per version)
                c.SwaggerDoc("v1",
                             new Info
                {
                    Version     = "v1",
                    Title       = "Health Catalyst Fabric Identity API V1",
                    Description =
                        "Fabric.Identity contains a set of APIs that provides authentication for applications based on the OpenID Connect protocol. If you don't include the version in the URL you will get the v1 API."
                });

                c.DocInclusionPredicate((docName, apiDesc) =>
                {
                    var versions = apiDesc.ControllerAttributes()
                                   .OfType <ApiVersionAttribute>()
                                   .SelectMany(attr => attr.Versions);

                    return(versions.Any(v => $"v{v.ToString().Substring(0, 1)}" == docName));
                });

                c.AddSecurityDefinition("oauth2", new OAuth2Scheme
                {
                    Description =
                        "The Fabric.Identity management API requires authentication using oath2 and requires the below scopes.",
                    Type             = "oauth2",
                    AuthorizationUrl = identityServerApiSettings.Authority,
                    Flow             = "hybrid, implicit, client_credentials",
                    Scopes           = new Dictionary <string, string>
                    {
                        { "fabric/identity.manageresources", "Access to manage Client, API, and Identity resources." }
                    }
                });

                c.CustomSchemaIds(type => type.FullName);

                c.OperationFilter <VersionRemovalOperationFilter>();
                c.OperationFilter <ParamMetadataOperationFilter>();
                c.OperationFilter <SecurityRequirementsOperationFilter>();
                c.OperationFilter <SetBodyParametersRequiredOperationFilter>();
                c.DocumentFilter <PathVersionDocumentFilter>();
                c.DocumentFilter <TagFilter>();
                c.IncludeXmlComments(XmlCommentsFilePath);
                c.DescribeAllEnumsAsStrings();
            });
        }
Ejemplo n.º 2
0
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            if (_appConfig.ApplicationInsights?.Enabled ?? false)
            {
                services.AddApplicationInsightsTelemetry();
            }

            var identityServerApiSettings = _appConfig.IdentityServerConfidentialClientSettings;

            services.TryAddSingleton(_appConfig.HostingOptions);

            services.TryAddSingleton <IConnectionStrings>(_appConfig.ConnectionStrings);

            var hostingOptions    = services.BuildServiceProvider().GetRequiredService <HostingOptions>();
            var connectionStrings = services.BuildServiceProvider().GetRequiredService <IConnectionStrings>();

            var eventLogger      = LogFactory.CreateEventLogger(hostingOptions, connectionStrings);
            var serilogEventSink = new SerilogEventSink(eventLogger);

            var settings        = _appConfig.IdentityServerConfidentialClientSettings;
            var tokenUriAddress = $"{settings.Authority.EnsureTrailingSlash()}connect/token";

            services.AddTransient <IHttpRequestMessageFactory>(serviceProvider => new HttpRequestMessageFactory(
                                                                   tokenUriAddress,
                                                                   FabricIdentityConstants.FabricIdentityClient,
                                                                   settings.ClientSecret,
                                                                   null,
                                                                   null));

            services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>()
            .AddSingleton <HttpClient>()
            .AddSingleton <IEventSink>(serilogEventSink)
            .AddSingleton(_appConfig)
            .AddSingleton(Log.Logger)
            .AddIdentityServer(_appConfig, _certificateService, Log.Logger, hostingOptions, connectionStrings)
            .AddAuthorizationServices()
            .AddPrincipalSearchServices(_appConfig)
            .AddScoped <IUserResolverService, UserResolverService>()
            .AddSingleton <ISerializationSettings, SerializationSettings>()
            .AddSingleton <ILdapConnectionProvider, LdapConnectionProvider>()
            .AddSingleton <IExternalIdentityProviderServiceResolver, ExternalIdentityProviderServiceResolver>()
            .AddSingleton <IExternalIdentityProviderService, IdPSearchServiceProvider>()
            .AddSingleton <Services.IClaimsService, ClaimsService>()
            .AddSingleton <LdapProviderService>()
            .AddSingleton <PolicyProvider>()
            .AddTransient <IHealthCheckerService, HealthCheckerService>()
            .AddTransient <ICorsPolicyProvider, DefaultCorsPolicyProvider>()
            .AddLocalization(opts => { opts.ResourcesPath = "Resources"; })
            .AddFluentValidations();

            var mapperConfig = new MapperConfiguration(cfg =>
            {
                cfg.AddProfile(new MapperProfile());
            });
            IMapper mapper = mapperConfig.CreateMapper();

            services.AddSingleton(mapper);


            // filter settings
            var filterSettings = _appConfig.FilterSettings ??
                                 new FilterSettings {
                GroupFilterSettings = new GroupFilterSettings()
            };

            filterSettings.GroupFilterSettings = filterSettings.GroupFilterSettings ?? new GroupFilterSettings();
            services.TryAddSingleton(filterSettings.GroupFilterSettings);

            services.AddSingleton <GroupFilterService>();
            services.TryAddSingleton(_appConfig.LdapSettings);
            services.TryAddSingleton(new IdentityServerAuthenticationOptions
            {
                Authority            = identityServerApiSettings.Authority,
                RequireHttpsMetadata = false,
                ApiName = identityServerApiSettings.ClientId
            });

            services.AddAuthentication().AddJwtBearer(o =>
            {
                o.Authority            = identityServerApiSettings.Authority;
                o.Audience             = identityServerApiSettings.ClientId;
                o.RequireHttpsMetadata = false;
            }).AddAzureIdentityProviderIfApplicable(_appConfig).AddExternalIdentityProviders(_appConfig);

            services.AddTransient <IIdentityProviderConfigurationService, IdentityProviderConfigurationService>();
            services.AddTransient <AccountService>();

            services.Configure <CookiePolicyOptions>(options =>
            {
                options.OnAppendCookie = cookie =>
                {
                    var isIdentityServerCookie = cookie.CookieName.Equals(IdentityServerConstants.DefaultCheckSessionCookieName) ||
                                                 cookie.CookieName.Equals(IdentityServerConstants.DefaultCookieAuthenticationScheme) ||
                                                 cookie.CookieName.Equals(IdentityServerConstants.ExternalCookieAuthenticationScheme);

                    if (isIdentityServerCookie && cookie.Context.Request.IsHttps)
                    {
                        cookie.CookieOptions.SameSite = SameSiteMode.None;
                        cookie.CookieOptions.Secure   = true;
                    }
                };

                options.OnDeleteCookie = cookie =>
                {
                    var isIdentityServerCookie = cookie.CookieName.Equals(IdentityServerConstants.DefaultCheckSessionCookieName) ||
                                                 cookie.CookieName.Equals(IdentityServerConstants.DefaultCookieAuthenticationScheme) ||
                                                 cookie.CookieName.Equals(IdentityServerConstants.ExternalCookieAuthenticationScheme);

                    if (isIdentityServerCookie && cookie.Context.Request.IsHttps)
                    {
                        cookie.CookieOptions.SameSite = SameSiteMode.None;
                        cookie.CookieOptions.Secure   = true;
                    }
                };
            });

            services.AddMvc(options => { options.Conventions.Add(new CommaSeparatedQueryStringConvention()); })
            .SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
            .AddJsonOptions(x =>
            {
                x.SerializerSettings.ReferenceLoopHandling =
                    new SerializationSettings().JsonSettings.ReferenceLoopHandling;
            });

            services.AddApiVersioning(options =>
            {
                options.AssumeDefaultVersionWhenUnspecified = true;
                options.DefaultApiVersion = new ApiVersion(1, 0);
                options.ReportApiVersions = true;
            });

            // Swagger
            services.AddSwaggerGen(c =>
            {
                // this defines the Swagger doc (1 call to SwaggerDoc per version)
                c.SwaggerDoc("v1",
                             new Info
                {
                    Version     = "v1",
                    Title       = "Health Catalyst Fabric Identity API V1",
                    Description =
                        "Fabric.Identity contains a set of APIs that provides authentication for applications based on the OpenID Connect protocol. If you don't include the version in the URL you will get the v1 API."
                });

                c.DocInclusionPredicate((docName, apiDesc) =>
                {
                    if (!apiDesc.TryGetMethodInfo(out var methodInfo))
                    {
                        return(false);
                    }

                    var versions = methodInfo.DeclaringType
                                   .GetCustomAttributes(true)
                                   .OfType <ApiVersionAttribute>()
                                   .SelectMany(attr => attr.Versions);

                    return(versions.Any(v => $"v{v.ToString().Substring(0, 1)}" == docName));
                });

                c.AddSecurityDefinition("oauth2", new OAuth2Scheme
                {
                    Description =
                        "The Fabric.Identity management API requires authentication using oath2 and requires the below scopes.",
                    Type             = "oauth2",
                    AuthorizationUrl = identityServerApiSettings.Authority,
                    Flow             = "hybrid, implicit, client_credentials",
                    Scopes           = new Dictionary <string, string>
                    {
                        { "fabric/identity.manageresources", "Access to manage Client, API, and Identity resources." }
                    }
                });

                c.CustomSchemaIds(type => type.FullName);

                c.OperationFilter <VersionRemovalOperationFilter>();
                c.OperationFilter <ParamMetadataOperationFilter>();
                c.OperationFilter <SecurityRequirementsOperationFilter>();
                c.OperationFilter <SetBodyParametersRequiredOperationFilter>();
                c.DocumentFilter <PathVersionDocumentFilter>();
                c.DocumentFilter <TagFilter>();
                c.IncludeXmlComments(XmlCommentsFilePath);
                c.DescribeAllEnumsAsStrings();
            });
        }