public static void AddCustomIdentityServer(this IServiceCollection serviceCollection, IConfiguration configuration,
IWebHostEnvironment environment)
{
var builder = serviceCollection.AddIdentityServer()
.AddInMemoryIdentityResources(IdentityServerConfig.GetIdentityResources())
.AddInMemoryApiResources(IdentityServerConfig.GetApis())
.AddInMemoryApiScopes(IdentityServerConfig.GetApiScopes())
.AddInMemoryClients(IdentityServerConfig.GetClients())
.AddInMemoryPersistedGrants()
.AddInMemoryCaching()
.AddProfileService <ProfileService>();
if (environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
builder.AddSigningCredential(new X509Certificate2(
configuration.GetValue <string>("IdentityServer:Certificates:Path"),
configuration.GetValue <string>("IdentityServer:Certificates:Secret")));
}
serviceCollection.AddTransient <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
serviceCollection.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme, x =>
{
x.Authority = configuration.GetValue <string>("IdentityServer:Authority");
x.ApiName = configuration.GetValue <string>("IdentityServer:ApiName");
x.RequireHttpsMetadata = configuration.GetValue <bool>("IdentityServer:RequireHttpsMetadata");
x.RoleClaimType = ClaimTypes.Role;
});
}
public static void EnsureSeedData(this ConfigurationDbContext context)
{
if (!context.Clients.Any())
{
foreach (var client in IdentityServerConfig.GetClients())
{
context.Clients.Add(client.ToEntity());
}
context.SaveChanges();
if (!context.ApiScopes.Any())
{
foreach (var scope in IdentityServerConfig.GetApiScopes())
{
context.ApiScopes.Add(scope.ToEntity());
}
}
if (!context.IdentityResources.Any())
{
foreach (var resource in IdentityServerConfig.GetIdentityResources())
{
context.IdentityResources.Add(resource.ToEntity());
}
context.SaveChanges();
}
if (!context.ApiResources.Any())
{
foreach (var resource in IdentityServerConfig.GetApis())
{
context.ApiResources.Add(resource.ToEntity());
}
context.SaveChanges();
}
}
}
private void ConfigureIdentityServer(IServiceCollection services)
{
//TODO: change InMemory persisted grants to mssql and change developer singing credential
services.AddIdentityServer()
.AddInMemoryIdentityResources(IdentityServerConfig.GetIdentityResources())
.AddInMemoryApiResources(IdentityServerConfig.GetApiResources())
.AddInMemoryApiScopes(IdentityServerConfig.GetApiScopes())
.AddInMemoryClients(IdentityServerConfig.GetClients())
.AddInMemoryPersistedGrants()
.AddProfileService <ProfileService>()
.AddDeveloperSigningCredential();
services.AddTransient <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme, x =>
{
x.Authority = "http://localhost:5000";
x.ApiName = IdentityServerConfig.ApiName;
x.RequireHttpsMetadata = false;
});
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
#region DevOps
// Telemetry (Application Insights)
services.AddApplicationInsightsTelemetry(_configuration);
// HealthChecks
services.AddHealthChecks()
.AddDbContextCheck <ApplicationDbContext>();
#endregion
#region ASP.Net
#region Asp.Net Identity
services.AddDbContext <ApplicationDbContext>(context =>
context.UseSqlServer(_configuration.GetConnectionString("Default"),
sqlServerOptionsAction: options =>
{
options.EnableRetryOnFailure(maxRetryCount: 10,
maxRetryDelay: TimeSpan.FromSeconds(30),
errorNumbersToAdd: null);
}
));
services.AddIdentity <ApplicationUser, ApplicationRole>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
}
)
.AddDefaultTokenProviders()
.AddEntityFrameworkStores <ApplicationDbContext>();
#endregion
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc(option => option.EnableEndpointRouting = false)
.SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
#endregion
#region Identity Server 4
// It’s important when using ASP.NET Identity that IdentityServer be registered after
// ASP.NET Identity in the DI system because
// IdentityServer overwrites some configuration from ASP.NET Identity.
services.AddTransient <IProfileService, ProfileService>();
services.AddIdentityServer(options => {
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddAspNetIdentity <ApplicationUser>()
.AddProfileService <ProfileService>()
.AddDeveloperSigningCredential()
.AddInMemoryApiScopes(IdentityServerConfig.GetApiScopes())
.AddInMemoryClients(IdentityServerConfig.GetClients(_configuration));
#endregion
}