public static void AddCustomIdentity(this IServiceCollection services, IdentitySettings settings)
{
services.AddIdentity <Users, Roles>(identityOptions =>
{
//Password Settings
identityOptions.Password.RequireDigit = settings.PasswordRequireDigit;
identityOptions.Password.RequiredLength = settings.PasswordRequiredLength;
identityOptions.Password.RequireNonAlphanumeric = settings.PasswordRequireNonAlphanumic; //#@!
identityOptions.Password.RequireUppercase = settings.PasswordRequireUppercase;
identityOptions.Password.RequireLowercase = settings.PasswordRequireLowercase;
//UserName Settings
identityOptions.User.RequireUniqueEmail = settings.RequireUniqueEmail;
//Singin Settings
//identityOptions.SignIn.RequireConfirmedEmail = false;
//identityOptions.SignIn.RequireConfirmedPhoneNumber = false;
//Lockout Settings
identityOptions.Lockout.MaxFailedAccessAttempts = 10;
identityOptions.Lockout.DefaultLockoutTimeSpan = DateTime.Now.Subtract(DateTime.UtcNow).Add(TimeSpan.FromSeconds(5));
identityOptions.Lockout.AllowedForNewUsers = false;
//identityOptions.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(10);
})
.AddEntityFrameworkStores <DatabaseContext>()
.AddDefaultTokenProviders();
}
public TokenServiceTest()
{
_identity = new IdentitySettings();
//creates the key for signing the token
var keyForHmacSha256 = new byte[64];
var randomGen = RandomNumberGenerator.Create();
randomGen.GetBytes(keyForHmacSha256);
_identity.TokenKey = new SymmetricSecurityKey(keyForHmacSha256).ToString();
var builder = new DbContextOptionsBuilder <CoffeeCardContext>()
.UseInMemoryDatabase(nameof(TokenServiceTest));
var databaseSettings = new DatabaseSettings
{
SchemaName = "test"
};
var environmentSettings = new EnvironmentSettings()
{
EnvironmentType = EnvironmentType.Test
};
_context = new CoffeeCardContext(builder.Options, databaseSettings, environmentSettings);
}
private static void DisableChainValidation(IdentitySettings settings)
{
if (!settings.EnforceCertificateValidation)
{
ServicePointManager.ServerCertificateValidationCallback = OnServerCertificateValidationCallback;
}
}
public static void AddCustomIdentity(this IServiceCollection services, IdentitySettings settings)
{
services.AddIdentity <User, Role>(identityOptions =>
{
//Password Settings
identityOptions.Password.RequireDigit = settings.PasswordRequireDigit;
identityOptions.Password.RequiredLength = settings.PasswordRequiredLength;
identityOptions.Password.RequireNonAlphanumeric = settings.PasswordRequireNonAlphanumic; //#@!
identityOptions.Password.RequireUppercase = settings.PasswordRequireUppercase;
identityOptions.Password.RequireLowercase = settings.PasswordRequireLowercase;
//UserName Settings
identityOptions.User.RequireUniqueEmail = settings.RequireUniqueEmail;
//Singin Settings
//identityOptions.SignIn.RequireConfirmedEmail = false;
//identityOptions.SignIn.RequireConfirmedPhoneNumber = false;
//Lockout Settings
//identityOptions.Lockout.MaxFailedAccessAttempts = 5;
//identityOptions.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
//identityOptions.Lockout.AllowedForNewUsers = false;
})
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
// https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-3.1#globally-require-all-users-to-be-authenticated
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = "/login";
options.Cookie.Name = "KarSaatIdentityCookie";
options.ExpireTimeSpan = TimeSpan.FromDays(14);
});
}
public static string GenerateRandomPassword(IdentitySettings opts)
{
if (opts == null)
{
opts = new IdentitySettings()
{
RequiredLength = 8,
RequiredUniqueChars = 6,
RequireDigit = true,
RequireLowercase = false,
RequireNonAlphanumeric = false,
RequireUppercase = true
}
}
;
string[] randomChars = new[] {
"ABCDEFGHJKLMNOPQRSTUVWXYZ", // uppercase
"abcdefghijkmnopqrstuvwxyz", // lowercase
"0123456789", // digits
"!@$?_-" // non-alphanumeric
};
Random rand = new Random(Environment.TickCount);
List <char> chars = new List <char>();
if (opts.RequireUppercase)
{
chars.Insert(rand.Next(0, chars.Count),
randomChars[0][rand.Next(0, randomChars[0].Length)]);
}
if (opts.RequireLowercase)
{
chars.Insert(rand.Next(0, chars.Count),
randomChars[1][rand.Next(0, randomChars[1].Length)]);
}
if (opts.RequireDigit)
{
chars.Insert(rand.Next(0, chars.Count),
randomChars[2][rand.Next(0, randomChars[2].Length)]);
}
if (opts.RequireNonAlphanumeric)
{
chars.Insert(rand.Next(0, chars.Count),
randomChars[3][rand.Next(0, randomChars[3].Length)]);
}
for (int i = chars.Count; i < opts.RequiredLength ||
chars.Distinct().Count() < opts.RequiredUniqueChars; i++)
{
string rcs = randomChars[rand.Next(0, randomChars.Length)];
chars.Insert(rand.Next(0, chars.Count),
rcs[rand.Next(0, rcs.Length)]);
}
return(new string(chars.ToArray()));
}
}
public static IEnumerable <Client> GetClients(IdentitySettings identitySettings)
{
var clients = new List <Client>();
foreach (var item in identitySettings.Clients ?? Enumerable.Empty <IdentityClient>())
{
clients.Add(new Client
{
ClientId = item.ClientId,
ClientName = item.ClientName,
ClientUri = item.ClientUri,
AllowAccessTokensViaBrowser = true,
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets =
{
new Secret(item.ClientSecret.Sha256())
},
AllowedScopes = item.AllowedScopes.ToList(),
AccessTokenLifetime = item.AccessTokenLifetime
});
}
return(clients);
}
public static void AddCustomIdentity(this IServiceCollection services, IdentitySettings settings)
{
services.AddIdentity <User, Role>(identityOptions =>
{
#region Password Settings
identityOptions.Password.RequireDigit = false;
identityOptions.Password.RequiredLength = 3;
identityOptions.Password.RequireNonAlphanumeric = false; //#@!
identityOptions.Password.RequireUppercase = false;
identityOptions.Password.RequireLowercase = false;
#endregion
#region Username Settings
identityOptions.User.RequireUniqueEmail = false;
#endregion
#region Signin Sttings
identityOptions.SignIn.RequireConfirmedEmail = false;
identityOptions.SignIn.RequireConfirmedPhoneNumber = false;
#endregion
#region Lockout Settings(we do'nt use this beacuse we use token and not use cookie)
identityOptions.Lockout.MaxFailedAccessAttempts = 15;
identityOptions.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(1);
identityOptions.Lockout.AllowedForNewUsers = false;
#endregion
})
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
}
public static IServiceCollection AddIdentityOptions(
this IServiceCollection services, IdentitySettings siteSettings)
{
if (siteSettings == null)
{
throw new ArgumentNullException(nameof(siteSettings));
}
services.addConfirmEmailDataProtectorTokenOptions(siteSettings);
services.AddIdentity <User, Role>(identityOptions =>
{
setPasswordOptions(identityOptions.Password, siteSettings);
setSignInOptions(identityOptions.SignIn, siteSettings);
setUserOptions(identityOptions.User);
setLockoutOptions(identityOptions.Lockout, siteSettings);
})
.AddUserStore <ApplicationUserStore>()
.AddUserManager <ApplicationUserManager>()
.AddRoleStore <ApplicationRoleStore>()
.AddRoleManager <ApplicationRoleManager>()
.AddSignInManager <ApplicationSignInManager>()
.AddErrorDescriber <CustomIdentityErrorDescriber>()
// You **cannot** use .AddEntityFrameworkStores() when you customize everything
//.AddEntityFrameworkStores<MarketDbContext, int>()
.AddDefaultTokenProviders()
.AddTokenProvider <ConfirmEmailDataProtectorTokenProvider <User> >(EmailConfirmationTokenProviderName);
services.enableImmediateLogout();
return(services);
}
public static void AddCustomIdentity(this IServiceCollection services, IdentitySettings settings)
{
services.AddIdentity <User, Role>(identityOptions =>
{
//Password Settings
identityOptions.Password.RequireDigit = settings.PasswordRequireDigit;
identityOptions.Password.RequiredLength = settings.PasswordRequiredLength;
identityOptions.Password.RequireNonAlphanumeric = settings.PasswordRequireNonAlphanumic; //#@!
identityOptions.Password.RequireUppercase = settings.PasswordRequireUppercase;
identityOptions.Password.RequireLowercase = settings.PasswordRequireLowercase;
//UserName Settings
identityOptions.User.RequireUniqueEmail = settings.RequireUniqueEmail;
identityOptions.User.AllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
//Singin Settings
identityOptions.SignIn.RequireConfirmedEmail = false;
//identityOptions.SignIn.RequireConfirmedPhoneNumber = false;
identityOptions.SignIn.RequireConfirmedPhoneNumber = settings.RequireConfirmedPhoneNumber;
identityOptions.SignIn.RequireConfirmedAccount = settings.RequireConfirmedAccount;
//Lockout Settings
identityOptions.Lockout.MaxFailedAccessAttempts = 5;
identityOptions.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(2);
identityOptions.Lockout.AllowedForNewUsers = true;
})
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
}
private static async Task CreateAdminIfNotExisting(IdentitySettings settings, UserManager <AppUser> userManager,
ILogger <IdentitySeedHostedService> logger)
{
var adminUser = await userManager.FindByEmailAsync(settings.AdminUserEmail);
if (adminUser != null)
{
return;
}
adminUser = new AppUser
{
UserName = settings.AdminUserEmail,
Email = settings.AdminUserEmail,
Balance = 100
};
var result = await userManager.CreateAsync(adminUser, settings.AdminUserPassword);
if (result.Errors.Any())
{
logger.LogError(string.Join(", ", result.Errors));
return;
}
await userManager.AddToRoleAsync(adminUser, Roles.Admin);
}
public IdentitySeedHostedService(
IServiceScopeFactory serviceScopeFactory,
IOptions <IdentitySettings> identityOptions)
{
this.serviceScopeFactory = serviceScopeFactory;
this.settings = identityOptions.Value;
}
private string GetUpParty(IdentitySettings settings, LoginType loginType)
{
switch (loginType)
{
case LoginType.FoxIDsLogin:
return(settings.FoxIDsLoginUpParty);
case LoginType.ParallelFoxIDs:
return(settings.ParallelFoxIDsUpParty);
case LoginType.IdentityServer:
return(settings.IdentityServerUpParty);
case LoginType.AzureAd:
return(settings.AzureAdUpParty);
case LoginType.SamlIdPSample:
return(settings.SamlIdPSampleUpParty);
case LoginType.SamlIdPAdfs:
return(settings.SamlIdPAdfsUpParty);
default:
throw new NotImplementedException("LoginType not implemented.");
}
}
//private readonly AppUserClaimsPrincipleFactory claimsPrincipleFactory;
public JwtService(IOptions <IdentitySettings> siteSetting, AppUserManager userManager, IUserClaimsPrincipalFactory <User> claimsPrincipal, IUnitOfWork unitOfWork)
{
_siteSetting = siteSetting.Value;
_userManager = userManager;
_claimsPrincipal = claimsPrincipal;
_unitOfWork = unitOfWork;
}
public static void AddCustomIdentity(this IServiceCollection services, IdentitySettings settings)
{
services.AddIdentity <User, Role>(identityOptions =>
{
//Password Settings
identityOptions.Password.RequireDigit = settings.PasswordRequireDigit;
identityOptions.Password.RequiredLength = settings.PasswordRequiredLength;
identityOptions.Password.RequireNonAlphanumeric = settings.PasswordRequireNonAlphanumeric; //#@!
identityOptions.Password.RequireUppercase = settings.PasswordRequireUppercase;
identityOptions.Password.RequireLowercase = settings.PasswordRequireLowercase;
//UserName Settings
identityOptions.User.RequireUniqueEmail = settings.RequireUniqueEmail;
//Singin Settings
//identityOptions.SignIn.RequireConfirmedEmail = false;
//identityOptions.SignIn.RequireConfirmedPhoneNumber = false;
//Lockout Settings
//identityOptions.Lockout.MaxFailedAccessAttempts = 5;
//identityOptions.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
//identityOptions.Lockout.AllowedForNewUsers = false;
})
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
}
public DbLoggerProvider(
IdentitySettings siteSettings,
IServiceProvider serviceProvider)
{
_serviceProvider = serviceProvider ?? throw new ArgumentNullException(nameof(_serviceProvider));
_siteSettings = siteSettings ?? throw new ArgumentNullException(nameof(_siteSettings));
_outputTask = Task.Run(processLogQueue);
}
private static void AddAudience(IdentitySettings settings, string rootUrl)
{
foreach (var audience in settings.Audiences)
{
FederatedAuthentication.FederationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris
.Add(new Uri(string.Format(audience, rootUrl)));
}
}
private static void SetIssuer(IdentitySettings settings, IdentityConfiguration identitySettings)
{
var issuers = new ConfigurationBasedIssuerNameRegistry();
issuers.AddTrustedIssuer(ThumbprintResolver.ResolveThumbprint(settings.Thumbprint, settings.IssuerAddress), settings.IssuerAddress);
Logging.DebugMessage("Issuer settings configured");
identitySettings.IssuerNameRegistry = issuers;
Logging.DebugMessage("Issuer name registry is added");
}
public Handler(ZSocket zsck, IOptions <IdentitySettings> identitySettings,
ZCryptography zCryptography,
AuthService authService)
{
_zsck = zsck;
_identitySettings = identitySettings.Value;
_zCryptography = zCryptography;
_authService = authService;
}
void ConfigureAuthentication(IServiceCollection services)
{
var identitySettings = new IdentitySettings(Configuration);
services.AddSingleton(identitySettings);
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
//Set Up Authentication Handlers and Services
services.AddAuthentication(options =>
{
//Request User Authentication using OpenId Connect
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme,
options =>
{
options.LoginPath = new PathString(identitySettings.LoginPath);
})
.AddOpenIdConnect( // By default OpenIdConnectDefaults.AuthenticationScheme
options =>
{
options.Authority = identitySettings.Issuer;
options.SaveTokens = true;
options.ClientId = identitySettings.ClientId;
options.ClientSecret = identitySettings.ClientSecret;
options.ResponseType = identitySettings.ResponseType;
options.RequireHttpsMetadata = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.TokenValidationParameters.NameClaimType = "given_name";
options.TokenValidationParameters.RoleClaimType = "role";
options.ClaimActions.DeleteClaim("s_hash");
var scopes = identitySettings.Scopes.Split(',');
foreach (var scope in scopes)
{
options.Scope.Add(scope);
}
options.Events = new OpenIdConnectEvents()
{
OnRemoteFailure = context =>
{
if (context.Failure.Data["error"].Equals("access_denied"))
{
context.Response.Redirect("/Account/AccessDenied?error=Access_Denied");
context.HandleResponse();
}
return(Task.FromResult(0));
}
};
});
services.AddHttpClient("apiClient", options =>
{
options.BaseAddress = new Uri(Configuration["ApiUrl"]);
});
}
public UsersPhotoService(
IHttpContextAccessor contextAccessor,
IWebHostEnvironment hostingEnvironment,
IdentitySettings siteSettings)
{
_contextAccessor = contextAccessor ?? throw new ArgumentNullException(nameof(_contextAccessor));
_hostingEnvironment = hostingEnvironment ?? throw new ArgumentNullException(nameof(_hostingEnvironment));
_siteSettings = siteSettings ?? throw new ArgumentNullException(nameof(_siteSettings));
}
public UserService(IVerveIdentityService <UserAccount> identityService,
UserManager <UserAccount> userManager,
SignInManager <UserAccount> signInManager,
IOptionsMonitor <IdentitySettings> identityOptions)
{
_identityService = identityService;
_userManager = userManager;
_signInManager = signInManager;
_identitySettings = identityOptions.CurrentValue;
}
private static void ConfigureFederationSettings(IdentitySettings settings, string rootUrl)
{
var federationSettings = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
federationSettings.PassiveRedirectEnabled = (ConfigurationManagerHelper.GetValueOnKey("stardust.AllowAnonymous") == "true" || ConfigurationManagerHelper.GetValueOnKey("stardust.AllowAnonymous").IsNullOrWhiteSpace());
federationSettings.Realm = string.Format(settings.Realm, rootUrl);
federationSettings.Issuer = settings.IssuerAddress;
federationSettings.RequireHttps = settings.RequireHttps;
FederatedAuthentication.FederationConfiguration.CookieHandler.RequireSsl = settings.RequireHttps;
Logging.DebugMessage("Federation settings configured");
}
public static void InitializeUsersData(IServiceProvider app, IdentitySettings settings)
{
using (var scope = app.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
TryMigrate(scope);
TrySeedRoles(scope);
#if DEBUG
TrySeedLocalDevelopmentEnvironmentAsync(scope).GetAwaiter().GetResult();
#endif
}
}
public IdentityDataSeeder(
UserManager <User> userManager,
RoleManager <IdentityRole> roleManager,
IOptions <ApplicationSettings> applicationSettings,
IOptions <IdentitySettings> identitySettings)
{
this.userManager = userManager;
this.roleManager = roleManager;
this.applicationSettings = applicationSettings.Value;
this.identitySettings = identitySettings.Value;
}
public RequestAccountVerificationCommandHandler(IOptions <IdentitySettings> identitySettings, IClock clock, IUserRepository userRepository)
{
if (identitySettings == null)
{
throw new ArgumentNullException(nameof(identitySettings));
}
this._identitySettings = identitySettings.Value;
this._clock = clock ?? throw new ArgumentNullException(nameof(clock));
this._userRepository = userRepository ?? throw new ArgumentNullException(nameof(userRepository));
}
public AuthenticationController(UserService userService,
TokenService tokenService,
IMailer mailer,
IOptions <CommonSettings> commonSettings)
{
_mailer = mailer;
_tokenService = tokenService;
_baseApplicationPath = commonSettings.Value.BaseApplicationPath;
_identitySettings = commonSettings.Value.IdentitySettings;
_userService = userService;
}
public DbLogger(string loggerName,
DbLoggerProvider loggerProvider,
IServiceProvider serviceProvider,
IdentitySettings siteSettings
)
{
_loggerName = loggerName ?? throw new ArgumentNullException(nameof(loggerName));
_minLevel = _siteSettings.Logging.LogLevel.Default;
_serviceProvider = serviceProvider ?? throw new ArgumentNullException(nameof(serviceProvider));
_loggerProvider = loggerProvider ?? throw new ArgumentNullException(nameof(loggerProvider));
_siteSettings = siteSettings ?? throw new ArgumentNullException(nameof(siteSettings));
}
public LoginController(IApplicationSignInManager signInManager,
IApplicationUserManager userManager,
IApplicationRoleManager roleManager,
IdentitySettings siteSettings,
ILogger <LoginController> logger)
{
_signInManager = signInManager ?? throw new ArgumentNullException(nameof(signInManager));
_userManager = userManager ?? throw new ArgumentNullException(nameof(userManager));
_roleManager = roleManager ?? throw new ArgumentNullException(nameof(roleManager));
_siteSettings = siteSettings ?? throw new ArgumentNullException(nameof(siteSettings));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
public FirstRun([NotNull] IMediator mediator, [NotNull] IOptions <IdentitySettings> identitySettings,
[NotNull] IUserQueries userQueries)
{
if (identitySettings == null)
{
throw new ArgumentNullException(nameof(identitySettings));
}
this._mediator = mediator ?? throw new ArgumentNullException(nameof(mediator));
this._userQueries = userQueries ?? throw new ArgumentNullException(nameof(userQueries));
this._identitySettings = identitySettings.Value;
}
public static void AddIdentity(this IServiceCollection services, IConfiguration configuration)
{
services.Configure <IdentitySettings>(options => configuration.GetSection("IdentitySettings").Bind(options));
IdentitySettings identitySettings = configuration.GetSection(nameof(IdentitySettings)).Get <IdentitySettings>();
services.AddMvc(options => {
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
services.AddIdentity <Trader, IdentityRole <int> >(options => {
// Password settings.
options.Password.RequireDigit = identitySettings.PasswordRequireDigit;
options.Password.RequireLowercase = identitySettings.PasswordRequireLowercase;
options.Password.RequireNonAlphanumeric = identitySettings.PasswordRequireNonAlphanumic;
options.Password.RequireUppercase = identitySettings.PasswordRequireUppercase;
options.Password.RequiredLength = identitySettings.PasswordRequiredLength;
options.Password.RequiredUniqueChars = 1;
// Lockout settings.
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.AllowedForNewUsers = true;
// User settings.
options.User.AllowedUserNameCharacters =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
options.User.RequireUniqueEmail = true;
// Set emailed token for both
options.Tokens.PasswordResetTokenProvider = TokenOptions.DefaultEmailProvider;
options.Tokens.EmailConfirmationTokenProvider = TokenOptions.DefaultEmailProvider;
})
.AddEntityFrameworkStores <JwtauthContext>()
.AddDefaultTokenProviders();
services.AddAuthorization(options =>
{
options.AddPolicy("AllTraders", builder => builder.RequireAuthenticatedUser().Build());
options.AddPolicy("SkilledTraders", policy =>
policy.Requirements.Add(new MinimumExperienceRequirement(1)));
options.AddPolicy("TraderManagers", policy =>
policy.Requirements.Add(new MinimumExperienceRequirement(5)));
});
services.AddSingleton <IAuthorizationHandler, ExperiencedTraderHandler>();
services.Configure <SendGridSettings>(options => configuration.GetSection("SendGridSettings").Bind(options));
services.AddTransient <IEmailSender, EmailSender>();
}
