public static void AddCustomIdentity(this IServiceCollection services, IdentitySettings settings) { services.AddIdentity <Users, Roles>(identityOptions => { //Password Settings identityOptions.Password.RequireDigit = settings.PasswordRequireDigit; identityOptions.Password.RequiredLength = settings.PasswordRequiredLength; identityOptions.Password.RequireNonAlphanumeric = settings.PasswordRequireNonAlphanumic; //#@! identityOptions.Password.RequireUppercase = settings.PasswordRequireUppercase; identityOptions.Password.RequireLowercase = settings.PasswordRequireLowercase; //UserName Settings identityOptions.User.RequireUniqueEmail = settings.RequireUniqueEmail; //Singin Settings //identityOptions.SignIn.RequireConfirmedEmail = false; //identityOptions.SignIn.RequireConfirmedPhoneNumber = false; //Lockout Settings identityOptions.Lockout.MaxFailedAccessAttempts = 10; identityOptions.Lockout.DefaultLockoutTimeSpan = DateTime.Now.Subtract(DateTime.UtcNow).Add(TimeSpan.FromSeconds(5)); identityOptions.Lockout.AllowedForNewUsers = false; //identityOptions.Cookies.ApplicationCookie.ExpireTimeSpan = TimeSpan.FromHours(10); }) .AddEntityFrameworkStores <DatabaseContext>() .AddDefaultTokenProviders(); }
public TokenServiceTest() { _identity = new IdentitySettings(); //creates the key for signing the token var keyForHmacSha256 = new byte[64]; var randomGen = RandomNumberGenerator.Create(); randomGen.GetBytes(keyForHmacSha256); _identity.TokenKey = new SymmetricSecurityKey(keyForHmacSha256).ToString(); var builder = new DbContextOptionsBuilder <CoffeeCardContext>() .UseInMemoryDatabase(nameof(TokenServiceTest)); var databaseSettings = new DatabaseSettings { SchemaName = "test" }; var environmentSettings = new EnvironmentSettings() { EnvironmentType = EnvironmentType.Test }; _context = new CoffeeCardContext(builder.Options, databaseSettings, environmentSettings); }
private static void DisableChainValidation(IdentitySettings settings) { if (!settings.EnforceCertificateValidation) { ServicePointManager.ServerCertificateValidationCallback = OnServerCertificateValidationCallback; } }
public static void AddCustomIdentity(this IServiceCollection services, IdentitySettings settings) { services.AddIdentity <User, Role>(identityOptions => { //Password Settings identityOptions.Password.RequireDigit = settings.PasswordRequireDigit; identityOptions.Password.RequiredLength = settings.PasswordRequiredLength; identityOptions.Password.RequireNonAlphanumeric = settings.PasswordRequireNonAlphanumic; //#@! identityOptions.Password.RequireUppercase = settings.PasswordRequireUppercase; identityOptions.Password.RequireLowercase = settings.PasswordRequireLowercase; //UserName Settings identityOptions.User.RequireUniqueEmail = settings.RequireUniqueEmail; //Singin Settings //identityOptions.SignIn.RequireConfirmedEmail = false; //identityOptions.SignIn.RequireConfirmedPhoneNumber = false; //Lockout Settings //identityOptions.Lockout.MaxFailedAccessAttempts = 5; //identityOptions.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5); //identityOptions.Lockout.AllowedForNewUsers = false; }) .AddEntityFrameworkStores <ApplicationDbContext>() .AddDefaultTokenProviders(); // https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-3.1#globally-require-all-users-to-be-authenticated services.ConfigureApplicationCookie(options => { options.LoginPath = "/login"; options.Cookie.Name = "KarSaatIdentityCookie"; options.ExpireTimeSpan = TimeSpan.FromDays(14); }); }
public static string GenerateRandomPassword(IdentitySettings opts) { if (opts == null) { opts = new IdentitySettings() { RequiredLength = 8, RequiredUniqueChars = 6, RequireDigit = true, RequireLowercase = false, RequireNonAlphanumeric = false, RequireUppercase = true } } ; string[] randomChars = new[] { "ABCDEFGHJKLMNOPQRSTUVWXYZ", // uppercase "abcdefghijkmnopqrstuvwxyz", // lowercase "0123456789", // digits "!@$?_-" // non-alphanumeric }; Random rand = new Random(Environment.TickCount); List <char> chars = new List <char>(); if (opts.RequireUppercase) { chars.Insert(rand.Next(0, chars.Count), randomChars[0][rand.Next(0, randomChars[0].Length)]); } if (opts.RequireLowercase) { chars.Insert(rand.Next(0, chars.Count), randomChars[1][rand.Next(0, randomChars[1].Length)]); } if (opts.RequireDigit) { chars.Insert(rand.Next(0, chars.Count), randomChars[2][rand.Next(0, randomChars[2].Length)]); } if (opts.RequireNonAlphanumeric) { chars.Insert(rand.Next(0, chars.Count), randomChars[3][rand.Next(0, randomChars[3].Length)]); } for (int i = chars.Count; i < opts.RequiredLength || chars.Distinct().Count() < opts.RequiredUniqueChars; i++) { string rcs = randomChars[rand.Next(0, randomChars.Length)]; chars.Insert(rand.Next(0, chars.Count), rcs[rand.Next(0, rcs.Length)]); } return(new string(chars.ToArray())); } }
public static IEnumerable <Client> GetClients(IdentitySettings identitySettings) { var clients = new List <Client>(); foreach (var item in identitySettings.Clients ?? Enumerable.Empty <IdentityClient>()) { clients.Add(new Client { ClientId = item.ClientId, ClientName = item.ClientName, ClientUri = item.ClientUri, AllowAccessTokensViaBrowser = true, AllowedGrantTypes = GrantTypes.ClientCredentials, ClientSecrets = { new Secret(item.ClientSecret.Sha256()) }, AllowedScopes = item.AllowedScopes.ToList(), AccessTokenLifetime = item.AccessTokenLifetime }); } return(clients); }
public static void AddCustomIdentity(this IServiceCollection services, IdentitySettings settings) { services.AddIdentity <User, Role>(identityOptions => { #region Password Settings identityOptions.Password.RequireDigit = false; identityOptions.Password.RequiredLength = 3; identityOptions.Password.RequireNonAlphanumeric = false; //#@! identityOptions.Password.RequireUppercase = false; identityOptions.Password.RequireLowercase = false; #endregion #region Username Settings identityOptions.User.RequireUniqueEmail = false; #endregion #region Signin Sttings identityOptions.SignIn.RequireConfirmedEmail = false; identityOptions.SignIn.RequireConfirmedPhoneNumber = false; #endregion #region Lockout Settings(we do'nt use this beacuse we use token and not use cookie) identityOptions.Lockout.MaxFailedAccessAttempts = 15; identityOptions.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(1); identityOptions.Lockout.AllowedForNewUsers = false; #endregion }) .AddEntityFrameworkStores <ApplicationDbContext>() .AddDefaultTokenProviders(); }
public static IServiceCollection AddIdentityOptions( this IServiceCollection services, IdentitySettings siteSettings) { if (siteSettings == null) { throw new ArgumentNullException(nameof(siteSettings)); } services.addConfirmEmailDataProtectorTokenOptions(siteSettings); services.AddIdentity <User, Role>(identityOptions => { setPasswordOptions(identityOptions.Password, siteSettings); setSignInOptions(identityOptions.SignIn, siteSettings); setUserOptions(identityOptions.User); setLockoutOptions(identityOptions.Lockout, siteSettings); }) .AddUserStore <ApplicationUserStore>() .AddUserManager <ApplicationUserManager>() .AddRoleStore <ApplicationRoleStore>() .AddRoleManager <ApplicationRoleManager>() .AddSignInManager <ApplicationSignInManager>() .AddErrorDescriber <CustomIdentityErrorDescriber>() // You **cannot** use .AddEntityFrameworkStores() when you customize everything //.AddEntityFrameworkStores<MarketDbContext, int>() .AddDefaultTokenProviders() .AddTokenProvider <ConfirmEmailDataProtectorTokenProvider <User> >(EmailConfirmationTokenProviderName); services.enableImmediateLogout(); return(services); }
public static void AddCustomIdentity(this IServiceCollection services, IdentitySettings settings) { services.AddIdentity <User, Role>(identityOptions => { //Password Settings identityOptions.Password.RequireDigit = settings.PasswordRequireDigit; identityOptions.Password.RequiredLength = settings.PasswordRequiredLength; identityOptions.Password.RequireNonAlphanumeric = settings.PasswordRequireNonAlphanumic; //#@! identityOptions.Password.RequireUppercase = settings.PasswordRequireUppercase; identityOptions.Password.RequireLowercase = settings.PasswordRequireLowercase; //UserName Settings identityOptions.User.RequireUniqueEmail = settings.RequireUniqueEmail; identityOptions.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; //Singin Settings identityOptions.SignIn.RequireConfirmedEmail = false; //identityOptions.SignIn.RequireConfirmedPhoneNumber = false; identityOptions.SignIn.RequireConfirmedPhoneNumber = settings.RequireConfirmedPhoneNumber; identityOptions.SignIn.RequireConfirmedAccount = settings.RequireConfirmedAccount; //Lockout Settings identityOptions.Lockout.MaxFailedAccessAttempts = 5; identityOptions.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(2); identityOptions.Lockout.AllowedForNewUsers = true; }) .AddEntityFrameworkStores <ApplicationDbContext>() .AddDefaultTokenProviders(); }
private static async Task CreateAdminIfNotExisting(IdentitySettings settings, UserManager <AppUser> userManager, ILogger <IdentitySeedHostedService> logger) { var adminUser = await userManager.FindByEmailAsync(settings.AdminUserEmail); if (adminUser != null) { return; } adminUser = new AppUser { UserName = settings.AdminUserEmail, Email = settings.AdminUserEmail, Balance = 100 }; var result = await userManager.CreateAsync(adminUser, settings.AdminUserPassword); if (result.Errors.Any()) { logger.LogError(string.Join(", ", result.Errors)); return; } await userManager.AddToRoleAsync(adminUser, Roles.Admin); }
public IdentitySeedHostedService( IServiceScopeFactory serviceScopeFactory, IOptions <IdentitySettings> identityOptions) { this.serviceScopeFactory = serviceScopeFactory; this.settings = identityOptions.Value; }
private string GetUpParty(IdentitySettings settings, LoginType loginType) { switch (loginType) { case LoginType.FoxIDsLogin: return(settings.FoxIDsLoginUpParty); case LoginType.ParallelFoxIDs: return(settings.ParallelFoxIDsUpParty); case LoginType.IdentityServer: return(settings.IdentityServerUpParty); case LoginType.AzureAd: return(settings.AzureAdUpParty); case LoginType.SamlIdPSample: return(settings.SamlIdPSampleUpParty); case LoginType.SamlIdPAdfs: return(settings.SamlIdPAdfsUpParty); default: throw new NotImplementedException("LoginType not implemented."); } }
//private readonly AppUserClaimsPrincipleFactory claimsPrincipleFactory; public JwtService(IOptions <IdentitySettings> siteSetting, AppUserManager userManager, IUserClaimsPrincipalFactory <User> claimsPrincipal, IUnitOfWork unitOfWork) { _siteSetting = siteSetting.Value; _userManager = userManager; _claimsPrincipal = claimsPrincipal; _unitOfWork = unitOfWork; }
public static void AddCustomIdentity(this IServiceCollection services, IdentitySettings settings) { services.AddIdentity <User, Role>(identityOptions => { //Password Settings identityOptions.Password.RequireDigit = settings.PasswordRequireDigit; identityOptions.Password.RequiredLength = settings.PasswordRequiredLength; identityOptions.Password.RequireNonAlphanumeric = settings.PasswordRequireNonAlphanumeric; //#@! identityOptions.Password.RequireUppercase = settings.PasswordRequireUppercase; identityOptions.Password.RequireLowercase = settings.PasswordRequireLowercase; //UserName Settings identityOptions.User.RequireUniqueEmail = settings.RequireUniqueEmail; //Singin Settings //identityOptions.SignIn.RequireConfirmedEmail = false; //identityOptions.SignIn.RequireConfirmedPhoneNumber = false; //Lockout Settings //identityOptions.Lockout.MaxFailedAccessAttempts = 5; //identityOptions.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5); //identityOptions.Lockout.AllowedForNewUsers = false; }) .AddEntityFrameworkStores <ApplicationDbContext>() .AddDefaultTokenProviders(); }
public DbLoggerProvider( IdentitySettings siteSettings, IServiceProvider serviceProvider) { _serviceProvider = serviceProvider ?? throw new ArgumentNullException(nameof(_serviceProvider)); _siteSettings = siteSettings ?? throw new ArgumentNullException(nameof(_siteSettings)); _outputTask = Task.Run(processLogQueue); }
private static void AddAudience(IdentitySettings settings, string rootUrl) { foreach (var audience in settings.Audiences) { FederatedAuthentication.FederationConfiguration.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris .Add(new Uri(string.Format(audience, rootUrl))); } }
private static void SetIssuer(IdentitySettings settings, IdentityConfiguration identitySettings) { var issuers = new ConfigurationBasedIssuerNameRegistry(); issuers.AddTrustedIssuer(ThumbprintResolver.ResolveThumbprint(settings.Thumbprint, settings.IssuerAddress), settings.IssuerAddress); Logging.DebugMessage("Issuer settings configured"); identitySettings.IssuerNameRegistry = issuers; Logging.DebugMessage("Issuer name registry is added"); }
public Handler(ZSocket zsck, IOptions <IdentitySettings> identitySettings, ZCryptography zCryptography, AuthService authService) { _zsck = zsck; _identitySettings = identitySettings.Value; _zCryptography = zCryptography; _authService = authService; }
void ConfigureAuthentication(IServiceCollection services) { var identitySettings = new IdentitySettings(Configuration); services.AddSingleton(identitySettings); JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); //Set Up Authentication Handlers and Services services.AddAuthentication(options => { //Request User Authentication using OpenId Connect options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => { options.LoginPath = new PathString(identitySettings.LoginPath); }) .AddOpenIdConnect( // By default OpenIdConnectDefaults.AuthenticationScheme options => { options.Authority = identitySettings.Issuer; options.SaveTokens = true; options.ClientId = identitySettings.ClientId; options.ClientSecret = identitySettings.ClientSecret; options.ResponseType = identitySettings.ResponseType; options.RequireHttpsMetadata = true; options.GetClaimsFromUserInfoEndpoint = true; options.TokenValidationParameters.NameClaimType = "given_name"; options.TokenValidationParameters.RoleClaimType = "role"; options.ClaimActions.DeleteClaim("s_hash"); var scopes = identitySettings.Scopes.Split(','); foreach (var scope in scopes) { options.Scope.Add(scope); } options.Events = new OpenIdConnectEvents() { OnRemoteFailure = context => { if (context.Failure.Data["error"].Equals("access_denied")) { context.Response.Redirect("/Account/AccessDenied?error=Access_Denied"); context.HandleResponse(); } return(Task.FromResult(0)); } }; }); services.AddHttpClient("apiClient", options => { options.BaseAddress = new Uri(Configuration["ApiUrl"]); }); }
public UsersPhotoService( IHttpContextAccessor contextAccessor, IWebHostEnvironment hostingEnvironment, IdentitySettings siteSettings) { _contextAccessor = contextAccessor ?? throw new ArgumentNullException(nameof(_contextAccessor)); _hostingEnvironment = hostingEnvironment ?? throw new ArgumentNullException(nameof(_hostingEnvironment)); _siteSettings = siteSettings ?? throw new ArgumentNullException(nameof(_siteSettings)); }
public UserService(IVerveIdentityService <UserAccount> identityService, UserManager <UserAccount> userManager, SignInManager <UserAccount> signInManager, IOptionsMonitor <IdentitySettings> identityOptions) { _identityService = identityService; _userManager = userManager; _signInManager = signInManager; _identitySettings = identityOptions.CurrentValue; }
private static void ConfigureFederationSettings(IdentitySettings settings, string rootUrl) { var federationSettings = FederatedAuthentication.FederationConfiguration.WsFederationConfiguration; federationSettings.PassiveRedirectEnabled = (ConfigurationManagerHelper.GetValueOnKey("stardust.AllowAnonymous") == "true" || ConfigurationManagerHelper.GetValueOnKey("stardust.AllowAnonymous").IsNullOrWhiteSpace()); federationSettings.Realm = string.Format(settings.Realm, rootUrl); federationSettings.Issuer = settings.IssuerAddress; federationSettings.RequireHttps = settings.RequireHttps; FederatedAuthentication.FederationConfiguration.CookieHandler.RequireSsl = settings.RequireHttps; Logging.DebugMessage("Federation settings configured"); }
public static void InitializeUsersData(IServiceProvider app, IdentitySettings settings) { using (var scope = app.GetRequiredService <IServiceScopeFactory>().CreateScope()) { TryMigrate(scope); TrySeedRoles(scope); #if DEBUG TrySeedLocalDevelopmentEnvironmentAsync(scope).GetAwaiter().GetResult(); #endif } }
public IdentityDataSeeder( UserManager <User> userManager, RoleManager <IdentityRole> roleManager, IOptions <ApplicationSettings> applicationSettings, IOptions <IdentitySettings> identitySettings) { this.userManager = userManager; this.roleManager = roleManager; this.applicationSettings = applicationSettings.Value; this.identitySettings = identitySettings.Value; }
public RequestAccountVerificationCommandHandler(IOptions <IdentitySettings> identitySettings, IClock clock, IUserRepository userRepository) { if (identitySettings == null) { throw new ArgumentNullException(nameof(identitySettings)); } this._identitySettings = identitySettings.Value; this._clock = clock ?? throw new ArgumentNullException(nameof(clock)); this._userRepository = userRepository ?? throw new ArgumentNullException(nameof(userRepository)); }
public AuthenticationController(UserService userService, TokenService tokenService, IMailer mailer, IOptions <CommonSettings> commonSettings) { _mailer = mailer; _tokenService = tokenService; _baseApplicationPath = commonSettings.Value.BaseApplicationPath; _identitySettings = commonSettings.Value.IdentitySettings; _userService = userService; }
public DbLogger(string loggerName, DbLoggerProvider loggerProvider, IServiceProvider serviceProvider, IdentitySettings siteSettings ) { _loggerName = loggerName ?? throw new ArgumentNullException(nameof(loggerName)); _minLevel = _siteSettings.Logging.LogLevel.Default; _serviceProvider = serviceProvider ?? throw new ArgumentNullException(nameof(serviceProvider)); _loggerProvider = loggerProvider ?? throw new ArgumentNullException(nameof(loggerProvider)); _siteSettings = siteSettings ?? throw new ArgumentNullException(nameof(siteSettings)); }
public LoginController(IApplicationSignInManager signInManager, IApplicationUserManager userManager, IApplicationRoleManager roleManager, IdentitySettings siteSettings, ILogger <LoginController> logger) { _signInManager = signInManager ?? throw new ArgumentNullException(nameof(signInManager)); _userManager = userManager ?? throw new ArgumentNullException(nameof(userManager)); _roleManager = roleManager ?? throw new ArgumentNullException(nameof(roleManager)); _siteSettings = siteSettings ?? throw new ArgumentNullException(nameof(siteSettings)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); }
public FirstRun([NotNull] IMediator mediator, [NotNull] IOptions <IdentitySettings> identitySettings, [NotNull] IUserQueries userQueries) { if (identitySettings == null) { throw new ArgumentNullException(nameof(identitySettings)); } this._mediator = mediator ?? throw new ArgumentNullException(nameof(mediator)); this._userQueries = userQueries ?? throw new ArgumentNullException(nameof(userQueries)); this._identitySettings = identitySettings.Value; }
public static void AddIdentity(this IServiceCollection services, IConfiguration configuration) { services.Configure <IdentitySettings>(options => configuration.GetSection("IdentitySettings").Bind(options)); IdentitySettings identitySettings = configuration.GetSection(nameof(IdentitySettings)).Get <IdentitySettings>(); services.AddMvc(options => { var policy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .Build(); options.Filters.Add(new AuthorizeFilter(policy)); }).SetCompatibilityVersion(CompatibilityVersion.Version_2_2); services.AddIdentity <Trader, IdentityRole <int> >(options => { // Password settings. options.Password.RequireDigit = identitySettings.PasswordRequireDigit; options.Password.RequireLowercase = identitySettings.PasswordRequireLowercase; options.Password.RequireNonAlphanumeric = identitySettings.PasswordRequireNonAlphanumic; options.Password.RequireUppercase = identitySettings.PasswordRequireUppercase; options.Password.RequiredLength = identitySettings.PasswordRequiredLength; options.Password.RequiredUniqueChars = 1; // Lockout settings. options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30); options.Lockout.MaxFailedAccessAttempts = 5; options.Lockout.AllowedForNewUsers = true; // User settings. options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+"; options.User.RequireUniqueEmail = true; // Set emailed token for both options.Tokens.PasswordResetTokenProvider = TokenOptions.DefaultEmailProvider; options.Tokens.EmailConfirmationTokenProvider = TokenOptions.DefaultEmailProvider; }) .AddEntityFrameworkStores <JwtauthContext>() .AddDefaultTokenProviders(); services.AddAuthorization(options => { options.AddPolicy("AllTraders", builder => builder.RequireAuthenticatedUser().Build()); options.AddPolicy("SkilledTraders", policy => policy.Requirements.Add(new MinimumExperienceRequirement(1))); options.AddPolicy("TraderManagers", policy => policy.Requirements.Add(new MinimumExperienceRequirement(5))); }); services.AddSingleton <IAuthorizationHandler, ExperiencedTraderHandler>(); services.Configure <SendGridSettings>(options => configuration.GetSection("SendGridSettings").Bind(options)); services.AddTransient <IEmailSender, EmailSender>(); }