Example #1
0
        public static OpenIddictBuilder UseNWebsec(
            [NotNull] this OpenIddictBuilder builder,
            [NotNull] Action <IFluentCspOptions> configuration)
        {
            if (builder == null)
            {
                throw new ArgumentNullException(nameof(builder));
            }

            if (configuration == null)
            {
                throw new ArgumentNullException(nameof(configuration));
            }

            return(builder.AddModule("NWebsec", 5, app => {
                // Insert a new middleware responsible of setting the Content-Security-Policy header.
                // See https://nwebsec.codeplex.com/wikipage?title=Configuring%20Content%20Security%20Policy&referringTitle=NWebsec
                app.UseCsp(configuration);

                // Insert a new middleware responsible of setting the X-Content-Type-Options header.
                // See https://nwebsec.codeplex.com/wikipage?title=Configuring%20security%20headers&referringTitle=NWebsec
                app.UseXContentTypeOptions();

                // Insert a new middleware responsible of setting the X-Frame-Options header.
                // See https://nwebsec.codeplex.com/wikipage?title=Configuring%20security%20headers&referringTitle=NWebsec
                app.UseXfo(options => options.Deny());

                // Insert a new middleware responsible of setting the X-Xss-Protection header.
                // See https://nwebsec.codeplex.com/wikipage?title=Configuring%20security%20headers&referringTitle=NWebsec
                app.UseXXssProtection(options => options.EnabledWithBlockMode());
            }));
        }
        public static OpenIddictBuilder UseAssets([NotNull] this OpenIddictBuilder builder)
        {
            if (builder == null)
            {
                throw new ArgumentNullException(nameof(builder));
            }

            return(builder.AddModule("Assets", -20, app => app.UseStaticFiles(new StaticFileOptions {
                FileProvider = new EmbeddedFileProvider(
                    assembly: Assembly.Load(new AssemblyName("OpenIddict.Assets")),
                    baseNamespace: "OpenIddict.Assets")
            })));
        }
Example #3
0
        public static OpenIddictBuilder UseCors(
            [NotNull] this OpenIddictBuilder builder,
            [NotNull] Action <CorsPolicyBuilder> configuration)
        {
            if (builder == null)
            {
                throw new ArgumentNullException(nameof(builder));
            }

            if (configuration == null)
            {
                throw new ArgumentNullException(nameof(configuration));
            }

            builder.AddModule("CORS", -10, map => map.UseCors(configuration));

            return(builder);
        }
        public static IApplicationBuilder UseOpenIddictCore(
            [NotNull] this IApplicationBuilder app,
            [NotNull] Action <OpenIddictBuilder> configuration)
        {
            if (app == null)
            {
                throw new ArgumentNullException(nameof(app));
            }

            if (configuration == null)
            {
                throw new ArgumentNullException(nameof(configuration));
            }

            var builder = new OpenIddictBuilder();

            // Resolve the OpenIddict provider from the services container.
            builder.Options.Provider = app.ApplicationServices.GetRequiredService <IOpenIdConnectServerProvider>();

            // By default, enable AllowInsecureHttp in development/testing environments.
            var environment = app.ApplicationServices.GetRequiredService <IHostingEnvironment>();

            builder.Options.AllowInsecureHttp = environment.IsDevelopment() || environment.IsEnvironment("Testing");

            // Run the configuration delegate
            // provided by the application.
            configuration.Invoke(builder);

            // Add OpenIdConnectServerMiddleware to the ASP.NET Core pipeline.
            builder.AddModule("ASOS", 0, map => map.UseOpenIdConnectServer(builder.Options));

            // Register the OpenIddict modules in the ASP.NET Core pipeline.
            foreach (var module in builder.Modules.OrderBy(module => module.Position))
            {
                if (module.Registration == null)
                {
                    throw new InvalidOperationException("The registration delegate cannot be null.");
                }

                module.Registration(app);
            }

            return(app);
        }
Example #5
0
        public static OpenIddictBuilder UseMvc([NotNull] this OpenIddictBuilder builder)
        {
            if (builder == null)
            {
                throw new ArgumentNullException(nameof(builder));
            }

            // Run MVC in an isolated environment.
            return(builder.AddModule("MVC", 10, app => app.Isolate(map => map.UseMvc(routes => {
                // Register the actions corresponding to the authorization endpoint.
                if (builder.Options.AuthorizationEndpointPath.HasValue)
                {
                    routes.MapRoute("{D97891B4}", builder.Options.AuthorizationEndpointPath.Value.Substring(1), new {
                        controller = "OpenIddict", action = nameof(OpenIddictController <object, object> .Authorize)
                    });

                    routes.MapRoute("{7148DB83}", builder.Options.AuthorizationEndpointPath.Value.Substring(1) + "/accept", new {
                        controller = "OpenIddict", action = nameof(OpenIddictController <object, object> .Accept)
                    });

                    routes.MapRoute("{23438BCC}", builder.Options.AuthorizationEndpointPath.Value.Substring(1) + "/deny", new {
                        controller = "OpenIddict", action = nameof(OpenIddictController <object, object> .Deny)
                    });
                }

                // Register the action corresponding to the logout endpoint.
                if (builder.Options.LogoutEndpointPath.HasValue)
                {
                    routes.MapRoute("{C7DB102A}", builder.Options.LogoutEndpointPath.Value.Substring(1), new {
                        controller = "OpenIddict", action = nameof(OpenIddictController <object, object> .Logout)
                    });
                }
            }), services => {
                var configuration = app.ApplicationServices.GetRequiredService <OpenIddictConfiguration>();

                services.AddMvc()
                // Note: ConfigureApplicationPartManager() must be
                // called before AddControllersAsServices().
                .ConfigureApplicationPartManager(manager => {
                    manager.ApplicationParts.Clear();
                    manager.ApplicationParts.Add(new OpenIddictPart(configuration));
                })

                .AddControllersAsServices()

                // Add an OpenIddict-specific convention to ensure that the generic
                // OpenIddictController gets an appropriate controller name.
                .AddMvcOptions(options => options.Conventions.Add(new OpenIddictConvention()))

                .AddRazorOptions(options => {
                    // Update the Razor options to also use an embedded file provider that
                    // falls back to the current assembly when searching for views.
                    options.FileProviders.Add(new EmbeddedFileProvider(
                                                  assembly: typeof(OpenIddictController <,>).GetTypeInfo().Assembly,
                                                  baseNamespace: typeof(OpenIddictController <,>).Namespace));
                });

                // Register the user manager in the isolated container.
                services.AddScoped(typeof(OpenIddictManager <,>).MakeGenericType(configuration.UserType, configuration.ApplicationType), provider => {
                    var accessor = provider.GetRequiredService <IHttpContextAccessor>();
                    var container = (IServiceProvider)accessor.HttpContext.Items[typeof(IServiceProvider)];
                    Debug.Assert(container != null);

                    // Resolve the user manager from the parent container.
                    return container.GetRequiredService(typeof(OpenIddictManager <,>).MakeGenericType(configuration.UserType, configuration.ApplicationType));
                });

                // Register the services context in the isolated container.
                services.AddScoped(typeof(OpenIddictServices <,>).MakeGenericType(configuration.UserType, configuration.ApplicationType), provider => {
                    var accessor = provider.GetRequiredService <IHttpContextAccessor>();
                    var container = (IServiceProvider)accessor.HttpContext.Items[typeof(IServiceProvider)];
                    Debug.Assert(container != null);

                    // Resolve the services context from the parent container.
                    return container.GetRequiredService(typeof(OpenIddictServices <,>).MakeGenericType(configuration.UserType, configuration.ApplicationType));
                });

                // Register the sign-in manager in the isolated container.
                services.AddScoped(typeof(SignInManager <>).MakeGenericType(configuration.UserType), provider => {
                    var accessor = provider.GetRequiredService <IHttpContextAccessor>();
                    var container = (IServiceProvider)accessor.HttpContext.Items[typeof(IServiceProvider)];
                    Debug.Assert(container != null);

                    // Resolve the sign-in manager from the parent container.
                    return container.GetRequiredService(typeof(SignInManager <>).MakeGenericType(configuration.UserType));
                });

                // Register the user manager in the isolated container.
                services.AddScoped(typeof(UserManager <>).MakeGenericType(configuration.UserType), provider => {
                    var accessor = provider.GetRequiredService <IHttpContextAccessor>();
                    var container = (IServiceProvider)accessor.HttpContext.Items[typeof(IServiceProvider)];
                    Debug.Assert(container != null);

                    // Resolve the user manager from the parent container.
                    return container.GetRequiredService(typeof(UserManager <>).MakeGenericType(configuration.UserType));
                });

                // Register the compilation service in the isolated container.
                services.AddScoped(provider => {
                    var accessor = provider.GetRequiredService <IHttpContextAccessor>();
                    var container = (IServiceProvider)accessor.HttpContext.Items[typeof(IServiceProvider)];
                    Debug.Assert(container != null);

                    // Resolve the compilation service from the parent container.
                    return container.GetRequiredService <ICompilationService>();
                });

                // Register the options in the isolated container.
                services.AddSingleton(Options.Create(builder.Options));
            })));
        }