Example #1
0
        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            ConfigureMisc(services);
            ConfigureCors(services);
            ConfigureOData(services);

            ApiSecurityOptions apiSecurityOptions = ReadApiSecurityOptions();

            ConfigureSwagger(services, apiSecurityOptions);
            ConfigureAuth(services, apiSecurityOptions);
        }
Example #2
0
        private static void ConfigureAuth(
            IServiceCollection services,
            ApiSecurityOptions apiSecurityOptions)
        {
            // https://identityserver4.readthedocs.io/en/latest/topics/apis.html
            services
            .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                // base-address of your identityserver
                options.Authority = apiSecurityOptions.Authority;

                // if you are using API resources, you can specify the name here
                options.Audience = apiSecurityOptions.Audience;
            });
        }
Example #3
0
        private static OpenApiSecurityRequirement ConfigureSecurityRequirement(ApiSecurityOptions options)
        {
            if (_requirement == null)
            {
                _requirement = new OpenApiSecurityRequirement
                {
                    {
                        _scheme,
                        new[]
                        {
                            options.Audience
                        }
                    }
                };
            }

            return(_requirement);
        }
Example #4
0
        private static void ConfigureSwagger(
            IServiceCollection services,
            ApiSecurityOptions apiSecurityOptions)
        {
            services.AddTransient <IConfigureOptions <SwaggerGenOptions>, ConfigureSwaggerOptions>();

            services.AddSwaggerGen(
                options =>
            {
                // add a custom operation filter which sets default values
                options.OperationFilter <SwaggerDefaultValues>();
                options.OperationFilter <AuthorizeCheckOperationFilter>();

                // integrate xml comments
                options.IncludeXmlComments(XmlCommentsFilePath);

                options.AddSecurityDefinition(
                    ApiInfo.SchemeOauth2,
                    ConfigureSecurityDefinitionScheme(apiSecurityOptions));
            });
        }
Example #5
0
        private static OpenApiSecurityScheme ConfigureSecurityDefinitionScheme(
            ApiSecurityOptions apiSecurityOptions)
        {
            OpenApiOAuthFlow authCodeFlow = new OpenApiOAuthFlow
            {
                AuthorizationUrl = new Uri($"{apiSecurityOptions.Authority}/connect/authorize"),
                TokenUrl         = new Uri($"{apiSecurityOptions.Authority}/connect/token"),
                Scopes           = new Dictionary <string, string>
                {
                    { apiSecurityOptions.Audience, "Api access" }
                }
            };

            return(new OpenApiSecurityScheme
            {
                Type = SecuritySchemeType.OAuth2,
                Flows = new OpenApiOAuthFlows
                {
                    AuthorizationCode = authCodeFlow
                }
            });
        }