public static IIdentityServerBuilder AddCustomIdentityServerServices(
this IServiceCollection services, IWebHostEnvironment env, GlobalSettings globalSettings)
{
var issuerUri = new Uri(globalSettings.BaseServiceUri.InternalIdentity);
var identityServerBuilder = services
.AddIdentityServer(options =>
{
options.Endpoints.EnableAuthorizeEndpoint = false;
options.Endpoints.EnableIntrospectionEndpoint = false;
options.Endpoints.EnableEndSessionEndpoint = false;
options.Endpoints.EnableUserInfoEndpoint = false;
options.Endpoints.EnableCheckSessionEndpoint = false;
options.Endpoints.EnableTokenRevocationEndpoint = false;
options.IssuerUri = $"{issuerUri.Scheme}://{issuerUri.Host}";
options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0);
})
.AddInMemoryCaching()
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddClientStoreCache <ClientStore>();
if (env.IsDevelopment())
{
identityServerBuilder.AddDeveloperSigningCredential(false);
}
else if (globalSettings.SelfHosted &&
CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword) &&
File.Exists("identity.pfx"))
{
var identityServerCert = CoreHelpers.GetCertificate("identity.pfx",
globalSettings.IdentityServer.CertificatePassword);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificateThumbprint))
{
var identityServerCert = CoreHelpers.GetCertificate(
globalSettings.IdentityServer.CertificateThumbprint);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else if (!globalSettings.SelfHosted &&
CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString) &&
CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword))
{
var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString);
var identityServerCert = CoreHelpers.GetBlobCertificateAsync(storageAccount, "certificates",
"identity.pfx", globalSettings.IdentityServer.CertificatePassword).GetAwaiter().GetResult();
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else
{
throw new Exception("No identity certificate to use.");
}
services.AddTransient <ClientStore>();
services.AddTransient <ICorsPolicyService, AllowAllCorsPolicyService>();
services.AddScoped <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddScoped <IProfileService, ProfileService>();
services.AddSingleton <IPersistedGrantStore, PersistedGrantStore>();
return(identityServerBuilder);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddInMemoryClients(Clients.GetClients());
}
public static IIdentityServerBuilder AddCustomIdentityServerServices(
this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings)
{
var identityServerBuilder = services
.AddIdentityServer(options =>
{
options.Endpoints.EnableAuthorizeEndpoint = false;
options.Endpoints.EnableIntrospectionEndpoint = false;
options.Endpoints.EnableEndSessionEndpoint = false;
options.Endpoints.EnableUserInfoEndpoint = false;
options.Endpoints.EnableCheckSessionEndpoint = false;
options.Endpoints.EnableTokenRevocationEndpoint = false;
})
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddInMemoryClients(Clients.GetClients());
services.AddTransient <ICorsPolicyService, AllowAllCorsPolicyService>();
if (env.IsProduction())
{
var identityServerCert = CoreHelpers.GetCertificate(globalSettings.IdentityServer.CertificateThumbprint);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else
{
identityServerBuilder.AddTemporarySigningCredential();
}
services.AddScoped <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddScoped <IProfileService, ProfileService>();
services.AddSingleton <IPersistedGrantStore, PersistedGrantStore>();
return(identityServerBuilder);
}
public static IIdentityServerBuilder AddCustomIdentityServerServices(IServiceCollection services,
IWebHostEnvironment env, GlobalSettings globalSettings)
{
services.AddTransient <IAuthorizationCodeStore, AuthorizationCodeStore>();
var issuerUri = new Uri(globalSettings.BaseServiceUri.InternalIdentity);
var identityServerBuilder = services
.AddIdentityServer(options =>
{
options.Endpoints.EnableIntrospectionEndpoint = false;
options.Endpoints.EnableEndSessionEndpoint = false;
options.Endpoints.EnableUserInfoEndpoint = false;
options.Endpoints.EnableCheckSessionEndpoint = false;
options.Endpoints.EnableTokenRevocationEndpoint = false;
options.IssuerUri = $"{issuerUri.Scheme}://{issuerUri.Host}";
options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0);
if (env.IsDevelopment())
{
options.Authentication.CookieSameSiteMode = Microsoft.AspNetCore.Http.SameSiteMode.Unspecified;
}
})
.AddInMemoryCaching()
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddInMemoryApiScopes(ApiScopes.GetApiScopes())
.AddClientStoreCache <ClientStore>()
.AddCustomTokenRequestValidator <CustomTokenRequestValidator>()
.AddProfileService <ProfileService>()
.AddResourceOwnerValidator <ResourceOwnerPasswordValidator>()
.AddPersistedGrantStore <PersistedGrantStore>()
.AddClientStore <ClientStore>()
.AddIdentityServerCertificate(env, globalSettings);
services.AddTransient <ICorsPolicyService, CustomCorsPolicyService>();
return(identityServerBuilder);
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddTemporarySigningCredential()
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddInMemoryClients(Clients.GetClients())
.AddTestUsers(TestUsers.GetUsers());
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddIdentityServer()
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddInMemoryClients(Clients.GetClients())
.AddDeveloperSigningCredential();
services.AddTransient <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddTransient <IProfileService, ProfileService>();
services.AddTransient <IUserRepository, UserRepository>();
services.AddDbContext <UserContext>();
}
public static IIdentityServerBuilder AddCustomIdentityServerServices(
this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings)
{
var identityServerBuilder = services
.AddIdentityServer(options =>
{
options.Endpoints.EnableAuthorizeEndpoint = false;
options.Endpoints.EnableIntrospectionEndpoint = false;
options.Endpoints.EnableEndSessionEndpoint = false;
options.Endpoints.EnableUserInfoEndpoint = false;
options.Endpoints.EnableCheckSessionEndpoint = false;
options.Endpoints.EnableTokenRevocationEndpoint = false;
options.IssuerUri = globalSettings.BaseServiceUri.InternalIdentity;
options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0);
})
.AddInMemoryCaching()
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddClientStoreCache <ClientStore>();
if (env.IsDevelopment())
{
identityServerBuilder.AddDeveloperSigningCredential(false);
}
else if (!string.IsNullOrWhiteSpace(globalSettings.IdentityServer.CertificatePassword) &&
File.Exists("identity.pfx"))
{
var identityServerCert = CoreHelpers.GetCertificate("identity.pfx",
globalSettings.IdentityServer.CertificatePassword);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else if (!string.IsNullOrWhiteSpace(globalSettings.IdentityServer.CertificateThumbprint))
{
var identityServerCert = CoreHelpers.GetCertificate(globalSettings.IdentityServer.CertificateThumbprint);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else
{
throw new Exception("No identity certificate to use.");
}
services.AddTransient <ClientStore>();
services.AddTransient <ICorsPolicyService, AllowAllCorsPolicyService>();
services.AddScoped <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddScoped <IProfileService, ProfileService>();
services.AddSingleton <IPersistedGrantStore, PersistedGrantStore>();
return(identityServerBuilder);
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(IdentResources.GetIdentityResources())
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddInMemoryClients(Clients.GetClients())
.AddTestUsers(Users.GetUsers());
services.AddCors(options =>
{
// this defines a CORS policy called "default"
options.AddPolicy("default", policy =>
{
policy.WithOrigins("http://localhost:5504")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
ConfigureDatabaseServices(services);
services.AddSingleton <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddSingleton <IProfileService, ProfileService>();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(new IdentityResource[]
{
new IdentityResources.OpenId()
})
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddInMemoryClients(Clients.Get())
.AddJwtBearerClientAuthentication()
.AddProfileService <ProfileService>();
// local api endpoint
services.AddLocalApiAuthentication();
}
public void ConfigureServices(IServiceCollection services)
{
var provider = services.BuildServiceProvider();
// Options
services.AddOptions();
// Settings
var globalSettings = new GlobalSettings();
ConfigurationBinder.Bind(Configuration.GetSection("GlobalSettings"), globalSettings);
services.AddSingleton(s => globalSettings);
services.Configure <IpRateLimitOptions>(Configuration.GetSection("IpRateLimitOptions"));
services.Configure <IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies"));
// Repositories
services.AddSingleton <IUserRepository, SqlServerRepos.UserRepository>();
services.AddSingleton <ICipherRepository, SqlServerRepos.CipherRepository>();
services.AddSingleton <IDeviceRepository, SqlServerRepos.DeviceRepository>();
services.AddSingleton <IGrantRepository, SqlServerRepos.GrantRepository>();
services.AddSingleton <IOrganizationRepository, SqlServerRepos.OrganizationRepository>();
services.AddSingleton <IOrganizationUserRepository, SqlServerRepos.OrganizationUserRepository>();
services.AddSingleton <ISubvaultRepository, SqlServerRepos.SubvaultRepository>();
services.AddSingleton <ISubvaultUserRepository, SqlServerRepos.SubvaultUserRepository>();
services.AddSingleton <IFolderRepository, SqlServerRepos.FolderRepository>();
// Context
services.AddScoped <CurrentContext>();
// Caching
services.AddMemoryCache();
// Rate limiting
services.AddSingleton <IIpPolicyStore, MemoryCacheIpPolicyStore>();
services.AddSingleton <IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
// IdentityServer
var identityServerBuilder = services.AddIdentityServer(options =>
{
options.Endpoints.EnableAuthorizeEndpoint = false;
options.Endpoints.EnableIntrospectionEndpoint = false;
options.Endpoints.EnableEndSessionEndpoint = false;
options.Endpoints.EnableUserInfoEndpoint = false;
options.Endpoints.EnableCheckSessionEndpoint = false;
options.Endpoints.EnableTokenRevocationEndpoint = false;
})
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddInMemoryClients(Clients.GetClients());
services.AddTransient <ICorsPolicyService, AllowAllCorsPolicyService>();
if (Environment.IsProduction())
{
var identityServerCert = CoreHelpers.GetCertificate(globalSettings.IdentityServer.CertificateThumbprint);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else
{
identityServerBuilder.AddTemporarySigningCredential();
}
services.AddScoped <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddScoped <IProfileService, ProfileService>();
services.AddSingleton <IPersistedGrantStore, PersistedGrantStore>();
// Identity
services.AddTransient <ILookupNormalizer, LowerInvariantLookupNormalizer>();
services.AddJwtBearerIdentity(options =>
{
options.User = new UserOptions
{
RequireUniqueEmail = true,
AllowedUserNameCharacters = null // all
};
options.Password = new PasswordOptions
{
RequireDigit = false,
RequireLowercase = false,
RequiredLength = 8,
RequireNonAlphanumeric = false,
RequireUppercase = false
};
options.ClaimsIdentity = new ClaimsIdentityOptions
{
SecurityStampClaimType = "securitystamp",
UserNameClaimType = ClaimTypes.Email
};
options.Tokens.ChangeEmailTokenProvider = TokenOptions.DefaultEmailProvider;
}, jwtBearerOptions =>
{
jwtBearerOptions.Audience = "bitwarden";
jwtBearerOptions.Issuer = "bitwarden";
jwtBearerOptions.TokenLifetime = TimeSpan.FromDays(10 * 365);
jwtBearerOptions.TwoFactorTokenLifetime = TimeSpan.FromMinutes(10);
var keyBytes = Encoding.ASCII.GetBytes(globalSettings.JwtSigningKey);
jwtBearerOptions.SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(keyBytes), SecurityAlgorithms.HmacSha256);
})
.AddUserStore <UserStore>()
.AddRoleStore <RoleStore>()
.AddTokenProvider <AuthenticatorTokenProvider>(TwoFactorProviderType.Authenticator.ToString())
.AddTokenProvider <EmailTokenProvider <User> >(TokenOptions.DefaultEmailProvider);
var jwtIdentityOptions = provider.GetRequiredService <IOptions <JwtBearerIdentityOptions> >().Value;
services.AddAuthorization(config =>
{
config.AddPolicy("Application", policy =>
{
policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2");
policy.RequireAuthenticatedUser();
policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.AuthenticationMethod);
});
config.AddPolicy("TwoFactor", policy =>
{
policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme, "Bearer2");
policy.RequireAuthenticatedUser();
policy.RequireClaim(ClaimTypes.AuthenticationMethod, jwtIdentityOptions.TwoFactorAuthenticationMethod);
});
});
services.AddScoped <AuthenticatorTokenProvider>();
// Services
services.AddSingleton <IMailService, SendGridMailService>();
services.AddSingleton <ICipherService, CipherService>();
services.AddScoped <IUserService, UserService>();
services.AddScoped <IPushService, PushSharpPushService>();
services.AddScoped <IDeviceService, DeviceService>();
services.AddScoped <IBlockIpService, AzureQueueBlockIpService>();
services.AddScoped <IOrganizationService, OrganizationService>();
// Cors
services.AddCors(config =>
{
config.AddPolicy("All", policy =>
policy.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin().SetPreflightMaxAge(TimeSpan.FromDays(1)));
});
// MVC
services.AddMvc(config =>
{
config.Filters.Add(new ExceptionHandlerFilterAttribute());
config.Filters.Add(new ModelStateValidationFilterAttribute());
// Allow JSON of content type "text/plain" to avoid cors preflight
var textPlainMediaType = MediaTypeHeaderValue.Parse("text/plain");
foreach (var jsonFormatter in config.InputFormatters.OfType <JsonInputFormatter>())
{
jsonFormatter.SupportedMediaTypes.Add(textPlainMediaType);
}
}).AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());
}