public static void AddCustomSiginingCertificate(
this IIdentityServerBuilder builder,
IHostingEnvironment env)
{
if (env.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
builder.AddDeveloperSigningCredential();
}
}
public static IIdentityServerBuilder AddCertificate(this IIdentityServerBuilder builder, bool isDevelopment, string certificateConfigKey)
{
if (isDevelopment || string.IsNullOrWhiteSpace(certificateConfigKey))
{
return(builder.AddDeveloperSigningCredential());
}
else
{
X509Certificate2 cert = null;
using (X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
certificateConfigKey,
false
);
if (certCollection.Count > 0)
{
cert = certCollection[0];
}
}
return(builder.AddSigningCredential(cert));
}
}
/// <summary>
/// 重写以实现 AddIdentityServer4 之后的构建逻辑
/// </summary>
/// <param name="builder"></param>
protected override IIdentityServerBuilder AddIdentityServerBuilder(IIdentityServerBuilder builder)
{
// 对客户端、资源和CORS设置的配置存储支持
return(builder.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryClients(Config.GetClients()));
//return builder.AddConfigurationStore(options =>
// {
// options.ConfigureDbContext = builder =>
// builder.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"),
// sql => sql.MigrationsAssembly("IdentitySample3"));
// })
// // 对授权授予、同意和令牌的操作存储支持(刷新和引用)
// .AddOperationalStore(options =>
// {
// options.ConfigureDbContext = builder =>
// builder.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"),
// sql => sql.MigrationsAssembly("IdentitySample3"));
// // 指示是否将自动清除数据库中的陈旧项。默认情况是false
// options.EnableTokenCleanup = true;
// // 令牌清理间隔(以秒为单位)。默认为3600(1小时)
// options.TokenCleanupInterval = 30;
// });
}
/// <summary>
/// 重写以实现 AddIdentityServer 之后的构建逻辑
/// </summary>
/// <param name="builder"></param>
/// <returns></returns>
protected override IIdentityServerBuilder AddIdentityServerBuild(IIdentityServerBuilder builder, IServiceCollection services)
{
return(builder.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(IdentityServer4Config.GetIdentityResources())
.AddInMemoryApiResources(IdentityServer4Config.GetApis())
.AddInMemoryClients(IdentityServer4Config.GetClients()));
////持久化
////IConfiguration configuration = services.GetConfiguration();
////Add-Migration InitialIdentityServerPersistedGrantDbMigration -c PersistedGrantDbContext -o Data/Migrations/IdentityServer/PersistedGrantDb
////Add-Migration InitialIdentityServerConfigurationDbMigration -c ConfigurationDbContext -o Data/Migrations/IdentityServer/ConfigurationDb
////IConfigurationSection section = configuration.GetSection("OSharp:Idxxxxxx");
//string entryAssemblyName = Assembly.GetExecutingAssembly().GetName().Name;
//return builder
// // this adds the config data from DB (clients, resources)
// .AddConfigurationStore(options =>
// {
// options.ConfigureDbContext = build =>
// build.UseSqlServer("",
// sql => sql.MigrationsAssembly(entryAssemblyName));
// })
// // this adds the operational data from DB (codes, tokens, consents)
// .AddOperationalStore(options =>
// {
// options.ConfigureDbContext = build =>
// build.UseSqlServer("",
// sql => sql.MigrationsAssembly(entryAssemblyName));
// // this enables automatic token cleanup. this is optional.
// options.EnableTokenCleanup = true;
// options.TokenCleanupInterval = 30; // interval in seconds
// });
}
/// <summary>
/// Add custom signing certificate from certification store according thumbprint
/// </summary>
/// <param name="builder"></param>
/// <param name="configuration"></param>
/// <returns></returns>
public static IIdentityServerBuilder AddCustomSigningCredential(this IIdentityServerBuilder builder, IConfiguration configuration)
{
var certificateConfiguration = configuration.GetSection(nameof(CertificateConfiguration)).Get <CertificateConfiguration>();
if (certificateConfiguration.UseTemporaryKey)
{
builder.AddDeveloperSigningCredential(persistKey: false);
}
else
{
if (string.IsNullOrWhiteSpace(certificateConfiguration.SigningCertificateThumbprint))
{
throw new Exception(CertificateThumbprintNotFound);
}
var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadOnly);
var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, certificateConfiguration.SigningCertificateThumbprint, true);
if (certCollection.Count == 0)
{
throw new Exception(CertificateNotFound);
}
var certificate = certCollection[0];
builder.AddSigningCredential(certificate);
}
return(builder);
}
public static IIdentityServerBuilder AddSigninCredentialFromConfig(this IIdentityServerBuilder builder,
IConfigurationSection options, IWebHostEnvironment env)
{
string keyType = options.GetValue <string>("Type");
switch (keyType)
{
case Temporary:
builder.AddDeveloperSigningCredential(false);
break;
case File:
AddCertificateFromFile(builder, options);
break;
case Store:
AddCertificateFromStore(builder, options);
break;
case Environment:
AddCertificateFromEnvironment(builder);
break;
case Auto:
AddAutoCertificateManagement(builder, env);
break;
}
return(builder);
}
public static IIdentityServerBuilder AddSigninCredentialFromConfig(
this IIdentityServerBuilder builder, IConfigurationSection options, ILogger logger, IHostingEnvironment env)
{
string keyType = options.GetValue <string>("Type");
logger.LogInformation($"SigninCredentialExtension keyType is {keyType}");
switch (keyType)
{
case Temporary:
builder.AddDeveloperSigningCredential(false);
break;
case File:
AddCertificateFromFile(builder, options, logger, env);
break;
case Store:
AddCertificateFromStore(builder, options, logger);
break;
case Environment:
AddCertificateFromEnvironment(builder, logger);
break;
}
logger.LogInformation($"SigninCredentialExtension added");
return(builder);
}
public static IIdentityServerBuilder LoadSigningCredentialFrom(this IIdentityServerBuilder builder, string path, string password, IWebHostEnvironment Environment)
{
if (!string.IsNullOrEmpty(path))
{
if (File.Exists(path))
{
builder.AddSigningCredential(new X509Certificate2(path, password));
}
else
{
throw new KeyMaterialException($"No key material certificate found at path: {path}");
}
}
else
{
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
throw new KeyMaterialException("need to configure key material");
}
}
return(builder);
}
public static IIdentityServerBuilder AddSigninCredentialFromConfig(
this IIdentityServerBuilder builder, IConfigurationSection options, ILogger logger)
{
string keyType = options.GetValue <string>(KeyType);
logger.LogDebug($"SigninCredentialExtension keyType is {keyType}");
switch (keyType)
{
case KeyTypeTemporary:
logger.LogDebug($"SigninCredentialExtension adding Temporary Signing Credential");
builder.AddDeveloperSigningCredential();
break;
case KeyTypeKeyFile:
AddCertificateFromFile(builder, options, logger);
break;
case KeyTypeKeyStore:
AddCertificateFromStore(builder, options, logger);
break;
}
return(builder);
}
public void ConfigureServices(IServiceCollection services)
{
// Services
// ITokenService for debugging tokens
services.AddTransient <ITokenService, MyTokenService>();
// IProfileService for adding/removing claims from a token
services.AddTransient <IProfileService, MyProfileService>();
IIdentityServerBuilder builder = AddMyIdentityServer(services);
// Signing Key
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
throw new Exception("Configure Signing Key");
}
// Authorization & Authentication
services.AddAuthorization();
services.AddAuthentication();
services.AddControllersWithViews();
}
internal static IIdentityServerBuilder AddCustomSigningCredential(
this IIdentityServerBuilder builder,
ICertificate certificate,
ILogger logger)
{
if (certificate is null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (logger is null)
{
throw new ArgumentNullException(nameof(logger));
}
if (!certificate.IsAvailable)
{
logger.Information("Using developer signing credential");
return(builder.AddDeveloperSigningCredential());
}
logger.Information("Using certificate {path}", certificate.Path);
return(builder.AddSigningCredential(certificate.Instance));
}
public void AddSigningServices(IServiceCollection services, IIdentityServerBuilder builder)
{
_logger.LogInformation("AddSigningServices to services");
bool useKeyVault = Convert.ToBoolean(Configuration["appOptions:keyVault:useKeyVault"]);
bool useKeyVaultSigning = Convert.ToBoolean(Configuration["appOptions:keyVault:useKeyVaultSigning"]);
_logger.LogInformation($"AddSigningServices:useKeyVault:{useKeyVault}");
_logger.LogInformation($"AddSigningServices:useKeyVaultSigning:{useKeyVaultSigning}");
if (useKeyVault)
{
builder.AddKeyVaultCredentialStore();
services.AddKeyVaultTokenCreateServiceTypes();
services.AddKeyVaultTokenCreateServiceConfiguration(Configuration);
if (useKeyVaultSigning)
{
// this signs the token using azure keyvault to do the actual signing
builder.AddKeyVaultTokenCreateService();
}
}
else
{
_logger.LogInformation("AddSigningServices AddDeveloperSigningCredential");
builder.AddDeveloperSigningCredential();
}
}
private void AddCertificate(IIdentityServerBuilder builder)
{
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
X509Certificate2 cert = null;
using (var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
certStore.Open(OpenFlags.ReadOnly);
var certCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
Configuration["Certificates:HorCupSigning:Thumbprint"],
false);
if (certCollection.Count > 0)
{
cert = certCollection[0];
}
}
builder.AddSigningCredential(cert);
}
}
public static IIdentityServerBuilder AddImplicitFlow(this IIdentityServerBuilder builder)
{
builder.Services.AddSingleton <IUserRepository, UserRepository>();
builder.AddDeveloperSigningCredential();
builder.AddInMemoryIdentityResources(ImplicitFlowConfig.GetIdentityResources());
builder.AddInMemoryApiResources(ImplicitFlowConfig.GetApis());
builder.AddInMemoryClients(ImplicitFlowConfig.GetClients());
return(builder);
}
private void ConfigureSigningCredential(IServiceCollection services, IIdentityServerBuilder identityBuilder)
{
SigningCredentialConfig signingCredentialConfig = Configuration
.GetSection("SigningCredentialConfig")
.Get <SigningCredentialConfig>();
identityBuilder
//.AddSigningCredential(new X509Certificate2(signingCredentialConfig.CertName, signingCredentialConfig.CertPassword));
.AddDeveloperSigningCredential();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
// configures IIS out-of-proc settings (see https://github.com/aspnet/AspNetCore/issues/14882)
services.Configure <IISOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
services.Configure <IISServerOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
services.AddDbContext <IdentityDbContext>(
options => options.UseMySql(Configuration.GetConnectionString("IdentityDb"),
new MySqlServerVersion(new System.Version(5, 5, 68)),
mySqlOptions => mySqlOptions.CharSetBehavior(CharSetBehavior.NeverAppend)));
services.AddIdentity <ApplicationUser, IdentityRole>(options => {
options.Password.RequireDigit = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequiredLength = 6;
options.Lockout.MaxFailedAccessAttempts = 5;
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(3);
})
.AddEntityFrameworkStores <IdentityDbContext>()
.AddDefaultTokenProviders();
services.AddTransient <IResourceOwnerPasswordValidator, PasswordValidator>();
services.AddTransient <IProfileService, IdentityProfileService>();
IIdentityServerBuilder identityBuilder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddInMemoryIdentityResources(Config.Ids)
.AddInMemoryApiResources(Config.Apis)
.AddInMemoryClients(Config.Clients)
.AddAspNetIdentity <ApplicationUser>()
.AddResourceOwnerValidator <PasswordValidator>()
.AddProfileService <IdentityProfileService>();
identityBuilder.AddDeveloperSigningCredential();
}
/// <summary>
/// Add custom signing certificate from certification store according thumbprint or from file
/// </summary>
/// <param name="builder"></param>
/// <param name="configuration"></param>
/// <param name="logger"></param>
/// <returns></returns>
public static IIdentityServerBuilder AddCustomSigningCredential(this IIdentityServerBuilder builder, IConfiguration configuration, ILogger logger)
{
var certificateConfiguration = configuration.GetSection(nameof(CertificateConfiguration)).Get <CertificateConfiguration>();
if (certificateConfiguration.UseSigningCertificateThumbprint)
{
if (string.IsNullOrWhiteSpace(certificateConfiguration.SigningCertificateThumbprint))
{
throw new Exception(SigningCertificateThumbprintNotFound);
}
var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadOnly);
var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, certificateConfiguration.SigningCertificateThumbprint, true);
if (certCollection.Count == 0)
{
throw new Exception(CertificateNotFound);
}
var certificate = certCollection[0];
builder.AddSigningCredential(certificate);
}
else if (certificateConfiguration.UseSigningCertificatePfxFile)
{
if (string.IsNullOrWhiteSpace(certificateConfiguration.SigningCertificatePfxFilePath))
{
throw new Exception(SigningCertificatePathIsNotSpecified);
}
if (File.Exists(certificateConfiguration.SigningCertificatePfxFilePath))
{
try
{
builder.AddSigningCredential(new X509Certificate2(certificateConfiguration.SigningCertificatePfxFilePath, certificateConfiguration.SigningCertificatePfxFilePassword));
}
catch (CryptographicException e)
{
logger.LogError($"There was an error adding the key file - during the creation of the signing key {e.Message}");
}
}
else
{
throw new Exception($"Signing key file: {certificateConfiguration.SigningCertificatePfxFilePath} not found");
}
}
else if (certificateConfiguration.UseTemporarySigningKeyForDevelopment)
{
builder.AddDeveloperSigningCredential();
}
return(builder);
}
public static void AddSigningCredentials(this IIdentityServerBuilder identityServerBuilder, IHostEnvironment env)
{
if (env.IsDevelopment())
{
identityServerBuilder.AddDeveloperSigningCredential();
}
else
{
throw new Exception("need to configure key material");
}
}
public static IIdentityServerBuilder Configure(this IIdentityServerBuilder identityServerBuilder)
{
identityServerBuilder
.AddDeveloperSigningCredential()
//.AddProfileService<>(),
.AddInMemoryIdentityResources(InMemoryResources.GetIdentityResources())
.AddInMemoryApiResources(InMemoryResources.GetApiResources())
.AddInMemoryClients(InMemoryResources.GetClients())
.AddExtensionGrantValidator <RFC7523GrantValidator>();
return(identityServerBuilder);
}
public static IIdentityServerBuilder AddResourceOwnerPasswordFlow(this IIdentityServerBuilder builder)
{
builder.Services.AddSingleton <IUserRepository, UserRepository>();
builder.AddDeveloperSigningCredential();
builder.AddInMemoryIdentityResources(Config.GetIdentityResources());
builder.AddInMemoryApiResources(Config.GetApis());
builder.AddInMemoryClients(Config.GetClients());
builder.AddProfileService <CustomProfileService>();
builder.AddResourceOwnerValidator <CustomResourceOwnerPasswordValidator>();
return(builder);
}
public static void AddIdentityConfiguration(this IServiceCollection services)
{
services.AddSingleton <IClientStore, ClientStore>();
services.AddSingleton <IResourceStore, ResourceStore>();
services.AddSingleton <IProfileService, ProfileService>();
IIdentityServerBuilder identity = services.AddIdentityServer();
#if DEBUG
identity.AddDeveloperSigningCredential();
#endif
}
public void ConfigureServices(IServiceCollection services)
{
string connectionString = Configuration.GetConnectionString("DefaultConnection");
string migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddDbContext <UserData>(options => options.UseMySql(connectionString))
.AddDbContext <ConfigurationData>(options => options.UseMySql(connectionString))
.AddDbContext <GrantData>(options => options.UseMySql(connectionString));
services.AddIdentity <UserModel, RoleModel>()
.AddEntityFrameworkStores <UserData>()
.AddDefaultTokenProviders();
services.AddMvc();
IIdentityServerBuilder builder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddAspNetIdentity <UserModel>()
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = db => db.UseMySql(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly));
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = db => db.UseMySql(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly));
options.EnableTokenCleanup = true;
});
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
throw new Exception("need to configure key material");
}
services.AddAuthentication()
.AddCookie("Cookies")
.AddGoogle("Google", options =>
{
IConfigurationSection provider = Configuration.GetSection("Google");
options.ClientId = provider.GetValue <string>("ClientID");
options.ClientSecret = provider.GetValue <string>("ClientSecret");
});
}
public static IIdentityServerBuilder AddCertificat(this IIdentityServerBuilder identityServerBuilder, bool isDevelop, CertificatConfigModel certificatmodel)
{
if (isDevelop)
{
identityServerBuilder.AddDeveloperSigningCredential();
}
else
{
identityServerBuilder.AddSigningCredential(certificatmodel.GetCertificatFromFile());
}
return(identityServerBuilder);
}
public static IIdentityServerBuilder AddSigningCredentialFromConfig(this IIdentityServerBuilder isBuilder, IConfiguration config)
{
if (config["useDevSigningCredentials"] == "True")
{
return(isBuilder.AddDeveloperSigningCredential());
}
isBuilder.Services.Configure <SigningCredentialsStore.Config>(config);
isBuilder.Services.AddSingleton <SigningCredentialsStore>();
isBuilder.Services.AddSingleton <ISigningCredentialStore>(s => s.GetRequiredService <SigningCredentialsStore>());
isBuilder.Services.AddSingleton <IValidationKeysStore>(s => s.GetRequiredService <SigningCredentialsStore>());
return(isBuilder);
}
public static IIdentityServerBuilder LoadSigningCredentialFrom(this IIdentityServerBuilder builder, string path)
{
if (!string.IsNullOrEmpty(path))
{
builder.AddSigningCredential(new X509Certificate2(path));
}
else
{
builder.AddDeveloperSigningCredential();
}
return(builder);
}
/// <summary>
/// 添加认证服务器服务
/// </summary>
/// <param name="services"></param>
public static void AddIdentityServerServices(this IServiceCollection services)
{
services.AddBaseServices();
services.AddAuthorityServices();
services.AddAutoMapperService(Assembly.Load("Authority.ServiceImpl"));
IIdentityServerBuilder builder = services.AddIdentityServer()
.AddInMemoryApiResources(IdentityConfig.GetAPIs())
.AddInMemoryClients(IdentityConfig.GetClients())
.AddInMemoryIdentityResources(IdentityConfig.GetIdentityResources());
services.AddTransient <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
builder.AddDeveloperSigningCredential();
}
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext <ApplicationDbContext>(options =>
//options.UseSqlite(Configuration.GetConnectionString("SQlServerConnection")));
options.UseSqlServer(Configuration.GetConnectionString("SQlServerConnection")));
services.AddIdentity <ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddMvc().SetCompatibilityVersion(Microsoft.AspNetCore.Mvc.CompatibilityVersion.Version_2_2);
services.Configure <IISOptions>(iis => {
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
IIdentityServerBuilder builder = services.AddIdentityServer(options => {
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
//.AddConfigurationStore()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApis())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity <ApplicationUser>();
//.AddProfileService<CustomProfileService>();
if (Environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
throw new Exception("need to configure key material");
}
services.AddAuthentication()
.AddGoogle(options => {
// register your IdentityServer with Google at https://console.developers.google.com
// enable the Google+ API
// set the redirect URI to http://localhost:5000/signin-google
options.ClientId = "copy client ID from Google here";
options.ClientSecret = "copy client secret from Google here";
});
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentity <ApplicationUser, IdentityRole>().AddDefaultTokenProviders();
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
IIdentityServerBuilder isb = services.AddIdentityServer(options =>
{
// TODO: set authority and PublicOrigin
options.IssuerUri = DebugConstants.IdentityServer.Authority;
options.PublicOrigin = DebugConstants.IdentityServer.Authority;
this.Configuration.Bind(nameof(IdentityServerOptions), options);
});
//TODO: use recommended approach for signing credentials
isb.AddDeveloperSigningCredential();
isb.AddConfigurationStore(options =>
{
//TODO: use real connection sting
options.ConfigureDbContext = builder =>
builder.UseSqlServer(DebugConstants.ConnectionStrings.IdentityServerConfStore,
sql => sql.MigrationsAssembly(migrationsAssembly));
});
// this adds the operational data from DB (codes, tokens, consents)
isb.AddOperationalStore(options =>
{
//TODO: use real connection sting
options.ConfigureDbContext = builder =>
builder.UseSqlServer(DebugConstants.ConnectionStrings.IdentityServerOperationalStore,
sql => sql.MigrationsAssembly(migrationsAssembly));
});
isb.AddAspNetIdentity <ApplicationUser>();
isb.AddInMemoryCaching().AddConfigurationStoreCache();
services.AddCors(options =>
{
// this defines a CORS policy called "default"
options.AddPolicy("default", policy =>
{
// TODO: set correct CORS policy
policy.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials();
});
options.DefaultPolicyName = "default";
});
MigrateDatabase(services);
}
// this extension class code is taken from https://kimsereyblog.blogspot.com/2018/07/self-signed-certificate-for-identity.html
// guide to generate certificate using openssl - https://benjii.me/2017/06/creating-self-signed-certificate-identity-server-azure/
// download openssl from https://slproweb.com/products/Win32OpenSSL.html
// openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout example.key -out example.crt -subj "/CN=example.com" -days 3650
// openssl pkcs12 -export -out example.pfx -inkey example.key -in example.crt -certfile example.crt
// use certlm.msc to manage certificates and trusted certificates - http://woshub.com/how-to-create-self-signed-certificate-with-powershell/
public static IIdentityServerBuilder LoadSigningCredentialFrom(this IIdentityServerBuilder builder, string certPath, string certPass)
{
if (!string.IsNullOrWhiteSpace(certPath))
{
//builder.AddSigningCredential(new X509Certificate2(certPath, certPass, X509KeyStorageFlags.MachineKeySet));
builder.AddSigningCredential(certPath);
}
else
{
builder.AddDeveloperSigningCredential();
}
return(builder);
}
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.Configure <IISOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
services.Configure <IISServerOptions>(iis =>
{
iis.AuthenticationDisplayName = "Windows";
iis.AutomaticAuthentication = false;
});
services.AddDbContext <ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity <ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
IIdentityServerBuilder builder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddInMemoryIdentityResources(Config.Ids)
.AddInMemoryApiResources(Config.Apis)
.AddInMemoryClients(Config.Clients)
.AddAspNetIdentity <ApplicationUser>();
builder.AddDeveloperSigningCredential();
services.AddAuthentication();
services.AddCors(options =>
{
options.AddPolicy("default", policy =>
{
policy.WithOrigins("https://localhost:5002")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
}