// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { //register custom config sections //use your inherited class here if applicable services.Configure <WebSettingsBase>(options => Configuration.GetSection("WebSettings").Bind(options)); WebSettingsBase settings = Configuration.GetSection("WebSettings").Get <WebSettingsBase>(); if (settings == null) { throw new Utilities.ProgramException("Null settings object in Startup"); } //services.Configure<ApplicationRoles>(options => Configuration.GetSection("Roles").Bind(options)); //configures global antiforgery and date JSON Serializer Settings services.AddMvc(settings); // enable session and specify timeout and max length settings services.AddDistributedMemoryCache(); services.AddSession(settings); //add CSRF checking services.AddAntiforgery(settings); ////configure API versions //services.AddSwaggerGen(c => //{ // Swashbuckle.Swagger.Model.Info[] APIs = { // new Swashbuckle.Swagger.Model.Info() // { // Title = "Data fix handler" // , Version = "v1" // //, Contact = new Swashbuckle.Swagger.Model.Contact() { Name = "Sam Nesbitt", Email = "*****@*****.**" } // }/*, // new Swashbuckle.Swagger.Model.Info() // { // Title = "Data fix handler", // Version = "v2" // }*/ // }; // c.MultipleApiVersions(APIs, WebHelper.SwaggerHelper.VersionResolver); //}); ////set the active directory access group //services.AddAuthorization(options => //{ // ApplicationRoles roles = Configuration.GetSection("Roles").Get<ApplicationRoles>(); // foreach (var role in roles.GetApplicationRoles()) // { // options.AddPolicy(role.RoleName, policy => // { // policy.RequireAuthenticatedUser(); // policy.RequireRole(role.ADGroups); // }); // } //}); services.AddTransient <Utilities.ITemplateService, Web.Services.TemplateService>(); }
/// <summary> /// Adds the default DateFormatString to the Newtonsoft.Json.JsonSerializerSettings /// </summary> /// <param name="mvc">Current MVC settings builder</param> /// <param name="settings">An SSS.Web.Configuration.WebSettingsBase to configure the SerializerSettings</param> /// <returns>The Microsoft.Extensions.DependencyInjection.IMvcBuilder so that additional calls can be chained.</returns> public static IMvcBuilder AddSerializerSettings(this IMvcBuilder mvc, WebSettingsBase settings) { mvc.AddJsonOptions(opts => { // configure global date serialization format opts.SerializerSettings.DateFormatString = settings.DateFormat; }); return(mvc); }
/// <summary> /// Configures the session timeout and expiration values /// </summary> /// <param name="services">The Microsoft.Extensions.DependencyInjection.IServiceCollection to add services to.</param> /// <param name="settings">An SSS.Web.Configuration.WebSettingsBase to configure the provided Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions.</param> /// <returns>The Microsoft.Extensions.DependencyInjection.IServiceCollection so that additional calls can be chained.</returns> public static IServiceCollection AddSession(this IServiceCollection services, WebSettingsBase settings) { return(services.AddSession(c => { c.Cookie.Expiration = settings.GetSessionExpirationTimeSpan(); c.IdleTimeout = TimeSpan.FromMinutes(settings.IdleTimeout); })); }
/// <summary> /// Configures MVC service based on the configuration from WebSettingsBase /// </summary> /// <param name="services">The Microsoft.Extensions.DependencyInjection.IServiceCollection to add services to.</param> /// <param name="settings">An SSS.Web.Configuration.WebSettingsBase to configure the provided Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions.</param> /// <returns>Returns a IMvcBuilder for additional MVC configuration options</returns> public static IMvcBuilder AddMvc(this IServiceCollection services, WebSettingsBase settings) { return(services.AddMvc(options => options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()) ).AddSerializerSettings(settings)); }
/// <summary> /// Conditionally adds and configures Antiforgery service as per configuration /// </summary> /// <param name="services">The Microsoft.Extensions.DependencyInjection.IServiceCollection to add services to.</param> /// <param name="settings">An SSS.Web.Configuration.WebSettingsBase to configure the provided Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions.</param> /// <returns>The Microsoft.Extensions.DependencyInjection.IServiceCollection so that additional calls can be chained.</returns> public static IServiceCollection AddAntiforgery(this IServiceCollection services, WebSettingsBase settings) { if (settings.EnableCSRFChecking) { services.AddAntiforgery(opts => { opts.HeaderName = "X-XSRF-TOKEN"; opts.FormFieldName = "XSRF-TOKEN"; opts.Cookie.Name = "XSRF-TOKEN"; //use same expiration timespan as session opts.Cookie.Expiration = settings.GetSessionExpirationTimeSpan(); }); } return(services); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddFile(Configuration.GetSection("Logging")["PathFormat"]); WebSettingsBase settings = Configuration.GetSection("WebSettings").Get <WebSettingsBase>(); if (settings == null) { throw new Utilities.ProgramException("Null WebSettingsBase configuration object in Startup"); } //use dev page if we are returning detailed errors if (settings.ErrorHandlerSettings.ShowErrors) { app.UseDeveloperExceptionPage(); } if (settings.IsDevelopment()) { //app.UseBrowserLink(); // several studies have shown this to cause cancer //loggerFactory.AddConsole(Configuration.GetSection("Logging")); app.UseStaticFiles(); } else { //use browser caching //this level of caching will require you to use cache busting techniques app.UseStaticFiles(new StaticFileOptions() { OnPrepareResponse = (context) => { context.Context.Response.Headers["Cache-Control"] = "private, max-age=2592000"; //context.Context.Response.Headers["Expires"] = // DateTime.UtcNow.AddHours(12).ToString("R"); } }); } app.UseSession(new SessionOptions() { IdleTimeout = TimeSpan.FromMinutes(settings.IdleTimeout) }); //converts 204 to 404 on get requests app.UseHttpNoContentOutputMiddleware(); //custom error handler app.UseErrorHandlerMiddleware(new ErrorHandlerOptions() { LogErrorCallback = Common.LogErrorCallback, MaxErrorCountCallback = Common.MaxErrorCountCallback, WebSettings = settings.ErrorHandlerSettings }); ////setup swagger //app.UseSwagger(); //app.UseSwaggerUi(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); }