override public async Task SeedAsync()
{
await base.SeedAsync().ConfigureAwait(false);
await _persistedGrantContext.Database.MigrateAsync().ConfigureAwait(false);
await _configurationContext.Database.MigrateAsync().ConfigureAwait(false);
if (!await _configurationContext.Clients.AnyAsync())
{
_logger.LogInformation("Seeding IdentityServer Clients");
foreach (var client in IdentityServerConfig.GetClients())
{
_configurationContext.Clients.Add(client.ToEntity());
}
_configurationContext.SaveChanges();
}
if (!await _configurationContext.IdentityResources.AnyAsync())
{
_logger.LogInformation("Seeding IdentityServer Identity Resources");
foreach (var resource in IdentityServerConfig.GetIdentityResources())
{
_configurationContext.IdentityResources.Add(resource.ToEntity());
}
_configurationContext.SaveChanges();
}
if (!await _configurationContext.ApiResources.AnyAsync())
{
_logger.LogInformation("Seeding IdentityServer API Resources");
foreach (var resource in IdentityServerConfig.GetApiResources())
{
_configurationContext.ApiResources.Add(resource.ToEntity());
}
_configurationContext.SaveChanges();
}
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext <ApplicationDbContext>(options =>
options.UseSqlServer(Configuration["ConnectionStrings:DefaultConnection"], b => b.MigrationsAssembly("QuickApp")));
// add identity
services.AddIdentity <ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
// Configure Identity options and password complexity here
services.Configure <IdentityOptions>(options =>
{
// User settings
options.User.RequireUniqueEmail = true;
// //// Password settings
// //options.Password.RequireDigit = true;
// //options.Password.RequiredLength = 8;
// //options.Password.RequireNonAlphanumeric = false;
// //options.Password.RequireUppercase = true;
// //options.Password.RequireLowercase = false;
// //// Lockout settings
// //options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
// //options.Lockout.MaxFailedAccessAttempts = 10;
});
// Adds IdentityServer.
services.AddIdentityServer()
// The AddDeveloperSigningCredential extension creates temporary key material for signing tokens.
// This might be useful to get started, but needs to be replaced by some persistent key material for production scenarios.
// See http://docs.identityserver.io/en/release/topics/crypto.html#refcrypto for more information.
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
// To configure IdentityServer to use EntityFramework (EF) as the storage mechanism for configuration data (rather than using the in-memory implementations),
// see https://identityserver4.readthedocs.io/en/release/quickstarts/8_entity_framework.html
.AddInMemoryIdentityResources(IdentityServerConfig.GetIdentityResources())
.AddInMemoryApiResources(IdentityServerConfig.GetApiResources())
.AddInMemoryClients(IdentityServerConfig.GetClients())
.AddAspNetIdentity <ApplicationUser>()
.AddProfileService <ProfileService>();
var applicationUrl = Configuration["ApplicationUrl"].TrimEnd('/');
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = applicationUrl;
options.SupportedTokens = SupportedTokens.Jwt;
options.RequireHttpsMetadata = false; // Note: Set to true in production
options.ApiName = IdentityServerConfig.ApiName;
});
services.AddAuthorization(options =>
{
options.AddPolicy(Authorization.Policies.ViewAllUsersPolicy, policy => policy.RequireClaim(ClaimConstants.Permission, AppPermissions.ViewUsers));
options.AddPolicy(Authorization.Policies.ManageAllUsersPolicy, policy => policy.RequireClaim(ClaimConstants.Permission, AppPermissions.ManageUsers));
options.AddPolicy(Authorization.Policies.ViewAllRolesPolicy, policy => policy.RequireClaim(ClaimConstants.Permission, AppPermissions.ViewRoles));
options.AddPolicy(Authorization.Policies.ViewRoleByRoleNamePolicy, policy => policy.Requirements.Add(new ViewRoleAuthorizationRequirement()));
options.AddPolicy(Authorization.Policies.ManageAllRolesPolicy, policy => policy.RequireClaim(ClaimConstants.Permission, AppPermissions.ManageRoles));
options.AddPolicy(Authorization.Policies.AssignAllowedRolesPolicy, policy => policy.Requirements.Add(new AssignRolesAuthorizationRequirement()));
});
// Add cors
services.AddCors();
services.AddControllersWithViews();
// In production, the Angular files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/dist";
});
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo {
Title = IdentityServerConfig.ApiFriendlyName, Version = "v1"
});
c.OperationFilter <AuthorizeCheckOperationFilter>();
c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
Password = new OpenApiOAuthFlow
{
TokenUrl = new Uri("/connect/token", UriKind.Relative),
Scopes = new Dictionary <string, string>()
{
{ IdentityServerConfig.ApiName, IdentityServerConfig.ApiFriendlyName }
}
}
}
});
});
services.AddAutoMapper(typeof(Startup));
// Configurations
services.Configure <AppSettings>(Configuration);
// Business Services
services.AddScoped <IEmailSender, EmailSender>();
// Repositories
services.AddScoped <IUnitOfWork, HttpUnitOfWork>();
services.AddScoped <IAccountManager, AccountManager>();
services.AddScoped <IAccounttypeRepository, AccounttypeRepository>();
services.AddScoped <IBankAccountRepository, BankAccountRepository>();
// Auth Handlers
services.AddSingleton <IAuthorizationHandler, ViewUserAuthorizationHandler>();
services.AddSingleton <IAuthorizationHandler, ManageUserAuthorizationHandler>();
services.AddSingleton <IAuthorizationHandler, ViewRoleAuthorizationHandler>();
services.AddSingleton <IAuthorizationHandler, AssignRolesAuthorizationHandler>();
// DB Creation and Seeding
services.AddTransient <IDatabaseInitializer, DatabaseInitializer>();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext <ApplicationDbContext>(options =>
options.UseSqlServer(Configuration["ConnectionStrings:DefaultConnection"], b => b.MigrationsAssembly("QuickApp")));
// add identity
services.AddIdentity <ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
// Configure Identity options and password complexity here
services.Configure <IdentityOptions>(options =>
{
// User settings
options.User.RequireUniqueEmail = true;
// //// Password settings
// //options.Password.RequireDigit = true;
// //options.Password.RequiredLength = 8;
// //options.Password.RequireNonAlphanumeric = false;
// //options.Password.RequireUppercase = true;
// //options.Password.RequireLowercase = false;
// //// Lockout settings
// //options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30);
// //options.Lockout.MaxFailedAccessAttempts = 10;
});
// Adds IdentityServer.
services.AddIdentityServer()
// The AddDeveloperSigningCredential extension creates temporary key material for signing tokens.
// This might be useful to get started, but needs to be replaced by some persistent key material for production scenarios.
// See http://docs.identityserver.io/en/release/topics/crypto.html#refcrypto for more information.
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
// To configure IdentityServer to use EntityFramework (EF) as the storage mechanism for configuration data (rather than using the in-memory implementations),
// see https://identityserver4.readthedocs.io/en/release/quickstarts/8_entity_framework.html
.AddInMemoryIdentityResources(IdentityServerConfig.GetIdentityResources())
.AddInMemoryApiResources(IdentityServerConfig.GetApiResources())
.AddInMemoryClients(IdentityServerConfig.GetClients())
.AddAspNetIdentity <ApplicationUser>()
.AddProfileService <ProfileService>();
var applicationUrl = Configuration["ApplicationUrl"].TrimEnd('/');
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = applicationUrl;
options.SupportedTokens = SupportedTokens.Jwt;
options.RequireHttpsMetadata = false; // Note: Set to true in production
options.ApiName = IdentityServerConfig.ApiName;
});
services.AddAuthorization(options =>
{
options.AddPolicy(Authorization.Policies.ViewAllUsersPolicy, policy => policy.RequireClaim(ClaimConstants.Permission, AppPermissions.ViewUsers));
options.AddPolicy(Authorization.Policies.ManageAllUsersPolicy, policy => policy.RequireClaim(ClaimConstants.Permission, AppPermissions.ManageUsers));
options.AddPolicy(Authorization.Policies.ViewAllRolesPolicy, policy => policy.RequireClaim(ClaimConstants.Permission, AppPermissions.ViewRoles));
options.AddPolicy(Authorization.Policies.ViewRoleByRoleNamePolicy, policy => policy.Requirements.Add(new ViewRoleAuthorizationRequirement()));
options.AddPolicy(Authorization.Policies.ManageAllRolesPolicy, policy => policy.RequireClaim(ClaimConstants.Permission, AppPermissions.ManageRoles));
options.AddPolicy(Authorization.Policies.AssignAllowedRolesPolicy, policy => policy.Requirements.Add(new AssignRolesAuthorizationRequirement()));
});
// Add cors
services.AddCors();
// Add framework services.
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// The port to use for https redirection in production
if (!_env.IsDevelopment() && !string.IsNullOrWhiteSpace(Configuration["HttpsRedirectionPort"]))
{
services.AddHttpsRedirection(options =>
{
options.HttpsPort = int.Parse(Configuration["HttpsRedirectionPort"]);
});
}
// In production, the Angular files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/dist";
});
//Todo: ***Using DataAnnotations for validation until Swashbuckle supports FluentValidation***
//services.AddFluentValidation(fv => fv.RegisterValidatorsFromAssemblyContaining<Startup>());
//.AddJsonOptions(opts =>
//{
// opts.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
//});
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = IdentityServerConfig.ApiFriendlyName, Version = "v1"
});
c.OperationFilter <AuthorizeCheckOperationFilter>();
c.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Flow = "password",
TokenUrl = $"{applicationUrl}/connect/token",
Scopes = new Dictionary <string, string>()
{
{ IdentityServerConfig.ApiName, IdentityServerConfig.ApiFriendlyName }
}
});
});
Mapper.Initialize(cfg =>
{
cfg.AddProfile <AutoMapperProfile>();
});
// Configurations
services.Configure <AppSettings>(Configuration);
// Business Services
services.AddScoped <IEmailSender, EmailSender>();
// Repositories
services.AddScoped <IUnitOfWork, HttpUnitOfWork>();
services.AddScoped <IAccountManager, AccountManager>();
// Auth Handlers
services.AddSingleton <IAuthorizationHandler, ViewUserAuthorizationHandler>();
services.AddSingleton <IAuthorizationHandler, ManageUserAuthorizationHandler>();
services.AddSingleton <IAuthorizationHandler, ViewRoleAuthorizationHandler>();
services.AddSingleton <IAuthorizationHandler, AssignRolesAuthorizationHandler>();
// DB Creation and Seeding
services.AddTransient <IDatabaseInitializer, DatabaseInitializer>();
}
