public SettingsController(IMemoryCache cache, ICacheFactoryStore cacheFactoryStore, ToracGolfContext dbContext, IAntiforgery antiforgery, IOptions<AppSettings> configuration)
{
DbContext = dbContext;
Cache = cache;
CacheFactory = cacheFactoryStore;
Antiforgery = antiforgery;
Configuration = configuration;
}
public FormPostSampleMiddleware(
RequestDelegate next,
IAntiforgery antiforgery,
IOptions<AntiforgeryOptions> options)
{
_next = next;
_antiforgery = antiforgery;
_options = options.Value;
}
public AbpAspNetCoreAntiForgeryManager(
IAntiforgery antiforgery,
IHttpContextAccessor httpContextAccessor,
IAbpAntiForgeryConfiguration configuration)
{
Configuration = configuration;
_antiforgery = antiforgery;
_httpContextAccessor = httpContextAccessor;
}
public ValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery)
{
if (antiforgery == null)
{
throw new ArgumentNullException(nameof(antiforgery));
}
_antiforgery = antiforgery;
}
public ValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery, ILoggerFactory loggerFactory)
{
if (antiforgery == null)
{
throw new ArgumentNullException(nameof(antiforgery));
}
_antiforgery = antiforgery;
_logger = loggerFactory.CreateLogger<ValidateAntiforgeryTokenAuthorizationFilter>();
}
public RoundController(IMemoryCache cache,
ICacheFactoryStore cacheFactoryStore,
ToracGolfContext dbContext,
IAntiforgery antiforgery,
IOptions<AppSettings> configuration,
IListingFactory<RoundListingFactory.RoundListingSortEnum, Round, RoundListingData> roundListingFactory)
{
DbContext = dbContext;
Cache = cache;
CacheFactory = cacheFactoryStore;
Antiforgery = antiforgery;
Configuration = configuration;
RoundListingFactory = roundListingFactory;
}
public CourseController(IMemoryCache cache,
ICacheFactoryStore cacheFactoryStore,
ToracGolfContext dbContext,
IAntiforgery antiforgery,
IOptions<AppSettings> configuration,
IListingFactory<CourseListingFactory.CourseListingSortEnum, Course, CourseListingData> courseListingFactory)
{
DbContext = dbContext;
Cache = cache;
CacheFactory = cacheFactoryStore;
Antiforgery = antiforgery;
Configuration = configuration;
CourseListingFactory = courseListingFactory;
}
public HomeController(IMemoryCache cache,
ICacheFactoryStore cacheFactoryStore,
ToracGolfContext dbContext,
IAntiforgery antiforgery,
IOptions<AppSettings> configuration,
Lazy<NewsFeedDataProvider> newsFeedDataProvider)
{
DbContext = dbContext;
Cache = cache;
CacheFactory = cacheFactoryStore;
Antiforgery = antiforgery;
Configuration = configuration;
NewsFeedDataProvider = newsFeedDataProvider;
}
/// <summary>
/// Initializes a new instance of the <see cref="ValidateHeaderAntiForgeryTokenAuthorizationFilter" /> class.
/// </summary>
/// <param name="antiforgery">The anti-forgery system.</param>
/// <param name="antiforgeryOptions">The anti-forgery options.</param>
public ValidateHeaderAntiForgeryTokenAuthorizationFilter(
IAntiforgery antiforgery,
IOptions<AntiforgeryOptions> antiforgeryOptions)
{
if (antiforgery == null)
{
throw new ArgumentNullException(nameof(antiforgery));
}
if (antiforgeryOptions == null)
{
throw new ArgumentNullException(nameof(antiforgeryOptions));
}
this.antiforgery = antiforgery;
this.antiForgeryCookieName = antiforgeryOptions.Options.CookieName;
}
public void Configure(IApplicationBuilder app, IAntiforgery antiforgery, IOptions<AntiforgeryOptions> options, TodoRepository repository)
{
app.Use(next => context =>
{
if (
string.Equals(context.Request.Path.Value, "/", StringComparison.OrdinalIgnoreCase) ||
string.Equals(context.Request.Path.Value, "/index.html", StringComparison.OrdinalIgnoreCase))
{
// We can send the request token as a JavaScript-readable cookie, and Angular will use it by default.
var tokens = antiforgery.GetAndStoreTokens(context);
context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false });
}
return next(context);
});
app.UseDefaultFiles();
app.UseStaticFiles();
app.Map("/api/items", a => a.Run(async context =>
{
if (string.Equals("GET", context.Request.Method, StringComparison.OrdinalIgnoreCase))
{
var items = repository.GetItems();
await context.Response.WriteAsync(JsonConvert.SerializeObject(items));
}
else if (string.Equals("POST", context.Request.Method, StringComparison.OrdinalIgnoreCase))
{
// This will throw if the token is invalid.
await antiforgery.ValidateRequestAsync(context);
var serializer = new JsonSerializer();
using (var reader = new JsonTextReader(new StreamReader(context.Request.Body)))
{
var item = serializer.Deserialize<TodoItem>(reader);
repository.Add(item);
}
context.Response.StatusCode = 204;
}
}));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IAntiforgery antiforgery, IHostingEnvironment env,
ILoggerFactory loggerFactory)
{
app.UseIdentity()
.UseDeveloperAuthAuthentication(
new DeveloperAuthOptions()
{
ConsumerKey = "uWkHwFNbklXgsLHYzLfRXcThw",
ConsumerSecret = "2kyg9WdUiJuU2HeWYJEuvwzaJWoweLadTgG3i0oHI5FeNjD5Iv"
})
.UseTwitter2Authentication(
new Twitter2Options()
{
ConsumerKey = "uWkHwFNbklXgsLHYzLfRXcThw",
ConsumerSecret = "2kyg9WdUiJuU2HeWYJEuvwzaJWoweLadTgG3i0oHI5FeNjD5Iv"
});
app.AddAllConfigureRegistrants();
app.UseCookieAuthentication(options =>
{
options.LoginPath = new PathString("/Identity/Account/Login");
options.LogoutPath = new PathString("/Identity/Account/LogOff");
});
/*
app.UseProtectFolder(new ProtectFolderOptions
{
Path = "/Elm",
PolicyName = "Authenticated"
});
*/
app.UseProtectLocalOnly(new ProtectLocalOnlyOptions());
app.UseProtectPath(new ProtectPathOptions
{
PolicyName = "Authenticated"
});
app.UseElmPage(); // Shows the logs at the specified path
app.UseElmCapture(); // Adds the ElmLoggerProvider
loggerFactory.AddSerilog();
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// For more details on creating database during deployment see http://go.microsoft.com/fwlink/?LinkID=615859
try
{
using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>()
.CreateScope())
{
#if ENTITY_IDENTITY
serviceScope.ServiceProvider.GetService<Pingo.Authorization.Models.ApplicationDbContext>()
.Database.Migrate();
#endif
}
}
catch
{
}
}
app.UseIISPlatformHandler(options => options.AuthenticationDescriptions.Clear());
// due to an JWT defect we cannot be an IdentityServer4 and provide APIs
//app.UseIdentityServer();
app.UseCors(policy =>
{
policy.WithOrigins(
"http://localhost:28895",
"http://localhost:14016",
"http://localhost:7017");
policy.AllowAnyHeader();
policy.AllowAnyMethod();
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseIdentityServerAuthentication(options =>
{
options.Authority = WebApplication1.IdentityServerClients.Configuration.Constants.BaseAddress;
options.ScopeName = "api1";
options.ScopeSecret = "secret";
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = true;
});
app.UseStaticFiles();
// IMPORTANT: This session call MUST go before UseMvc()
app.UseSession();
// To configure external authentication please see http://go.microsoft.com/fwlink/?LinkID=532715
app.UseMvc(routes =>
{
routes.MapRoute(
name: "areaRoute",
template: "{area:exists}/{controller}/{action}",
defaults: new {action = "Index"});
routes.MapRoute(
name: "default",
template: "{area=Main}/{controller=Home}/{action=Index}/{id?}");
});
app.UseSwaggerGen();
app.UseSwaggerUi();
}
public AntiForgeryController(IAntiforgery antiforgery, IAbpAntiForgeryManager antiForgeryManager)
{
_antiforgery = antiforgery;
_antiForgeryManager = antiForgeryManager;
}
public ShoppingCartController(IPartsUnlimitedContext context, ITelemetryProvider telemetryProvider, IAntiforgery antiforgery)
{
_db = context;
_telemetry = telemetryProvider;
_antiforgery = antiforgery;
}
/// <summary>
/// Initializes a new instance of the <see cref="DefaultHtmlGenerator"/> class.
/// </summary>
/// <param name="antiforgery">The <see cref="IAntiforgery"/> instance which is used to generate anti-forgery
/// tokens.</param>
/// <param name="optionsAccessor">The accessor for <see cref="MvcOptions"/>.</param>
/// <param name="metadataProvider">The <see cref="IModelMetadataProvider"/>.</param>
/// <param name="urlHelper">The <see cref="IUrlHelper"/>.</param>
/// <param name="htmlEncoder">The <see cref="IHtmlEncoder"/>.</param>
public CustomHtmlGenerator(IAntiforgery antiforgery, IOptions<MvcViewOptions> optionsAccessor, IModelMetadataProvider metadataProvider, IUrlHelper urlHelper, IHtmlEncoder htmlEncoder) : base(antiforgery, optionsAccessor, metadataProvider, urlHelper, htmlEncoder) { }
public AccountController(ApplicationContext context, IAntiforgery antiforgery)
{
_context = context;
_antiForgery = antiforgery;
}
public AntiforgeryCookieResultFilterAttribute(IAntiforgery antiforgery)
{
this.antiforgery = antiforgery;
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory, IAntiforgery antiforgery)
{
loggerFactory.AddApplicationInsights(app.ApplicationServices, LogLevel.Trace);
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
// Configure XSRF middleware, This pattern is for SPA style applications where XSRF token is added on Index page
// load and passed back token on every subsequent async request
// app.Use(async (context, next) =>
// {
// if (string.Equals(context.Request.Path.Value, "/", StringComparison.OrdinalIgnoreCase))
// {
// var tokens = antiforgery.GetAndStoreTokens(context);
// context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false });
// }
// await next.Invoke();
// });
//Seed Data
WebContextSeed.Seed(app, env, loggerFactory);
var pathBase = Configuration["PATH_BASE"];
if (!string.IsNullOrEmpty(pathBase))
{
loggerFactory.CreateLogger <Startup>().LogDebug("Using PATH BASE '{pathBase}'", pathBase);
app.UsePathBase(pathBase);
}
app.Use(async(context, next) =>
{
await next();
// If there's no available file and the request doesn't contain an extension, we're probably trying to access a page.
// Rewrite request to use app root
if (context.Response.StatusCode == 404 && !Path.HasExtension(context.Request.Path.Value) && !context.Request.Path.Value.StartsWith("/api"))
{
context.Request.Path = "/index.html";
context.Response.StatusCode = 200; // Make sure we update the status code, otherwise it returns 404
await next();
}
});
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapDefaultControllerRoute();
endpoints.MapControllers();
endpoints.MapHealthChecks("/liveness", new HealthCheckOptions
{
Predicate = r => r.Name.Contains("self")
});
endpoints.MapHealthChecks("/hc", new HealthCheckOptions()
{
Predicate = _ => true,
ResponseWriter = UIResponseWriter.WriteHealthCheckUIResponse
});
});
}
/// <summary>
/// Executes the Configure actions that configure: error management, logging, anti-forgery, ExtCore, static files.
/// It must be called inside the Configure method
/// of the web application's Startup class in order SoftinuxBase to work properly.
/// </summary>
/// <param name="applicationBuilder_">The application builder passed to the Configure method of the web application's Startup class.</param>
/// <param name="hostingEnvironment_">The hosting environment passed to the Configure method of the web application's Startup class.</param>
/// <param name="loggerFactory_">The logger factory passed to the Configure method of the web application's Startup class.</param>
/// <param name="configuration_">The application configuration passed to the Configure method of the web application's Startup class.</param>
/// <param name="antiForgery_">The anti forgery system passed to the Configure method of the web application's Startup class.</param>
public static void UseSoftinuxBase(this IApplicationBuilder applicationBuilder_, IWebHostEnvironment hostingEnvironment_, ILoggerFactory loggerFactory_, IConfiguration configuration_, IAntiforgery antiForgery_)
{
// 1. Error management
if (hostingEnvironment_.IsDevelopment())
{
applicationBuilder_.UseDeveloperExceptionPage();
applicationBuilder_.UseDatabaseErrorPage();
}
else
{
applicationBuilder_.UseExceptionHandler("/Barebone/Error");
applicationBuilder_.UseHsts();
}
// Security header make me happy
applicationBuilder_.UseHsts(hsts_ => hsts_.MaxAge(365).IncludeSubdomains());
applicationBuilder_.UseXContentTypeOptions();
applicationBuilder_.UseReferrerPolicy(option_ => option_.NoReferrer());
applicationBuilder_.UseXXssProtection(option_ => option_.EnabledWithBlockMode());
applicationBuilder_.UseXfo(option_ => option_.Deny());
applicationBuilder_.UseCsp(option_ => option_
.BlockAllMixedContent()
.StyleSources(s_ => s_.Self())
.StyleSources(s_ => s_.UnsafeInline())
.StyleSources(s_ => s_.Self().CustomSources("data:"))
.FontSources(s_ => s_.Self())
.FormActions(s_ => s_.Self())
.FrameAncestors(s_ => s_.Self())
.ImageSources(s_ => s_.Self())
.ImageSources(s_ => s_.Self().CustomSources("data:"))
.ScriptSources(s_ => s_.Self())
.ScriptSources(s_ => s_.UnsafeInline()));
// 2. Anti-forgery
applicationBuilder_.Use(next_ => context_ =>
{
string path = context_.Request.Path.Value;
if (
string.Equals(path, "/", StringComparison.OrdinalIgnoreCase) ||
string.Equals(path, "/signin", StringComparison.OrdinalIgnoreCase))
{
// The request token can be sent as a JavaScript-readable cookie,
// and Angular uses it by default.
var tokens = antiForgery_.GetAndStoreTokens(context_);
context_.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions()
{
HttpOnly = false
});
}
return(next_(context_));
});
// 3. The following are handled by ExtCore as prioritized IConfigureAction:
// - UseRouting (built-in in ExtCore)
// - UseAuthorization (custom)
// - UseEndpoints (built-in in ExtCore and overriden)
applicationBuilder_.UseHttpsRedirection();
applicationBuilder_.UseCors();
applicationBuilder_.UseAuthentication();
// 4. ExtCore
applicationBuilder_.UseExtCore();
// 5. Static files
applicationBuilder_.UseStaticFiles();
}
public ValidateAntiForgeryTokenMiddleware(RequestDelegate next, IAntiforgery antiforgery)
{
_next = next;
_antiforgery = antiforgery;
}
public ValidateAntiforgeryTokenAuthorizationFilter([NotNull] IAntiforgery antiforgery)
{
_antiforgery = antiforgery;
}
public AutoValidateAntiforgeryTokenAuthorizationFilter(IAntiforgery antiforgery, ILoggerFactory loggerFactory)
: base(antiforgery, loggerFactory)
{
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, Seed Seeder, IAntiforgery antiforgery)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler(builder => builder.Run(async context =>
{
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
var error = context.Features.Get <IExceptionHandlerFeature>();
context.Response.ApplicationError(error.Error.Message);
if (error != null)
{
await context.Response.WriteAsync(error.Error.Message);
}
}));
}
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "Coding Task API V1");
});
Seeder.SeedUsers();
app.UseCors(y => y.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
app.UseAuthentication();
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseMvc(routes =>
{
routes.MapSpaFallbackRoute(
name: "Spa-FallBack",
defaults: new { Controller = "FallBack", Action = "Index" }
);
});
}
public AntiForgeryController(IAntiforgery antiforgery)
{
_antiforgery = antiforgery;
}
