public IdentityUtilsIdentityServerBuilder AddIdentityAndProfileService <TUser, TUserDto, TRole>()
where TUser : IdentityManagerUser
where TUserDto : class, IIdentityManagerUserDto
where TRole : IdentityManagerRole
{
identityServerBuilder
.AddAspNetIdentity <TUser>()
.AddProfileService <IdentityUtilsProfileService <TUser, TUserDto> >();
return(this);
}
private void ConfigureIdentityServer(IServiceCollection services)
{
services.AddIdentity <IdentityUser, IdentityRole>()
.AddEntityFrameworkStores <AuthenticationDbContext>()
.AddDefaultTokenProviders();
IIdentityServerBuilder identityServerBuilder = services.AddIdentityServer(options =>
{
// https://docs.duendesoftware.com/identityserver/v5/fundamentals/resources/
options.EmitStaticAudienceClaim = true;
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true;
options.IssuerUri = Startup.Configuration.GetValue <String>("ServiceOptions:IssuerUrl");
});
identityServerBuilder.AddAspNetIdentity <IdentityUser>();
if (Startup.WebHostEnvironment.IsEnvironment("IntegrationTest") || Startup.Configuration.GetValue <Boolean>("ServiceOptions:UseInMemoryDatabase") == true)
{
identityServerBuilder.AddIntegrationTestConfiguration();
}
else
{
String migrationsAssembly = typeof(AuthenticationDbContext).GetTypeInfo().Assembly.GetName().Name;
identityServerBuilder.AddIdentityServerStorage(Startup.ConfigurationConnectionString,
Startup.PersistedGrantStoreConenctionString,
Startup.AuthenticationConenctionString,
migrationsAssembly);
}
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
const string connectionString = @"Data Source=.\;database=Test.IdentityServer4.EntityFramework;trusted_connection=yes;";
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddTransient <ICustomTokenRequestValidator, DefaultClientClaimsAdder>();
services.AddDbContext <ApplicationDbContext>(builder =>
builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)));
services.AddIdentity <IdentityUser, IdentityRole>()
.AddEntityFrameworkStores <ApplicationDbContext>();
IIdentityServerBuilder ids =
services.AddIdentityServer()
.AddDeveloperSigningCredential()
// Note to self, for some reason the profile service does not gets called, I think it's the chosen flow (ie code)
// For now I used ICustomTokenRequestValidator to manually add claims to the generated token
.AddProfileService <ProfileService>();
// EF client, scope, and persisted grant stores
ids.AddOperationalStore(options =>
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)))
.AddConfigurationStore(options =>
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)));
// ASP.NET Identity integration
ids.AddAspNetIdentity <IdentityUser>();
}
public static IIdentityServerBuilder AddStudioXIdentityServer <TUser>(this IIdentityServerBuilder builder, Action <StudioXIdentityServerOptions> optionsAction = null)
where TUser : StudioXUser <TUser>
{
var options = new StudioXIdentityServerOptions();
optionsAction?.Invoke(options);
builder.AddAspNetIdentity <TUser>();
builder.AddProfileService <StudioXProfileService <TUser> >();
builder.AddResourceOwnerValidator <StudioXResourceOwnerPasswordValidator <TUser> >();
builder.Services.Replace(ServiceDescriptor.Transient <IClaimsService, StudioXClaimsService>());
if (options.UpdateStudioXClaimTypes)
{
StudioXClaimTypes.UserId = JwtClaimTypes.Subject;
StudioXClaimTypes.UserName = JwtClaimTypes.Name;
StudioXClaimTypes.Role = JwtClaimTypes.Role;
}
if (options.UpdateJwtSecurityTokenHandlerDefaultInboundClaimTypeMap)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[StudioXClaimTypes.UserId] = StudioXClaimTypes.UserId;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[StudioXClaimTypes.UserName] = StudioXClaimTypes.UserName;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[StudioXClaimTypes.Role] = StudioXClaimTypes.Role;
}
return(builder);
}
public static IIdentityServerBuilder AddAppIdentityServer(this IIdentityServerBuilder builder, Action <AppIdentityServerOptions> optionsAction = null)
{
var options = new AppIdentityServerOptions();
optionsAction?.Invoke(options);
builder.AddAspNetIdentity <User>();
builder.AddProfileService <AppProfileService>();
builder.AddResourceOwnerValidator <ResourceOwnerPasswordValidator>();
if (options.UpdateAppClaimTypes)
{
AppClaimTypes.UserId = JwtClaimTypes.Subject;
AppClaimTypes.UserName = JwtClaimTypes.Name;
AppClaimTypes.Role = JwtClaimTypes.Role;
}
if (options.UpdateJwtSecurityTokenHandlerDefaultInboundClaimTypeMap)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AppClaimTypes.UserId] = AppClaimTypes.UserId;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AppClaimTypes.UserName] = AppClaimTypes.UserName;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AppClaimTypes.Role] = AppClaimTypes.Role;
}
return(builder);
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
const string connectionString = @"Data Source=(LocalDb)\MSSQLLocalDB;database=Test.IdentityServer4.EntityFramework;trusted_connection=yes;";
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddDbContext <ApplicationDbContext>(builder =>
builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)));
services.AddIdentity <IdentityUser, IdentityRole>()
.AddEntityFrameworkStores <ApplicationDbContext>();
IIdentityServerBuilder ids = services.AddIdentityServer()
.AddDeveloperSigningCredential();
// in-memory client and scope stores
/*ids.AddInMemoryClients(Clients.Get())
* .AddInMemoryIdentityResources(Resources.GetIdentityResources())
* .AddInMemoryApiResources(Resources.GetApiResources())
* .AddInMemoryApiScopes(Resources.GetApiScopes());*/
// EF client, scope, and persisted grant stores
ids.AddOperationalStore(options =>
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)))
.AddConfigurationStore(options =>
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)));
// ASP.NET Identity integration
ids.AddAspNetIdentity <IdentityUser>();
}
public static IIdentityServerBuilder AddAbpIdentityServer(
this IIdentityServerBuilder builder,
Action <AbpIdentityServerOptions> optionsAction = null)
{
var options = new AbpIdentityServerOptions();
optionsAction?.Invoke(options);
//TODO: AspNet Identity integration lines. Can be extracted to a extension method
builder.AddAspNetIdentity <IdentityUser>();
builder.AddProfileService <AbpProfileService>();
builder.AddResourceOwnerValidator <AbpResourceOwnerPasswordValidator>();
builder.Services.Replace(ServiceDescriptor.Transient <IClaimsService, AbpClaimsService>());
if (options.UpdateAbpClaimTypes)
{
AbpClaimTypes.UserId = JwtClaimTypes.Subject;
AbpClaimTypes.UserName = JwtClaimTypes.Name;
AbpClaimTypes.Role = JwtClaimTypes.Role;
}
if (options.UpdateJwtSecurityTokenHandlerDefaultInboundClaimTypeMap)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.UserId] = AbpClaimTypes.UserId;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.UserName] = AbpClaimTypes.UserName;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.Role] = AbpClaimTypes.Role;
}
return(builder);
}
public static IIdentityServerBuilder AddIdentity <TUser, TUserStore>(this IIdentityServerBuilder identityServerBuilder)
where TUser : class, IAspNetUser
where TUserStore : DbContext
{
var services = identityServerBuilder.Services;
services.AddTransient(typeof(IAccountService <TUser>), typeof(AccountService <TUser>));
services.Configure <DataProtectionTokenProviderOptions>(options =>
{
options.TokenLifespan = TimeSpan.FromDays(1);
});
services.AddIdentity <TUser, IdentityRole>(options =>
{
options.Password.RequireDigit = true;
options.Password.RequireLowercase = true;
options.Password.RequireUppercase = true;
options.Password.RequiredLength = 8;
options.Lockout.AllowedForNewUsers = true;
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(15);
options.Lockout.MaxFailedAccessAttempts = 5;
})
.AddDefaultTokenProviders()
.AddEntityFrameworkStores <TUserStore>()
;
identityServerBuilder
.AddAspNetIdentity <TUser>()
.AddProfileService <ProfileService <TUser> >()
;
return(identityServerBuilder);
}
public static IIdentityServerBuilder AddIdentityServerUserAuthorization <TUser, TRole>(
this IIdentityServerBuilder builder,
Action <IdentityOptions> options = null)
where TUser : IdentityUser
where TRole : IdentityRole
{
var services = builder.Services;
services.AddIdentity <TUser, TRole>(identityOptions => { options?.Invoke(identityOptions); })
.AddDefaultTokenProviders();
services.AddTransient <IUserStore <TUser>, UserStore <TUser> >();
services.AddTransient <IUserClaimStore <TUser>, UserStore <TUser> >();
services.AddTransient <IUserPasswordStore <TUser>, UserStore <TUser> >();
services.AddTransient <IPasswordHasher <TUser>, UserPasswordHasher <TUser> >();
services.AddTransient <IRoleStore <TRole>, RoleStore <TRole> >();
services.AddTransient <IUserService <TUser>, UserService <TUser> >();
services.AddTransient <IProfileService, ApplicationProfile>();
services.AddMediatR(typeof(StartupIdentityUser).Assembly);
services.TryAddTransient <IMapper, Mapper>();
builder.AddAspNetIdentity <TUser>()
.AddProfileService <ApplicationProfile>();
return(builder);
}
public static IIdentityServerBuilder AddDefaultIdentityServerConfig <TApplicationUser>(this IIdentityServerBuilder builder, Action <DbContextOptionsBuilder> dbContextOptionsBuilder = null) where TApplicationUser : ApplicationUser
{
builder.AddAspNetIdentity <TApplicationUser>()
.AddConfigurationStore(options => options.ConfigureDbContext = dbContextOptionsBuilder)
.AddOperationalStore(options => options.ConfigureDbContext = dbContextOptionsBuilder)
.Services.AddTransient <IProfileService, Services.ProfileService <TApplicationUser> >();;
return(builder);
}
public static IIdentityServerBuilder AddAbpIdentityServer <TUser>(this IIdentityServerBuilder builder)
where TUser : AbpUser <TUser>
{
builder.AddAspNetIdentity <TUser>();
builder.AddProfileService <AbpProfileService <TUser> >();
builder.AddResourceOwnerValidator <AbpResourceOwnerPasswordValidator <TUser> >();
builder.Services.Replace(ServiceDescriptor.Transient <IClaimsService, AbpClaimsService>());
return(builder);
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddIdentity <ApplicationUser, IdentityRole>().AddDefaultTokenProviders();
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
IIdentityServerBuilder isb = services.AddIdentityServer(options =>
{
// TODO: set authority and PublicOrigin
options.IssuerUri = DebugConstants.IdentityServer.Authority;
options.PublicOrigin = DebugConstants.IdentityServer.Authority;
this.Configuration.Bind(nameof(IdentityServerOptions), options);
});
//TODO: use recommended approach for signing credentials
isb.AddDeveloperSigningCredential();
isb.AddConfigurationStore(options =>
{
//TODO: use real connection sting
options.ConfigureDbContext = builder =>
builder.UseSqlServer(DebugConstants.ConnectionStrings.IdentityServerConfStore,
sql => sql.MigrationsAssembly(migrationsAssembly));
});
// this adds the operational data from DB (codes, tokens, consents)
isb.AddOperationalStore(options =>
{
//TODO: use real connection sting
options.ConfigureDbContext = builder =>
builder.UseSqlServer(DebugConstants.ConnectionStrings.IdentityServerOperationalStore,
sql => sql.MigrationsAssembly(migrationsAssembly));
});
isb.AddAspNetIdentity <ApplicationUser>();
isb.AddInMemoryCaching().AddConfigurationStoreCache();
services.AddCors(options =>
{
// this defines a CORS policy called "default"
options.AddPolicy("default", policy =>
{
// TODO: set correct CORS policy
policy.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials();
});
options.DefaultPolicyName = "default";
});
MigrateDatabase(services);
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
const string connectionString = @"Filename=identity.db";
//const string connectionString = @"Data Source=(LocalDb)\MSSQLLocalDB;database=Test.IdentityServer4.EntityFramework;trusted_connection=yes;";
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddDbContext <ApplicationDbContext>(builder => builder.UseSqlite(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)));
services.AddIdentity <ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
IIdentityServerBuilder ids = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
// see https://identityserver4.readthedocs.io/en/latest/topics/resources.html
options.EmitStaticAudienceClaim = true;
})
.AddDeveloperSigningCredential();
ids.AddOperationalStore(options => options.ConfigureDbContext =
builder => builder.UseSqlite(
connectionString,
sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)))
.AddConfigurationStore(options => options.ConfigureDbContext =
builder => builder.UseSqlite(
connectionString,
sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)));
ids.AddAspNetIdentity <ApplicationUser>();
services.AddAuthentication(options =>
{
options.DefaultScheme = "cookie";
})
.AddCookie("cookie");
services.AddAuthentication().AddGoogle(opts => {
opts.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
opts.ClientId = "<client id>";
opts.ClientSecret = "<client secret";
});
}
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext <ApplicationDbContext>(options =>
{
options.UseInMemoryDatabase("memdb");
});
IdentityBuilder identityBuilder = services.AddIdentity <IdentityUser, IdentityRole>(options =>
{
options.Password.RequiredLength = 3;
options.Password.RequireDigit = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireLowercase = false;
options.Password.RequireUppercase = false;
});
identityBuilder
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = "Raw.IdentityServer.Cookie";
options.LoginPath = "/auth/login";
});
// He says AddIdentityServer instruction adds authentication and authorizations services
IIdentityServerBuilder identityServerBuilder =
services.AddIdentityServer();
identityServerBuilder
.AddAspNetIdentity <IdentityUser>() // Solves "InvalidOperationException: sub claim is missing"
.AddInMemoryIdentityResources(IdentityServerConfiguration.IdentityResources)
.AddInMemoryApiScopes(IdentityServerConfiguration.ApiScopes)
.AddInMemoryApiResources(IdentityServerConfiguration.ApiResources) // register ApiScopes first
.AddInMemoryClients(IdentityServerConfiguration.GetClients);
// not recommended for production - you need to store your key material somewhere secure
identityServerBuilder.AddDeveloperSigningCredential();
services
.AddControllersWithViews()
.AddRazorRuntimeCompilation();
}
public static IIdentityServerBuilder AddAspNetIdentity(
this IIdentityServerBuilder builder,
AbpIdentityServerBuilderOptions options = null)
{
if (options == null)
{
options = new AbpIdentityServerBuilderOptions();
}
//TODO: AspNet Identity integration lines. Can be extracted to a extension method
if (options.IntegrateToAspNetIdentity)
{
builder.AddAspNetIdentity <IdentityUser>();
builder.AddProfileService <AbpProfileService>();
builder.AddResourceOwnerValidator <AbpResourceOwnerPasswordValidator>();
}
return(builder);
}
public static IIdentityServerBuilder AddAbpIdentityServer(
this IIdentityServerBuilder builder,
AbpIdentityServerBuilderOptions options = null)
{
if (options == null)
{
options = new AbpIdentityServerBuilderOptions();
}
//TODO: AspNet Identity integration lines. Can be extracted to a extension method
if (options.IntegrateToAspNetIdentity)
{
builder.AddAspNetIdentity <IdentityUser>();
builder.AddProfileService <AbpProfileService>();
builder.AddResourceOwnerValidator <AbpResourceOwnerPasswordValidator>();
builder.Services.Remove(builder.Services.LastOrDefault(x => x.ServiceType == typeof(IUserClaimsPrincipalFactory <IdentityUser>)));
builder.Services.AddTransient <IUserClaimsPrincipalFactory <IdentityUser>, AbpUserClaimsFactory <IdentityUser> >();
builder.Services.AddTransient <IObjectAccessor <IUserClaimsPrincipalFactory <IdentityUser> >, ObjectAccessor <AbpUserClaimsPrincipalFactory> >();
}
builder.Services.Replace(ServiceDescriptor.Transient <IClaimsService, AbpClaimsService>());
if (options.UpdateAbpClaimTypes)
{
AbpClaimTypes.UserId = JwtClaimTypes.Subject;
AbpClaimTypes.UserName = JwtClaimTypes.Name;
AbpClaimTypes.Role = JwtClaimTypes.Role;
AbpClaimTypes.Email = JwtClaimTypes.Email;
}
if (options.UpdateJwtSecurityTokenHandlerDefaultInboundClaimTypeMap)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.UserId] = AbpClaimTypes.UserId;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.UserName] = AbpClaimTypes.UserName;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.Role] = AbpClaimTypes.Role;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.Email] = AbpClaimTypes.Email;
}
return(builder);
}
/// <summary>
/// Configures defaults on Identity Server for ASP.NET Core scenarios.
/// </summary>
/// <typeparam name="TUser">The <typeparamref name="TUser"/> type.</typeparam>
/// <param name="builder">The <see cref="IIdentityServerBuilder"/>.</param>
/// <param name="configure">The <see cref="Action{ApplicationsOptions}"/>
/// to configure the <see cref="ApiAuthorizationOptions"/>.</param>
/// <returns>The <see cref="IIdentityServerBuilder"/>.</returns>
public static IIdentityServerBuilder AddApiAuthorization <TUser>(
this IIdentityServerBuilder builder,
Action <ApiAuthorizationOptions> configure) where TUser : class
{
if (configure == null)
{
throw new ArgumentNullException(nameof(configure));
}
builder.AddAspNetIdentity <TUser>()
.AddHibernateOperationalStore()
.ConfigureReplacedServices()
.AddIdentityResources()
.AddApiResources()
.AddClients()
.AddSigningCredentials();
builder.Services.Configure(configure);
return(builder);
}
/// <summary>
/// Configures defaults on Identity Server for ASP.NET Core scenarios.
/// </summary>
/// <typeparam name="TUser">The <typeparamref name="TUser"/> type.</typeparam>
/// <typeparam name="TContext">The <typeparamref name="TContext"/> type.</typeparam>
/// <param name="builder">The <see cref="IIdentityServerBuilder"/>.</param>
/// <param name="configure">The <see cref="Action{ApplicationsOptions}"/>
/// to configure the <see cref="ApiAuthorizationOptions"/>.</param>
/// <returns>The <see cref="IIdentityServerBuilder"/>.</returns>
public static IIdentityServerBuilder AddApiAuthorization <TUser, TContext>(this IIdentityServerBuilder builder, Action <ApiAuthorizationOptions> configure)
where TUser : class
where TContext : DbContext, IPersistedGrantDbContext
{
if (configure == null)
{
throw new ArgumentNullException(nameof(configure));
}
builder
.AddAspNetIdentity <TUser>()
.AddOperationalStore <TContext>()
.ConfigureReplacedServices()
.AddIdentityResources()
.AddApiResources()
.AddClients();
builder.Services.Configure(configure);
return(builder);
}
public static IIdentityServerBuilder AddRocketAspNetIdentity(this IIdentityServerBuilder builder)
{
return(builder.AddAspNetIdentity <IdentityUser> ()
.AddProfileService <RocketProfileService> ()
.AddResourceOwnerValidator <RocketResourceOwnerPasswordValidator> ());
}
// This method gets called by the runtime. Use this method to add services to the container.
public async void ConfigureServices(IServiceCollection services)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
//todo: check use online
IdentityModelEventSource.ShowPII = true;
services.AddControllers();
services.AddCors();
var connectionString = Configuration.GetConnectionString("IdentityDbContext");
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddDbContext <ApplicationDbContext>(builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)))
.AddIdentity <IdentityUser, IdentityRole>(options =>
{
options.Password.RequireDigit = true;
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = true;
options.Password.RequireLowercase = false;
options.Lockout.AllowedForNewUsers = true;
options.Lockout.MaxFailedAccessAttempts = 3;
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromDays(1);
})
.AddDefaultTokenProviders()
.AddEntityFrameworkStores <ApplicationDbContext>();
//for authorization implementation
services.AddIdentityAuthorizationService();
IIdentityServerBuilder ids = services.AddIdentityServer()
.AddCustomUserStore()
.AddDeveloperSigningCredential();
// EF client, scope, and persisted grant stores
ids.AddOperationalStore(options =>
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)))
.AddConfigurationStore(options =>
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)));
// ASP.NET Identity integration
ids.AddAspNetIdentity <IdentityUser>();
IList <string> validissuers = new List <string>()
{
"https://localhost:5001"
};
var configManager = new ConfigurationManager <OpenIdConnectConfiguration>($"{validissuers.Last()}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
//var openidconfig = await configManager.GetConfigurationAsync();
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Audience = "api1";
options.Authority = "https://localhost:5001";
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
{
ValidateAudience = true,
ValidAudience = "api1",
ValidateIssuer = true,
ValidIssuers = new[] { "https://localhost:5001" },
//ValidateIssuerSigningKey = true,
//IssuerSigningKeys = openidconfig.SigningKeys,
RequireExpirationTime = true,
ValidateLifetime = true,
RequireSignedTokens = true,
};
});
}
private static IServiceCollection AddIdentityServerAuthentication(
this IServiceCollection services,
IConfiguration configuration)
{
string identityConnectionString = configuration.GetConnectionString("Identity");
string migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddDataProtection()
.SetApplicationName("identity-management");
services.AddDbContextPool <TenantUserDbContext>((services, options) => {
options.UseSqlServer(identityConnectionString,
sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly));
});
services.AddIdentity <TenantUserEntity, IdentityRole>()
.AddDefaultTokenProviders()
.AddEntityFrameworkStores <TenantUserDbContext>();
services.Configure <IdentityOptions>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequiredUniqueChars = 3;
options.Password.RequiredLength = 8;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
options.Lockout.MaxFailedAccessAttempts = 5;
options.User.RequireUniqueEmail = true;
});
IIdentityServerBuilder identityBuilder = services.AddIdentityServer(options =>
{
options.UserInteraction.LoginUrl = "~/account/sign-in";
options.UserInteraction.LogoutUrl = "~/account/sign-out";
options.UserInteraction.ErrorUrl = "~/error";
options.Events.RaiseErrorEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseInformationEvents = true;
options.Authentication.CookieSlidingExpiration = true;
});
identityBuilder.AddConfigurationStore(options => {
options.ConfigureDbContext = context =>
context.UseSqlServer(identityConnectionString,
sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly));
});
identityBuilder.AddOperationalStore(options => {
options.ConfigureDbContext = context =>
context.UseSqlServer(identityConnectionString,
sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly));
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 7200;
});
identityBuilder.AddAspNetIdentity <TenantUserEntity>()
.AddProfileService <ProfileService <TenantUserEntity> >()
.AddInMemoryCaching();
var certificate = GetSigningCertificate(configuration);
X509SigningCredentials signingCredentials = new X509SigningCredentials(certificate);
identityBuilder.AddSigningCredential(signingCredentials);
return(services);
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
const string connectionString = @"Server=.; Database=DemoIS4Db; Trusted_Connection=True;";
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddDbContext <ApplicationDbContext>(builder =>
builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)));
services.AddIdentity <IdentityUser, IdentityRole>()
.AddEntityFrameworkStores <ApplicationDbContext>();
IIdentityServerBuilder ids = services.AddIdentityServer()
.AddDeveloperSigningCredential();
services.AddAuthentication()
.AddSaml2(options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.DefaultCookieAuthenticationScheme;
options.SPOptions.EntityId = new EntityId("http://localhost:5000/saml");
options.IdentityProviders.Add(
new Sustainsys.Saml2.IdentityProvider(
new EntityId("https://stubidp.sustainsys.com/Metadata"), options.SPOptions)
{
LoadMetadata = true
});
options.SPOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx"));
})
.AddGoogle("Google", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
//options.CallbackPath = "/signin-google";
options.ClientId = "858817474577-a8jt1ldbnhr6ptp4lsf0681t3mbgge08.apps.googleusercontent.com";
options.ClientSecret = "Oh1pnLFGPXKR_XwYULfh21Ov";
}).AddOpenIdConnect("oidc", "Demo IdentityServer", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.SaveTokens = true;
options.Authority = "https://demo.identityserver.io/";
options.ClientId = "interactive.confidential";
options.ClientSecret = "secret";
options.ResponseType = "code";
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
// EF client, scope, and persisted grant stores
ids.AddOperationalStore(options =>
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)))
.AddConfigurationStore(options =>
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)));
// ASP.NET Identity integration
ids.AddAspNetIdentity <IdentityUser>();
}
public static IIdentityServerBuilder AddAspNetIdentity <TUser>(this IIdentityServerBuilder builder)
where TUser : class
{
return(builder.AddAspNetIdentity <TUser>("Identity.Application"));
}
internal static IIdentityServerBuilder AddIdentityUser<TUser>(this IIdentityServerBuilder builder)
where TUser : IdentityUser
{
return builder.AddAspNetIdentity<TUser>();
}