/// <summary> /// Initializes a new instance of the <see cref="TokenCleanup" /> class. /// </summary> /// <param name="serviceProvider">The service provider.</param> /// <param name="logger">The logger.</param> /// <param name="options">The options.</param> /// <exception cref="ArgumentNullException">options /// or /// logger /// or /// serviceProvider</exception> /// <exception cref="ArgumentException">Token cleanup interval must be at least 1 second /// or /// Token cleanup batch size interval must be at least 1</exception> public TokenCleanup(IServiceProvider serviceProvider, ILogger <TokenCleanup> logger, OperationalServiceOptions options) { this.options = options ?? throw new ArgumentNullException(nameof(options)); if (this.options.TokenCleanupInterval < 1) { throw new ArgumentException("Token cleanup interval must be at least 1 second"); } if (this.options.TokenCleanupBatchSize < 1) { throw new ArgumentException("Token cleanup batch size interval must be at least 1"); } this.logger = logger ?? throw new ArgumentNullException(nameof(logger)); this.serviceProvider = serviceProvider ?? throw new ArgumentNullException(nameof(serviceProvider)); }
/// <summary> /// Initializes a new instance of the <see cref="TokenCleanupHost" /> class. /// </summary> /// <param name="tokenCleanup">The token cleanup.</param> /// <param name="options">The options.</param> public TokenCleanupHost(TokenCleanup tokenCleanup, OperationalServiceOptions options) { this.tokenCleanup = tokenCleanup; this.options = options; }
public void ConfigureAuthServices(IServiceCollection services, ServerSettings serverSettings) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary <string, string>(); string connectionString = this.Configuration.GetConnectionString("DefaultConnection"); var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; services.AddDbContext <UnityAuthDbContext>(options => { options.UseSqlServer(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly)); }); services.AddIdentity <ApplicationUser, ApplicationUserRole>() .AddRoleManager <ApplicationUserRoleManager>() .AddUserManager <ApplicationUserManager>() .AddEntityFrameworkStores <UnityAuthDbContext>() .AddDefaultTokenProviders(); // configure identity server with in-memory stores, keys, clients and scopes services.AddIdentityServer() // .AddClientStore<UnityClientStore>() .AddProfileService <UnityUserProfileService>() // .AddClientStoreCache<UnityClientStore>() .AddSigningCredential(IdentityServerBuilderExtensionsCrypto.CreateRsaSecurityKey()) // this adds the config data from DB (clients, resources) .AddConfigurationStore(options => { options.ConfigureDbContext = builder => builder.UseSqlServer( connectionString, sql => sql.MigrationsAssembly(migrationsAssembly)); }) // this adds the operational data from DB (codes, tokens, consents) .AddOperationalStore(options => { options.ConfigureDbContext = builder => builder.UseSqlServer( connectionString, sql => sql.MigrationsAssembly(migrationsAssembly)); // this enables automatic token cleanup. this is optional. options.EnableTokenCleanup = true; options.TokenCleanupInterval = SessionSecurity.TokenCleanupInterval; }) .AddDefaultEndpoints() .AddRequiredPlatformServices() // .AddInMemoryPersistedGrants() // .AddInMemoryIdentityResources(Defaults.GetIdentityResources()) // .AddInMemoryApiResources(Defaults.GetApiResources()) // .AddInMemoryClients(Defaults.GetClients()) .AddAspNetIdentity <ApplicationUser>(); services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddIdentityServerAuthentication(options => { options.Authority = serverSettings.HostAddress; options.ApiName = "api"; options.RequireHttpsMetadata = false; options.SaveToken = true; options.ApiSecret = "secret"; options.SupportedTokens = SupportedTokens.Both; options.JwtBearerEvents = new AuthJwtBearerEvents(); }); services.Configure <IdentityOptions>(options => { // Password settings options.Password.RequireDigit = true; options.Password.RequiredLength = 6; options.Password.RequireNonAlphanumeric = false; options.Password.RequireUppercase = true; options.Password.RequireLowercase = false; options.Password.RequiredUniqueChars = 6; // Lockout settings options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(30); options.Lockout.MaxFailedAccessAttempts = 5; options.Lockout.AllowedForNewUsers = true; // User settings options.User.RequireUniqueEmail = true; }); services.ConfigureApplicationCookie(options => { // Cookie settings options.Cookie.HttpOnly = true; options.Cookie.Expiration = TimeSpan.FromMinutes(SessionSecurity.SessionExpiryTime); options.LoginPath = "/Account/Login"; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login options.LogoutPath = "/Account/Logout"; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout options.AccessDeniedPath = "/Account/AccessDenied"; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied options.SlidingExpiration = true; }); // services // .AddMvcCore(options => // { // // require scope1 or scope2 // var policy = ScopePolicy.Create("apiv1"); // options.Filters.Add(new AuthorizeFilter(policy)); // }) // .AddJsonFormatters() // .AddAuthorization(); // services.AddAuthorization(options => // { // options.AddPolicy("apiv1Policy", builder => // { // // require scope1 // builder.RequireScope("apiv1"); // }); // }); // add CORS policy for non-IdentityServer endpoints services.AddCors(options => { options.AddPolicy("apiCorsPolicy", policy => { policy.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod(); }); }); // Add application services. services.AddTransient <IEmailSender, EmailSender>(); // Add application services. services.AddTransient <ISmsSender, SmsSender>(); services.AddSingleton <TokenCleanup>(); services.AddSingleton <IHostedService, TokenCleanupHost>(); var storeOptions = new OperationalServiceOptions(); services.AddSingleton(storeOptions); storeOptions.EnableTokenCleanup = true; storeOptions.TokenCleanupInterval = Convert.ToInt32(TimeSpan.FromMinutes(SessionSecurity.SessionExpiryTime).TotalSeconds); storeOptions.TokenCleanupBatchSize = SessionSecurity.TokenCleanupBatchSize; }