// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { var appSettings = configuration.GetSection(nameof(AppSettings)).Get <AppSettings>(); services.AddSingleton(appSettings); string conn = configuration.GetConnectionString("Identity"); services.AddDbContext <AppIdentityDbContext>(options => { options.UseMySql(configuration.GetConnectionString("Identity")); }); services.AddIdentity <AppUser, IdentityRole>(options => { options.Password.RequireNonAlphanumeric = false; options.User.RequireUniqueEmail = true; options.SignIn.RequireConfirmedEmail = true; }) .AddEntityFrameworkStores <AppIdentityDbContext>() .AddDefaultTokenProviders(); var builder = services.AddIdentityServer() // this adds the operational data from DB (codes, tokens, consents) .AddOperationalStore(options => { options.ConfigureDbContext = options => options.UseMySql(configuration.GetConnectionString("Identity")); // this enables automatic token cleanup. this is optional. options.EnableTokenCleanup = true; options.TokenCleanupInterval = 30; // interval in seconds }) .AddInMemoryIdentityResources(ResourceConfig.GetIdentityResources()) .AddInMemoryApiResources(ResourceConfig.GetApiResources()) .AddInMemoryClients(ResourceConfig.GetClients("")) .AddAspNetIdentity <AppUser>(); services.AddSingleton <IEmailSender, EmailSender>(s => new EmailSender(appSettings.EmailConfig)); if (environment.IsDevelopment()) { builder.AddDeveloperSigningCredential(); } else { throw new Exception("need to configure key material"); } services.AddControllersWithViews(); }
public void ConfigureServices(IServiceCollection services) { // Initialize strongly-typed general configuration and add it to our dependency injection container IConfigurationSection generalConfigSection = Configuration.GetSection("GeneralConfig"); GeneralConfig generalConfig = generalConfigSection.Get <GeneralConfig>(); services.Configure <GeneralConfig>(options => generalConfigSection.Bind(options)); // Configure CORS based on the origins specified in our configuration services.AddCors(options => { options.AddPolicy("CorsPolicy", builder => builder .WithOrigins(generalConfig.AllowedCorsOrigins) .AllowAnyMethod() .AllowAnyHeader() .AllowCredentials()); }); services.Configure <CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => false; options.MinimumSameSitePolicy = SameSiteMode.None; }); /* Configure our instance of IdentityServer. This is where * much of the magic happens. */ services.AddIdentityServer() /* Add statically-generated clients, identity resources, and API resources * for our quickstart. For an important production application we'd probably * want to configure this from a persistent store. */ .AddInMemoryClients(ClientConfig.GetClients()) .AddInMemoryIdentityResources(ResourceConfig.GetIdentityResources()) .AddInMemoryApiResources(ResourceConfig.GetApiResources()) .AddInMemoryPersistedGrants() /* Add our test users alice and bob for demo purposes. For a production * application we'd obviously want to replace this with a persistent user * store, which generally would be implementation-specific. */ .AddTestUsers(TestUsersConfig.GetUsers()) /* Use AddDeveloperSigningCredential for debugging only. When we deploy * we should consider using AddSigningCredential. */ .AddDeveloperSigningCredential() /* ProfileService is used to issue claims for our id tokens * and access tokens. */ .AddProfileService <ProfileService>(); // Configure external identity providers services.AddAuthentication() /* As a demo external identity provider we're using the hosted IdentityServer demo * application. Users can log in via their Google account or as alice/alice or bob/bob. */ .AddOpenIdConnect("oidc", "OpenID Connect", options => { options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; options.SignOutScheme = IdentityServerConstants.SignoutScheme; options.Authority = "https://demo.identityserver.io/"; options.ClientId = "implicit"; options.TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name", RoleClaimType = "role" }; }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); }