Esempio n. 1
0
        public static IServiceCollection AddConfiguredAuthentication(
            this IServiceCollection services,
            OidcOptions oidc
            )
        {
            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

            services
            .AddScoped <IClaimsTransformation, UserClaimsTransformation>()

            .AddAuthentication(options =>
            {
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            })

            .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
            {
                options.Audience             = oidc.Audience;
                options.Authority            = oidc.Authority;
                options.RequireHttpsMetadata = oidc.RequireHttpsMetadata;
            })

            .AddApiKey(ApiKeyAuthentication.AuthenticationScheme, options => {})

            .AddTicketAuthentication(TicketAuthentication.AuthenticationScheme, options => {})

            .AddCookie(AppConstants.CookieScheme, opt =>
            {
                opt.ExpireTimeSpan = new TimeSpan(0, oidc.MksCookieMinutes, 0);
                opt.Cookie         = new CookieBuilder
                {
                    Name = AppConstants.CookieScheme,
                };
                opt.Events.OnRedirectToAccessDenied = ctx => {
                    ctx.HttpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
                    return(System.Threading.Tasks.Task.CompletedTask);
                };
                opt.Events.OnRedirectToLogin = ctx => {
                    ctx.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
                    return(System.Threading.Tasks.Task.CompletedTask);
                };
            })
            ;

            return(services);
        }
        public static IServiceCollection AddSwagger(
            this IServiceCollection services,
            OidcOptions oidc,
            OpenApiOptions openapi
            )
        {
            string xmlDoc = Assembly.GetExecutingAssembly().GetName().Name + ".xml";

            services.AddSwaggerGen(options =>
            {
                options.SwaggerDoc("v1", new OpenApiInfo
                {
                    Title       = openapi.ApiName,
                    Version     = "v1",
                    Description = "API documentation and interaction"
                });

                options.EnableAnnotations();

#if DEBUG
                string[] files = Directory.GetFiles("bin", xmlDoc, SearchOption.AllDirectories);

                if (files.Length > 0)
                {
                    options.IncludeXmlComments(files[0]);
                }
#else
                if (File.Exists(xmlDoc))
                {
                    options.IncludeXmlComments(xmlDoc);
                }
#endif

                if (!string.IsNullOrEmpty(oidc.Authority))
                {
                    // this displays *all* flows allowed, which is a bit confusing at the ui
                    // so not adding it at this point
                    // options.AddSecurityDefinition("oidc", new OpenApiSecurityScheme
                    // {
                    //     Type = SecuritySchemeType.OpenIdConnect,
                    //     OpenIdConnectUrl = new Uri($"{oidc.Authority}/.well-known/openid-configuration"),
                    // });

                    options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
                    {
                        Type = SecuritySchemeType.OAuth2,

                        Flows = new OpenApiOAuthFlows
                        {
                            AuthorizationCode = new OpenApiOAuthFlow
                            {
                                AuthorizationUrl = new Uri(
                                    openapi.Client.AuthorizationUrl
                                    ?? $"{oidc.Authority}/connect/authorize"
                                    ),
                                TokenUrl = new Uri(
                                    openapi.Client.TokenUrl
                                    ?? $"{oidc.Authority}/connect/token"
                                    ),
                                Scopes = new Dictionary <string, string>
                                {
                                    { oidc.Audience, "User Access" }
                                }
                            }
                        },
                    });

                    options.AddSecurityRequirement(new OpenApiSecurityRequirement
                    {
                        {
                            new OpenApiSecurityScheme
                            {
                                Reference = new OpenApiReference {
                                    Type = ReferenceType.SecurityScheme, Id = "oauth2"
                                }
                            },
                            new[] { oidc.Audience }
                        }
                    });
                }
            });

            return(services);
        }