public void Configure(IApplicationBuilder app, IWebHostEnvironment env, AdminApiConfiguration adminApiConfiguration)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint($"{adminApiConfiguration.ApiBaseUrl}/swagger/v1/swagger.json", adminApiConfiguration.ApiName);
c.OAuthClientId(adminApiConfiguration.OidcSwaggerUIClientId);
c.OAuthAppName(adminApiConfiguration.ApiName);
});
app.UseRouting();
UseAuthentication(app);
app.UseCors();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapDefaultControllerRoute();
endpoints.MapHealthChecks("/health", new HealthCheckOptions
{
ResponseWriter = UIResponseWriter.WriteHealthCheckUIResponse
});
});
}
/// <summary>
/// Add authentication middleware for an API
/// </summary>
/// <typeparam name="TIdentityDbContext">DbContext for an access to Identity</typeparam>
/// <typeparam name="TUser">Entity with User</typeparam>
/// <typeparam name="TRole">Entity with Role</typeparam>
/// <param name="services"></param>
/// <param name="adminApiConfiguration"></param>
public static void AddApiAuthentication <TIdentityDbContext, TUser, TRole>(this IServiceCollection services,
AdminApiConfiguration adminApiConfiguration)
where TIdentityDbContext : DbContext
where TRole : class
where TUser : class
{
services.AddIdentity <TUser, TRole>(options => { options.User.RequireUniqueEmail = true; })
.AddEntityFrameworkStores <TIdentityDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication(options =>
{
options.DefaultScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultForbidScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
}
)
.AddIdentityServerAuthentication(options =>
{
options.Authority = adminApiConfiguration.IdentityServerBaseUrl;
options.ApiName = adminApiConfiguration.OidcApiName;
options.RequireHttpsMetadata = adminApiConfiguration.RequireHttpsMetadata;
});
}
/// <summary>
/// Add authentication middleware for an API
/// </summary>
/// <typeparam name="TIdentityDbContext">DbContext for an access to Identity</typeparam>
/// <typeparam name="TUser">Entity with User</typeparam>
/// <typeparam name="TRole">Entity with Role</typeparam>
/// <param name="services"></param>
/// <param name="adminApiConfiguration"></param>
public static void AddApiAuthentication <TIdentityDbContext, TUser, TRole>(this IServiceCollection services,
AdminApiConfiguration adminApiConfiguration)
where TIdentityDbContext : DbContext
where TRole : class
where TUser : class
{
services.AddSingleton(new ProtectorOptions {
KeyPath = $@"E:\Data_of_Rui\Documents\source\repos\IdentityServerDemo\src\DemoApp\IdentityServer\App_Data\AesDataProtectionKey"
});
services.AddIdentity <TUser, TRole>(options =>
{
options.User.RequireUniqueEmail = true;
options.Stores.ProtectPersonalData = true;
})
.AddPersonalDataProtection <AesProtector, AesProtectorKeyRing>()
.AddEntityFrameworkStores <TIdentityDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication(options =>
{
options.DefaultScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultForbidScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
}
)
.AddIdentityServerAuthentication(options =>
{
options.Authority = adminApiConfiguration.IdentityServerBaseUrl;
options.ApiName = adminApiConfiguration.OidcApiName;
options.RequireHttpsMetadata = adminApiConfiguration.RequireHttpsMetadata;
});
}
/// <summary>
/// Add authentication middleware for an API
/// </summary>
/// <typeparam name="TIdentityDbContext">DbContext for an access to Identity</typeparam>
/// <typeparam name="TUser">Entity with User</typeparam>
/// <typeparam name="TRole">Entity with Role</typeparam>
/// <param name="services"></param>
/// <param name="adminApiConfiguration"></param>
public static void AddApiAuthentication <TIdentityDbContext, TUser, TRole>(this IServiceCollection services,
AdminApiConfiguration adminApiConfiguration)
where TIdentityDbContext : DbContext
where TRole : class
where TUser : class
{
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = adminApiConfiguration.IdentityServerBaseUrl;
options.ApiName = adminApiConfiguration.OidcApiName;
#if DEBUG
options.RequireHttpsMetadata = false;
#else
options.RequireHttpsMetadata = true;
#endif
});
services.AddIdentity <TUser, TRole>(options =>
{
options.User.RequireUniqueEmail = true;
})
.AddRoleManager <RoleManager>()
.AddEntityFrameworkStores <TIdentityDbContext>()
.AddDefaultTokenProviders();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, AdminApiConfiguration adminApiConfiguration)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
app.UseHttpsRedirection();
}
app.UseCors("default");
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", ApiConfigurationConsts.ApiName);
c.OAuthClientId(adminApiConfiguration.OidcSwaggerUIClientId);
c.OAuthAppName(ApiConfigurationConsts.ApiName);
});
app.UseAuthentication();
app.UseMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, AdminApiConfiguration adminApiConfiguration)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint($"{adminApiConfiguration.ApiBaseUrl}/swagger/v1/swagger.json", adminApiConfiguration.ApiName);
c.OAuthClientId(adminApiConfiguration.OidcSwaggerUIClientId);
c.OAuthAppName(adminApiConfiguration.ApiName);
});
app.UseRouting();
app.UseCors(x =>
{
x.AllowAnyOrigin();
x.AllowAnyMethod();
x.AllowAnyHeader();
});
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
public static void SetAdminClaimsViaHeaders(this HttpClient client, AdminApiConfiguration adminConfiguration)
{
var claims = new[]
{
new Claim(JwtClaimTypes.Subject, Guid.NewGuid().ToString()),
new Claim(JwtClaimTypes.Name, Guid.NewGuid().ToString()),
new Claim(JwtClaimTypes.Role, adminConfiguration.AdministrationRole)
};
var token = new JwtSecurityToken(claims: claims);
var t = new JwtSecurityTokenHandler().WriteToken(token);
client.DefaultRequestHeaders.Add(AuthenticatedTestRequestMiddleware.TestAuthorizationHeader, t);
}
/// <summary>
/// Add authentication middleware for an API
/// </summary>
public static void AddApiAuthentication(this IServiceCollection services, AdminApiConfiguration adminApiConfiguration)
{
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = adminApiConfiguration.IdentityServerBaseUrl;
options.ApiName = adminApiConfiguration.OidcApiName;
#if DEBUG
options.RequireHttpsMetadata = false;
#else
options.RequireHttpsMetadata = true;
#endif
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, AdminApiConfiguration adminApiConfiguration)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseStaticFiles();
app.UseRouting();
app.UseCookiePolicy();
app.UseAuthentication();
app.UseCors();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapDefaultControllerRoute();
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, AdminApiConfiguration adminApiConfiguration)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", ApiConfigurationConsts.ApiName);
c.OAuthClientId(adminApiConfiguration.OidcSwaggerUIClientId);
c.OAuthAppName(ApiConfigurationConsts.ApiName);
});
app.UseMvc();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, AdminApiConfiguration adminApiConfiguration, IServiceProvider provider)
{
app.AddForwardHeaders();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
if (Configuration.GetValue <bool>("DatabaseProviderConfiguration:Migrate"))
{
Migrate(provider);
}
app.UseRouting();
//app.UseAuthentication();
app.UseCors();
//app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapDefaultControllerRoute();
});
}
/// <summary>
/// Add authentication middleware for an API
/// </summary>
/// <typeparam name="TIdentityDbContext">DbContext for an access to Identity</typeparam>
/// <typeparam name="TUser">Entity with User</typeparam>
/// <typeparam name="TRole">Entity with Role</typeparam>
/// <param name="services"></param>
/// <param name="adminApiConfiguration"></param>
public static void AddApiAuthentication <TIdentityDbContext, TUser, TRole>(this IServiceCollection services,
AdminApiConfiguration adminApiConfiguration)
where TIdentityDbContext : DbContext
where TRole : class
where TUser : class
{
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = adminApiConfiguration.IdentityServerBaseUrl;
options.ApiName = adminApiConfiguration.OidcApiName;
// NOTE: This is only for development set for false
// For production use - set RequireHttpsMetadata to true!
options.RequireHttpsMetadata = false;
});
services.AddIdentity <TUser, TRole>(options =>
{
options.User.RequireUniqueEmail = true;
})
.AddEntityFrameworkStores <TIdentityDbContext>()
.AddDefaultTokenProviders();
}
public static IServiceCollection AddAdminApiCors(this IServiceCollection services, AdminApiConfiguration adminApiConfiguration)
{
services.AddCors(options =>
{
options.AddDefaultPolicy(
builder =>
{
if (adminApiConfiguration.CorsAllowAnyOrigin)
{
builder.AllowAnyOrigin();
}
else
{
builder.WithOrigins(adminApiConfiguration.CorsAllowOrigins);
}
builder.AllowAnyHeader();
builder.AllowAnyMethod();
});
});
return(services);
}
public static void AddIdSHealthChecks <TConfigurationDbContext, TPersistedGrantDbContext, TIdentityDbContext, TLogDbContext, TAuditLoggingDbContext, TDataProtectionDbContext>(this IServiceCollection services, IConfiguration configuration, AdminApiConfiguration adminApiConfiguration)
where TConfigurationDbContext : DbContext, IAdminConfigurationDbContext
where TPersistedGrantDbContext : DbContext, IAdminPersistedGrantDbContext
where TIdentityDbContext : DbContext
where TLogDbContext : DbContext, IAdminLogDbContext
where TAuditLoggingDbContext : DbContext, IAuditLoggingDbContext <AuditLog>
where TDataProtectionDbContext : DbContext, IDataProtectionKeyContext
{
var configurationDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.ConfigurationDbConnectionStringKey);
var persistedGrantsDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.PersistedGrantDbConnectionStringKey);
var identityDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.IdentityDbConnectionStringKey);
var logDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.AdminLogDbConnectionStringKey);
var auditLogDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.AdminAuditLogDbConnectionStringKey);
var dataProtectionDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.DataProtectionDbConnectionStringKey);
var identityServerUri = adminApiConfiguration.IdentityServerBaseUrl;
var healthChecksBuilder = services.AddHealthChecks()
.AddDbContextCheck <TConfigurationDbContext>("ConfigurationDbContext")
.AddDbContextCheck <TPersistedGrantDbContext>("PersistedGrantsDbContext")
.AddDbContextCheck <TIdentityDbContext>("IdentityDbContext")
.AddDbContextCheck <TLogDbContext>("LogDbContext")
.AddDbContextCheck <TAuditLoggingDbContext>("AuditLogDbContext")
.AddDbContextCheck <TDataProtectionDbContext>("DataProtectionDbContext")
.AddIdentityServer(new Uri(identityServerUri), "Identity Server");
var serviceProvider = services.BuildServiceProvider();
var scopeFactory = serviceProvider.GetRequiredService <IServiceScopeFactory>();
using (var scope = scopeFactory.CreateScope())
{
var configurationTableName = DbContextHelpers.GetEntityTable <TConfigurationDbContext>(scope.ServiceProvider);
var persistedGrantTableName = DbContextHelpers.GetEntityTable <TPersistedGrantDbContext>(scope.ServiceProvider);
var identityTableName = DbContextHelpers.GetEntityTable <TIdentityDbContext>(scope.ServiceProvider);
var logTableName = DbContextHelpers.GetEntityTable <TLogDbContext>(scope.ServiceProvider);
var auditLogTableName = DbContextHelpers.GetEntityTable <TAuditLoggingDbContext>(scope.ServiceProvider);
var dataProtectionTableName = DbContextHelpers.GetEntityTable <TDataProtectionDbContext>(scope.ServiceProvider);
var databaseProvider = configuration.GetSection(nameof(DatabaseProviderConfiguration)).Get <DatabaseProviderConfiguration>();
switch (databaseProvider.ProviderType)
{
case DatabaseProviderType.SqlServer:
healthChecksBuilder
.AddSqlServer(configurationDbConnectionString, name: "ConfigurationDb",
healthQuery: $"SELECT TOP 1 * FROM dbo.[{configurationTableName}]")
.AddSqlServer(persistedGrantsDbConnectionString, name: "PersistentGrantsDb",
healthQuery: $"SELECT TOP 1 * FROM dbo.[{persistedGrantTableName}]")
.AddSqlServer(identityDbConnectionString, name: "IdentityDb",
healthQuery: $"SELECT TOP 1 * FROM dbo.[{identityTableName}]")
.AddSqlServer(logDbConnectionString, name: "LogDb",
healthQuery: $"SELECT TOP 1 * FROM dbo.[{logTableName}]")
.AddSqlServer(auditLogDbConnectionString, name: "AuditLogDb",
healthQuery: $"SELECT TOP 1 * FROM dbo.[{auditLogTableName}]")
.AddSqlServer(dataProtectionDbConnectionString, name: "DataProtectionDb",
healthQuery: $"SELECT TOP 1 * FROM dbo.[{dataProtectionTableName}]");
break;
//case DatabaseProviderType.PostgreSQL:
// healthChecksBuilder
// .AddNpgSql(configurationDbConnectionString, name: "ConfigurationDb",
// healthQuery: $"SELECT * FROM \"{configurationTableName}\" LIMIT 1")
// .AddNpgSql(persistedGrantsDbConnectionString, name: "PersistentGrantsDb",
// healthQuery: $"SELECT * FROM \"{persistedGrantTableName}\" LIMIT 1")
// .AddNpgSql(identityDbConnectionString, name: "IdentityDb",
// healthQuery: $"SELECT * FROM \"{identityTableName}\" LIMIT 1")
// .AddNpgSql(logDbConnectionString, name: "LogDb",
// healthQuery: $"SELECT * FROM \"{logTableName}\" LIMIT 1")
// .AddNpgSql(auditLogDbConnectionString, name: "AuditLogDb",
// healthQuery: $"SELECT * FROM \"{auditLogTableName}\" LIMIT 1")
// .AddNpgSql(dataProtectionDbConnectionString, name: "DataProtectionDb",
// healthQuery: $"SELECT * FROM \"{dataProtectionTableName}\" LIMIT 1");
// break;
//case DatabaseProviderType.MySql:
// healthChecksBuilder
// .AddMySql(configurationDbConnectionString, name: "ConfigurationDb")
// .AddMySql(persistedGrantsDbConnectionString, name: "PersistentGrantsDb")
// .AddMySql(identityDbConnectionString, name: "IdentityDb")
// .AddMySql(logDbConnectionString, name: "LogDb")
// .AddMySql(auditLogDbConnectionString, name: "AuditLogDb")
// .AddMySql(dataProtectionDbConnectionString, name: "DataProtectionDb");
// break;
default:
throw new NotImplementedException($"Health checks not defined for database provider {databaseProvider.ProviderType}");
}
}
}
public AuthorizeCheckOperationFilter(AdminApiConfiguration adminApiConfiguration)
{
_adminApiConfiguration = adminApiConfiguration;
}
public static void AddIdSHealthChecks <TConfigurationDbContext, TPersistedGrantDbContext, TIdentityDbContext, TLogDbContext, TAuditLoggingDbContext>(this IServiceCollection services, IConfiguration configuration, AdminApiConfiguration adminApiConfiguration)
where TConfigurationDbContext : DbContext, IAdminConfigurationDbContext
where TPersistedGrantDbContext : DbContext, IAdminPersistedGrantDbContext
where TIdentityDbContext : DbContext
where TLogDbContext : DbContext, IAdminLogDbContext
where TAuditLoggingDbContext : DbContext, IAuditLoggingDbContext <AuditLog>
{
var configurationDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.ConfigurationDbConnectionStringKey);
var persistedGrantsDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.PersistedGrantDbConnectionStringKey);
var identityDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.IdentityDbConnectionStringKey);
var logDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.AdminLogDbConnectionStringKey);
var auditLogDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.AdminAuditLogDbConnectionStringKey);
var identityServerUri = adminApiConfiguration.IdentityServerBaseUrl;
var healthChecksBuilder = services.AddHealthChecks()
.AddDbContextCheck <TConfigurationDbContext>("ConfigurationDbContext")
.AddDbContextCheck <TPersistedGrantDbContext>("PersistedGrantsDbContext")
.AddDbContextCheck <TIdentityDbContext>("IdentityDbContext")
.AddDbContextCheck <TLogDbContext>("LogDbContext")
.AddDbContextCheck <TAuditLoggingDbContext>("AuditLogDbContext")
.AddIdentityServer(new Uri(identityServerUri), "Identity Server");
var serviceProvider = services.BuildServiceProvider();
var scopeFactory = serviceProvider.GetRequiredService <IServiceScopeFactory>();
using (var scope = scopeFactory.CreateScope())
{
var configurationTableName = DbContextHelpers.GetEntityTable <TConfigurationDbContext>(scope.ServiceProvider);
var persistedGrantTableName = DbContextHelpers.GetEntityTable <TPersistedGrantDbContext>(scope.ServiceProvider);
var identityTableName = DbContextHelpers.GetEntityTable <TIdentityDbContext>(scope.ServiceProvider);
var logTableName = DbContextHelpers.GetEntityTable <TLogDbContext>(scope.ServiceProvider);
var auditLogTableName = DbContextHelpers.GetEntityTable <TAuditLoggingDbContext>(scope.ServiceProvider);
healthChecksBuilder
.AddNpgSql(configurationDbConnectionString, name: "ConfigurationDb",
healthQuery: $"SELECT * FROM {configurationTableName} LIMIT 1")
.AddNpgSql(persistedGrantsDbConnectionString, name: "PersistentGrantsDb",
healthQuery: $"SELECT * FROM {persistedGrantTableName} LIMIT 1")
.AddNpgSql(identityDbConnectionString, name: "IdentityDb",
healthQuery: $"SELECT * FROM {identityTableName} LIMIT 1")
.AddNpgSql(logDbConnectionString, name: "LogDb",
healthQuery: $"SELECT * FROM {logTableName} LIMIT 1")
.AddNpgSql(auditLogDbConnectionString, name: "AuditLogDb",
healthQuery: $"SELECT * FROM {auditLogTableName} LIMIT 1");
}
}
