public void Configure(IApplicationBuilder app, IWebHostEnvironment env, AdminApiConfiguration adminApiConfiguration) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseSwagger(); app.UseSwaggerUI(c => { c.SwaggerEndpoint($"{adminApiConfiguration.ApiBaseUrl}/swagger/v1/swagger.json", adminApiConfiguration.ApiName); c.OAuthClientId(adminApiConfiguration.OidcSwaggerUIClientId); c.OAuthAppName(adminApiConfiguration.ApiName); }); app.UseRouting(); UseAuthentication(app); app.UseCors(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapDefaultControllerRoute(); endpoints.MapHealthChecks("/health", new HealthCheckOptions { ResponseWriter = UIResponseWriter.WriteHealthCheckUIResponse }); }); }
/// <summary> /// Add authentication middleware for an API /// </summary> /// <typeparam name="TIdentityDbContext">DbContext for an access to Identity</typeparam> /// <typeparam name="TUser">Entity with User</typeparam> /// <typeparam name="TRole">Entity with Role</typeparam> /// <param name="services"></param> /// <param name="adminApiConfiguration"></param> public static void AddApiAuthentication <TIdentityDbContext, TUser, TRole>(this IServiceCollection services, AdminApiConfiguration adminApiConfiguration) where TIdentityDbContext : DbContext where TRole : class where TUser : class { services.AddIdentity <TUser, TRole>(options => { options.User.RequireUniqueEmail = true; }) .AddEntityFrameworkStores <TIdentityDbContext>() .AddDefaultTokenProviders(); services.AddAuthentication(options => { options.DefaultScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme; options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme; options.DefaultForbidScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme; } ) .AddIdentityServerAuthentication(options => { options.Authority = adminApiConfiguration.IdentityServerBaseUrl; options.ApiName = adminApiConfiguration.OidcApiName; options.RequireHttpsMetadata = adminApiConfiguration.RequireHttpsMetadata; }); }
/// <summary> /// Add authentication middleware for an API /// </summary> /// <typeparam name="TIdentityDbContext">DbContext for an access to Identity</typeparam> /// <typeparam name="TUser">Entity with User</typeparam> /// <typeparam name="TRole">Entity with Role</typeparam> /// <param name="services"></param> /// <param name="adminApiConfiguration"></param> public static void AddApiAuthentication <TIdentityDbContext, TUser, TRole>(this IServiceCollection services, AdminApiConfiguration adminApiConfiguration) where TIdentityDbContext : DbContext where TRole : class where TUser : class { services.AddSingleton(new ProtectorOptions { KeyPath = $@"E:\Data_of_Rui\Documents\source\repos\IdentityServerDemo\src\DemoApp\IdentityServer\App_Data\AesDataProtectionKey" }); services.AddIdentity <TUser, TRole>(options => { options.User.RequireUniqueEmail = true; options.Stores.ProtectPersonalData = true; }) .AddPersonalDataProtection <AesProtector, AesProtectorKeyRing>() .AddEntityFrameworkStores <TIdentityDbContext>() .AddDefaultTokenProviders(); services.AddAuthentication(options => { options.DefaultScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme; options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme; options.DefaultForbidScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme; } ) .AddIdentityServerAuthentication(options => { options.Authority = adminApiConfiguration.IdentityServerBaseUrl; options.ApiName = adminApiConfiguration.OidcApiName; options.RequireHttpsMetadata = adminApiConfiguration.RequireHttpsMetadata; }); }
/// <summary> /// Add authentication middleware for an API /// </summary> /// <typeparam name="TIdentityDbContext">DbContext for an access to Identity</typeparam> /// <typeparam name="TUser">Entity with User</typeparam> /// <typeparam name="TRole">Entity with Role</typeparam> /// <param name="services"></param> /// <param name="adminApiConfiguration"></param> public static void AddApiAuthentication <TIdentityDbContext, TUser, TRole>(this IServiceCollection services, AdminApiConfiguration adminApiConfiguration) where TIdentityDbContext : DbContext where TRole : class where TUser : class { services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddIdentityServerAuthentication(options => { options.Authority = adminApiConfiguration.IdentityServerBaseUrl; options.ApiName = adminApiConfiguration.OidcApiName; #if DEBUG options.RequireHttpsMetadata = false; #else options.RequireHttpsMetadata = true; #endif }); services.AddIdentity <TUser, TRole>(options => { options.User.RequireUniqueEmail = true; }) .AddRoleManager <RoleManager>() .AddEntityFrameworkStores <TIdentityDbContext>() .AddDefaultTokenProviders(); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, AdminApiConfiguration adminApiConfiguration) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); app.UseHttpsRedirection(); } app.UseCors("default"); app.UseSwagger(); app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1/swagger.json", ApiConfigurationConsts.ApiName); c.OAuthClientId(adminApiConfiguration.OidcSwaggerUIClientId); c.OAuthAppName(ApiConfigurationConsts.ApiName); }); app.UseAuthentication(); app.UseMvc(); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env, AdminApiConfiguration adminApiConfiguration) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseSwagger(); app.UseSwaggerUI(c => { c.SwaggerEndpoint($"{adminApiConfiguration.ApiBaseUrl}/swagger/v1/swagger.json", adminApiConfiguration.ApiName); c.OAuthClientId(adminApiConfiguration.OidcSwaggerUIClientId); c.OAuthAppName(adminApiConfiguration.ApiName); }); app.UseRouting(); app.UseCors(x => { x.AllowAnyOrigin(); x.AllowAnyMethod(); x.AllowAnyHeader(); }); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); }
public static void SetAdminClaimsViaHeaders(this HttpClient client, AdminApiConfiguration adminConfiguration) { var claims = new[] { new Claim(JwtClaimTypes.Subject, Guid.NewGuid().ToString()), new Claim(JwtClaimTypes.Name, Guid.NewGuid().ToString()), new Claim(JwtClaimTypes.Role, adminConfiguration.AdministrationRole) }; var token = new JwtSecurityToken(claims: claims); var t = new JwtSecurityTokenHandler().WriteToken(token); client.DefaultRequestHeaders.Add(AuthenticatedTestRequestMiddleware.TestAuthorizationHeader, t); }
/// <summary> /// Add authentication middleware for an API /// </summary> public static void AddApiAuthentication(this IServiceCollection services, AdminApiConfiguration adminApiConfiguration) { services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddIdentityServerAuthentication(options => { options.Authority = adminApiConfiguration.IdentityServerBaseUrl; options.ApiName = adminApiConfiguration.OidcApiName; #if DEBUG options.RequireHttpsMetadata = false; #else options.RequireHttpsMetadata = true; #endif }); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env, AdminApiConfiguration adminApiConfiguration) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseStaticFiles(); app.UseRouting(); app.UseCookiePolicy(); app.UseAuthentication(); app.UseCors(); app.UseIdentityServer(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapDefaultControllerRoute(); }); }
public void Configure(IApplicationBuilder app, IHostingEnvironment env, AdminApiConfiguration adminApiConfiguration) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseAuthentication(); app.UseSwagger(); app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1/swagger.json", ApiConfigurationConsts.ApiName); c.OAuthClientId(adminApiConfiguration.OidcSwaggerUIClientId); c.OAuthAppName(ApiConfigurationConsts.ApiName); }); app.UseMvc(); }
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, AdminApiConfiguration adminApiConfiguration, IServiceProvider provider) { app.AddForwardHeaders(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } if (Configuration.GetValue <bool>("DatabaseProviderConfiguration:Migrate")) { Migrate(provider); } app.UseRouting(); //app.UseAuthentication(); app.UseCors(); //app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapDefaultControllerRoute(); }); }
/// <summary> /// Add authentication middleware for an API /// </summary> /// <typeparam name="TIdentityDbContext">DbContext for an access to Identity</typeparam> /// <typeparam name="TUser">Entity with User</typeparam> /// <typeparam name="TRole">Entity with Role</typeparam> /// <param name="services"></param> /// <param name="adminApiConfiguration"></param> public static void AddApiAuthentication <TIdentityDbContext, TUser, TRole>(this IServiceCollection services, AdminApiConfiguration adminApiConfiguration) where TIdentityDbContext : DbContext where TRole : class where TUser : class { services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddIdentityServerAuthentication(options => { options.Authority = adminApiConfiguration.IdentityServerBaseUrl; options.ApiName = adminApiConfiguration.OidcApiName; // NOTE: This is only for development set for false // For production use - set RequireHttpsMetadata to true! options.RequireHttpsMetadata = false; }); services.AddIdentity <TUser, TRole>(options => { options.User.RequireUniqueEmail = true; }) .AddEntityFrameworkStores <TIdentityDbContext>() .AddDefaultTokenProviders(); }
public static IServiceCollection AddAdminApiCors(this IServiceCollection services, AdminApiConfiguration adminApiConfiguration) { services.AddCors(options => { options.AddDefaultPolicy( builder => { if (adminApiConfiguration.CorsAllowAnyOrigin) { builder.AllowAnyOrigin(); } else { builder.WithOrigins(adminApiConfiguration.CorsAllowOrigins); } builder.AllowAnyHeader(); builder.AllowAnyMethod(); }); }); return(services); }
public static void AddIdSHealthChecks <TConfigurationDbContext, TPersistedGrantDbContext, TIdentityDbContext, TLogDbContext, TAuditLoggingDbContext, TDataProtectionDbContext>(this IServiceCollection services, IConfiguration configuration, AdminApiConfiguration adminApiConfiguration) where TConfigurationDbContext : DbContext, IAdminConfigurationDbContext where TPersistedGrantDbContext : DbContext, IAdminPersistedGrantDbContext where TIdentityDbContext : DbContext where TLogDbContext : DbContext, IAdminLogDbContext where TAuditLoggingDbContext : DbContext, IAuditLoggingDbContext <AuditLog> where TDataProtectionDbContext : DbContext, IDataProtectionKeyContext { var configurationDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.ConfigurationDbConnectionStringKey); var persistedGrantsDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.PersistedGrantDbConnectionStringKey); var identityDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.IdentityDbConnectionStringKey); var logDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.AdminLogDbConnectionStringKey); var auditLogDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.AdminAuditLogDbConnectionStringKey); var dataProtectionDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.DataProtectionDbConnectionStringKey); var identityServerUri = adminApiConfiguration.IdentityServerBaseUrl; var healthChecksBuilder = services.AddHealthChecks() .AddDbContextCheck <TConfigurationDbContext>("ConfigurationDbContext") .AddDbContextCheck <TPersistedGrantDbContext>("PersistedGrantsDbContext") .AddDbContextCheck <TIdentityDbContext>("IdentityDbContext") .AddDbContextCheck <TLogDbContext>("LogDbContext") .AddDbContextCheck <TAuditLoggingDbContext>("AuditLogDbContext") .AddDbContextCheck <TDataProtectionDbContext>("DataProtectionDbContext") .AddIdentityServer(new Uri(identityServerUri), "Identity Server"); var serviceProvider = services.BuildServiceProvider(); var scopeFactory = serviceProvider.GetRequiredService <IServiceScopeFactory>(); using (var scope = scopeFactory.CreateScope()) { var configurationTableName = DbContextHelpers.GetEntityTable <TConfigurationDbContext>(scope.ServiceProvider); var persistedGrantTableName = DbContextHelpers.GetEntityTable <TPersistedGrantDbContext>(scope.ServiceProvider); var identityTableName = DbContextHelpers.GetEntityTable <TIdentityDbContext>(scope.ServiceProvider); var logTableName = DbContextHelpers.GetEntityTable <TLogDbContext>(scope.ServiceProvider); var auditLogTableName = DbContextHelpers.GetEntityTable <TAuditLoggingDbContext>(scope.ServiceProvider); var dataProtectionTableName = DbContextHelpers.GetEntityTable <TDataProtectionDbContext>(scope.ServiceProvider); var databaseProvider = configuration.GetSection(nameof(DatabaseProviderConfiguration)).Get <DatabaseProviderConfiguration>(); switch (databaseProvider.ProviderType) { case DatabaseProviderType.SqlServer: healthChecksBuilder .AddSqlServer(configurationDbConnectionString, name: "ConfigurationDb", healthQuery: $"SELECT TOP 1 * FROM dbo.[{configurationTableName}]") .AddSqlServer(persistedGrantsDbConnectionString, name: "PersistentGrantsDb", healthQuery: $"SELECT TOP 1 * FROM dbo.[{persistedGrantTableName}]") .AddSqlServer(identityDbConnectionString, name: "IdentityDb", healthQuery: $"SELECT TOP 1 * FROM dbo.[{identityTableName}]") .AddSqlServer(logDbConnectionString, name: "LogDb", healthQuery: $"SELECT TOP 1 * FROM dbo.[{logTableName}]") .AddSqlServer(auditLogDbConnectionString, name: "AuditLogDb", healthQuery: $"SELECT TOP 1 * FROM dbo.[{auditLogTableName}]") .AddSqlServer(dataProtectionDbConnectionString, name: "DataProtectionDb", healthQuery: $"SELECT TOP 1 * FROM dbo.[{dataProtectionTableName}]"); break; //case DatabaseProviderType.PostgreSQL: // healthChecksBuilder // .AddNpgSql(configurationDbConnectionString, name: "ConfigurationDb", // healthQuery: $"SELECT * FROM \"{configurationTableName}\" LIMIT 1") // .AddNpgSql(persistedGrantsDbConnectionString, name: "PersistentGrantsDb", // healthQuery: $"SELECT * FROM \"{persistedGrantTableName}\" LIMIT 1") // .AddNpgSql(identityDbConnectionString, name: "IdentityDb", // healthQuery: $"SELECT * FROM \"{identityTableName}\" LIMIT 1") // .AddNpgSql(logDbConnectionString, name: "LogDb", // healthQuery: $"SELECT * FROM \"{logTableName}\" LIMIT 1") // .AddNpgSql(auditLogDbConnectionString, name: "AuditLogDb", // healthQuery: $"SELECT * FROM \"{auditLogTableName}\" LIMIT 1") // .AddNpgSql(dataProtectionDbConnectionString, name: "DataProtectionDb", // healthQuery: $"SELECT * FROM \"{dataProtectionTableName}\" LIMIT 1"); // break; //case DatabaseProviderType.MySql: // healthChecksBuilder // .AddMySql(configurationDbConnectionString, name: "ConfigurationDb") // .AddMySql(persistedGrantsDbConnectionString, name: "PersistentGrantsDb") // .AddMySql(identityDbConnectionString, name: "IdentityDb") // .AddMySql(logDbConnectionString, name: "LogDb") // .AddMySql(auditLogDbConnectionString, name: "AuditLogDb") // .AddMySql(dataProtectionDbConnectionString, name: "DataProtectionDb"); // break; default: throw new NotImplementedException($"Health checks not defined for database provider {databaseProvider.ProviderType}"); } } }
public AuthorizeCheckOperationFilter(AdminApiConfiguration adminApiConfiguration) { _adminApiConfiguration = adminApiConfiguration; }
public static void AddIdSHealthChecks <TConfigurationDbContext, TPersistedGrantDbContext, TIdentityDbContext, TLogDbContext, TAuditLoggingDbContext>(this IServiceCollection services, IConfiguration configuration, AdminApiConfiguration adminApiConfiguration) where TConfigurationDbContext : DbContext, IAdminConfigurationDbContext where TPersistedGrantDbContext : DbContext, IAdminPersistedGrantDbContext where TIdentityDbContext : DbContext where TLogDbContext : DbContext, IAdminLogDbContext where TAuditLoggingDbContext : DbContext, IAuditLoggingDbContext <AuditLog> { var configurationDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.ConfigurationDbConnectionStringKey); var persistedGrantsDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.PersistedGrantDbConnectionStringKey); var identityDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.IdentityDbConnectionStringKey); var logDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.AdminLogDbConnectionStringKey); var auditLogDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.AdminAuditLogDbConnectionStringKey); var identityServerUri = adminApiConfiguration.IdentityServerBaseUrl; var healthChecksBuilder = services.AddHealthChecks() .AddDbContextCheck <TConfigurationDbContext>("ConfigurationDbContext") .AddDbContextCheck <TPersistedGrantDbContext>("PersistedGrantsDbContext") .AddDbContextCheck <TIdentityDbContext>("IdentityDbContext") .AddDbContextCheck <TLogDbContext>("LogDbContext") .AddDbContextCheck <TAuditLoggingDbContext>("AuditLogDbContext") .AddIdentityServer(new Uri(identityServerUri), "Identity Server"); var serviceProvider = services.BuildServiceProvider(); var scopeFactory = serviceProvider.GetRequiredService <IServiceScopeFactory>(); using (var scope = scopeFactory.CreateScope()) { var configurationTableName = DbContextHelpers.GetEntityTable <TConfigurationDbContext>(scope.ServiceProvider); var persistedGrantTableName = DbContextHelpers.GetEntityTable <TPersistedGrantDbContext>(scope.ServiceProvider); var identityTableName = DbContextHelpers.GetEntityTable <TIdentityDbContext>(scope.ServiceProvider); var logTableName = DbContextHelpers.GetEntityTable <TLogDbContext>(scope.ServiceProvider); var auditLogTableName = DbContextHelpers.GetEntityTable <TAuditLoggingDbContext>(scope.ServiceProvider); healthChecksBuilder .AddNpgSql(configurationDbConnectionString, name: "ConfigurationDb", healthQuery: $"SELECT * FROM {configurationTableName} LIMIT 1") .AddNpgSql(persistedGrantsDbConnectionString, name: "PersistentGrantsDb", healthQuery: $"SELECT * FROM {persistedGrantTableName} LIMIT 1") .AddNpgSql(identityDbConnectionString, name: "IdentityDb", healthQuery: $"SELECT * FROM {identityTableName} LIMIT 1") .AddNpgSql(logDbConnectionString, name: "LogDb", healthQuery: $"SELECT * FROM {logTableName} LIMIT 1") .AddNpgSql(auditLogDbConnectionString, name: "AuditLogDb", healthQuery: $"SELECT * FROM {auditLogTableName} LIMIT 1"); } }