private static List <Uri> BuildAllowedRedirectUrls(AllowedRedirects allowedRedirects) { if (allowedRedirects?.Urls == null) { throw new ArgumentNullException(nameof(allowedRedirects)); } if (!allowedRedirects.Urls.Any()) { throw new ArgumentException("Please provide at least 1 allowed redirect"); } return(allowedRedirects.Urls.Select(x => new Uri(UrlHelpers.NormalizeUrl(x))).ToList()); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddOptions(); var allowedRedirectUrls = new List <string>(); Configuration.GetSection("AllowedRedirectUrls").Bind(allowedRedirectUrls); var allowedRedirects = new AllowedRedirects { Urls = allowedRedirectUrls .Where(x => !string.IsNullOrEmpty(x)) .Select(UrlHelpers.NormalizeUrl) .Where(url => _env.IsDevelopment() || url.StartsWith("https")) // on prod do not allow redirects to http .Distinct() .ToList() }; services.AddSingleton(allowedRedirects); services.AddRazorPages(); services.AddControllersWithViews(); var builder = services.AddIdentityServer(options => { var publicOrigin = Configuration["IdentityServerPublicOrigin"]; if (!string.IsNullOrEmpty(publicOrigin)) { options.PublicOrigin = publicOrigin; } options.UserInteraction.LoginUrl = "/account/login"; options.UserInteraction.LogoutUrl = "/account/logout"; options.Events.RaiseErrorEvents = true; options.Events.RaiseInformationEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseSuccessEvents = true; }) .AddInMemoryIdentityResources(_identityConfiguration.Ids) .AddInMemoryApiResources(_identityConfiguration.Apis()) .AddInMemoryClients(_identityConfiguration.Clients) .AddAspNetIdentity <ApplicationUser>(); services.AddAuthentication(); var base64EncodedCertificate = Configuration["Certificate:Base64Encoded"]; var password = Configuration["Certificate:Password"]; builder.AddSigningCredential(LoadCertificate(base64EncodedCertificate, password)); services.AddTransient <IEmailBuilderService, EmailBuilderService>(); services.AddSingleton <ITemplateFileSelector, TemplateFileSelector>(); var emailType = Configuration.GetValue <EmailingSystemTypes>("EMailingSystem"); var sp = services.BuildServiceProvider(); var emailBuilder = sp.GetService <IEmailBuilderService>(); switch (emailType) { case EmailingSystemTypes.SendGrid: services.AddSingleton <IEmailSender, SendGridSender>(ctx => new SendGridSender( emailBuilder, new SendGridOptions { ApiKey = Configuration["SendGrid:ApiKey"], ClickTracking = Configuration.GetValue <bool>("SendGrid:ClickTracking") } ) ); break; case EmailingSystemTypes.Smtp: services.AddSingleton <IEmailSender, SmtpSender>(ctx => new SmtpSender( emailBuilder, new SmtpOptions { Host = Configuration["Smtp:Host"], Port = Configuration.GetValue <int>("Smtp:Port"), User = Configuration["Smtp:User"], Password = Configuration["Smtp:Password"] } ) ); break; } services.AddSingleton <PasswordValidationMessages>(); if (!_env.IsDevelopment()) { services.ConfigureApplicationCookie(options => { options.Cookie.SameSite = SameSiteMode.None; }); } services.AddCors(options => { // this defines a CORS policy called "default" options.AddPolicy("default", policy => { policy = _identityConfiguration.Clients.SelectMany(x => x.AllowedCorsOrigins) .Aggregate(policy, (current, url) => current.WithOrigins(url)); policy.AllowAnyHeader() .AllowAnyMethod(); }); }); }
public ConfirmEmailModel(UserManager <ApplicationUser> userManager, SignInManager <ApplicationUser> signInManager, AllowedRedirects allowedRedirects) { _userManager = userManager; _signInManager = signInManager; _allowedRedirectUrls = BuildAllowedRedirectUrls(allowedRedirects); }