private static List <Uri> BuildAllowedRedirectUrls(AllowedRedirects allowedRedirects)
{
if (allowedRedirects?.Urls == null)
{
throw new ArgumentNullException(nameof(allowedRedirects));
}
if (!allowedRedirects.Urls.Any())
{
throw new ArgumentException("Please provide at least 1 allowed redirect");
}
return(allowedRedirects.Urls.Select(x => new Uri(UrlHelpers.NormalizeUrl(x))).ToList());
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddOptions();
var allowedRedirectUrls = new List <string>();
Configuration.GetSection("AllowedRedirectUrls").Bind(allowedRedirectUrls);
var allowedRedirects = new AllowedRedirects
{
Urls = allowedRedirectUrls
.Where(x => !string.IsNullOrEmpty(x))
.Select(UrlHelpers.NormalizeUrl)
.Where(url => _env.IsDevelopment() || url.StartsWith("https")) // on prod do not allow redirects to http
.Distinct()
.ToList()
};
services.AddSingleton(allowedRedirects);
services.AddRazorPages();
services.AddControllersWithViews();
var builder = services.AddIdentityServer(options =>
{
var publicOrigin = Configuration["IdentityServerPublicOrigin"];
if (!string.IsNullOrEmpty(publicOrigin))
{
options.PublicOrigin = publicOrigin;
}
options.UserInteraction.LoginUrl = "/account/login";
options.UserInteraction.LogoutUrl = "/account/logout";
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddInMemoryIdentityResources(_identityConfiguration.Ids)
.AddInMemoryApiResources(_identityConfiguration.Apis())
.AddInMemoryClients(_identityConfiguration.Clients)
.AddAspNetIdentity <ApplicationUser>();
services.AddAuthentication();
var base64EncodedCertificate = Configuration["Certificate:Base64Encoded"];
var password = Configuration["Certificate:Password"];
builder.AddSigningCredential(LoadCertificate(base64EncodedCertificate, password));
services.AddTransient <IEmailBuilderService, EmailBuilderService>();
services.AddSingleton <ITemplateFileSelector, TemplateFileSelector>();
var emailType = Configuration.GetValue <EmailingSystemTypes>("EMailingSystem");
var sp = services.BuildServiceProvider();
var emailBuilder = sp.GetService <IEmailBuilderService>();
switch (emailType)
{
case EmailingSystemTypes.SendGrid:
services.AddSingleton <IEmailSender, SendGridSender>(ctx =>
new SendGridSender(
emailBuilder,
new SendGridOptions
{
ApiKey = Configuration["SendGrid:ApiKey"],
ClickTracking = Configuration.GetValue <bool>("SendGrid:ClickTracking")
}
)
);
break;
case EmailingSystemTypes.Smtp:
services.AddSingleton <IEmailSender, SmtpSender>(ctx =>
new SmtpSender(
emailBuilder,
new SmtpOptions
{
Host = Configuration["Smtp:Host"],
Port = Configuration.GetValue <int>("Smtp:Port"),
User = Configuration["Smtp:User"],
Password = Configuration["Smtp:Password"]
}
)
);
break;
}
services.AddSingleton <PasswordValidationMessages>();
if (!_env.IsDevelopment())
{
services.ConfigureApplicationCookie(options =>
{
options.Cookie.SameSite = SameSiteMode.None;
});
}
services.AddCors(options =>
{
// this defines a CORS policy called "default"
options.AddPolicy("default", policy =>
{
policy = _identityConfiguration.Clients.SelectMany(x => x.AllowedCorsOrigins)
.Aggregate(policy, (current, url) => current.WithOrigins(url));
policy.AllowAnyHeader()
.AllowAnyMethod();
});
});
}
public ConfirmEmailModel(UserManager <ApplicationUser> userManager, SignInManager <ApplicationUser> signInManager, AllowedRedirects allowedRedirects)
{
_userManager = userManager;
_signInManager = signInManager;
_allowedRedirectUrls = BuildAllowedRedirectUrls(allowedRedirects);
}
