/// <summary> /// Add services for authentication, including Identity model, IdentityServer4 and external providers /// </summary> /// <typeparam name="TIdentityDbContext">DbContext for Identity</typeparam> /// <typeparam name="TUserIdentity">User Identity class</typeparam> /// <typeparam name="TUserIdentityRole">User Identity Role class</typeparam> /// <param name="services"></param> /// <param name="configuration"></param> public static void AddAuthenticationServices <TIdentityDbContext, TUserIdentity, TUserIdentityRole>(this IServiceCollection services, IConfiguration configuration) where TIdentityDbContext : DbContext where TUserIdentity : class where TUserIdentityRole : class { var loginConfiguration = GetLoginConfiguration(configuration); var registrationConfiguration = GetRegistrationConfiguration(configuration); var identityOptions = configuration.GetSection(nameof(IdentityOptions)).Get <IdentityOptions>(); services .AddSingleton(registrationConfiguration) .AddSingleton(loginConfiguration) .AddSingleton(identityOptions) .AddScoped <ApplicationSignInManager <TUserIdentity> >() .AddScoped <UserResolver <TUserIdentity> >() .AddIdentity <TUserIdentity, TUserIdentityRole>(options => configuration.GetSection(nameof(IdentityOptions)).Bind(options)) .AddEntityFrameworkStores <TIdentityDbContext>() .AddDefaultTokenProviders(); services.Configure <CookiePolicyOptions>(options => { options.MinimumSameSitePolicy = SameSiteMode.Unspecified; options.Secure = CookieSecurePolicy.SameAsRequest; options.OnAppendCookie = cookieContext => AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); options.OnDeleteCookie = cookieContext => AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); }); services.Configure <IISOptions>(iis => { iis.AuthenticationDisplayName = "Windows"; iis.AutomaticAuthentication = false; }); var authenticationBuilder = services.AddAuthentication(); AddExternalProviders(authenticationBuilder, configuration); }
/// <summary> /// Register services for authentication, including Identity. /// For production mode is used OpenId Connect middleware which is connected to IdentityServer4 instance. /// For testing purpose is used cookie middleware with fake login url. /// </summary> /// <typeparam name="TContext"></typeparam> /// <typeparam name="TUserIdentity"></typeparam> /// <typeparam name="TUserIdentityRole"></typeparam> /// <param name="services"></param> /// <param name="configuration"></param> public static void AddAuthenticationServices <TContext, TUserIdentity, TUserIdentityRole>(this IServiceCollection services, IConfiguration configuration) where TContext : DbContext where TUserIdentity : class where TUserIdentityRole : class { var adminConfiguration = configuration.GetSection(nameof(AdminConfiguration)).Get <AdminConfiguration>(); services.Configure <CookiePolicyOptions>(options => { options.MinimumSameSitePolicy = SameSiteMode.Unspecified; options.Secure = CookieSecurePolicy.SameAsRequest; options.OnAppendCookie = cookieContext => AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); options.OnDeleteCookie = cookieContext => AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); }); services .AddIdentity <TUserIdentity, TUserIdentityRole>(options => configuration.GetSection(nameof(IdentityOptions)).Bind(options)) .AddEntityFrameworkStores <TContext>() .AddDefaultTokenProviders(); services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = AuthenticationConsts.OidcAuthenticationScheme; options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultForbidScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignOutScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => { options.Cookie.Name = adminConfiguration.IdentityAdminCookieName; }) .AddOpenIdConnect(AuthenticationConsts.OidcAuthenticationScheme, options => { options.Authority = adminConfiguration.IdentityServerBaseUrl; options.RequireHttpsMetadata = adminConfiguration.RequireHttpsMetadata; options.ClientId = adminConfiguration.ClientId; options.ClientSecret = adminConfiguration.ClientSecret; options.ResponseType = adminConfiguration.OidcResponseType; options.Scope.Clear(); foreach (var scope in adminConfiguration.Scopes) { options.Scope.Add(scope); } options.ClaimActions.MapJsonKey(adminConfiguration.TokenValidationClaimRole, adminConfiguration.TokenValidationClaimRole, adminConfiguration.TokenValidationClaimRole); options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.TokenValidationParameters = new TokenValidationParameters { NameClaimType = adminConfiguration.TokenValidationClaimName, RoleClaimType = adminConfiguration.TokenValidationClaimRole }; options.Events = new OpenIdConnectEvents { OnMessageReceived = context => OnMessageReceived(context, adminConfiguration), OnRedirectToIdentityProvider = context => OnRedirectToIdentityProvider(context, adminConfiguration) }; }); }
/// <summary> /// Register services for authentication, including Identity. /// For production mode is used OpenId Connect middleware which is connected to IdentityServer4 instance. /// For testing purpose is used cookie middleware with fake login url. /// </summary> /// <typeparam name="TContext"></typeparam> /// <typeparam name="TUserIdentity"></typeparam> /// <typeparam name="TUserIdentityRole"></typeparam> /// <param name="services"></param> /// <param name="configuration"></param> public static void AddAuthenticationServices <TContext, TUserIdentity, TUserIdentityRole>(this IServiceCollection services, IConfiguration configuration) where TContext : DbContext where TUserIdentity : class where TUserIdentityRole : class { var adminConfiguration = configuration.GetSection(nameof(AdminConfiguration)).Get <AdminConfiguration>(); services.Configure <CookiePolicyOptions>(options => { options.MinimumSameSitePolicy = SameSiteMode.Unspecified; options.Secure = CookieSecurePolicy.SameAsRequest; options.OnAppendCookie = cookieContext => AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); options.OnDeleteCookie = cookieContext => AuthenticationHelpers.CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); }); services .AddIdentity <TUserIdentity, TUserIdentityRole>(options => configuration.GetSection(nameof(IdentityOptions)).Bind(options)) .AddEntityFrameworkStores <TContext>() .AddDefaultTokenProviders(); services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = AuthenticationConsts.OidcAuthenticationScheme; options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultForbidScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignOutScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => { options.Cookie.Name = adminConfiguration.IdentityAdminCookieName; }) .AddOpenIdConnect(AuthenticationConsts.OidcAuthenticationScheme, options => { options.Authority = adminConfiguration.IdentityServerBaseUrl; if (adminConfiguration.IdentityServerAllowInvalidSsl) { options.BackchannelHttpHandler = new HttpClientHandler { ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator }; } options.RequireHttpsMetadata = adminConfiguration.RequireHttpsMetadata; options.ClientId = adminConfiguration.ClientId; options.ClientSecret = adminConfiguration.ClientSecret; options.ResponseType = adminConfiguration.OidcResponseType; options.Scope.Clear(); foreach (var scope in adminConfiguration.Scopes) { options.Scope.Add(scope); } options.ClaimActions.MapJsonKey(adminConfiguration.TokenValidationClaimRole, adminConfiguration.TokenValidationClaimRole, adminConfiguration.TokenValidationClaimRole); options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.TokenValidationParameters = new TokenValidationParameters { NameClaimType = adminConfiguration.TokenValidationClaimName, RoleClaimType = adminConfiguration.TokenValidationClaimRole }; options.Events = new OpenIdConnectEvents { OnMessageReceived = context => OnMessageReceived(context, adminConfiguration), OnRedirectToIdentityProvider = context => OnRedirectToIdentityProvider(context, adminConfiguration), // EZY-modification (EZYC-3029): custom feature to support logging out when deployed inside d-c where ports are different. OnRedirectToIdentityProviderForSignOut = context => OnRedirectToIdentityProviderForSignOut(context, adminConfiguration), }; }); }