public IdentityUtilsIdentityServerBuilder AddIdentityAndProfileService <TUser, TUserDto, TRole>() where TUser : IdentityManagerUser where TUserDto : class, IIdentityManagerUserDto where TRole : IdentityManagerRole { identityServerBuilder .AddAspNetIdentity <TUser>() .AddProfileService <IdentityUtilsProfileService <TUser, TUserDto> >(); return(this); }
private void ConfigureIdentityServer(IServiceCollection services) { services.AddIdentity <IdentityUser, IdentityRole>() .AddEntityFrameworkStores <AuthenticationDbContext>() .AddDefaultTokenProviders(); IIdentityServerBuilder identityServerBuilder = services.AddIdentityServer(options => { // https://docs.duendesoftware.com/identityserver/v5/fundamentals/resources/ options.EmitStaticAudienceClaim = true; options.Events.RaiseSuccessEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseErrorEvents = true; options.IssuerUri = Startup.Configuration.GetValue <String>("ServiceOptions:IssuerUrl"); }); identityServerBuilder.AddAspNetIdentity <IdentityUser>(); if (Startup.WebHostEnvironment.IsEnvironment("IntegrationTest") || Startup.Configuration.GetValue <Boolean>("ServiceOptions:UseInMemoryDatabase") == true) { identityServerBuilder.AddIntegrationTestConfiguration(); } else { String migrationsAssembly = typeof(AuthenticationDbContext).GetTypeInfo().Assembly.GetName().Name; identityServerBuilder.AddIdentityServerStorage(Startup.ConfigurationConnectionString, Startup.PersistedGrantStoreConenctionString, Startup.AuthenticationConenctionString, migrationsAssembly); } }
// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddControllersWithViews(); const string connectionString = @"Data Source=.\;database=Test.IdentityServer4.EntityFramework;trusted_connection=yes;"; var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; services.AddTransient <ICustomTokenRequestValidator, DefaultClientClaimsAdder>(); services.AddDbContext <ApplicationDbContext>(builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))); services.AddIdentity <IdentityUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>(); IIdentityServerBuilder ids = services.AddIdentityServer() .AddDeveloperSigningCredential() // Note to self, for some reason the profile service does not gets called, I think it's the chosen flow (ie code) // For now I used ICustomTokenRequestValidator to manually add claims to the generated token .AddProfileService <ProfileService>(); // EF client, scope, and persisted grant stores ids.AddOperationalStore(options => options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))) .AddConfigurationStore(options => options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))); // ASP.NET Identity integration ids.AddAspNetIdentity <IdentityUser>(); }
public static IIdentityServerBuilder AddStudioXIdentityServer <TUser>(this IIdentityServerBuilder builder, Action <StudioXIdentityServerOptions> optionsAction = null) where TUser : StudioXUser <TUser> { var options = new StudioXIdentityServerOptions(); optionsAction?.Invoke(options); builder.AddAspNetIdentity <TUser>(); builder.AddProfileService <StudioXProfileService <TUser> >(); builder.AddResourceOwnerValidator <StudioXResourceOwnerPasswordValidator <TUser> >(); builder.Services.Replace(ServiceDescriptor.Transient <IClaimsService, StudioXClaimsService>()); if (options.UpdateStudioXClaimTypes) { StudioXClaimTypes.UserId = JwtClaimTypes.Subject; StudioXClaimTypes.UserName = JwtClaimTypes.Name; StudioXClaimTypes.Role = JwtClaimTypes.Role; } if (options.UpdateJwtSecurityTokenHandlerDefaultInboundClaimTypeMap) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[StudioXClaimTypes.UserId] = StudioXClaimTypes.UserId; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[StudioXClaimTypes.UserName] = StudioXClaimTypes.UserName; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[StudioXClaimTypes.Role] = StudioXClaimTypes.Role; } return(builder); }
public static IIdentityServerBuilder AddAppIdentityServer(this IIdentityServerBuilder builder, Action <AppIdentityServerOptions> optionsAction = null) { var options = new AppIdentityServerOptions(); optionsAction?.Invoke(options); builder.AddAspNetIdentity <User>(); builder.AddProfileService <AppProfileService>(); builder.AddResourceOwnerValidator <ResourceOwnerPasswordValidator>(); if (options.UpdateAppClaimTypes) { AppClaimTypes.UserId = JwtClaimTypes.Subject; AppClaimTypes.UserName = JwtClaimTypes.Name; AppClaimTypes.Role = JwtClaimTypes.Role; } if (options.UpdateJwtSecurityTokenHandlerDefaultInboundClaimTypeMap) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AppClaimTypes.UserId] = AppClaimTypes.UserId; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AppClaimTypes.UserName] = AppClaimTypes.UserName; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AppClaimTypes.Role] = AppClaimTypes.Role; } return(builder); }
// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddControllersWithViews(); const string connectionString = @"Data Source=(LocalDb)\MSSQLLocalDB;database=Test.IdentityServer4.EntityFramework;trusted_connection=yes;"; var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; services.AddDbContext <ApplicationDbContext>(builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))); services.AddIdentity <IdentityUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>(); IIdentityServerBuilder ids = services.AddIdentityServer() .AddDeveloperSigningCredential(); // in-memory client and scope stores /*ids.AddInMemoryClients(Clients.Get()) * .AddInMemoryIdentityResources(Resources.GetIdentityResources()) * .AddInMemoryApiResources(Resources.GetApiResources()) * .AddInMemoryApiScopes(Resources.GetApiScopes());*/ // EF client, scope, and persisted grant stores ids.AddOperationalStore(options => options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))) .AddConfigurationStore(options => options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))); // ASP.NET Identity integration ids.AddAspNetIdentity <IdentityUser>(); }
public static IIdentityServerBuilder AddAbpIdentityServer( this IIdentityServerBuilder builder, Action <AbpIdentityServerOptions> optionsAction = null) { var options = new AbpIdentityServerOptions(); optionsAction?.Invoke(options); //TODO: AspNet Identity integration lines. Can be extracted to a extension method builder.AddAspNetIdentity <IdentityUser>(); builder.AddProfileService <AbpProfileService>(); builder.AddResourceOwnerValidator <AbpResourceOwnerPasswordValidator>(); builder.Services.Replace(ServiceDescriptor.Transient <IClaimsService, AbpClaimsService>()); if (options.UpdateAbpClaimTypes) { AbpClaimTypes.UserId = JwtClaimTypes.Subject; AbpClaimTypes.UserName = JwtClaimTypes.Name; AbpClaimTypes.Role = JwtClaimTypes.Role; } if (options.UpdateJwtSecurityTokenHandlerDefaultInboundClaimTypeMap) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.UserId] = AbpClaimTypes.UserId; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.UserName] = AbpClaimTypes.UserName; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.Role] = AbpClaimTypes.Role; } return(builder); }
public static IIdentityServerBuilder AddIdentity <TUser, TUserStore>(this IIdentityServerBuilder identityServerBuilder) where TUser : class, IAspNetUser where TUserStore : DbContext { var services = identityServerBuilder.Services; services.AddTransient(typeof(IAccountService <TUser>), typeof(AccountService <TUser>)); services.Configure <DataProtectionTokenProviderOptions>(options => { options.TokenLifespan = TimeSpan.FromDays(1); }); services.AddIdentity <TUser, IdentityRole>(options => { options.Password.RequireDigit = true; options.Password.RequireLowercase = true; options.Password.RequireUppercase = true; options.Password.RequiredLength = 8; options.Lockout.AllowedForNewUsers = true; options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(15); options.Lockout.MaxFailedAccessAttempts = 5; }) .AddDefaultTokenProviders() .AddEntityFrameworkStores <TUserStore>() ; identityServerBuilder .AddAspNetIdentity <TUser>() .AddProfileService <ProfileService <TUser> >() ; return(identityServerBuilder); }
public static IIdentityServerBuilder AddIdentityServerUserAuthorization <TUser, TRole>( this IIdentityServerBuilder builder, Action <IdentityOptions> options = null) where TUser : IdentityUser where TRole : IdentityRole { var services = builder.Services; services.AddIdentity <TUser, TRole>(identityOptions => { options?.Invoke(identityOptions); }) .AddDefaultTokenProviders(); services.AddTransient <IUserStore <TUser>, UserStore <TUser> >(); services.AddTransient <IUserClaimStore <TUser>, UserStore <TUser> >(); services.AddTransient <IUserPasswordStore <TUser>, UserStore <TUser> >(); services.AddTransient <IPasswordHasher <TUser>, UserPasswordHasher <TUser> >(); services.AddTransient <IRoleStore <TRole>, RoleStore <TRole> >(); services.AddTransient <IUserService <TUser>, UserService <TUser> >(); services.AddTransient <IProfileService, ApplicationProfile>(); services.AddMediatR(typeof(StartupIdentityUser).Assembly); services.TryAddTransient <IMapper, Mapper>(); builder.AddAspNetIdentity <TUser>() .AddProfileService <ApplicationProfile>(); return(builder); }
public static IIdentityServerBuilder AddDefaultIdentityServerConfig <TApplicationUser>(this IIdentityServerBuilder builder, Action <DbContextOptionsBuilder> dbContextOptionsBuilder = null) where TApplicationUser : ApplicationUser { builder.AddAspNetIdentity <TApplicationUser>() .AddConfigurationStore(options => options.ConfigureDbContext = dbContextOptionsBuilder) .AddOperationalStore(options => options.ConfigureDbContext = dbContextOptionsBuilder) .Services.AddTransient <IProfileService, Services.ProfileService <TApplicationUser> >();; return(builder); }
public static IIdentityServerBuilder AddAbpIdentityServer <TUser>(this IIdentityServerBuilder builder) where TUser : AbpUser <TUser> { builder.AddAspNetIdentity <TUser>(); builder.AddProfileService <AbpProfileService <TUser> >(); builder.AddResourceOwnerValidator <AbpResourceOwnerPasswordValidator <TUser> >(); builder.Services.Replace(ServiceDescriptor.Transient <IClaimsService, AbpClaimsService>()); return(builder); }
// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddIdentity <ApplicationUser, IdentityRole>().AddDefaultTokenProviders(); var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; IIdentityServerBuilder isb = services.AddIdentityServer(options => { // TODO: set authority and PublicOrigin options.IssuerUri = DebugConstants.IdentityServer.Authority; options.PublicOrigin = DebugConstants.IdentityServer.Authority; this.Configuration.Bind(nameof(IdentityServerOptions), options); }); //TODO: use recommended approach for signing credentials isb.AddDeveloperSigningCredential(); isb.AddConfigurationStore(options => { //TODO: use real connection sting options.ConfigureDbContext = builder => builder.UseSqlServer(DebugConstants.ConnectionStrings.IdentityServerConfStore, sql => sql.MigrationsAssembly(migrationsAssembly)); }); // this adds the operational data from DB (codes, tokens, consents) isb.AddOperationalStore(options => { //TODO: use real connection sting options.ConfigureDbContext = builder => builder.UseSqlServer(DebugConstants.ConnectionStrings.IdentityServerOperationalStore, sql => sql.MigrationsAssembly(migrationsAssembly)); }); isb.AddAspNetIdentity <ApplicationUser>(); isb.AddInMemoryCaching().AddConfigurationStoreCache(); services.AddCors(options => { // this defines a CORS policy called "default" options.AddPolicy("default", policy => { // TODO: set correct CORS policy policy.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials(); }); options.DefaultPolicyName = "default"; }); MigrateDatabase(services); }
// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddControllersWithViews(); const string connectionString = @"Filename=identity.db"; //const string connectionString = @"Data Source=(LocalDb)\MSSQLLocalDB;database=Test.IdentityServer4.EntityFramework;trusted_connection=yes;"; var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; services.AddDbContext <ApplicationDbContext>(builder => builder.UseSqlite(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))); services.AddIdentity <ApplicationUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>() .AddDefaultTokenProviders(); IIdentityServerBuilder ids = services.AddIdentityServer(options => { options.Events.RaiseErrorEvents = true; options.Events.RaiseInformationEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseSuccessEvents = true; // see https://identityserver4.readthedocs.io/en/latest/topics/resources.html options.EmitStaticAudienceClaim = true; }) .AddDeveloperSigningCredential(); ids.AddOperationalStore(options => options.ConfigureDbContext = builder => builder.UseSqlite( connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))) .AddConfigurationStore(options => options.ConfigureDbContext = builder => builder.UseSqlite( connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))); ids.AddAspNetIdentity <ApplicationUser>(); services.AddAuthentication(options => { options.DefaultScheme = "cookie"; }) .AddCookie("cookie"); services.AddAuthentication().AddGoogle(opts => { opts.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; opts.ClientId = "<client id>"; opts.ClientSecret = "<client secret"; }); }
public void ConfigureServices(IServiceCollection services) { services.AddDbContext <ApplicationDbContext>(options => { options.UseInMemoryDatabase("memdb"); }); IdentityBuilder identityBuilder = services.AddIdentity <IdentityUser, IdentityRole>(options => { options.Password.RequiredLength = 3; options.Password.RequireDigit = false; options.Password.RequireNonAlphanumeric = false; options.Password.RequireLowercase = false; options.Password.RequireUppercase = false; }); identityBuilder .AddEntityFrameworkStores <ApplicationDbContext>() .AddDefaultTokenProviders(); services.ConfigureApplicationCookie(options => { options.Cookie.Name = "Raw.IdentityServer.Cookie"; options.LoginPath = "/auth/login"; }); // He says AddIdentityServer instruction adds authentication and authorizations services IIdentityServerBuilder identityServerBuilder = services.AddIdentityServer(); identityServerBuilder .AddAspNetIdentity <IdentityUser>() // Solves "InvalidOperationException: sub claim is missing" .AddInMemoryIdentityResources(IdentityServerConfiguration.IdentityResources) .AddInMemoryApiScopes(IdentityServerConfiguration.ApiScopes) .AddInMemoryApiResources(IdentityServerConfiguration.ApiResources) // register ApiScopes first .AddInMemoryClients(IdentityServerConfiguration.GetClients); // not recommended for production - you need to store your key material somewhere secure identityServerBuilder.AddDeveloperSigningCredential(); services .AddControllersWithViews() .AddRazorRuntimeCompilation(); }
public static IIdentityServerBuilder AddAspNetIdentity( this IIdentityServerBuilder builder, AbpIdentityServerBuilderOptions options = null) { if (options == null) { options = new AbpIdentityServerBuilderOptions(); } //TODO: AspNet Identity integration lines. Can be extracted to a extension method if (options.IntegrateToAspNetIdentity) { builder.AddAspNetIdentity <IdentityUser>(); builder.AddProfileService <AbpProfileService>(); builder.AddResourceOwnerValidator <AbpResourceOwnerPasswordValidator>(); } return(builder); }
public static IIdentityServerBuilder AddAbpIdentityServer( this IIdentityServerBuilder builder, AbpIdentityServerBuilderOptions options = null) { if (options == null) { options = new AbpIdentityServerBuilderOptions(); } //TODO: AspNet Identity integration lines. Can be extracted to a extension method if (options.IntegrateToAspNetIdentity) { builder.AddAspNetIdentity <IdentityUser>(); builder.AddProfileService <AbpProfileService>(); builder.AddResourceOwnerValidator <AbpResourceOwnerPasswordValidator>(); builder.Services.Remove(builder.Services.LastOrDefault(x => x.ServiceType == typeof(IUserClaimsPrincipalFactory <IdentityUser>))); builder.Services.AddTransient <IUserClaimsPrincipalFactory <IdentityUser>, AbpUserClaimsFactory <IdentityUser> >(); builder.Services.AddTransient <IObjectAccessor <IUserClaimsPrincipalFactory <IdentityUser> >, ObjectAccessor <AbpUserClaimsPrincipalFactory> >(); } builder.Services.Replace(ServiceDescriptor.Transient <IClaimsService, AbpClaimsService>()); if (options.UpdateAbpClaimTypes) { AbpClaimTypes.UserId = JwtClaimTypes.Subject; AbpClaimTypes.UserName = JwtClaimTypes.Name; AbpClaimTypes.Role = JwtClaimTypes.Role; AbpClaimTypes.Email = JwtClaimTypes.Email; } if (options.UpdateJwtSecurityTokenHandlerDefaultInboundClaimTypeMap) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.UserId] = AbpClaimTypes.UserId; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.UserName] = AbpClaimTypes.UserName; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.Role] = AbpClaimTypes.Role; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[AbpClaimTypes.Email] = AbpClaimTypes.Email; } return(builder); }
/// <summary> /// Configures defaults on Identity Server for ASP.NET Core scenarios. /// </summary> /// <typeparam name="TUser">The <typeparamref name="TUser"/> type.</typeparam> /// <param name="builder">The <see cref="IIdentityServerBuilder"/>.</param> /// <param name="configure">The <see cref="Action{ApplicationsOptions}"/> /// to configure the <see cref="ApiAuthorizationOptions"/>.</param> /// <returns>The <see cref="IIdentityServerBuilder"/>.</returns> public static IIdentityServerBuilder AddApiAuthorization <TUser>( this IIdentityServerBuilder builder, Action <ApiAuthorizationOptions> configure) where TUser : class { if (configure == null) { throw new ArgumentNullException(nameof(configure)); } builder.AddAspNetIdentity <TUser>() .AddHibernateOperationalStore() .ConfigureReplacedServices() .AddIdentityResources() .AddApiResources() .AddClients() .AddSigningCredentials(); builder.Services.Configure(configure); return(builder); }
/// <summary> /// Configures defaults on Identity Server for ASP.NET Core scenarios. /// </summary> /// <typeparam name="TUser">The <typeparamref name="TUser"/> type.</typeparam> /// <typeparam name="TContext">The <typeparamref name="TContext"/> type.</typeparam> /// <param name="builder">The <see cref="IIdentityServerBuilder"/>.</param> /// <param name="configure">The <see cref="Action{ApplicationsOptions}"/> /// to configure the <see cref="ApiAuthorizationOptions"/>.</param> /// <returns>The <see cref="IIdentityServerBuilder"/>.</returns> public static IIdentityServerBuilder AddApiAuthorization <TUser, TContext>(this IIdentityServerBuilder builder, Action <ApiAuthorizationOptions> configure) where TUser : class where TContext : DbContext, IPersistedGrantDbContext { if (configure == null) { throw new ArgumentNullException(nameof(configure)); } builder .AddAspNetIdentity <TUser>() .AddOperationalStore <TContext>() .ConfigureReplacedServices() .AddIdentityResources() .AddApiResources() .AddClients(); builder.Services.Configure(configure); return(builder); }
public static IIdentityServerBuilder AddRocketAspNetIdentity(this IIdentityServerBuilder builder) { return(builder.AddAspNetIdentity <IdentityUser> () .AddProfileService <RocketProfileService> () .AddResourceOwnerValidator <RocketResourceOwnerPasswordValidator> ()); }
// This method gets called by the runtime. Use this method to add services to the container. public async void ConfigureServices(IServiceCollection services) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); //todo: check use online IdentityModelEventSource.ShowPII = true; services.AddControllers(); services.AddCors(); var connectionString = Configuration.GetConnectionString("IdentityDbContext"); var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; services.AddDbContext <ApplicationDbContext>(builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))) .AddIdentity <IdentityUser, IdentityRole>(options => { options.Password.RequireDigit = true; options.Password.RequiredLength = 8; options.Password.RequireNonAlphanumeric = false; options.Password.RequireUppercase = true; options.Password.RequireLowercase = false; options.Lockout.AllowedForNewUsers = true; options.Lockout.MaxFailedAccessAttempts = 3; options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromDays(1); }) .AddDefaultTokenProviders() .AddEntityFrameworkStores <ApplicationDbContext>(); //for authorization implementation services.AddIdentityAuthorizationService(); IIdentityServerBuilder ids = services.AddIdentityServer() .AddCustomUserStore() .AddDeveloperSigningCredential(); // EF client, scope, and persisted grant stores ids.AddOperationalStore(options => options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))) .AddConfigurationStore(options => options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))); // ASP.NET Identity integration ids.AddAspNetIdentity <IdentityUser>(); IList <string> validissuers = new List <string>() { "https://localhost:5001" }; var configManager = new ConfigurationManager <OpenIdConnectConfiguration>($"{validissuers.Last()}/.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever()); //var openidconfig = await configManager.GetConfigurationAsync(); services.AddAuthentication(o => { o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { options.Audience = "api1"; options.Authority = "https://localhost:5001"; options.RequireHttpsMetadata = false; options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters() { ValidateAudience = true, ValidAudience = "api1", ValidateIssuer = true, ValidIssuers = new[] { "https://localhost:5001" }, //ValidateIssuerSigningKey = true, //IssuerSigningKeys = openidconfig.SigningKeys, RequireExpirationTime = true, ValidateLifetime = true, RequireSignedTokens = true, }; }); }
private static IServiceCollection AddIdentityServerAuthentication( this IServiceCollection services, IConfiguration configuration) { string identityConnectionString = configuration.GetConnectionString("Identity"); string migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); services.AddDataProtection() .SetApplicationName("identity-management"); services.AddDbContextPool <TenantUserDbContext>((services, options) => { options.UseSqlServer(identityConnectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)); }); services.AddIdentity <TenantUserEntity, IdentityRole>() .AddDefaultTokenProviders() .AddEntityFrameworkStores <TenantUserDbContext>(); services.Configure <IdentityOptions>(options => { options.Password.RequireDigit = false; options.Password.RequiredUniqueChars = 3; options.Password.RequiredLength = 8; options.Password.RequireNonAlphanumeric = false; options.Password.RequireUppercase = false; options.Password.RequireLowercase = false; options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5); options.Lockout.MaxFailedAccessAttempts = 5; options.User.RequireUniqueEmail = true; }); IIdentityServerBuilder identityBuilder = services.AddIdentityServer(options => { options.UserInteraction.LoginUrl = "~/account/sign-in"; options.UserInteraction.LogoutUrl = "~/account/sign-out"; options.UserInteraction.ErrorUrl = "~/error"; options.Events.RaiseErrorEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseSuccessEvents = true; options.Events.RaiseInformationEvents = true; options.Authentication.CookieSlidingExpiration = true; }); identityBuilder.AddConfigurationStore(options => { options.ConfigureDbContext = context => context.UseSqlServer(identityConnectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)); }); identityBuilder.AddOperationalStore(options => { options.ConfigureDbContext = context => context.UseSqlServer(identityConnectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)); options.EnableTokenCleanup = true; options.TokenCleanupInterval = 7200; }); identityBuilder.AddAspNetIdentity <TenantUserEntity>() .AddProfileService <ProfileService <TenantUserEntity> >() .AddInMemoryCaching(); var certificate = GetSigningCertificate(configuration); X509SigningCredentials signingCredentials = new X509SigningCredentials(certificate); identityBuilder.AddSigningCredential(signingCredentials); return(services); }
// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddControllersWithViews(); const string connectionString = @"Server=.; Database=DemoIS4Db; Trusted_Connection=True;"; var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; services.AddDbContext <ApplicationDbContext>(builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))); services.AddIdentity <IdentityUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>(); IIdentityServerBuilder ids = services.AddIdentityServer() .AddDeveloperSigningCredential(); services.AddAuthentication() .AddSaml2(options => { options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; options.SignOutScheme = IdentityServerConstants.DefaultCookieAuthenticationScheme; options.SPOptions.EntityId = new EntityId("http://localhost:5000/saml"); options.IdentityProviders.Add( new Sustainsys.Saml2.IdentityProvider( new EntityId("https://stubidp.sustainsys.com/Metadata"), options.SPOptions) { LoadMetadata = true }); options.SPOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx")); }) .AddGoogle("Google", options => { options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; //options.CallbackPath = "/signin-google"; options.ClientId = "858817474577-a8jt1ldbnhr6ptp4lsf0681t3mbgge08.apps.googleusercontent.com"; options.ClientSecret = "Oh1pnLFGPXKR_XwYULfh21Ov"; }).AddOpenIdConnect("oidc", "Demo IdentityServer", options => { options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; options.SignOutScheme = IdentityServerConstants.SignoutScheme; options.SaveTokens = true; options.Authority = "https://demo.identityserver.io/"; options.ClientId = "interactive.confidential"; options.ClientSecret = "secret"; options.ResponseType = "code"; options.TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name", RoleClaimType = "role" }; }); // EF client, scope, and persisted grant stores ids.AddOperationalStore(options => options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))) .AddConfigurationStore(options => options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly))); // ASP.NET Identity integration ids.AddAspNetIdentity <IdentityUser>(); }
public static IIdentityServerBuilder AddAspNetIdentity <TUser>(this IIdentityServerBuilder builder) where TUser : class { return(builder.AddAspNetIdentity <TUser>("Identity.Application")); }
internal static IIdentityServerBuilder AddIdentityUser<TUser>(this IIdentityServerBuilder builder) where TUser : IdentityUser { return builder.AddAspNetIdentity<TUser>(); }