// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
// use CORS policy
app.UseCors("default");
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
IdentityServerAuthenticationOptions identityServerValidationOptions = new IdentityServerAuthenticationOptions
{
Authority = "http://localhost:5000/",
AllowedScopes = { "webdatascope" },
ApiSecret = "XAWebDataSecret",
ApiName = "XAWebData",
RequireHttpsMetadata = false,
AutomaticAuthenticate = true,
SupportedTokens = SupportedTokens.Both,
// TokenRetriever = _tokenRetriever,
// required if you want to return a 403 and not a 401 for forbidden responses
AutomaticChallenge = true,
};
app.UseIdentityServerAuthentication(identityServerValidationOptions);
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
private static OAuth2IntrospectionOptions ConfigureIntrospection(IdentityServerAuthenticationOptions options)
{
var introspectionOptions = new OAuth2IntrospectionOptions
{
AuthenticationScheme = options.AuthenticationScheme,
Authority = options.Authority,
ScopeName = options.ScopeName,
ScopeSecret = options.ScopeSecret,
AutomaticAuthenticate = options.AutomaticAuthenticate,
AutomaticChallenge = options.AutomaticChallenge,
NameClaimType = options.NameClaimType,
RoleClaimType = options.RoleClaimType,
TokenRetriever = _tokenRetriever,
SaveTokensAsClaims = options.SaveTokensAsClaims,
DiscoveryTimeout = options.BackChannelTimeouts,
IntrospectionTimeout = options.BackChannelTimeouts
};
if (options.IntrospectionBackChannelHandler != null)
{
introspectionOptions.IntrospectionHttpHandler = options.IntrospectionBackChannelHandler;
}
if (options.IntrospectionDiscoveryHandler != null)
{
introspectionOptions.DiscoveryHttpHandler = options.IntrospectionDiscoveryHandler;
}
return(introspectionOptions);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseCors("corsGlobalPolicy");
app.UseStaticFiles();
IdentityServerAuthenticationOptions identityServerAuthenticationOptions = new IdentityServerAuthenticationOptions();
identityServerAuthenticationOptions.Authority = "https://localhost:44318/";
identityServerAuthenticationOptions.AllowedScopes = new List <string> {
"securedFiles"
};
identityServerAuthenticationOptions.ApiSecret = "securedFilesSecret";
identityServerAuthenticationOptions.ApiName = "securedFiles";
identityServerAuthenticationOptions.AutomaticAuthenticate = true;
// required if you want to return a 403 and not a 401 for forbidden responses
identityServerAuthenticationOptions.AutomaticChallenge = true;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseIdentityServerAuthentication(identityServerAuthenticationOptions);
app.UseMvc();
}
private IdentityServerAuthenticationOptions GetIdentityOptions(IHostingEnvironment env)
{
var options = new IdentityServerAuthenticationOptions
{
AllowedScopes = new string[] { "api" },
RequireHttpsMetadata = env.IsProduction(),
ApiName = "api",
NameClaimType = ClaimTypes.Email,
// Version "2" until we retire the old jwt scheme and replace it with this one.
AuthenticationScheme = "Bearer2",
TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString("Bearer2", "access_token2")
};
if (env.IsProduction())
{
options.Authority = "https://api.bitwarden.com";
}
else if (env.IsEnvironment("Preview"))
{
options.Authority = "https://preview-api.bitwarden.com";
}
else
{
options.Authority = "http://localhost:4000";
//options.Authority = "http://169.254.80.80:4000"; // for VS Android Emulator
//options.Authority = "http://192.168.1.8:4000"; // Desktop external
}
return(options);
}
private static IdentityServerAuthenticationOptions ToIdentityOptions(this IConfiguration configuration)
{
var identityOptions = new IdentityServerAuthenticationOptions();
configuration.Bind(identityOptions);
return(identityOptions);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole();
loggerFactory.AddDebug();
app.UseExceptionHandler("/Home/Error");
app.UseCors("corsGlobalPolicy");
app.UseStaticFiles();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
IdentityServerAuthenticationOptions identityServerValidationOptions = new IdentityServerAuthenticationOptions
{
Authority = "https://localhost:44318/",
AllowedScopes = new List <string> {
"dataEventRecords"
},
ApiSecret = "dataEventRecordsSecret",
ApiName = "dataEventRecords",
AutomaticAuthenticate = true,
SupportedTokens = SupportedTokens.Both,
// TokenRetriever = _tokenRetriever,
// required if you want to return a 403 and not a 401 for forbidden responses
AutomaticChallenge = true,
};
app.UseIdentityServerAuthentication(identityServerValidationOptions);
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
private TestServer CreateRegistrationApiTestServer(string storageProvider)
{
var options = new IdentityServerAuthenticationOptions
{
Authority = IdentityServerUrl,
ApiName = RegistrationApiName,
RequireHttpsMetadata = false,
JwtBackChannelHandler = IdentityTestServer.CreateHandler(),
IntrospectionBackChannelHandler = IdentityTestServer.CreateHandler(),
IntrospectionDiscoveryHandler = IdentityTestServer.CreateHandler()
};
var hostingOptions = new HostingOptions
{
UseIis = false,
UseTestUsers = true,
StorageProvider = storageProvider
};
var apiBuilder = new WebHostBuilder();
apiBuilder.ConfigureServices(c => c.AddSingleton(LdapSettings)
.AddSingleton(options)
.AddSingleton(CouchDbSettings)
.AddSingleton(hostingOptions)
.AddSingleton(ConnectionStrings)
);
apiBuilder.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup <Startup>()
.UseUrls(RegistrationApiServerUrl);
return(new TestServer(apiBuilder));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IOptions <AuthServerSettings> authSettings)
{
loggerFactory.AddSerilog();
app.UseCors("corsGlobalPolicy");
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
IdentityServerAuthenticationOptions identityServerValidationOptions = new IdentityServerAuthenticationOptions
{
Authority = authSettings.Value?.BaseUrl,
AutomaticAuthenticate = true,
AllowedScopes = new List <string>()
{
"accountService"
},
ApiSecret = "accountServiceSecret",
ApiName = "accountService",
SupportedTokens = SupportedTokens.Both,
AutomaticChallenge = true,
};
app.UseIdentity();
app.UseIdentityServerAuthentication(identityServerValidationOptions);
app.UseMvc();
}
public override void BindIdentityServerAuthenticationOptions(IdentityServerAuthenticationOptions options)
{
base.BindIdentityServerAuthenticationOptions(options);
options.JwtBackChannelHandler = IdpHandler;
options.IntrospectionBackChannelHandler = IdpHandler;
options.IntrospectionDiscoveryHandler = IdpHandler;
}
void Options(IdentityServerAuthenticationOptions o)
{
o.Authority = Configuration[AppSettingKeys.Authority];
o.RequireHttpsMetadata = Configuration.GetValue <bool>(AppSettingKeys.RequireHttpsMetadata);
o.SupportedTokens = SupportedTokens.Both;
o.ApiSecret = Configuration[AppSettingKeys.ApiSecret];
o.ApiName = Configuration[AppSettingKeys.ApiName];
}
public static IApplicationBuilder UseIdentityServerAuthentication(this IApplicationBuilder app, Action <IdentityServerAuthenticationOptions> configureOptions)
{
var options = new IdentityServerAuthenticationOptions();
configureOptions(options);
return(app.UseIdentityServerAuthentication(options));
}
public PermissionStoreHttpHandler(ILogger <PermissionStoreHttpHandler> logger,
IOptionsMonitor <IdentityServerAuthenticationOptions> optionsMonitor,
IHttpClientFactory httpClientFactory)
{
_logger = logger;
_httpClientFactory = httpClientFactory;
_options = optionsMonitor.Get("Bearer");
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IServiceProvider serviceProvider)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
loggerFactory.AddFile("Logs/myapp-{Date}.txt", LogLevel.Debug);
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseCors("default");
app.UseIdentityServer();
app.UseStaticFiles();
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
RequireHttpsMetadata = false,
Authority = Config.ApiAuthority,
Audience = "api"
});
var authenticationOptions = new IdentityServerAuthenticationOptions
{
RequireHttpsMetadata = false,
Authority = Config.ApiAuthority,
AllowedScopes = { "api" },
};
var tokenRetriever = authenticationOptions.TokenRetriever;
authenticationOptions.TokenRetriever = (req) => {
string authHeaderToken = tokenRetriever(req);
if (authHeaderToken != null)
{
return(authHeaderToken);
}
StringValues queryTokenValues;
if (req.Query.TryGetValue("access_token", out queryTokenValues))
{
string queryToken = queryTokenValues.LastOrDefault();
return(queryToken);
}
;
return(null);
};
app.UseIdentityServerAuthentication(authenticationOptions);
app.UseWebSockets();
app.MapWebSocketManager("/chat", serviceProvider.GetService <ChatHandler>());
app.UseMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseCors("corsGlobalPolicy");
app.UseStaticFiles();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
var identityServerValidationOptions = new IdentityServerAuthenticationOptions
{
Authority = env.IsDevelopment() ? "https://localhost:44348/" : "https://localhost/IdentityProvider",
AllowedScopes = new List <string> {
"wanvet"
},
ApiSecret = "wanvetSecret",
ApiName = "wanvet",
AutomaticAuthenticate = true,
SupportedTokens = SupportedTokens.Both,
AutomaticChallenge = true,
};
app.UseIdentityServerAuthentication(identityServerValidationOptions);
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
app.UseWebpackDevMiddleware(new WebpackDevMiddlewareOptions
{
HotModuleReplacement = true,
ConfigFile = "config/webpack.config.js"
});
// NOTE: For SPA swagger needs adding before MVC
// Enable middleware to serve generated Swagger as a JSON endpoint
app.UseSwagger();
// Enable middleware to serve swagger-ui assets (HTML, JS, CSS etc.)
app.UseSwaggerUi();
}
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
routes.MapSpaFallbackRoute(
name: "spa-fallback",
defaults: new { controller = "Home", action = "Index" });
});
}
private void ConfigureAuthentication(IdentityServerAuthenticationOptions options)
{
var authenticationServerUrl = Configuration["AuthorizationServer:Authority"];
options.Authority = authenticationServerUrl;
options.RequireHttpsMetadata = false;
options.ApiName = "web_app";
options.ApiSecret = "secret";
options.SupportedTokens = SupportedTokens.Reference;
}
public static IdentityServerAuthenticationOptions GetServerAutentication(IdentityServerAuthenticationOptions options)
{
options.ApiName = _config.ClientId;
options.Authority = _config.AuthUrl;
options.RequireHttpsMetadata = false; // only for development
options.ApiSecret = _config.Secret;
options.SupportedTokens = SupportedTokens.Both;
return(options);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseApplicationInsightsRequestTelemetry();
app.UseApplicationInsightsExceptionTelemetry();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
app.UseBrowserLink();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseIdentity();
app.UseIdentity();
app.UseIdentityServer();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
var SSOAuthority = "http://localhost:50447";
var identityServerValidationOptions = new IdentityServerAuthenticationOptions
{
Authority = SSOAuthority,
ScopeName = "client",
ScopeSecret = "secret",
AutomaticAuthenticate = true,
RequireHttpsMetadata = false,
SupportedTokens = SupportedTokens.Both,
// required if you want to return a 403 and not a 401 for forbidden responses
AutomaticChallenge = true
};
app.UseIdentityServerAuthentication(identityServerValidationOptions);
app.UseSession();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "areaRoute",
template: "{area:exists}/{controller=Home}/{action=Index}/{id?}");
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
//Setup logging
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
//Allow CORS
app.UseCors(CorsPolicyName);
//Disable default mapping for JWT
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
//Setup Auth Server
var identityServerValidationOptions = new IdentityServerAuthenticationOptions
{
Authority = AuthAuthorityUriHttps,
AllowedScopes = new List <string> {
"spaApi"
}, //,"spaScope", "spa.user","spa.admin"
ApiSecret = "spaSecret",
ApiName = "spaApi",
AutomaticAuthenticate = true,
SupportedTokens = SupportedTokens.Both,
// TokenRetriever = _tokenRetriever,
// required if you want to return a 403 and not a 401 for forbidden responses
AutomaticChallenge = true,
//RequireHttpsMetadata = false
};
app.UseIdentityServerAuthentication(identityServerValidationOptions);
//Swashbuckle Configuration
app.UseSwagger();
app.UseSwaggerUi(c =>
{
c.ConfigureOAuth2(SwaggerClientName, "", "", SwaggerClientName, additionalQueryStringParameters: new {
redirect_uri = SwaggerRedirectUriHttps
});
c.SwaggerEndpoint(SwaggerEndpoint, SwaggerDescription);
});
//Migrate to latest and run seeding logic
using (var serviceScope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
var context = serviceScope.ServiceProvider.GetService <SpaContext>();
context.Database.Migrate();
context.EnsureSeedData();
}
app.UseMvc();
}
public static void ConfigureIdentityServerAuthentication(IdentityServerAuthenticationOptions identityServerAuthenticationOptions)
{
var identityServerAuthenticationConfiguration = new IdentityServerAuthenticationConfiguration();
_configuration.GetSection(nameof(IdentityServerAuthenticationConfiguration)).Bind(identityServerAuthenticationConfiguration);
identityServerAuthenticationOptions.Authority = identityServerAuthenticationConfiguration.Authority;
identityServerAuthenticationOptions.ApiName = identityServerAuthenticationConfiguration.ApiName;
identityServerAuthenticationOptions.ApiSecret = identityServerAuthenticationConfiguration.ApiSecret;
identityServerAuthenticationOptions.EnableCaching = identityServerAuthenticationConfiguration.EnableCaching;
identityServerAuthenticationOptions.RequireHttpsMetadata = identityServerAuthenticationConfiguration.RequireHttpsMetadata;
identityServerAuthenticationOptions.SupportedTokens = identityServerAuthenticationConfiguration.SupportedTokens;
}
private IdentityServerAuthenticationOptions GetIdentityOptions(IHostingEnvironment env,
GlobalSettings globalSettings, string suffix)
{
var options = new IdentityServerAuthenticationOptions
{
Authority = globalSettings.BaseServiceUri.InternalIdentity,
AllowedScopes = new string[] { "api", "api.push", "api.licensing" },
RequireHttpsMetadata = !env.IsDevelopment() && globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https"),
NameClaimType = ClaimTypes.Email,
// Suffix until we retire the old jwt schemes.
AuthenticationScheme = $"Bearer{suffix}",
TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString($"Bearer{suffix}", $"access_token{suffix}")
};
return(options);
}
private static JwtBearerOptions ConfigureJwt(IdentityServerAuthenticationOptions options)
{
var jwtOptions = new JwtBearerOptions
{
AuthenticationScheme = options.AuthenticationScheme,
Authority = options.Authority,
RequireHttpsMetadata = false,
AutomaticAuthenticate = options.AutomaticAuthenticate,
AutomaticChallenge = options.AutomaticChallenge,
BackchannelTimeout = options.BackChannelTimeouts,
RefreshOnIssuerKeyNotFound = true,
Events = new JwtBearerEvents
{
OnReceivingToken = e =>
{
e.Token = _tokenRetriever(e.Request);
return(Task.FromResult(0));
},
OnValidatedToken = e =>
{
if (options.SaveTokensAsClaims)
{
e.AuthenticationTicket.Principal.Identities.First().AddClaim(
new Claim("access_token", _tokenRetriever(e.Request)));
}
return(Task.FromResult(0));
}
}
};
if (options.JwtBackChannelHandler != null)
{
jwtOptions.BackchannelHttpHandler = options.JwtBackChannelHandler;
}
jwtOptions.TokenValidationParameters.ValidateAudience = false;
jwtOptions.TokenValidationParameters.NameClaimType = options.NameClaimType;
jwtOptions.TokenValidationParameters.RoleClaimType = options.RoleClaimType;
return(jwtOptions);
}
public IdentityServerAuthenticationOptions GetIdentityServerAuthenticationOptions(string authenticationScheme = "API")
{
var options = new IdentityServerAuthenticationOptions
{
Authority = "http://localhost",
RequireHttpsMetadata = false,
JwtBackChannelHandler = _identityServer.CreateHandler(),
IntrospectionBackChannelHandler = _identityServer.CreateHandler(),
IntrospectionDiscoveryHandler = _identityServer.CreateHandler(),
//AutomaticAuthenticate = true,
//AuthenticationScheme = authenticationScheme,
ApiName = _apiName,
ApiSecret = _apiSecret
};
return(options);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
/* Setting up dependency injection */
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddTransient <ILogger <TransactionController>, Logger <TransactionController> >();
// In-memory DbContext
services.AddDbContext <PaymentDbContext>(options =>
{
options
.UseInMemoryDatabase("Payment")
.ConfigureWarnings(w => w.Ignore(InMemoryEventId.TransactionIgnoredWarning));
});
// Identity Server
services
.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
var settings = new IdentityServerAuthenticationOptions();
Configuration.Bind("IdentityServerSettings", settings);
options.Authority = settings.Authority;
options.RequireHttpsMetadata = settings.RequireHttpsMetadata;
options.ApiName = settings.ApiName;
options.ApiSecret = settings.ApiSecret;
});
// Register the Swagger generator, defining 1 or more Swagger documents
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new Info {
Title = "RothschildHouse API", Version = "v1"
});
// Get xml comments path
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
// Set xml path
options.IncludeXmlComments(xmlPath);
});
}
private void RegisterRegistrationServices(IWebHostBuilder builder)
{
var options = new IdentityServerAuthenticationOptions
{
Authority = IdentityServerUrl,
ApiName = RegistrationApiName,
RequireHttpsMetadata = false,
JwtBackChannelHandler = IdentityTestServer.CreateHandler(),
IntrospectionBackChannelHandler = IdentityTestServer.CreateHandler(),
IntrospectionDiscoveryHandler = IdentityTestServer.CreateHandler()
};
builder.ConfigureServices(c => c.AddSingleton(options)
.AddSingleton <IPostConfigureOptions <JwtBearerOptions> >(new PostConfigureOptions <JwtBearerOptions>("Bearer", jwtOpts =>
{
jwtOpts.BackchannelHttpHandler = new SuppressExecutionContextHandler(IdentityTestServer.CreateHandler());
})));
}
private IdentityServerAuthenticationOptions GetIdentityOptions(IHostingEnvironment env,
string authority, string suffix)
{
var options = new IdentityServerAuthenticationOptions
{
Authority = authority,
AllowedScopes = new string[] { "api" },
RequireHttpsMetadata = env.IsProduction(),
ApiName = "api",
NameClaimType = ClaimTypes.Email,
// Suffix until we retire the old jwt schemes.
AuthenticationScheme = $"Bearer{suffix}",
TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString(
$"Bearer{suffix}", $"access_token{suffix}")
};
return(options);
}
public void FindSingletonImplementationInstance()
{
//Given
var service = new IdentityServerAuthenticationOptions {
ApiName = "Test"
};
var services = new ServiceCollection();
services.AddSingleton(new object());
services.AddSingleton(new List <string>());
services.AddSingleton(service);
services.AddSingleton(new HashSet <string>());
//When
var foundService = services.FindSingletonImplementationInstance <IdentityServerAuthenticationOptions>();
//Then
Assert.NotNull(foundService);
Assert.Same(service, foundService);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseApplicationInsightsRequestTelemetry();
app.UseApplicationInsightsExceptionTelemetry();
var options = new IdentityServerAuthenticationOptions
{
Authority = "http://localhost:5297",
RequireHttpsMetadata = false,
ApiName = "TetrisApi"
};
app.UseIdentityServerAuthentication(options);
app.UseMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseCors("corsGlobalPolicy");
app.UseStaticFiles();
IdentityServerAuthenticationOptions identityServerAuthenticationOptions = new IdentityServerAuthenticationOptions();
identityServerAuthenticationOptions.Authority = "https://localhost:44318/";
identityServerAuthenticationOptions.AllowedScopes = new List<string> { "securedFiles" };
identityServerAuthenticationOptions.ApiSecret = "securedFilesSecret";
identityServerAuthenticationOptions.ApiName = "securedFiles";
identityServerAuthenticationOptions.AutomaticAuthenticate = true;
// required if you want to return a 403 and not a 401 for forbidden responses
identityServerAuthenticationOptions.AutomaticChallenge = true;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseIdentityServerAuthentication(identityServerAuthenticationOptions);
app.UseMvc();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
/* Configuration for MVC */
services
.AddMvc()
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
.AddJsonOptions(options =>
{
options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
});
/* Setting dependency injection */
// For DbContext
services.AddDbContext <OnlineStoreDbContext>(builder =>
{
builder.UseSqlServer(Configuration["ConnectionStrings:OnlineStore"]);
});
// User info
services.AddScoped <IUserInfo, UserInfo>();
// Logger for services
services.AddScoped <ILogger, Logger <Service> >();
/* Identity Server for Online Store */
services.Configure <OnlineStoreIdentityClientSettings>(Configuration.GetSection("OnlineStoreIdentityClientSettings"));
services.AddSingleton <OnlineStoreIdentityClientSettings>();
/* Rothschild House Payment gateway */
services.Configure <RothschildHouseIdentitySettings>(Configuration.GetSection("RothschildHouseIdentitySettings"));
services.AddSingleton <RothschildHouseIdentitySettings>();
services.Configure <RothschildHousePaymentSettings>(Configuration.GetSection("RothschildHousePaymentSettings"));
services.AddSingleton <RothschildHousePaymentSettings>();
services.AddScoped <IRothschildHouseIdentityClient, RothschildHouseIdentityClient>();
services.AddScoped <IRothschildHousePaymentClient, RothschildHousePaymentClient>();
/* Online Store Services */
services.AddScoped <IHumanResourcesService, HumanResourcesService>();
services.AddScoped <IWarehouseService, WarehouseService>();
services.AddScoped <ISalesService, SalesService>();
/* Configuration for authorization */
services
.AddMvcCore()
.AddAuthorization(options =>
{
options
.AddPolicy(Policies.AdministratorPolicy, builder => builder.Requirements.Add(new AdministratorPolicyRequirement()));
options
.AddPolicy(Policies.WarehouseManagerPolicy, builder => builder.Requirements.Add(new WarehouseManagerPolicyRequirement()));
options
.AddPolicy(Policies.WarehouseOperatorPolicy, builder => builder.Requirements.Add(new WarehouseOperatorPolicyRequirement()));
options
.AddPolicy(Policies.CustomerPolicy, builder => builder.Requirements.Add(new CustomerPolicyRequirement()));
});
/* Configuration for Identity Server authentication */
services
.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
var settings = new IdentityServerAuthenticationOptions();
Configuration.Bind("IdentityServerSettings", settings);
options.Authority = settings.Authority;
options.RequireHttpsMetadata = settings.RequireHttpsMetadata;
options.ApiName = settings.ApiName;
options.ApiSecret = settings.ApiSecret;
});
/* Configuration for Help page */
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new Info {
Title = "Online Store API", Version = "v1"
});
// Get xml comments path
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
// Set xml path
options.IncludeXmlComments(xmlPath);
});
}
public static IdentityServerAuthenticationOptions GetDefaultAuthenticationOptions(IdentityServerAuthenticationOptions options)
{
options.Authority = "http://localhost:5001";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
return(options);
}
public virtual void BindIdentityServerAuthenticationOptions(IdentityServerAuthenticationOptions options)
{
Configuration.GetSection("IdentityProvider").Bind(options);
}