/// <summary> /// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. /// </summary> /// <param name="app">The application.</param> /// <param name="env">The env.</param> /// <param name="loggerFactory">The logger factory.</param> /// <param name="portfolioSeeder">The portfolio seeder.</param> /// <param name="identitySeeder">The identity seeder.</param> public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, PortfolioDbInitializer portfolioSeeder, IdentityDbInitializer identitySeeder) { //Add Logging loggerFactory.AddConsole(_config.GetSection("Logging")); if (env.IsDevelopment()) { loggerFactory.AddDebug(); } // Add MVC to the request pipeline. app.UseCors(builder => builder.AllowAnyOrigin() .AllowAnyHeader() .AllowAnyMethod()); //Enable Identity app.UseIdentity(); //Make use of JWT Web tokens app.UseJwtBearerAuthentication(new JwtBearerOptions() { AutomaticAuthenticate = true, AutomaticChallenge = true, TokenValidationParameters = new TokenValidationParameters() { ValidIssuer = _config["Tokens:Issuer"], ValidAudience = _config["Tokens:Audience"], ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Tokens:Key"])), ValidateLifetime = true } }); //Add Security Headers if (env.IsProduction()) { app.UseSecurityHeadersMiddleware(new SecurityHeadersBuilder() .AddDefaultSecurePolicy() .AddCustomHeader("Referrer-Policy", "origin") .AddCustomHeader("Content-Security-Policy", "default-src https://somedomain.org:*; script-src https://somedomain.org:* 'unsafe-inline'; style-src https://somedomain.org:* 'unsafe-inline'") .AddCustomHeader("Public-Key-Pins", "pin-sha256=\"\"; max-age=2592000; includeSubdomains;") //Generate yours here: https://report-uri.io/home/pkp_analyse/ .AddCustomHeader("X-Additional-Security", "More Security. Nothing to see here.") ); } //Add exception handling app.UseExceptionHandler( builder => { builder.Run( async context => { context.Response.StatusCode = (int)HttpStatusCode.InternalServerError; context.Response.Headers.Add("Access-Control-Allow-Origin", "*"); var error = context.Features.Get <IExceptionHandlerFeature>(); if (error != null) { context.Response.AddApplicationError(error.Error.Message); await context.Response.WriteAsync(error.Error.Message).ConfigureAwait(false); } }); }); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); routes.MapRoute( name: "ChildApi", template: "api/{parentController}/{parentId}/{controller}/{id}"); // Uncomment the following line to add a route for porting Web API 2 controllers. //routes.MapWebApiRoute("DefaultApi", "api/{controller}/{id?}"); }); //Add the Swagger UI middleware app.UseSwagger(); app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1/swagger.json", "Portfolio API V1"); }); //Initialize the database portfolioSeeder.Seed(); identitySeeder.Seed(); }
/// <summary> /// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. /// </summary> /// <param name="app"></param> /// <param name="env"></param> /// <param name="loggerFactory"></param> public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { //Add Logging loggerFactory.AddConsole(Configuration.GetSection("Logging")); #if DEBUG loggerFactory.AddDebug(); #endif // Add MVC to the request pipeline. app.UseCors(builder => builder.AllowAnyOrigin() .AllowAnyHeader() .AllowAnyMethod()); //Add Security Headers app.UseSecurityHeadersMiddleware(new SecurityHeadersBuilder() .AddDefaultSecurePolicy() .AddCustomHeader("Referrer-Policy", "same-origin") .AddCustomHeader("X-Pamyb-Security", "PAMYB.org Security. Nothing to see here.") ); //Add exception handling app.UseExceptionHandler( builder => { builder.Run( async context => { context.Response.StatusCode = (int)HttpStatusCode.InternalServerError; context.Response.Headers.Add("Access-Control-Allow-Origin", "*"); var error = context.Features.Get <IExceptionHandlerFeature>(); if (error != null) { context.Response.AddApplicationError(error.Error.Message); await context.Response.WriteAsync(error.Error.Message).ConfigureAwait(false); } }); }); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); routes.MapRoute( name: "ChildApi", template: "api/{parentController}/{parentId}/{controller}/{id}"); // Uncomment the following line to add a route for porting Web API 2 controllers. //routes.MapWebApiRoute("DefaultApi", "api/{controller}/{id?}"); }); //Add the Swagger UI middleware app.UseSwagger(); app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1/swagger.json", "Portfolio API V1"); }); //Initialize the database PortfolioDbInitializer.Initialize(app.ApplicationServices); }