public static void AddDataProtectRedisProvider(this IServiceCollection services, string host, string port) { var redisConnection = RedisCacheHelper.ConnectToRedisServer(host, port); services.AddSingleton(options => redisConnection.GetDatabase()); services.AddDataProtection() .SetApplicationName(SecurityConstant.AQSecurityMasterAppName) .PersistKeysToStackExchangeRedis(redisConnection, SecurityConstant.AQSecurityMasterKeyRedis) .SetDefaultKeyLifetime(TimeSpan.FromDays(365 * 10)); }
public static IDataProtectionProvider CreateRedisProvider(IServiceCollection services) { var redisConnection = RedisCacheHelper.ConnectToRedisServer(ApiUrlHelper.RedisCacheSrv.Host, ApiUrlHelper.RedisCacheSrv.Port); services.AddSingleton(options => redisConnection.GetDatabase()); return(new ServiceCollection() .AddDataProtection() .SetApplicationName(SecurityConstant.AQSecurityMasterAppName) .PersistKeysToStackExchangeRedis(redisConnection, SecurityConstant.AQSecurityMasterKeyRedis) .SetDefaultKeyLifetime(TimeSpan.FromDays(365 * 10)) .Services .BuildServiceProvider() .GetRequiredService <IDataProtectionProvider>()); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddOption(Configuration); services.AddSSOPortalService(); services.Configure <CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); //**********Note: Please don't remove this line or move to anywhere***************** services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); //***************Data protection master key*********************** var protectionProvider = Helpers.PersistentProviderHelper.CreateRedisProvider(services); var redisConnection = RedisCacheHelper.ConnectToRedisServer(ApiUrlHelper.RedisCacheSrv.Host, ApiUrlHelper.RedisCacheSrv.Port); services.Configure <KeyManagementOptions>(opt => { opt.XmlRepository = new RedisXmlRepository(() => redisConnection.GetDatabase(), SecurityConstant.AQSecurityMasterKeyRedis); opt.AutoGenerateKeys = true; //*********Master Redis Balancer: must stast first before run other project********** }); services.Configure <SecurityStampValidatorOptions>(options => options.ValidationInterval = TimeSpan.FromMinutes(15) ); //**********Note: Please don't remove this line or move to anywhere***************** var _provider = DependencyInjectionHelper.GetService <IDataProtectionProvider>(); services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => { options.Cookie.Name = CookiesAuthenticationDomainConstant.AQSSOPortal; //Aq booking shared cookie,Require same name for all service use with the same account system options.Cookie.Domain = GetCookieDomain(); options.Cookie.HttpOnly = false; options.Cookie.IsEssential = true; options.Cookie.SecurePolicy = CookieSecurePolicy.None; options.Cookie.SameSite = SameSiteMode.Lax; options.SlidingExpiration = true; options.ExpireTimeSpan = TimeSpan.FromDays(60); options.Cookie.Expiration = TimeSpan.FromDays(60); options.DataProtectionProvider = _provider; options.TicketDataFormat = new TicketDataFormat(_provider.CreateProtector(SecurityConstant.AQSecurityMasterProtector)); options.Events.OnValidatePrincipal = PrincipalSecurityStampValidator.ValidatePrincipalAsync; }); services.ConfigureApplicationCookie(options => { options.Cookie.Name = CookiesAuthenticationDomainConstant.AQSSOPortal; // Aq booking shared cookie , Require same name for all service use with the same account system options.Cookie.Domain = GetCookieDomain(); options.Cookie.HttpOnly = false; options.Cookie.SameSite = SameSiteMode.Lax; options.Cookie.SecurePolicy = CookieSecurePolicy.None; options.SlidingExpiration = true; options.ExpireTimeSpan = TimeSpan.FromDays(60); options.Cookie.Expiration = TimeSpan.FromDays(60); options.DataProtectionProvider = _provider; options.TicketDataFormat = new TicketDataFormat(_provider.CreateProtector(SecurityConstant.AQSecurityMasterProtector)); options.Events.OnValidatePrincipal = PrincipalSecurityStampValidator.ValidatePrincipalAsync; }); services.AddDistributedRedisCache(option => { option.Configuration = $"{ApiUrlHelper.RedisCacheSrv.Host}:{ApiUrlHelper.RedisCacheSrv.Port}"; option.InstanceName = ApiUrlHelper.RedisCacheSrv.InstanceName; }); services.AddSession(option => { option.Cookie.SameSite = SameSiteMode.Lax; option.IdleTimeout = TimeSpan.FromMinutes(20); option.Cookie.Name = $"{CookiesAuthenticationDomainConstant.AQSSOPortal}_PK"; option.Cookie.IsEssential = true; }); services.AddHttpContextAccessor(); services.AddPortalIdentityWebService(Configuration, ApiUrlHelper.IdentityApiUrl); }