// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.Configure <RecaptchaOptions>(Configuration.GetSection("Recaptcha")); services.Configure <LetsEncryptOptions>(Configuration.GetSection("LetsEncrypt")); services.Configure <PasswordHasherOptions>(options => options.CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV2); services .AddIdentity <JoinIdentityUser, string>(options => options.Password.ConfigureValidation()) .AddDefaultTokenProviders() .AddUserStore <MyUserStore>() .AddRoleStore <MyUserStore>(); services.ConfigureApplicationCookie(AuthenticationConfigurator.SetCookieOptions()); services.AddLogging(); services.AddHttpContextAccessor(); services.TryAddSingleton <IActionContextAccessor, ActionContextAccessor>(); services.AddRouting(options => options.LowercaseUrls = true); var mvc = services .AddMvc(options => { if (!environment.IsEnvironment("IntegrationTest")) { options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()); } options.Filters.Add(new SetIsProductionFilterAttribute()); options.Filters.Add(new TypeFilterAttribute(typeof(SetUserDataFilterAttribute))); }) .AddControllersAsServices() .AddViewComponentsAsServices(); if (environment.IsDevelopment()) { //That's make local debug more easy mvc.AddRazorRuntimeCompilation(); } services.AddAuthorization(); services.AddTransient <IAuthorizationPolicyProvider, AuthPolicyProvider>(); services .AddAuthentication() .ConfigureJoinExternalLogins(Configuration.GetSection("Authentication")); services.AddSwaggerGen(Swagger.ConfigureSwagger); services.AddApplicationInsightsTelemetry(); services.AddHealthChecks() .AddSqlServer(Configuration["ConnectionStrings:DefaultConnection"]); }
public void Configuration(IAppBuilder app) { AuthenticationConfigurator.ConfigureAuth(app); var hubConfiguration = new HubConfiguration(); hubConfiguration.EnableDetailedErrors = true; app.MapSignalR(hubConfiguration); string hangfireDBName = AppSettingHelper.GetAppSetting <string>(Constants.AppSetting.HangfireDBName); GlobalConfiguration.Configuration.UseMongoStorage("mongodb://localhost", hangfireDBName); app.UseHangfireDashboard("/hangfire", new DashboardOptions { Authorization = new[] { new AuthorizationFilter() } }); app.UseHangfireServer(); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { _ = services.Configure <RecaptchaOptions>(Configuration.GetSection("Recaptcha")) .Configure <LetsEncryptOptions>(Configuration.GetSection("LetsEncrypt")) .Configure <BlobStorageOptions>(Configuration.GetSection("AzureBlobStorage")); blobStorageOptions = Configuration.GetSection("AzureBlobStorage").Get <BlobStorageOptions>(); _ = services.Configure <PasswordHasherOptions>(options => options.CompatibilityMode = PasswordHasherCompatibilityMode.IdentityV2); _ = services .AddIdentity <JoinIdentityUser, string>(options => options.Password.ConfigureValidation()) .AddDefaultTokenProviders() .AddUserStore <MyUserStore>() .AddRoleStore <MyUserStore>(); _ = services.ConfigureApplicationCookie(AuthenticationConfigurator.SetCookieOptions()); _ = services.AddLogging(); _ = services.AddHttpContextAccessor(); services.TryAddSingleton <IActionContextAccessor, ActionContextAccessor>(); _ = services.AddHttpClient(); _ = services.AddRouting(options => options.LowercaseUrls = true); var mvc = services .AddMvc(options => { if (!environment.IsEnvironment("IntegrationTest")) { options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()); } options.Filters.Add(new SetIsProductionFilterAttribute()); options.Filters.Add(new TypeFilterAttribute(typeof(SetUserDataFilterAttribute))); //TODO need to fix this options.SuppressImplicitRequiredAttributeForNonNullableReferenceTypes = true; }) .AddControllersAsServices() .AddViewComponentsAsServices(); _ = services.AddAntiforgery(options => options.HeaderName = "X-CSRF-TOKEN-HEADERNAME"); var dataProtection = services.AddDataProtection(); if (blobStorageOptions.BlobStorageConfigured) { dataProtection.PersistKeysToAzureBlobStorage( blobStorageOptions.BlobStorageConnectionString, "data-protection-keys", "joinrpg-portal-protection-keys"); } if (environment.IsDevelopment()) { //That's make local debug more easy _ = mvc.AddRazorRuntimeCompilation(); } _ = services.AddAuthorization(); _ = services.AddTransient <IAuthorizationPolicyProvider, AuthPolicyProvider>(); services .AddAuthentication() .ConfigureJoinExternalLogins(Configuration.GetSection("Authentication")); _ = services.AddSwaggerGen(Swagger.ConfigureSwagger); _ = services.AddApplicationInsightsTelemetry(); _ = services.AddHealthChecks() .AddSqlServer(Configuration["ConnectionStrings:DefaultConnection"], tags: new[] { "ready" }) .AddCheck <HealthCheckLoadProjects>("Project load", tags: new[] { "ready" }) .AddCheck <HealthCheckBlobStorage>("Blob connect"); services.Configure <ForwardedHeadersOptions>(options => { options.ForwardedHeaders = ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedFor; options.KnownProxies.Clear(); options.KnownNetworks.Clear(); options.ForwardLimit = 1; // Allow nearest proxy server to set X-Forwarded-?? header // Do not white-list servers (It's hard to know them specifically proxy server in cloud) // It will allow IP-spoofing, if Kestrel is directly exposed to end user // But it should never happen anyway (we always should be under at least one proxy) }); }