public static void AddPolicies(this IServiceCollection service, PolicyContext policies)
{
foreach (var namedPolicy in policies.GetPolicySets())
{
var policySet = namedPolicy.Value;
var policyBuilder = new AuthorizationPolicyBuilder();
policyBuilder.RequireAuthenticatedUser();
var noOneHasAccessToPolicy = policySet == null;
if (noOneHasAccessToPolicy)
{
policyBuilder.RequireAssertion((context) => false); //If no one has access to the policy then always make a false assertion;
}
else
{
var allowableRulesAndUsers = policySet.GetAllowableRolesAndUsersCombined();
if (allowableRulesAndUsers.Any())
{
policyBuilder.RequireRole(policySet.GetAllowableRolesAndUsersCombined());
}
if (policySet.DenyRoles != null)
{
policyBuilder.RequireAssertion(context =>
policySet.GetAllowableRolesAndUsersCombined().Any(allowedRole => context.User.IsInRole(allowedRole)) ||
!policySet.DenyRoles.Any(deniedRole => context.User.IsInRole(deniedRole)));
}
if (policySet.DenyUsers != null)
{
policyBuilder.RequireAssertion(context =>
policySet.GetAllowableRolesAndUsersCombined().Any(allowedRole => context.User.IsInRole(allowedRole)) ||
!policySet.DenyUsers.Any(deniedUser => context.User.IsInRole(deniedUser)));
}
if (policySet.AllowClaim != null)
{
policyBuilder.RequireClaim(policySet.AllowClaim.Type, policySet.AllowClaim.Values);
}
if (policySet.AllowClaims != null)
{
policySet.AllowClaims.ForEach(claim => policyBuilder.RequireClaim(claim.Type, claim.Values));
}
}
var policy = policyBuilder.Build();
service.AddAuthorization(options => options.AddPolicy(namedPolicy.Key, policy));
}
}
public static AuthorizationPolicyBuilder RequireScope(this AuthorizationPolicyBuilder builder, params string[] scopes) =>
builder.RequireAssertion(context =>
context.User
.Claims
.Where(c => scopeClaimTypes.Contains(c.Type))
.SelectMany(c => c.Value.Split(' '))
.Any(s => scopes.Contains(s, StringComparer.OrdinalIgnoreCase)));
public Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
if (policyName.StartsWith(ClaimAuthorizeAttribute.POLICY_PREFIX))
{
var claim = policyName.Substring(ClaimAuthorizeAttribute.POLICY_PREFIX.Length);
var policyBuilder = new AuthorizationPolicyBuilder();
if (claim.StartsWith(AnyGroupPrefix))
{
var claimMatch = claim.Substring(AnyGroupPrefix.Length);
//Group-insenstive match.
policyBuilder.RequireAssertion(context =>
context.User.HasClaim((c) => c.Type == CustomClaims.Permission && c.Value.EndsWith(claimMatch)));
}
else
{
var requestContext = _httpContextAccessor.HttpContext.RequestServices.GetService <RequestContext>();
//Group-specific match.
var claimFullName = $"{requestContext.GroupId}:{claim}";
policyBuilder.RequireClaim(CustomClaims.Permission, claimFullName);
}
return(Task.FromResult(policyBuilder.Build()));
}
return(FallbackPolicyProvider.GetPolicyAsync(policyName));
}
public override async Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
var policy = await base.GetPolicyAsync(policyName);
if (policy != null)
{
return(policy);
}
var policyNames = policyName.Split(',', System.StringSplitOptions.RemoveEmptyEntries).Select(name => name.Trim()).ToArray();
var builder = new AuthorizationPolicyBuilder();
builder.RequireAssertion(async(context) =>
{
var authService = httpContextAccessor.HttpContext.RequestServices.GetService <IAuthorizationService>();
foreach (var policyName in policyNames)
{
var result = await authService.AuthorizeAsync(context.User, context.Resource, policyName);
if (result.Succeeded)
{
return(true);
}
}
return(false);
});
return(builder.Build());
}
public static AuthorizationPolicyBuilder ConfigurePolicyUserSupervisor(AuthorizationPolicyBuilder policy)
{
return(policy.RequireAssertion(
context => context.User.GetCustomClaimAsInt(CustomClaimTypes.UserAdminId) != null &&
context.User.GetCustomClaimAsBool(CustomClaimTypes.IsSupervisor) == true
));
}
public static AuthorizationPolicyBuilder ConfigurePolicyUserOnly(AuthorizationPolicyBuilder policy)
{
return(policy.RequireAssertion(
context => context.User.GetCandidateId() != null &&
context.User.GetCustomClaimAsBool(CustomClaimTypes.LearnUserAuthenticated) == true
));
}
public static AuthorizationPolicyBuilder ConfigurePolicyUserSuperAdmin(AuthorizationPolicyBuilder policy)
{
return(policy.RequireAssertion(
context => context.User.GetCustomClaimAsInt(CustomClaimTypes.UserAdminId) != null &&
context.User.HasSuperAdminPermissions()
));
}
private static void RequireOneOfTheGenericTypes(IEnumerable <Type> types, AuthorizationPolicyBuilder builder)
{
builder.RequireAssertion(context =>
{
var anyAuthorizationClaim = context.User.Claims.Any(x => types.Any(y => y.Name == x.Type));
return(anyAuthorizationClaim);
});
}
public static void VerifyAdmin(AuthorizationPolicyBuilder PolicyBuilder)
{
PolicyBuilder.RequireAssertion(Context =>
{
var user = User.ParseClaims(Context.User.Claims);
return(user.Roles.Contains(Admin));
});
}
/// <summary>
/// A policy check for all endpoints to require either the RestApiClaimType or Umbraco's SessionIdClaimType with the Umbraco issuer
/// </summary>
/// <param name="policy"></param>
public static void RequireSessionIdOrRestApiClaim(this AuthorizationPolicyBuilder policy)
{
policy.RequireAssertion(context =>
context.User.HasClaim(c =>
//to read published content the logged in user must have either of these claim types and value
c.Type == AuthorizationPolicies.UmbracoRestApiClaimType
//if we are checking the SessionIdClaimType then it should be issued from Umbraco (i.e. cookie authentication)
|| (c.Type == Core.Constants.Security.SessionIdClaimType && c.Issuer == UmbracoBackOfficeIdentity.Issuer)));
}
public Task <AuthorizationPolicy> GetFallbackPolicyAsync()
{
var result = new AuthorizationPolicyBuilder();
result = result.RequireAssertion(context =>
{
return(true);
});
return(Task.FromResult(result.Build()));
}
/// <summary>
/// configures oauth2 authentication based on the configuration
/// </summary>
/// <param name="services">services</param>
public static void Configure(IServiceCollection services)
{
// Get the configuration Settings
// TODO: are there any alternative ways exist to get the configuration settings??
var authenticationSettings = services.BuildServiceProvider().GetRequiredService <AuthenticationSettings>();
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = GenericHelper.GetUriFromEnvironmentVariable(DefaultConstants.AuthenticationAuthority).ToString();
options.ApiName = authenticationSettings.Scope;
options.RequireHttpsMetadata = false;
});
services.AddAuthorization(options =>
{
options.AddPolicy(PolicyConstants.Admin, policy =>
{
// Allowed to access the resource if role admin or manager
policy.RequireClaim(JwtClaimTypes.Role, new[] { PolicyConstants.Admin, PolicyConstants.Manager });
});
options.AddPolicy(PolicyConstants.Manager, policy =>
{
// Allowed only if the role of the logged in user is manager
policy.RequireClaim(JwtClaimTypes.Role, PolicyConstants.Manager);
});
var defaultPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser();
defaultPolicy.RequireAssertion(c =>
{
if (c.User.HasClaim(JwtClaimTypes.ClientId, DefaultConstants.DeviceManagerTestClient))
{
return(true);
}
var mvcContext = c.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
if (c.User.HasClaim(JwtClaimTypes.Role, PolicyConstants.Admin))
{
return(true);
}
// Now the user needs to have tenant id
if (c.User.HasClaim(DefaultConstants.TenantClaim, mvcContext.HttpContext.Request.Headers[DefaultConstants.TenantId].ToString()))
{
return(true);
}
return(false);
});
options.DefaultPolicy = defaultPolicy.Build();
});
}
public void RegisterAuthorizationPolicy(AuthorizationPolicyBuilder authorizationPolicyBuilder)
{
authorizationPolicyBuilder.RequireAssertion(
handler =>
{
AuthorizationFilterContext authorizationFilterContext = handler.Resource as AuthorizationFilterContext;
return(!authorizationFilterContext.HttpContext.Request.Path.StartsWithSegments(new PathString("/backend")) || handler.User.IsInRole("Administrator"));
}
);
}
public AuthorizationPolicy Build(HttpContext httpContext)
{
AuthorizationPolicyBuilder authorizationPolicyBuilder = new AuthorizationPolicyBuilder();
authorizationPolicyBuilder.RequireAssertion(async context =>
{
return(await context.User.HasClaimAsync(httpContext, x => x.Type == Name));
});
return(authorizationPolicyBuilder.Build());
}
public AuthorizationPolicy GetAuthorizationPolicy()
{
AuthorizationPolicyBuilder authorizationPolicyBuilder = new AuthorizationPolicyBuilder();
authorizationPolicyBuilder.RequireAssertion(context =>
{
return(context.User.HasClaim(PlatformusClaimTypes.Permission, Permissions.BrowseOrderStates) || context.User.HasClaim(PlatformusClaimTypes.Permission, Platformus.Security.Permissions.DoEverything));
}
);
return(authorizationPolicyBuilder.Build());
}
public static AuthorizationPolicyBuilder ConfigurePolicyUserFrameworksAdminOnly(
AuthorizationPolicyBuilder policy
)
{
return(policy.RequireAssertion(
context => context.User.GetCustomClaimAsInt(CustomClaimTypes.UserAdminId) != null &&
(context.User.GetCustomClaimAsBool(CustomClaimTypes.IsFrameworkDeveloper) == true) |
(context.User.GetCustomClaimAsBool(CustomClaimTypes.IsFrameworkContributor) == true) |
(context.User.GetCustomClaimAsBool(CustomClaimTypes.IsWorkforceManager) == true) |
(context.User.GetCustomClaimAsBool(CustomClaimTypes.IsWorkforceContributor) == true)
));
}
public AuthorizationPolicy GetAuthorizationPolicy()
{
AuthorizationPolicyBuilder authorizationPolicyBuilder = new AuthorizationPolicyBuilder();
authorizationPolicyBuilder.RequireAssertion(context =>
{
return(context.User.HasClaim(PlatformusClaimTypes.Permission, Permissions.ManageOrders) || context.User.HasClaim(PlatformusClaimTypes.Permission, Core.Permissions.DoAnything));
}
);
return(authorizationPolicyBuilder.Build());
}
public static AuthorizationPolicy ToAuthPolicy(this AuthorizationPolicyInfo info)
{
var policy = new AuthorizationPolicyBuilder();
var hasAnyRequirements = false;
if (info.AllowedRoles.Count > 0)
{
policy.RequireRole(info.AllowedRoles);
hasAnyRequirements = true;
}
if (info.AuthenticationSchemes.Count > 0)
{
policy.AuthenticationSchemes = info.AuthenticationSchemes;
}
if (info.RequireAuthenticatedUser)
{
policy.RequireAuthenticatedUser();
hasAnyRequirements = true;
}
if (info.RequiredClaims.Count > 0)
{
foreach (var c in info.RequiredClaims)
{
if (c.AllowedValues.Count > 0)
{
policy.RequireClaim(c.ClaimName, c.AllowedValues);
}
else
{
policy.RequireClaim(c.ClaimName);
}
hasAnyRequirements = true;
}
}
if (!string.IsNullOrWhiteSpace(info.RequiredUserName))
{
policy.RequireUserName(info.RequiredUserName);
hasAnyRequirements = true;
}
if (!hasAnyRequirements)
{
// allow anonymous
Func <AuthorizationHandlerContext, bool> allowAny = (AuthorizationHandlerContext authContext) => true;
policy.RequireAssertion(allowAny);
}
return(policy.Build());
}
private static void ProviderOrEmployerAssertion(AuthorizationPolicyBuilder policy)
{
policy.RequireAssertion(context =>
{
var hasUkprn = context.User.HasClaim(claim =>
claim.Type.Equals(ProviderClaims.ProviderUkprn));
var hasDaa = HasValidServiceClaim(context);
var hasEmployerAccountId = context.User.HasClaim(claim =>
claim.Type.Equals(EmployerClaims.AccountsClaimsTypeIdentifier));
return(hasUkprn && hasDaa || hasEmployerAccountId);
});
}
public AuthorizationPolicy GetGlobalAuthorizationPolicy()
{
AuthorizationPolicyBuilder authorizationPolicyBuilder = new AuthorizationPolicyBuilder();
authorizationPolicyBuilder.RequireAssertion(context =>
{
AuthorizationFilterContext authorizationFilterContext = context.Resource as AuthorizationFilterContext;
return(!authorizationFilterContext.HttpContext.Request.Path.StartsWithSegments(new PathString("/backend")) || context.User.HasClaim(PlatformusClaimTypes.Permission, Permissions.BrowseBackend));
}
);
return(authorizationPolicyBuilder.Build());
}
private static void AddAlternativeRolesPolicy(this IServiceCollection services, string policyName, string[] roles, string[] schemes)
{
var rolePolicyBuilder = new AuthorizationPolicyBuilder();
if (schemes.Any())
{
rolePolicyBuilder = rolePolicyBuilder.AddAuthenticationSchemes(schemes);
rolePolicyBuilder = rolePolicyBuilder.RequireAuthenticatedUser();
rolePolicyBuilder = rolePolicyBuilder.RequireAssertion(ctx =>
ctx?.User?.HasClaim(c =>
string.Equals(c.Type, ClaimTypes.Role, StringComparison.OrdinalIgnoreCase) &&
roles.Any(r => string.Equals(r, c.Value, StringComparison.OrdinalIgnoreCase))) ??
false);
}
else
{
rolePolicyBuilder = rolePolicyBuilder.RequireAssertion(_ => true);
}
services.AddAuthorization(o =>
{
o.AddPolicy(policyName, rolePolicyBuilder.Build());
});
}
private static void AddDefaultPolicy(this IServiceCollection services, string[] schemes)
{
var authenticatedPolicyBuilder = new AuthorizationPolicyBuilder();
if (schemes.Any())
{
authenticatedPolicyBuilder = authenticatedPolicyBuilder.AddAuthenticationSchemes(schemes);
authenticatedPolicyBuilder = authenticatedPolicyBuilder.RequireAuthenticatedUser();
}
else
{
authenticatedPolicyBuilder = authenticatedPolicyBuilder.RequireAssertion(_ => true);
}
services.AddAuthorization(o => o.DefaultPolicy = authenticatedPolicyBuilder.Build());
}
public override Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
var policy = new AuthorizationPolicyBuilder();
policy.RequireAssertion(async ctx =>
{
if (ctx.User?.Identity?.IsAuthenticated == true)
{
var userId = ctx.User?.Claims.FirstOrDefault(e => e.Type == "sub")?.Value;
if (!string.IsNullOrEmpty(userId))
{
Google.Protobuf.Collections.RepeatedField <string> permissions = null;
permissions = await memoryCache.GetOrCreateAsync($"{userId}", async cache =>
{
cache.AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(5);
try
{
//ctx.AbsoluteExpirationRelativeToNow = IdentityServerCenterConnectServiceCollectionExtensions.UserPermissionCacheTimeSpan;
var result = (await userClient.GetUserPermissonsAsync(
new UserGrpcService.UserIdReq
{
UserId = userId
})).Items;
return(result);
}
catch (RpcException ex)
{
logger.LogError($"Grpc获取用户权限失败:{ex.Message}");
}
return(null);
});
return(permissions.Any(e => e == policyName));
}
}
return(false);
});
return(Task.FromResult(policy.Build()));
//如果在ConfigService AddAuthorization
//获取回落政策
//https://docs.microsoft.com/zh-cn/aspnet/core/security/authorization/iauthorizationpolicyprovider?view=aspnetcore-3.1
//return this.GetFallbackPolicyAsync();
}
public static void Build(AuthorizationPolicyBuilder builder)
{
if (StaticRepo.Configuration.GetValue <bool>("EnableAuthorization") == true)
{
var section = StaticRepo.Configuration.GetSection($"AzureAd:AuthorizedAdGroups");
var groups = section.Get <string[]>();
builder.RequireClaim("groups", groups);
}
else if (StaticRepo.Configuration.GetValue <bool>("EnableAuthentication") == true)
{
builder.RequireAuthenticatedUser();
}
else
{
builder
.RequireAssertion(_ => true)
.Build();
}
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContextPool <AppDbContext>(
options => options.UseSqlServer(_config.GetConnectionString("ApplicationDbContext")));
services.AddDbContextPool <AppDbContext>(
options => options.UseSqlServer(_config.GetConnectionString("toDoListDBConnection")));
services.AddDbContextPool <AGesContext>(
options => options.UseSqlServer(_config.GetConnectionString("aGesConnection")));
services.AddIdentity <ApplicationUser, IdentityRole>(options =>
{
options.Password.RequiredLength = 10;
options.Password.RequiredUniqueChars = 3;
options.Password.RequireNonAlphanumeric = false;
options.SignIn.RequireConfirmedEmail = true;
options.Lockout.MaxFailedAccessAttempts = 3;
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromHours(1);
}).AddEntityFrameworkStores <AppDbContext>()
.AddDefaultTokenProviders();
services.AddAntiforgery(options => options.HeaderName = "RequestVerificationToken");
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
services.AddDistributedMemoryCache();
services.AddSession(so =>
{
so.IdleTimeout = TimeSpan.FromMinutes(60);
});
services.AddMvc(options =>
{
options.Filters.Add(new AuthorizeFilter(policy));
options.EnableEndpointRouting = false;
}).AddXmlSerializerFormatters();
services.ConfigureApplicationCookie(options =>
{
options.AccessDeniedPath = new PathString("/Administration/AccessDenied");
});
services.AddAuthorization(options =>
{
//options.AddPolicy("DeleteRolePolicy", policy => policy.RequireClaim("Delete Role", "true")
// .RequireRole("Administrator")
// .RequireRole("Super Admin")
//);
//options.AddPolicy("EditRolePolicy", policy => policy.RequireClaim("Edit Role", "true")
// .RequireRole("Administrator")
// .RequireRole("Super Admin"));
//options.AddPolicy("EditRolePolicy", policy => policy.RequireAssertion(context =>
// context.User.IsInRole("Administrator") &&
// context.User.HasClaim(claim => claim.Type == "Edit Role" && claim.Value == "true") ||
// context.User.IsInRole("Super Admin")
// ));
options.AddPolicy("DeleteRolePolicy", policy => policy.RequireAssertion(context =>
context.User.IsInRole("Administrator") &&
context.User.HasClaim(claim => claim.Type == "Delete Role" && claim.Value == "true") ||
context.User.IsInRole("Super Admin")
));
options.AddPolicy("EditRolePolicy", policy => policy.AddRequirements(new ManageAdminRolesAndClaimsRequirement()));
options.AddPolicy("AdminRolePolicy", policy => policy.RequireRole("Administrator"));
options.AddPolicy("SuperAdminRolePolicy", policy => policy.RequireRole("Super Admin"));
options.AddPolicy("ManagerRights",
policy => policy.RequireAssertion(context =>
context.User.IsInRole("Administrator") ||
context.User.IsInRole("Super Admin")));
});
// services.AddScoped<IUserRepository, SQLUserRepository>();
//services.AddScoped<ITaskRepository, SQLTaskRepository>();
//services.AddScoped<IToDoListRepository, SQLToDoRepository>();
services.AddScoped <IForgotPassword, SQL_IForgotPassword>();
services.AddScoped <IConConfig, SQL_ConConfig>();
services.AddScoped <IEmpresa, SQL_IEmpresa>();
services.AddScoped <IEmpresaUtilizadores, SQL_IEmpresaUtilizadores>();
services.AddScoped <IEmpresaAGes, SQL_IEmpresaAGes>();
services.AddScoped <ICLab, SQL_ICLab>();
services.AddScoped <IDadosEmpresaViewModel, SQL_IDadosEmpresaViewModel>();
services.AddScoped <IGabineteContabilidade, Sql_IGabineteContabilidade>();
services.AddSingleton <IAuthorizationHandler, SuperAdminHandler>();
services.AddSingleton <IAuthorizationHandler, AdministratorHandler>();
// services.AddSingleton<ICustomDbContextFactory<CustomDbContext>, CustomDbContextFactory<CustomDbContext>>();
}
public static void IsAdminOr(this AuthorizationPolicyBuilder policyBuilder, Func <AuthorizationHandlerContext, bool> condition) =>
policyBuilder.RequireAssertion(ctx =>
ctx.User.HasClaim(AuthConstants.ClaimTypes.IsAdmin, true.ToString()) ||
condition(ctx));
public static void VerifyEveryone(AuthorizationPolicyBuilder PolicyBuilder) => PolicyBuilder.RequireAssertion(Context => true);
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
AppSettings appSettings = Configuration.GetSection("AppSettings").Get <AppSettings>();
if (appSettings != null)
{
services.Configure <AppSettings>(options =>
{
options.StoreEndpoint = appSettings.StoreEndpoint;
options.SmtpCredentials = appSettings.SmtpCredentials;
options.LegalURL = appSettings.LegalURL;
options.IgnoreEmails = appSettings.SmtpCredentials == null || string.IsNullOrEmpty(appSettings.SmtpCredentials.Ip) ? true : false;
});
}
DatabaseSettings customerDbSettings = Configuration.GetSection("DatabaseConnections:SecureBankMSSQL").Get <DatabaseSettings>();
if (customerDbSettings != null)
{
string customerConnectionString = string.Format("Server={0},{1};Database={2};User Id={3};Password={4}",
customerDbSettings.Server,
customerDbSettings.ServerPort,
customerDbSettings.Database,
customerDbSettings.UserId,
customerDbSettings.UserPass);
_logger.Info(customerConnectionString);
// configure mssql
services.AddDbContext <PortalDBContext>(options => options.UseSqlServer(customerConnectionString));
}
else
{
//configure sqlite
services.AddDbContext <PortalDBContext>(options => options.UseSqlite("Filename=./customerDB.db"));
}
services.AddTransient <IActionContextAccessor, ActionContextAccessor>();
services.AddTransient <ITransactionDAO, TransactionDAO>();
services.AddTransient <IUserDAO, UserDAO>();
services.AddTransient <IDbInitializer, DbInitializer>();
services.AddScoped <StoreAPICalls>();
services.AddTransient <IEmailSender, EmailSender>();
services.AddScoped <IUserBL, UserBL>();
services.AddScoped <ITransactionBL, TransactionBL>();
services.AddScoped <IStoreBL, StoreBL>();
services.AddScoped <IPortalSearchBL, PortalSearchBL>();
services.AddScoped <IAuthBL, AuthBL>();
services.AddScoped <IUploadFileBL, UploadFileBL>();
services.AddScoped <IAdminBL, AdminBL>();
services.AddScoped <IAdminStoreBL, AdminStoreBL>();
services.AddAuthorization(options =>
{
AuthorizationPolicyBuilder defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder();
defaultAuthorizationPolicyBuilder.RequireAssertion(x => true);
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
services.AddSingleton <IAuthorizeService, AuthorizeService>();
services.AddSingleton <IUserExtensions, UserExtensions>();
if (appSettings?.Ctf?.Enabled ?? false)
{
services.ConfigureCtf(Configuration);
}
services.AddControllersWithViews();
services.AddSwaggerGen(x =>
{
if (appSettings?.Ctf?.Enabled ?? false)
{
//TO DO: Try to change this so singelton services are not created
#pragma warning disable ASP0000
IServiceProvider serviceProvider = services.BuildServiceProvider();
CtfOptions ctfOptions = serviceProvider.GetService <IOptions <CtfOptions> >()?.Value;
CtfChallangeModel swaggerChallange = ctfOptions?.CtfChallanges
.Where(x => x.Type == CtfChallengeTypes.Swagger)
.Single();
x.SwaggerDoc("v1", new Microsoft.OpenApi.Models.OpenApiInfo {
Title = "BankWeb API", Version = "v1", Description = swaggerChallange?.Flag
});
}
else
{
x.SwaggerDoc("v1", new Microsoft.OpenApi.Models.OpenApiInfo {
Title = "BankWeb API", Version = "v1"
});
}
string xmlPath = System.IO.Path.Combine(AppContext.BaseDirectory, $"{System.Reflection.Assembly.GetExecutingAssembly().GetName().Name}.xml");
x.IncludeXmlComments(xmlPath);
});
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
AppSettings appSettings = Configuration.GetSection("AppSettings").Get <AppSettings>();
if (appSettings != null)
{
services.Configure <AppSettings>(options =>
{
options.StoreEndpoint = appSettings.StoreEndpoint;
options.SmtpCredentials = appSettings.SmtpCredentials;
options.IgnoreEmails = string.IsNullOrEmpty(appSettings.SmtpCredentials.Ip);
options.BaseUrl = appSettings.BaseUrl;
});
}
else
{
throw new Exception("Appsettings cannot be null");
}
DatabaseSettings customerDbSettings = Configuration.GetSection("DatabaseConnections:SecureBankMSSQL").Get <DatabaseSettings>();
if (customerDbSettings != null)
{
string customerConnectionString = string.Format("Server={0},{1};Database={2};User Id={3};Password={4}",
customerDbSettings.Server,
customerDbSettings.ServerPort,
customerDbSettings.Database,
customerDbSettings.UserId,
customerDbSettings.UserPass);
_logger.Info(customerConnectionString);
// configure mssql
services.AddDbContext <PortalDBContext>(options => options.UseSqlServer(customerConnectionString));
}
else
{
//configure sqlite
services.AddDbContext <PortalDBContext>(options => options.UseSqlite("Filename=./customerDB.db"));
}
services.AddTransient <IActionContextAccessor, ActionContextAccessor>();
services.AddTransient <ITransactionDAO, TransactionDAO>();
services.AddTransient <IUserDAO, UserDAO>();
services.AddTransient <IDbInitializer, DbInitializer>();
services.AddScoped <StoreAPICalls>();
services.AddTransient <IEmailSender, EmailSender>();
services.AddScoped <IUserBL, UserBL>();
services.AddScoped <ITransactionBL, TransactionBL>();
services.AddScoped <IStoreBL, StoreBL>();
services.AddScoped <IPortalSearchBL, PortalSearchBL>();
services.AddScoped <IAuthBL, AuthBL>();
services.AddScoped <IUploadFileBL, UploadFileBL>();
services.AddScoped <IAdminBL, AdminBL>();
services.AddScoped <IAdminStoreBL, AdminStoreBL>();
services.AddAuthorization(options =>
{
AuthorizationPolicyBuilder defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder();
defaultAuthorizationPolicyBuilder.RequireAssertion(x => true);
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
services.AddSingleton <IAuthorizeService, AuthorizeService>();
services.AddSingleton <IUserExtensions, UserExtensions>();
services.AddSingleton <ICookieService, CookieService>();
CtfOptions ctfOptions = null;
if (appSettings?.Ctf?.Enabled ?? false)
{
ctfOptions = services.ConfigureCtf(Configuration);
}
else
{
ctfOptions = services.ConfigureWithoutCtf(Configuration);
}
services.AddControllersWithViews(options =>
{
options.Filters.Add(new GlobalExceptionFilter());
});
services.AddDirectoryBrowser();
services.AddSwaggerGen(x =>
{
x.SwaggerDoc("v1", new Microsoft.OpenApi.Models.OpenApiInfo {
Title = "BankWeb API", Version = "v1"
});
string xmlPath = Path.Combine(AppContext.BaseDirectory, $"{System.Reflection.Assembly.GetExecutingAssembly().GetName().Name}.xml");
x.IncludeXmlComments(xmlPath);
});
}
// This policy is internal and required for the extension method explained further below. // You CANNOT use this policy in your controllers or pages. internal static void PolicyConfigurationFailedFallback(AuthorizationPolicyBuilder builder) => builder.RequireAssertion(context => false);