// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
#if SharedAccessKeyAuth
#error Please provide a valid secret provider, for example Azure Key Vault: https://security.arcus-azure.net/features/secrets/consume-from-key-vault
services.AddSingleton <ICachedSecretProvider>(serviceProvider => new CachedSecretProvider(secretProvider: null));
#endif
#if CertificateAuth
var certificateAuthenticationConfig =
new CertificateAuthenticationConfigBuilder()
.WithSubject(X509ValidationLocation.Configuration, "CertificateSubject")
.Build();
services.AddScoped(serviceProvider => new CertificateAuthenticationValidator(certificateAuthenticationConfig));
#endif
services.AddControllers(options =>
{
options.ReturnHttpNotAcceptable = true;
options.RespectBrowserAcceptHeader = true;
RestrictToJsonContentType(options);
AddEnumAsStringRepresentation(options);
#if SharedAccessKeyAuth
#warning Please provide a valid request header name and secret name to the shared access filter
options.Filters.Add(new SharedAccessKeyAuthenticationFilter(headerName: "YOUR REQUEST HEADER NAME", queryParameterName: null, secretName: "YOUR SECRET NAME"));
#endif
#if CertificateAuth
options.Filters.Add(new CertificateAuthenticationFilter());
#endif
});
services.AddHealthChecks();
#if ExcludeCorrelation
#else
services.AddCorrelation();
#endif
#if ExcludeOpenApi
#else
//[#if DEBUG]
var openApiInformation = new OpenApiInfo
{
Title = "Arcus.Templates.WebApi",
Version = "v1"
};
services.AddSwaggerGen(swaggerGenerationOptions =>
{
swaggerGenerationOptions.SwaggerDoc("v1", openApiInformation);
swaggerGenerationOptions.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "Arcus.Templates.WebApi.Open-Api.xml"));
});
//[#endif]
#endif
}
private static void ConfigureServices(WebApplicationBuilder builder, IConfiguration configuration)
{
#if CertificateAuth
var certificateAuthenticationConfig =
new CertificateAuthenticationConfigBuilder()
.WithSubject(X509ValidationLocation.Configuration, "CertificateSubject")
.Build();
builder.Services.AddScoped(serviceProvider => new CertificateAuthenticationValidator(certificateAuthenticationConfig));
#endif
builder.Services.AddRouting(options =>
{
options.LowercaseUrls = true;
options.LowercaseQueryStrings = true;
});
builder.Services.AddControllers(options =>
{
options.ReturnHttpNotAcceptable = true;
options.RespectBrowserAcceptHeader = true;
RestrictToJsonContentType(options);
ConfigureJsonFormatters(options);
#if SharedAccessKeyAuth
#warning Please provide a valid request header name and secret name to the shared access filter
options.Filters.Add(new SharedAccessKeyAuthenticationFilter(headerName: SharedAccessKeyHeaderName, queryParameterName: null, secretName: "<your-secret-name>"));
#endif
#if CertificateAuth
options.Filters.Add(new CertificateAuthenticationFilter());
#endif
#if JwtAuth
AuthorizationPolicy policy =
new AuthorizationPolicyBuilder()
.RequireRole("Admin")
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
#endif
});
#if JwtAuth
#error Use previously registered secret provider, for example Azure Key Vault: https://security.arcus-azure.net/features/secrets/consume-from-key-vault
ISecretProvider secretProvider = null;
builder.Services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
string key = secretProvider.GetRawSecretAsync("JwtSigningKey").GetAwaiter().GetResult();
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)),
ValidateIssuer = true,
ValidIssuer = configuration.GetValue <string>("Jwt:Issuer"),
ValidateAudience = true,
ValidAudience = configuration.GetValue <string>("Jwt:Audience")
};
});
#endif
builder.Services.AddHealthChecks();
#if (ExcludeCorrelation == false)
builder.Services.AddHttpCorrelation();
#endif
#if (ExcludeOpenApi == false)
#warning Be careful of exposing sensitive information with the OpenAPI document, only expose what's necessary and hide everything else.
var openApiInformation = new OpenApiInfo
{
Title = "Arcus.Templates.WebApi",
Version = "v1"
};
builder.Services.AddSwaggerGen(swaggerGenerationOptions =>
{
swaggerGenerationOptions.SwaggerDoc("v1", openApiInformation);
swaggerGenerationOptions.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "Arcus.Templates.WebApi.Open-Api.xml"));
swaggerGenerationOptions.ExampleFilters();
#if (ExcludeCorrelation == false)
swaggerGenerationOptions.OperationFilter <AddHeaderOperationFilter>("X-Transaction-Id", "Transaction ID is used to correlate multiple operation calls. A new transaction ID will be generated if not specified.", false);
swaggerGenerationOptions.OperationFilter <AddResponseHeadersFilter>();
#endif
#if SharedAccessKeyAuth
swaggerGenerationOptions.AddSecurityDefinition("shared-access-key", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.ApiKey,
In = ParameterLocation.Header,
Name = SharedAccessKeyHeaderName,
Description = "Authentication scheme based on shared access key"
});
swaggerGenerationOptions.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Description = "Globally authentication scheme based on shared access key",
Reference = new OpenApiReference
{
Id = "shared-access-key",
Type = ReferenceType.SecurityScheme
}
}, new List <string>()
}
});
#endif
#if CertificateAuth
swaggerGenerationOptions.AddSecurityDefinition("certificate", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.ApiKey,
In = ParameterLocation.Header,
Name = "X-ARR-ClientCert",
Description = "Authentication scheme based on client certificate"
});
swaggerGenerationOptions.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Description = "Globally authentication scheme based on client certificate",
Reference = new OpenApiReference
{
Id = "certificate",
Type = ReferenceType.SecurityScheme
}
}, new List <string>()
}
});
#endif
#if JwtAuth
swaggerGenerationOptions.AddSecurityDefinition("jwt", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.Http,
Description = "Authentication scheme based on JWT"
});
swaggerGenerationOptions.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Description = "Globally authentication scheme based on JWT",
Reference = new OpenApiReference
{
Id = "jwt",
Type = ReferenceType.SecurityScheme
}
}, new List <string>()
}
});
#endif
});
builder.Services.AddSwaggerExamplesFromAssemblyOf <HealthReportResponseExampleProvider>();
#endif
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
#if (SharedAccessKeyAuth || JwtAuth)
#error Please provide a valid secret provider, for example Azure Key Vault: https://security.arcus-azure.net/features/secrets/consume-from-key-vault
services.AddSingleton <ICachedSecretProvider>(serviceProvider => new CachedSecretProvider(secretProvider: null));
#endif
#if CertificateAuth
var certificateAuthenticationConfig =
new CertificateAuthenticationConfigBuilder()
.WithSubject(X509ValidationLocation.Configuration, "CertificateSubject")
.Build();
services.AddScoped(serviceProvider => new CertificateAuthenticationValidator(certificateAuthenticationConfig));
#endif
services.AddControllers(options =>
{
options.ReturnHttpNotAcceptable = true;
options.RespectBrowserAcceptHeader = true;
RestrictToJsonContentType(options);
AddEnumAsStringRepresentation(options);
#if SharedAccessKeyAuth
#warning Please provide a valid request header name and secret name to the shared access filter
options.Filters.Add(new SharedAccessKeyAuthenticationFilter(headerName: "YOUR REQUEST HEADER NAME", queryParameterName: null, secretName: "YOUR SECRET NAME"));
#endif
#if CertificateAuth
options.Filters.Add(new CertificateAuthenticationFilter());
#endif
#if JwtAuth
AuthorizationPolicy policy =
new AuthorizationPolicyBuilder()
.RequireRole("Admin")
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
#endif
});
#if JwtAuth
#error Use previously registered secret provider, for example Azure Key Vault: https://security.arcus-azure.net/features/secrets/consume-from-key-vault
ISecretProvider secretProvider = null;
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
string key = secretProvider.Get("JwtSigningKey").GetAwaiter().GetResult();
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)),
ValidateIssuer = true,
ValidIssuer = Configuration.GetValue <string>("Jwt:Issuer"),
ValidateAudience = true,
ValidAudience = Configuration.GetValue <string>("Jwt:Audience")
};
});
#endif
services.AddHealthChecks();
#if ExcludeCorrelation
#else
services.AddCorrelation();
#endif
#if ExcludeOpenApi
#else
//[#if DEBUG]
var openApiInformation = new OpenApiInfo
{
Title = "Arcus.Templates.WebApi",
Version = "v1"
};
services.AddSwaggerGen(swaggerGenerationOptions =>
{
swaggerGenerationOptions.SwaggerDoc("v1", openApiInformation);
swaggerGenerationOptions.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "Arcus.Templates.WebApi.Open-Api.xml"));
});
//[#endif]
#endif
}
