// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { #if SharedAccessKeyAuth #error Please provide a valid secret provider, for example Azure Key Vault: https://security.arcus-azure.net/features/secrets/consume-from-key-vault services.AddSingleton <ICachedSecretProvider>(serviceProvider => new CachedSecretProvider(secretProvider: null)); #endif #if CertificateAuth var certificateAuthenticationConfig = new CertificateAuthenticationConfigBuilder() .WithSubject(X509ValidationLocation.Configuration, "CertificateSubject") .Build(); services.AddScoped(serviceProvider => new CertificateAuthenticationValidator(certificateAuthenticationConfig)); #endif services.AddControllers(options => { options.ReturnHttpNotAcceptable = true; options.RespectBrowserAcceptHeader = true; RestrictToJsonContentType(options); AddEnumAsStringRepresentation(options); #if SharedAccessKeyAuth #warning Please provide a valid request header name and secret name to the shared access filter options.Filters.Add(new SharedAccessKeyAuthenticationFilter(headerName: "YOUR REQUEST HEADER NAME", queryParameterName: null, secretName: "YOUR SECRET NAME")); #endif #if CertificateAuth options.Filters.Add(new CertificateAuthenticationFilter()); #endif }); services.AddHealthChecks(); #if ExcludeCorrelation #else services.AddCorrelation(); #endif #if ExcludeOpenApi #else //[#if DEBUG] var openApiInformation = new OpenApiInfo { Title = "Arcus.Templates.WebApi", Version = "v1" }; services.AddSwaggerGen(swaggerGenerationOptions => { swaggerGenerationOptions.SwaggerDoc("v1", openApiInformation); swaggerGenerationOptions.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "Arcus.Templates.WebApi.Open-Api.xml")); }); //[#endif] #endif }
private static void ConfigureServices(WebApplicationBuilder builder, IConfiguration configuration) { #if CertificateAuth var certificateAuthenticationConfig = new CertificateAuthenticationConfigBuilder() .WithSubject(X509ValidationLocation.Configuration, "CertificateSubject") .Build(); builder.Services.AddScoped(serviceProvider => new CertificateAuthenticationValidator(certificateAuthenticationConfig)); #endif builder.Services.AddRouting(options => { options.LowercaseUrls = true; options.LowercaseQueryStrings = true; }); builder.Services.AddControllers(options => { options.ReturnHttpNotAcceptable = true; options.RespectBrowserAcceptHeader = true; RestrictToJsonContentType(options); ConfigureJsonFormatters(options); #if SharedAccessKeyAuth #warning Please provide a valid request header name and secret name to the shared access filter options.Filters.Add(new SharedAccessKeyAuthenticationFilter(headerName: SharedAccessKeyHeaderName, queryParameterName: null, secretName: "<your-secret-name>")); #endif #if CertificateAuth options.Filters.Add(new CertificateAuthenticationFilter()); #endif #if JwtAuth AuthorizationPolicy policy = new AuthorizationPolicyBuilder() .RequireRole("Admin") .RequireAuthenticatedUser() .Build(); options.Filters.Add(new AuthorizeFilter(policy)); #endif }); #if JwtAuth #error Use previously registered secret provider, for example Azure Key Vault: https://security.arcus-azure.net/features/secrets/consume-from-key-vault ISecretProvider secretProvider = null; builder.Services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(x => { string key = secretProvider.GetRawSecretAsync("JwtSigningKey").GetAwaiter().GetResult(); x.SaveToken = true; x.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)), ValidateIssuer = true, ValidIssuer = configuration.GetValue <string>("Jwt:Issuer"), ValidateAudience = true, ValidAudience = configuration.GetValue <string>("Jwt:Audience") }; }); #endif builder.Services.AddHealthChecks(); #if (ExcludeCorrelation == false) builder.Services.AddHttpCorrelation(); #endif #if (ExcludeOpenApi == false) #warning Be careful of exposing sensitive information with the OpenAPI document, only expose what's necessary and hide everything else. var openApiInformation = new OpenApiInfo { Title = "Arcus.Templates.WebApi", Version = "v1" }; builder.Services.AddSwaggerGen(swaggerGenerationOptions => { swaggerGenerationOptions.SwaggerDoc("v1", openApiInformation); swaggerGenerationOptions.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "Arcus.Templates.WebApi.Open-Api.xml")); swaggerGenerationOptions.ExampleFilters(); #if (ExcludeCorrelation == false) swaggerGenerationOptions.OperationFilter <AddHeaderOperationFilter>("X-Transaction-Id", "Transaction ID is used to correlate multiple operation calls. A new transaction ID will be generated if not specified.", false); swaggerGenerationOptions.OperationFilter <AddResponseHeadersFilter>(); #endif #if SharedAccessKeyAuth swaggerGenerationOptions.AddSecurityDefinition("shared-access-key", new OpenApiSecurityScheme { Type = SecuritySchemeType.ApiKey, In = ParameterLocation.Header, Name = SharedAccessKeyHeaderName, Description = "Authentication scheme based on shared access key" }); swaggerGenerationOptions.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme { Description = "Globally authentication scheme based on shared access key", Reference = new OpenApiReference { Id = "shared-access-key", Type = ReferenceType.SecurityScheme } }, new List <string>() } }); #endif #if CertificateAuth swaggerGenerationOptions.AddSecurityDefinition("certificate", new OpenApiSecurityScheme { Type = SecuritySchemeType.ApiKey, In = ParameterLocation.Header, Name = "X-ARR-ClientCert", Description = "Authentication scheme based on client certificate" }); swaggerGenerationOptions.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme { Description = "Globally authentication scheme based on client certificate", Reference = new OpenApiReference { Id = "certificate", Type = ReferenceType.SecurityScheme } }, new List <string>() } }); #endif #if JwtAuth swaggerGenerationOptions.AddSecurityDefinition("jwt", new OpenApiSecurityScheme { Type = SecuritySchemeType.Http, Description = "Authentication scheme based on JWT" }); swaggerGenerationOptions.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme { Description = "Globally authentication scheme based on JWT", Reference = new OpenApiReference { Id = "jwt", Type = ReferenceType.SecurityScheme } }, new List <string>() } }); #endif }); builder.Services.AddSwaggerExamplesFromAssemblyOf <HealthReportResponseExampleProvider>(); #endif }
// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { #if (SharedAccessKeyAuth || JwtAuth) #error Please provide a valid secret provider, for example Azure Key Vault: https://security.arcus-azure.net/features/secrets/consume-from-key-vault services.AddSingleton <ICachedSecretProvider>(serviceProvider => new CachedSecretProvider(secretProvider: null)); #endif #if CertificateAuth var certificateAuthenticationConfig = new CertificateAuthenticationConfigBuilder() .WithSubject(X509ValidationLocation.Configuration, "CertificateSubject") .Build(); services.AddScoped(serviceProvider => new CertificateAuthenticationValidator(certificateAuthenticationConfig)); #endif services.AddControllers(options => { options.ReturnHttpNotAcceptable = true; options.RespectBrowserAcceptHeader = true; RestrictToJsonContentType(options); AddEnumAsStringRepresentation(options); #if SharedAccessKeyAuth #warning Please provide a valid request header name and secret name to the shared access filter options.Filters.Add(new SharedAccessKeyAuthenticationFilter(headerName: "YOUR REQUEST HEADER NAME", queryParameterName: null, secretName: "YOUR SECRET NAME")); #endif #if CertificateAuth options.Filters.Add(new CertificateAuthenticationFilter()); #endif #if JwtAuth AuthorizationPolicy policy = new AuthorizationPolicyBuilder() .RequireRole("Admin") .RequireAuthenticatedUser() .Build(); options.Filters.Add(new AuthorizeFilter(policy)); #endif }); #if JwtAuth #error Use previously registered secret provider, for example Azure Key Vault: https://security.arcus-azure.net/features/secrets/consume-from-key-vault ISecretProvider secretProvider = null; services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(x => { string key = secretProvider.Get("JwtSigningKey").GetAwaiter().GetResult(); x.SaveToken = true; x.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)), ValidateIssuer = true, ValidIssuer = Configuration.GetValue <string>("Jwt:Issuer"), ValidateAudience = true, ValidAudience = Configuration.GetValue <string>("Jwt:Audience") }; }); #endif services.AddHealthChecks(); #if ExcludeCorrelation #else services.AddCorrelation(); #endif #if ExcludeOpenApi #else //[#if DEBUG] var openApiInformation = new OpenApiInfo { Title = "Arcus.Templates.WebApi", Version = "v1" }; services.AddSwaggerGen(swaggerGenerationOptions => { swaggerGenerationOptions.SwaggerDoc("v1", openApiInformation); swaggerGenerationOptions.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "Arcus.Templates.WebApi.Open-Api.xml")); }); //[#endif] #endif }