public AccountController(
UserResolver <TUser> userResolver,
UserManager <TUser> userManager,
SignInManager <TUser> signInManager,
IIdentityServerInteractionService interaction,
IClientStore clientStore,
IAuthenticationSchemeProvider schemeProvider,
IEventService events,
IEmailSender emailSender,
IGenericControllerLocalizer <AccountController <TUser, TKey> > localizer,
LoginConfiguration loginConfiguration,
RegisterConfiguration registerConfiguration,
IRootConfiguration rootConfiguration)
{
_userResolver = userResolver;
_userManager = userManager;
_signInManager = signInManager;
_interaction = interaction;
_clientStore = clientStore;
_schemeProvider = schemeProvider;
_events = events;
_emailSender = emailSender;
_localizer = localizer;
_loginConfiguration = loginConfiguration;
_registerConfiguration = registerConfiguration;
_rootConfiguration = rootConfiguration;
}
/// <summary>
/// Add authorization policies
/// </summary>
/// <param name="services"></param>
/// <param name="rootConfiguration"></param>
public static void AddAuthorizationPolicies(this IServiceCollection services,
IRootConfiguration rootConfiguration)
{
services.AddAuthorization(options =>
{
options.AddPolicy(AuthorizationConsts.AdministrationPolicy,
policy => policy.RequireRole(rootConfiguration.AdminConfiguration.AdministrationRole));
});
}
public IdentityController(IIdentityService <TUserDto, TUserDtoKey, TRoleDto, TRoleDtoKey, TUserKey, TRoleKey, TUser, TRole, TKey, TUserClaim, TUserRole, TUserLogin, TRoleClaim, TUserToken,
TUsersDto, TRolesDto, TUserRolesDto, TUserClaimsDto,
TUserProviderDto, TUserProvidersDto, TUserChangePasswordDto, TRoleClaimsDto> identityService,
ILogger <ConfigurationController> logger,
IGenericControllerLocalizer <IdentityController <TUserDto, TUserDtoKey, TRoleDto, TRoleDtoKey, TUserKey, TRoleKey, TUser, TRole, TKey, TUserClaim, TUserRole, TUserLogin, TRoleClaim, TUserToken,
TUsersDto, TRolesDto, TUserRolesDto, TUserClaimsDto,
TUserProviderDto, TUserProvidersDto, TUserChangePasswordDto, TRoleClaimsDto, TUserEmailDto> > localizer, IRootConfiguration configuration) : base(logger)
{
_identityService = identityService;
_localizer = localizer;
_configuration = configuration;
}
/// <summary>
/// Add authorization policies
/// </summary>
/// <param name="services"></param>
/// <param name="rootConfiguration"></param>
public static void AddAuthorizationPolicies(this IServiceCollection services,
IRootConfiguration rootConfiguration)
{
var adminApiConfiguration = services.BuildServiceProvider().GetService <AdminConfiguration>();
services.AddAuthorization(options =>
{
options.AddPolicy(AuthorizationConsts.AdministrationPolicy,
policy =>
policy.RequireAssertion(context => context.User.HasClaim(c =>
(c.Type == JwtClaimTypes.Role && c.Value == adminApiConfiguration.AdministrationRole) ||
(c.Type == $"client_{JwtClaimTypes.Role}" && c.Value == adminApiConfiguration.AdministrationRole)
)
));
});
}
public virtual void RegisterAuthentication(IServiceCollection services, IRootConfiguration rootConfiguration)
{
services.AddAuthenticationServices <AdminIdentityDbContext, UserIdentity, UserIdentityRole>(Configuration);
var builder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddConfigurationStore <IdentityServerConfigurationDbContext>()
.AddOperationalStore <IdentityServerPersistedGrantDbContext>()
.AddAspNetIdentity <UserIdentity>();
builder.AddCustomSigningCredential(Configuration);
builder.AddCustomValidationKey(Configuration);
}
public UserRegistrationController(
ILocalUserService localUserService,
IIdentityServerInteractionService interaction,
IConfiguration configuration,
IRootConfiguration rootConfiguration,
IEmailService emailService,
IWebHostEnvironment environment
)
{
_localUserService = localUserService ??
throw new ArgumentNullException(nameof(localUserService));
_interaction = interaction ??
throw new ArgumentNullException(nameof(interaction));
_configuration = configuration ??
throw new ArgumentNullException(nameof(configuration));
_rootConfiguration = rootConfiguration ??
throw new ArgumentNullException(nameof(rootConfiguration));
_emailService = emailService ??
throw new ArgumentNullException(nameof(emailService));
Environment = environment ??
throw new ArgumentNullException(nameof(environment));
}
public EmailService(IRootConfiguration rootConfiguration)
{
_rootConfiguration = rootConfiguration;
}
public NavManu(IRootConfiguration conf)
{
_conf = conf;
}
public static async Task Initialize(IFileReader configurationFile)
{
var rootConfigurationTask = Build(configurationFile).ConfigureAwait(false);
_rootConfiguration = await rootConfigurationTask;
}
/// <summary>
/// Generate default admin user / role
/// </summary>
private static async Task EnsureSeedIdentityData <TUser, TRole>(UserManager <TUser> userManager,
RoleManager <TRole> roleManager,
ITenantManager tenantManager,
IRootConfiguration rootConfiguration,
SeedData seedData)
where TUser : IdentityUser, new()
where TRole : IdentityRole, new()
{
if (!await roleManager.Roles.AnyAsync())
{
// adding roles from seed
foreach (var r in seedData.Roles)
{
var role = new TRole
{
Name = r.Name
};
var res = await roleManager.CreateAsync(role);
if (res.Succeeded)
{
foreach (var c in r.Claims)
{
await roleManager.AddClaimAsync(role, new System.Security.Claims.Claim(c.Type, c.Value));
}
}
}
}
if (!await tenantManager.Tenants.AnyAsync())
{
foreach (var tenant in seedData.Tenants)
{
var t = new EntityFramework.Shared.Entities.Tenants.Tenant
{
Id = tenant.Id,
Name = tenant.Name,
IsActive = tenant.IsActive,
DatabaseName = tenant.DatabaseName,
Code = tenant.Code,
RequireTwoFactorAuthentication = tenant.RequireTwoFactorAuthentication
};
await tenantManager.CreateAsync(t);
}
}
if (!await userManager.Users.AnyAsync())
{
// adding users from seed
foreach (var u in seedData.Users)
{
var us = new TUser
{
UserName = u.UserName,
Email = u.Email,
EmailConfirmed = u.EmailConfirmed,
TwoFactorEnabled = u.TwoFactorEnabled
};
if (userManager.IsMultiTenant())
{
(us as MultiTenantUserIdentity).TenantId = u.TenantId;
(us as MultiTenantUserIdentity).ApplicationId = u.ApplicationId;
}
// if there is no password we create user without password
// user can reset password later, because accounts have EmailConfirmed set to true
var res = u.Password != null ? await userManager.CreateAsync(us, u.Password) : await userManager.CreateAsync(us);
if (res.Succeeded)
{
foreach (var c in u.Claims)
{
await userManager.AddClaimAsync(us, new System.Security.Claims.Claim(c.Type, c.Value));
}
foreach (var r in u.Roles)
{
await userManager.AddToRoleAsync(us, r);
}
}
}
}
}
public static IServiceCollection AddHttpClients(this IServiceCollection services, IRootConfiguration rootConfiguration)
{
services.AddHttpClient(ConfigurationConsts.MyHttpClient, c =>
{
Log.Debug("RootConfiguration: {@rootConfiguration}", rootConfiguration);
var client = new HttpClient();
var openIdConfiguration = rootConfiguration.OpenIdConfiguration;
var disco = client.GetDiscoveryDocumentAsync(openIdConfiguration.IdentityServerBaseUrl).Result;
if (disco.IsError)
{
throw new Exception(disco.Error);
}
var tokenResponse = client.RequestPasswordTokenAsync(new PasswordTokenRequest
{
Address = disco.TokenEndpoint,
ClientId = openIdConfiguration.ClientId,
ClientSecret = openIdConfiguration.ClientSecret,
UserName = openIdConfiguration.Username,
Password = openIdConfiguration.Password,
Scope = string.Join(" ", openIdConfiguration.Scopes)
}).Result;
c.DefaultRequestHeaders.Add("Authorization", "Bearer " + tokenResponse.AccessToken);
// Other settings
c.BaseAddress = new Uri(rootConfiguration.ResourceConfiguration.ApiBaseUrl);
});
return(services);
}
public AuthorizeCheckOperationFilter(IRootConfiguration rootConfiguration)
{
_adminConfiguration = rootConfiguration.AdminConfiguration;
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, Microsoft.AspNetCore.Hosting.IHostingEnvironment env, ILoggerFactory loggerFactorys, IRootConfiguration rootConfiguration)
{
Log.Logger = new LoggerConfiguration()
.ReadFrom.Configuration(Configuration)
.CreateLogger();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/" + ApiConfigurationConsts.ApiVersionV1 + "/swagger.json", ApiConfigurationConsts.ApiName);
c.OAuthClientId(rootConfiguration.AdminConfiguration.OidcSwaggerUIClientId);
c.OAuthAppName(ApiConfigurationConsts.ApiName);
});
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
//app.UseMvc();
}
public static void Clear()
{
_rootConfiguration = null;
}
public static void Initialize(IRootConfiguration rootConfiguration)
{
_rootConfiguration = rootConfiguration;
}
public IdentityServerLinkViewComponent(IRootConfiguration configuration)
{
_configuration = configuration;
}
public AccountController(ILogger <ConfigurationController> logger, IRootConfiguration rootConfiguration) : base(logger)
{
_rootConfiguration = rootConfiguration;
}
public Worker(ILogger <Worker> logger,
IRootConfiguration rootConfiguration)
{
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_rootConfiguration = rootConfiguration ?? throw new ArgumentNullException(nameof(rootConfiguration));
}
