예제 #1
0
        public async Task StoreTokenAsync_WhenTokenWasGenerated_AssertProtectWasCalledOnDataProtectorWithTokenByteArray()
        {
            ITokenHelper sut = CreateSut();

            IRefreshableToken token = new RefreshableToken(_fixture.Create <string>(), _fixture.Create <string>(), _fixture.Create <string>(), _fixture.Create <DateTime>());

            HttpContext httpContext = CreateHttpContext();
            string      base64Token = token.ToBase64();
            await sut.StoreTokenAsync(httpContext, base64Token);

            _dataProtectorMock.Verify(m => m.Protect(It.Is <byte[]>(value => value != null && string.CompareOrdinal(Encoding.UTF8.GetString(value), Encoding.UTF8.GetString(token.ToByteArray())) == 0)), Times.Once);
        }
예제 #2
0
        public void ConfigureServices(IServiceCollection services)
        {
            NullGuard.NotNull(services, nameof(services));

            services.Configure <ForwardedHeadersOptions>(opt =>
            {
                opt.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
                opt.KnownNetworks.Clear();
                opt.KnownProxies.Clear();
            });

            services.Configure <CookiePolicyOptions>(opt =>
            {
                opt.CheckConsentNeeded    = context => true;
                opt.MinimumSameSitePolicy = SameSiteMode.None;
                opt.Secure = CookieSecurePolicy.SameAsRequest;
            });

            services.AddDataProtection()
            .SetApplicationName("OSDevGrp.OSIntranet.Mvc")
            .UseEphemeralDataProtectionProvider()
            .SetDefaultKeyLifetime(new TimeSpan(30, 0, 0, 0));

            services.AddAntiforgery();

            services.AddControllersWithViews(opt => opt.Filters.Add(typeof(AcquireTokenActionFilter)))
            .AddJsonOptions(opt =>
            {
                opt.JsonSerializerOptions.Converters.Add(new JsonStringEnumConverter());
                opt.JsonSerializerOptions.Converters.Add(new DecimalFormatJsonConverter());
                opt.JsonSerializerOptions.Converters.Add(new NullableDecimalFormatJsonConverter());
                opt.JsonSerializerOptions.DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull;
            });
            services.AddRazorPages();

            services.AddAuthentication(opt =>
            {
                opt.DefaultScheme       = "OSDevGrp.OSIntranet.Internal";
                opt.DefaultSignInScheme = "OSDevGrp.OSIntranet.External";
            })
            .AddCookie("OSDevGrp.OSIntranet.Internal", opt =>
            {
                opt.LoginPath              = "/Account/Login";
                opt.LogoutPath             = "/Account/Logoff";
                opt.ExpireTimeSpan         = new TimeSpan(0, 60, 0);
                opt.Cookie.SameSite        = SameSiteMode.None;
                opt.Cookie.SecurePolicy    = CookieSecurePolicy.SameAsRequest;
                opt.DataProtectionProvider = DataProtectionProvider.Create("OSDevGrp.OSIntranet.Mvc");
            })
            .AddCookie("OSDevGrp.OSIntranet.External", opt =>
            {
                opt.LoginPath              = "/Account/Login";
                opt.LogoutPath             = "/Account/Logoff";
                opt.ExpireTimeSpan         = new TimeSpan(0, 0, 10);
                opt.Cookie.SameSite        = SameSiteMode.None;
                opt.Cookie.SecurePolicy    = CookieSecurePolicy.SameAsRequest;
                opt.DataProtectionProvider = DataProtectionProvider.Create("OSDevGrp.OSIntranet.Mvc");
            })
            .AddMicrosoftAccount(opt =>
            {
                opt.ClientId     = Configuration["Security:Microsoft:ClientId"];
                opt.ClientSecret = Configuration["Security:Microsoft:ClientSecret"];
                opt.SignInScheme = "OSDevGrp.OSIntranet.External";
                opt.CorrelationCookie.SameSite     = SameSiteMode.None;
                opt.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                opt.SaveTokens = true;
                opt.Scope.Clear();
                opt.Scope.Add("User.Read");
                opt.Scope.Add("Contacts.ReadWrite");
                opt.Scope.Add("offline_access");
                opt.Events.OnCreatingTicket += o =>
                {
                    double seconds = o.ExpiresIn?.TotalSeconds ?? 0;
                    IRefreshableToken refreshableToken = new RefreshableToken(o.TokenType, o.AccessToken, o.RefreshToken, DateTime.UtcNow.AddSeconds(seconds));
                    o.Properties.Items.Add($".{TokenType.MicrosoftGraphToken}", refreshableToken.ToBase64());
                    return(Task.CompletedTask);
                };
                opt.DataProtectionProvider = DataProtectionProvider.Create("OSDevGrp.OSIntranet.Mvc");
            })
            .AddGoogle(opt =>
            {
                opt.ClientId     = Configuration["Security:Google:ClientId"];
                opt.ClientSecret = Configuration["Security:Google:ClientSecret"];
                opt.SignInScheme = "OSDevGrp.OSIntranet.External";
                opt.CorrelationCookie.SameSite     = SameSiteMode.None;
                opt.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                opt.DataProtectionProvider         = DataProtectionProvider.Create("OSDevGrp.OSIntranet.Mvc");
            });
            services.AddAuthorization(opt =>
            {
                opt.AddPolicy("SecurityAdmin", policy => policy.RequireClaim(ClaimHelper.SecurityAdminClaimType));
                opt.AddPolicy("Accounting", policy => policy.RequireClaim(ClaimHelper.AccountingClaimType));
                opt.AddPolicy("CommonData", policy => policy.RequireClaim(ClaimHelper.CommonDataClaimType));
                opt.AddPolicy("Contacts", policy => policy.RequireClaim(ClaimHelper.ContactsClaimType));
            });

            services.AddHealthChecks();

            services.AddCommandBus().AddCommandHandlers(typeof(AuthenticateCommandHandlerBase <,>).Assembly);
            services.AddQueryBus().AddQueryHandlers(typeof(AuthenticateCommandHandlerBase <,>).Assembly);
            services.AddEventPublisher();
            services.AddResolvers();
            services.AddDomainLogic();
            services.AddRepositories();
            services.AddBusinessLogicValidators();
            services.AddBusinessLogicHelpers();

            services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
            services.AddTransient <IPrincipalResolver, PrincipalResolver>();
            services.AddTransient <ITrustedDomainHelper, TrustedDomainHelper>();
            services.AddTransient <ITokenHelperFactory, TokenHelperFactory>();
            services.AddTransient <ITokenHelper, MicrosoftGraphTokenHelper>();
        }