// this Func is passed optionally in to app.UseCloudscribeCore // to wire up identity server integration at the right point in the middleware pipeline private bool IdentityServerIntegratorFunc(IApplicationBuilder builder, cloudscribe.Core.Models.ISiteContext tenant) { // to make this multi tenant for folders // using a fork of IdentityServer4 and hoping to get changes so we don't need a fork // https://github.com/IdentityServer/IdentityServer4/issues/19 builder.UseIdentityServer(); // this sets up the authentication for apis within this application endpoint // ie apis that are hosted in the same web app endpoint with the authority server // this is not needed here if you are only using separate api endpoints // it is needed in the startup of those separate endpoints //builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions //{ // Authority = "https://localhost:51408", // // using the site aliasid as the scope so each tenant has a different scope // // you can view the aliasid from site settings // // clients must be configured with the scope to have access to the apis for the tenant // ApiName = tenant.AliasId, // RequireHttpsMetadata = SslIsAvailable //}); return(true); }
// this Func is passed optionally in to app.UseCloudscribeCore // to wire up identity server integration at the right point in the middleware pipeline private bool IdentityServerIntegratorFunc(IApplicationBuilder builder, cloudscribe.Core.Models.ISiteContext tenant) { builder.UseIdentityServer(); //// this sets up the authentication for apis within this application endpoint //// ie apis that are hosted in the same web app endpoint with the authority server //// this is not needed here if you are only using separate api endpoints //// it is needed in the startup of those separate endpoints //// note that with both cookie auth and jwt auth middleware the principal is merged from both the cookie and the jwt token if it is passed //builder.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions //{ // Authority = "https://localhost:44399", // // using the site aliasid as the scope so each tenant has a different scope // // you can view the aliasid from site settings // // clients must be configured with the scope to have access to the apis for the tenant // ApiName = tenant.AliasId, // //RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", // //AuthenticationScheme = AuthenticationScheme.Application, // RequireHttpsMetadata = SslIsAvailable //}); return(true); }