public static IIdentityServerBuilder AddCustomIdentityServerServices( this IServiceCollection services, IWebHostEnvironment env, GlobalSettings globalSettings) { var issuerUri = new Uri(globalSettings.BaseServiceUri.InternalIdentity); var identityServerBuilder = services .AddIdentityServer(options => { options.Endpoints.EnableAuthorizeEndpoint = false; options.Endpoints.EnableIntrospectionEndpoint = false; options.Endpoints.EnableEndSessionEndpoint = false; options.Endpoints.EnableUserInfoEndpoint = false; options.Endpoints.EnableCheckSessionEndpoint = false; options.Endpoints.EnableTokenRevocationEndpoint = false; options.IssuerUri = $"{issuerUri.Scheme}://{issuerUri.Host}"; options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0); }) .AddInMemoryCaching() .AddInMemoryApiResources(ApiResources.GetApiResources()) .AddClientStoreCache <ClientStore>(); if (env.IsDevelopment()) { identityServerBuilder.AddDeveloperSigningCredential(false); } else if (globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword) && File.Exists("identity.pfx")) { var identityServerCert = CoreHelpers.GetCertificate("identity.pfx", globalSettings.IdentityServer.CertificatePassword); identityServerBuilder.AddSigningCredential(identityServerCert); } else if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificateThumbprint)) { var identityServerCert = CoreHelpers.GetCertificate( globalSettings.IdentityServer.CertificateThumbprint); identityServerBuilder.AddSigningCredential(identityServerCert); } else if (!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString) && CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword)) { var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString); var identityServerCert = CoreHelpers.GetBlobCertificateAsync(storageAccount, "certificates", "identity.pfx", globalSettings.IdentityServer.CertificatePassword).GetAwaiter().GetResult(); identityServerBuilder.AddSigningCredential(identityServerCert); } else { throw new Exception("No identity certificate to use."); } services.AddTransient <ClientStore>(); services.AddTransient <ICorsPolicyService, AllowAllCorsPolicyService>(); services.AddScoped <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>(); services.AddScoped <IProfileService, ProfileService>(); services.AddSingleton <IPersistedGrantStore, PersistedGrantStore>(); return(identityServerBuilder); }
public static void AddCustomDataProtectionServices( this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings) { if (env.IsDevelopment()) { return; } if (globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.DataProtection.Directory)) { services.AddDataProtection() .PersistKeysToFileSystem(new DirectoryInfo(globalSettings.DataProtection.Directory)); } if (!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString)) { var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString); X509Certificate2 dataProtectionCert = null; if (CoreHelpers.SettingHasValue(globalSettings.DataProtection.CertificateThumbprint)) { dataProtectionCert = CoreHelpers.GetCertificate( globalSettings.DataProtection.CertificateThumbprint); } else if (CoreHelpers.SettingHasValue(globalSettings.DataProtection.CertificatePassword)) { dataProtectionCert = CoreHelpers.GetBlobCertificateAsync(storageAccount, "certificates", "dataprotection.pfx", globalSettings.DataProtection.CertificatePassword) .GetAwaiter().GetResult(); } services.AddDataProtection() .PersistKeysToAzureBlobStorage(storageAccount, "aspnet-dataprotection/keys.xml") .ProtectKeysWithCertificate(dataProtectionCert); } }
public static IIdentityServerBuilder AddIdentityServerCertificate( this IIdentityServerBuilder identityServerBuilder, IWebHostEnvironment env, GlobalSettings globalSettings) { if (globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword) && File.Exists("identity.pfx")) { var identityServerCert = CoreHelpers.GetCertificate("identity.pfx", globalSettings.IdentityServer.CertificatePassword); identityServerBuilder.AddSigningCredential(identityServerCert); } else if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificateThumbprint)) { var identityServerCert = CoreHelpers.GetCertificate( globalSettings.IdentityServer.CertificateThumbprint); identityServerBuilder.AddSigningCredential(identityServerCert); } else if (!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString) && CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword)) { var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString); var identityServerCert = CoreHelpers.GetBlobCertificateAsync(storageAccount, "certificates", "identity.pfx", globalSettings.IdentityServer.CertificatePassword).GetAwaiter().GetResult(); identityServerBuilder.AddSigningCredential(identityServerCert); } else if (env.IsDevelopment()) { identityServerBuilder.AddDeveloperSigningCredential(false); } else { throw new Exception("No identity certificate to use."); } return(identityServerBuilder); }