예제 #1
0
        private void SetupIdentity(IServiceCollection services)
        {
            var isDemo = bool.Parse(Configuration["DemoSiteMode"]);

            // Identity options.
            services.Configure <IdentityOptions>(options =>
            {
                // Password settings.
                if (isDemo)
                {
                    options.Password.RequireDigit           = false;
                    options.Password.RequireNonAlphanumeric = false;
                    options.Password.RequireUppercase       = false;
                    options.Password.RequireLowercase       = false;
                }
                else
                {
                    options.Password.RequireDigit           = true;
                    options.Password.RequireNonAlphanumeric = true;
                    options.Password.RequireUppercase       = true;
                    options.Password.RequireLowercase       = true;
                }

                options.Password.RequiredLength = 8;
                options.User.RequireUniqueEmail = true;
            });

            var accessTokenLifetime  = int.Parse(Configuration["AccessTokenLifetime"]);
            var refreshTokenLifetime = int.Parse(Configuration["RefreshTokenLifetime"]);

            if (isDemo)
            {
                services.AddIdentityServer()
                .AddDeveloperSigningCredential()
                .AddInMemoryIdentityResources(Config.GetIdentityResources())
                .AddInMemoryApiResources(Config.GetApiResources())
                .AddInMemoryClients(Config.GetClients(accessTokenLifetime, refreshTokenLifetime))
                .AddAspNetIdentity <ApplicationUser>()
                .AddResourceOwnerValidator <ResourceOwnerPasswordValidator>()
                .AddProfileService <IdentityWithAdditionalClaimsProfileService>();
            }
            else
            {
                var cert = new X509Certificate2("coraltime.pfx", "", X509KeyStorageFlags.MachineKeySet);

                services.AddIdentityServer()
                .AddInMemoryIdentityResources(Config.GetIdentityResources())
                .AddInMemoryApiResources(Config.GetApiResources())
                .AddInMemoryClients(Config.GetClients(accessTokenLifetime, refreshTokenLifetime))
                .AddAspNetIdentity <ApplicationUser>()
                .AddResourceOwnerValidator <ResourceOwnerPasswordValidator>()
                .AddSigningCredential(cert).AddAppAuthRedirectUriValidator()
                .AddProfileService <IdentityWithAdditionalClaimsProfileService>();
            }

            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = "Bearer";
                options.DefaultChallengeScheme    = "Bearer";
                options.DefaultForbidScheme       = "Identity.Application";
            }).AddJwtBearer(options =>
            {
                // name of the API resource
                options.Audience             = "WebAPI";
                options.Authority            = Configuration["Authority"];
                options.RequireHttpsMetadata = false;
            });

            services.AddAuthorization(options =>
            {
                Config.CreateAuthorizatoinOptions(options);
            });
        }