// This method gets called by the runtime. Use this method to add services to the container. public IServiceProvider ConfigureServices(IServiceCollection services) { services.AddCors(options => { // this defines a CORS policy called "default" options.AddPolicy("default", policy => { policy.AllowAnyOrigin() .AllowAnyHeader() .AllowAnyMethod(); }); }); services.AddDataProtection() .SetApplicationName("identity-server") .PersistKeysToFileSystem(new DirectoryInfo(@"/var/dpkeys/")); services.Configure <MongoDBSettings>(options => { options.ConnectionString = $"mongodb://{Environment.GetEnvironmentVariable("MONGODB_USERNAME")}:{Environment.GetEnvironmentVariable("MONGODB_PASSWORD")}@{Environment.GetEnvironmentVariable("COMPANY_MONGODB_HOST")}:{Environment.GetEnvironmentVariable("COMPANY_MONGODB_PORT")}"; options.Database = $"{Environment.GetEnvironmentVariable("COMPANY_MONGODB_DATABASE_NAME")}"; }); services.AddIdentityWithMongoStoresUsingCustomTypes <ApplicationUser, ApplicationUserRole>($"mongodb://{Environment.GetEnvironmentVariable("MONGODB_USERNAME")}:{Environment.GetEnvironmentVariable("MONGODB_PASSWORD")}@{Environment.GetEnvironmentVariable("USER_MONGODB_HOST")}:{Environment.GetEnvironmentVariable("USER_MONGODB_PORT")}/{Environment.GetEnvironmentVariable("USER_MONGODB_DATABASE_NAME")}") .AddDefaultTokenProviders(); services.Configure <IdentityOptions>(options => { // Password settings options.Password.RequireDigit = false; options.Password.RequiredLength = 6; options.Password.RequireNonAlphanumeric = false; options.Password.RequireUppercase = false; options.Password.RequireLowercase = false; options.Password.RequiredUniqueChars = 5; options.User.RequireUniqueEmail = true; //options.SignIn.RequireConfirmedEmail = true; options.Tokens.EmailConfirmationTokenProvider = "Phone"; }); services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>(); services.AddSingleton <LocService>(); services.AddLocalization(options => options.ResourcesPath = "Resources"); services.AddMvc() .AddViewLocalization() .AddDataAnnotationsLocalization(options => { options.DataAnnotationLocalizerProvider = (type, factory) => { var assemblyName = new AssemblyName(typeof(SharedResource).GetTypeInfo().Assembly.FullName); return(factory.Create("SharedResource", assemblyName.Name)); }; }); services.Configure <RequestLocalizationOptions>( options => { var supportedCultures = new List <CultureInfo> { new CultureInfo("vi-VN"), new CultureInfo("en-US") }; options.DefaultRequestCulture = new RequestCulture("vi-VN"); options.SupportedCultures = supportedCultures; options.SupportedUICultures = supportedCultures; var providerQuery = new LocalizationQueryProvider { QueryParameterName = "ui_locales" }; // Cookie is required for the logout, query parameters at not supported with the endsession endpoint // Only works in the same domain var providerCookie = new LocalizationCookieProvider { CookieName = "defaultLocale" }; //options.RequestCultureProviders.Insert(0, providerCookie); options.RequestCultureProviders.Insert(0, providerQuery); }); services.AddTransient <IProfileService, IdentityWithAdditionalClaimsProfileService>(); services.Configure <IISOptions>(iis => { iis.AuthenticationDisplayName = "Windows"; iis.AutomaticAuthentication = false; }); var dict = new Dictionary <string, string> { { "ConnectionString", $"mongodb://{Environment.GetEnvironmentVariable("MONGODB_USERNAME")}:{Environment.GetEnvironmentVariable("MONGODB_PASSWORD")}@{Environment.GetEnvironmentVariable("IDENTITYSERVER_MONGODB_HOST")}:{Environment.GetEnvironmentVariable("IDENTITYSERVER_MONGODB_PORT")}" }, { "Database", $"{Environment.GetEnvironmentVariable("IDENTITYSERVER_MONGODB_DATABASE_NAME")}" } }; var cfgbuilder = new ConfigurationBuilder(); cfgbuilder.AddInMemoryCollection(dict); var identityServerConfig = cfgbuilder.Build(); services.AddIdentityServer() .AddConfigurationStore(identityServerConfig) .AddOperationalStore(identityServerConfig) .AddDeveloperSigningCredential() .AddExtensionGrantValidator <Extensions.ExtensionGrantValidator>() .AddExtensionGrantValidator <Extensions.NoSubjectExtensionGrantValidator>() .AddJwtBearerClientAuthentication() .AddAppAuthRedirectUriValidator() .AddAspNetIdentity <ApplicationUser>().AddProfileService <IdentityWithAdditionalClaimsProfileService>(); services.AddExternalIdentityProviders(); var builder = new ContainerBuilder(); var timeout = TimeSpan.FromSeconds(10); builder.Register(c => new MessageRequestClient <ICreateCompany, Company>(c.Resolve <IBus>(), new Uri($"rabbitmq://{Environment.GetEnvironmentVariable("RABBITMQ_HOST")}/create_company"), timeout)) .As <IRequestClient <ICreateCompany, Company> >() .SingleInstance(); builder.Register(c => new MessageRequestClient <IUploadLogoCompany, Company>(c.Resolve <IBus>(), new Uri($"rabbitmq://{Environment.GetEnvironmentVariable("RABBITMQ_HOST")}/upload_logo_company"), timeout)) .As <IRequestClient <IUploadLogoCompany, Company> >() .SingleInstance(); builder.Register(c => new MessageRequestClient <ICountSendActiveAccount, ISendActiveAccountCounted>(c.Resolve <IBus>(), new Uri($"rabbitmq://{Environment.GetEnvironmentVariable("RABBITMQ_HOST")}/count_send_active_account"), timeout)) .As <IRequestClient <ICountSendActiveAccount, ISendActiveAccountCounted> >() .SingleInstance(); builder.Register(c => { return(Bus.Factory.CreateUsingRabbitMq(sbc => sbc.Host(new Uri($"rabbitmq://{Environment.GetEnvironmentVariable("RABBITMQ_HOST")}/"), h => { h.Username(Environment.GetEnvironmentVariable("RABBITMQ_USERNAME")); h.Password(Environment.GetEnvironmentVariable("RABBITMQ_PASSWORD")); }) )); }) .As <IBus>() .As <IBusControl>() .As <IPublishEndpoint>() .SingleInstance(); builder.Populate(services); builder.RegisterType <EmailSender>().As <IEmailSender>() .WithParameter("sendGridUser", "apikey") .WithParameter("sendGridKey", "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"); builder.RegisterType <SMSSender>().As <ISMSSender>(); ApplicationContainer = builder.Build(); return(new AutofacServiceProvider(ApplicationContainer)); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { //services.Configure<CookiePolicyOptions>(options => //{ // // This lambda determines whether user consent for non-essential cookies is needed for a given request. // options.CheckConsentNeeded = context => true; // options.MinimumSameSitePolicy = SameSiteMode.None; //}); var useLocalCertStore = Convert.ToBoolean(Configuration["UseLocalCertStore"]); var certificateThumbprint = Configuration["CertificateThumbprint"]; X509Certificate2 cert; if (_environment.IsProduction()) { if (useLocalCertStore) { using (X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false); cert = certs[0]; store.Close(); } } else { // Azure deployment, will be used if deployed to Azure var vaultConfigSection = Configuration.GetSection("Vault"); var keyVaultService = new KeyVaultCertificateService(vaultConfigSection["Url"], vaultConfigSection["ClientId"], vaultConfigSection["ClientSecret"]); cert = keyVaultService.GetCertificateFromKeyVault(vaultConfigSection["CertificateName"]); } } else { cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "damienbodserver.pfx"), ""); } services.Configure <GeneralConfig>(Configuration.GetSection("GeneralConfig")); services.Configure <EmailSettings>(Configuration.GetSection("EmailSettings")); services.Configure <SmtpEmailSettings>(Configuration.GetSection("SmtpEmailSettings")); services.AddSingleton <SmtpClient>((serviceProvider) => { var config = serviceProvider.GetRequiredService <IConfiguration>(); return(new SmtpClient() { Host = config.GetValue <String>("SmtpEmailSettings:Host"), Port = config.GetValue <int>("SmtpEmailSettings:Port"), Credentials = new NetworkCredential( config.GetValue <String>("SmtpEmailSettings:Username"), config.GetValue <String>("SmtpEmailSettings:Password") ), EnableSsl = true, DeliveryMethod = SmtpDeliveryMethod.Network }); }); //services.AddDbContext<ApplicationDbContext>(options => // options.UseSqlite(Configuration.GetConnectionString("DefaultConnection"))); string connectionString = Configuration.GetConnectionString("DefaultConnection"); var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; services.AddDbContext <ApplicationDbContext>(options => options.UseSqlServer(connectionString)); services.AddIdentity <ApplicationUser, IdentityRole>( config => { config.SignIn.RequireConfirmedEmail = true; config.Password.RequireDigit = false; config.Password.RequiredLength = 7; config.Password.RequireLowercase = false; config.Password.RequireNonAlphanumeric = false; config.Password.RequireUppercase = false; }) .AddEntityFrameworkStores <ApplicationDbContext>() .AddDefaultTokenProviders(); var guestPolicy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .RequireClaim("scope", "dataEventRecords") .Build(); services.AddTransient <IProfileService, IdentityWithAdditionalClaimsProfileService>(); services.Configure <IISOptions>(iis => { iis.AuthenticationDisplayName = "Windows"; iis.AutomaticAuthentication = false; }); services.AddIdentityServer(options => { options.Events.RaiseErrorEvents = true; options.Events.RaiseInformationEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseSuccessEvents = true; }) .AddSigningCredential(cert) .AddAspNetIdentity <ApplicationUser>() // this adds the config data from DB (clients, resources) .AddConfigurationStore(options => { options.ConfigureDbContext = b => b.UseSqlServer(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly)); }) // this adds the operational data from DB (codes, tokens, consents) .AddOperationalStore(options => { options.ConfigureDbContext = b => b.UseSqlServer(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly)); // this enables automatic token cleanup. this is optional. options.EnableTokenCleanup = true; // options.TokenCleanupInterval = 15; // frequency in seconds to cleanup stale grants. 15 is useful during debugging }) .AddProfileService <IdentityWithAdditionalClaimsProfileService>(); //services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) // .AddIdentityServerAuthentication(options => // { // options.Authority = Config.HOST_URL + "/"; // options.ApiName = "dataEventRecords"; // options.ApiSecret = "dataEventRecordsSecret"; // options.SupportedTokens = SupportedTokens.Both; // }); //JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); services.AddTransient <IEmailSender, EmailSender>(); //IdentityServerAuthenticationOptions identityServerValidationOptions = new IdentityServerAuthenticationOptions //{ // Authority = Config.HOST_URL + "/", // AllowedScopes = new List<string> { "dataEventRecords" }, // ApiSecret = "dataEventRecordsSecret", // ApiName = "dataEventRecords", // AutomaticAuthenticate = true, // SupportedTokens = SupportedTokens.Both, // // TokenRetriever = _tokenRetriever, // // required if you want to return a 403 and not a 401 for forbidden responses // AutomaticChallenge = true, //}; //app.UseIdentityServerAuthentication(identityServerValidationOptions); services.AddAuthorization(options => { options.AddPolicy("dataEventRecordsAdmin", policyAdmin => { policyAdmin.RequireClaim("role", "dataEventRecords.admin"); }); options.AddPolicy("admin", policyAdmin => { policyAdmin.RequireClaim("role", "admin"); }); options.AddPolicy("dataEventRecordsUser", policyUser => { policyUser.RequireClaim("role", "dataEventRecords.user"); }); options.AddPolicy("dataEventRecords", policyUser => { policyUser.RequireClaim("scope", "dataEventRecords"); }); }); services.AddAuthentication() .AddGoogle(options => { options.ClientId = "708996912208-9m4dkjb5hscn7cjrn5u0r4tbgkbj1fko.apps.googleusercontent.com"; options.ClientSecret = "wdfPY6t8H8cecgjlxud__4Gh"; }); //.AddOpenIdConnect("oidc", "OpenID Connect", options => //{ // options.Authority = "https://demo.identityserver.io/"; // options.ClientId = "implicit"; // options.SaveTokens = true; // options.TokenValidationParameters = new TokenValidationParameters // { // NameClaimType = "name", // RoleClaimType = "role" // }; //}).AddOpenIdConnect("aad", "Login with Azure AD", options => //{ // options.Authority = $"https://login.microsoftonline.com/common"; // options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false }; // options.ClientId = "99eb0b9d-ca40-476e-b5ac-6f4c32bfb530"; // options.CallbackPath = "/signin-oidc"; //}); services.AddSingleton <LocService>(); services.AddLocalization(options => options.ResourcesPath = "Resources"); services.Configure <RequestLocalizationOptions>( options => { var supportedCultures = new List <CultureInfo> { new CultureInfo("ar"), new CultureInfo("en-US"), new CultureInfo("de-CH"), new CultureInfo("fr-CH"), new CultureInfo("it-CH") }; options.DefaultRequestCulture = new RequestCulture(culture: "de-CH", uiCulture: "de-CH"); options.SupportedCultures = supportedCultures; options.SupportedUICultures = supportedCultures; var providerQuery = new LocalizationQueryProvider { QureyParamterName = "ui_locales" }; options.RequestCultureProviders.Insert(0, providerQuery); }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1) .AddViewLocalization() .AddDataAnnotationsLocalization(options => { options.DataAnnotationLocalizerProvider = (type, factory) => { var assemblyName = new AssemblyName(typeof(SharedResource).GetTypeInfo().Assembly.FullName); return(factory.Create("SharedResource", assemblyName.Name)); }; }); }