// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { Log("Configure"); if (env.EnvironmentName == "Development") { app.UseDeveloperExceptionPage(); } else { // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); } app.UseMiddleware(typeof(ErrorHandlingMiddleware)); app.UseRouting(); app.UseCors(MyAllowSpecificOrigins); //To get actual Client IP even though behind load balancer app.UseForwardedHeaders(new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto }); var httpOnlyRaw = _configuration["HttpOnly"]; // UseHttpsRedirection doesn't work well with docker. if (!String.IsNullOrWhiteSpace(httpOnlyRaw) && httpOnlyRaw.ToLower() == "true") { Log("Using HTTP only"); } else { Log("Also using HTTPS. Activating https redirection"); app.UseHttpsRedirection(); } app.UseAuthentication(); app.UseAuthorization(); SwaggerSetup.Configure(_configuration, app); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); Log("Configure done"); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { Log("ConfigureServices starting"); AddApplicationInsights(services); services.AddControllers(); var corsDomainsFromConfig = ConfigUtil.GetCommaSeparatedConfigValueAndThrowIfEmpty(_configuration, ConfigConstants.ALLOW_CORS_DOMAINS); Log("Startup - ConfigureServices - Cors domains: *"); services.AddCors(options => { options.AddPolicy(MyAllowSpecificOrigins, builder => { var domainsAsArray = new string[corsDomainsFromConfig.Count]; corsDomainsFromConfig.CopyTo(domainsAsArray); builder.WithOrigins(domainsAsArray); builder.AllowAnyHeader().AllowAnyMethod(); }); }); var isIntegrationTest = ConfigUtil.GetBoolConfig(_configuration, ConfigConstants.IS_INTEGRATION_TEST); Log($"Is Integration test: {isIntegrationTest}"); if (!isIntegrationTest) { var enableSensitiveDataLoggingFromConfig = ConfigUtil.GetBoolConfig(_configuration, ConfigConstants.SENSITIVE_DATA_LOGGING); var readWriteDbConnectionString = _configuration[ConfigConstants.DB_READ_WRITE_CONNECTION_STRING]; DoMigration(enableSensitiveDataLoggingFromConfig); if (string.IsNullOrWhiteSpace(readWriteDbConnectionString)) { throw new Exception("Could not obtain database READWRITE connection string. Unable to add DB Context"); } services.AddDbContext <SepesDbContext>( options => options.UseSqlServer( readWriteDbConnectionString, assembly => assembly.MigrationsAssembly(typeof(SepesDbContext).Assembly.FullName)) .EnableSensitiveDataLogging(enableSensitiveDataLoggingFromConfig) ); } var authenticationAdder = services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApi(a => { }, b => { _configuration.Bind("AzureAd", b); var defaultBackChannel = new HttpClient(); defaultBackChannel.DefaultRequestHeaders.Add("Origin", "sepes"); b.Backchannel = defaultBackChannel; }).EnableTokenAcquisitionToCallDownstreamApi(e => { } ) .AddInMemoryTokenCaches(); if (!isIntegrationTest) { authenticationAdder .AddDownstreamWebApi("GraphApi", _configuration.GetSection("GraphApi")) .AddDownstreamWebApi("WbsSearch", (a) => { a.BaseUrl = _configuration[ConfigConstants.WBS_SEARCH_API_URL]; a.Scopes = _configuration[ConfigConstants.WBS_SEARCH_API_SCOPE]; }); } services.AddHttpContextAccessor(); services.AddAutoMapper(typeof(AutoMappingConfigs)); RegisterServices(services, isIntegrationTest); SwaggerSetup.ConfigureServices(_configuration, services); Log("Configuring services done"); }