public static IServiceCollection AddConfiguredDbContext(
this IServiceCollection serviceCollection, IdentitySiteSettings siteSettings)
{
switch (siteSettings.ActiveDatabase)
{
case ActiveDatabase.InMemoryDatabase:
throw new NotSupportedException("Not Support now");
case ActiveDatabase.LocalDb:
case ActiveDatabase.SqlServer:
//serviceCollection.AddConfiguredMsSqlDbContext(siteSettings);
break;
case ActiveDatabase.SQLite:
throw new NotSupportedException("Not Support now");
default:
throw new NotSupportedException("Please set the ActiveDatabase in appsettings.json file.");
}
return(serviceCollection);
}
private static X509Certificate2 LoadCertificateFromFile(IdentitySiteSettings siteSettings)
{
// NOTE:
// You should check out the identity of your application pool and make sure
// that the `Load user profile` option is turned on, otherwise the crypto subsystem won't work.
var certificate = siteSettings.DataProtectionX509Certificate;
var fileName = Path.Combine(ServerInfo.GetAppDataFolderPath(), certificate.FileName);
// For decryption the certificate must be in the certificate store. It's a limitation of how EncryptedXml works.
using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
store.Open(OpenFlags.ReadWrite);
store.Add(new X509Certificate2(fileName, certificate.Password, X509KeyStorageFlags.Exportable));
}
return(new X509Certificate2(
fileName,
certificate.Password,
keyStorageFlags: X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet
| X509KeyStorageFlags.Exportable));
}
public static IServiceCollection AddIdentityOptions(
this IServiceCollection services, IdentitySiteSettings siteSettings)
{
if (siteSettings == null)
{
throw new ArgumentNullException(nameof(siteSettings));
}
services.AddConfirmEmailDataProtectorTokenOptions(siteSettings);
services.AddIdentity <User, Role>(identityOptions =>
{
SetPasswordOptions(identityOptions.Password, siteSettings);
SetSignInOptions(identityOptions.SignIn, siteSettings);
SetUserOptions(identityOptions.User);
SetLockoutOptions(identityOptions.Lockout, siteSettings);
}).AddUserStore <ApplicationUserStore>()
.AddUserManager <ApplicationUserManager>()
.AddRoleStore <ApplicationRoleStore>()
.AddRoleManager <ApplicationRoleManager>()
.AddSignInManager <ApplicationSignInManager>()
.AddErrorDescriber <CustomIdentityErrorDescriber>()
// You **cannot** use .AddEntityFrameworkStores() when you customize everything
//.AddEntityFrameworkStores<ApplicationDbContext, int>()
.AddDefaultTokenProviders()
.AddTokenProvider <ConfirmEmailDataProtectorTokenProvider <User> >(EmailConfirmationTokenProviderName);
services.ConfigureApplicationCookie(identityOptionsCookies =>
{
var provider = services.BuildServiceProvider();
SetApplicationCookieOptions(provider, identityOptionsCookies, siteSettings);
});
services.EnableImmediateLogout();
return(services);
}
public static IServiceCollection AddCustomDataProtection(
this IServiceCollection services, IdentitySiteSettings siteSettings)
{
services.AddSingleton <IXmlRepository, DataProtectionKeyService>();
services.AddSingleton <IConfigureOptions <KeyManagementOptions> >(serviceProvider =>
{
return(new ConfigureOptions <KeyManagementOptions>(options =>
{
var scopeFactory = serviceProvider.GetRequiredService <IServiceScopeFactory>();
using var scope = scopeFactory.CreateScope();
options.XmlRepository = scope.ServiceProvider.GetRequiredService <IXmlRepository>();
}));
});
var certificate = LoadCertificateFromFile(siteSettings);
services
.AddDataProtection()
.SetDefaultKeyLifetime(siteSettings.DataProtectionOptions.DataProtectionKeyLifetime)
.SetApplicationName(siteSettings.DataProtectionOptions.ApplicationName)
.ProtectKeysWithCertificate(certificate);
return(services);
}
public AppSqlCacheConfiguration(IdentitySiteSettings siteSettings)
{
_siteSettings = siteSettings;
}
private static void SetLockoutOptions(LockoutOptions identityOptionsLockout, IdentitySiteSettings siteSettings)
{
identityOptionsLockout.AllowedForNewUsers = siteSettings.LockoutOptions.AllowedForNewUsers;
identityOptionsLockout.DefaultLockoutTimeSpan = siteSettings.LockoutOptions.DefaultLockoutTimeSpan;
identityOptionsLockout.MaxFailedAccessAttempts = siteSettings.LockoutOptions.MaxFailedAccessAttempts;
}
private static void SetApplicationCookieOptions(IServiceProvider provider, CookieAuthenticationOptions identityOptionsCookies, IdentitySiteSettings siteSettings)
{
identityOptionsCookies.Cookie.Name = siteSettings.CookieOptions.CookieName;
identityOptionsCookies.Cookie.HttpOnly = true;
identityOptionsCookies.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
identityOptionsCookies.Cookie.SameSite = SameSiteMode.Lax;
identityOptionsCookies.Cookie.IsEssential = true; // this cookie will always be stored regardless of the user's consent
identityOptionsCookies.ExpireTimeSpan = siteSettings.CookieOptions.ExpireTimeSpan;
identityOptionsCookies.SlidingExpiration = siteSettings.CookieOptions.SlidingExpiration;
identityOptionsCookies.LoginPath = siteSettings.CookieOptions.LoginPath;
identityOptionsCookies.LogoutPath = siteSettings.CookieOptions.LogoutPath;
identityOptionsCookies.AccessDeniedPath = siteSettings.CookieOptions.AccessDeniedPath;
if (siteSettings.CookieOptions.UseDistributedCacheTicketStore)
{
// To manage large identity cookies
identityOptionsCookies.SessionStore = provider.GetRequiredService <ITicketStore>();
}
}
private static void AddConfirmEmailDataProtectorTokenOptions(this IServiceCollection services, IdentitySiteSettings siteSettings)
{
services.Configure <IdentityOptions>(options =>
{
options.Tokens.EmailConfirmationTokenProvider = EmailConfirmationTokenProviderName;
});
services.Configure <ConfirmEmailDataProtectionTokenProviderOptions>(options =>
{
options.TokenLifespan = siteSettings.EmailConfirmationTokenProviderLifespan;
});
}
private static void SetSignInOptions(SignInOptions identityOptionsSignIn, IdentitySiteSettings siteSettings)
{
identityOptionsSignIn.RequireConfirmedEmail = siteSettings.EnableEmailConfirmation;
}
private static void SetPasswordOptions(PasswordOptions identityOptionsPassword, IdentitySiteSettings siteSettings)
{
identityOptionsPassword.RequireDigit = siteSettings.PasswordOptions.RequireDigit;
identityOptionsPassword.RequireLowercase = siteSettings.PasswordOptions.RequireLowercase;
identityOptionsPassword.RequireNonAlphanumeric = siteSettings.PasswordOptions.RequireNonAlphanumeric;
identityOptionsPassword.RequireUppercase = siteSettings.PasswordOptions.RequireUppercase;
identityOptionsPassword.RequiredLength = siteSettings.PasswordOptions.RequiredLength;
}
