Exemplo n.º 1
0
        /// <summary>
        /// Initializes a new instance of the <see cref="TokenCleanup" /> class.
        /// </summary>
        /// <param name="serviceProvider">The service provider.</param>
        /// <param name="logger">The logger.</param>
        /// <param name="options">The options.</param>
        /// <exception cref="ArgumentNullException">options
        /// or
        /// logger
        /// or
        /// serviceProvider</exception>
        /// <exception cref="ArgumentException">Token cleanup interval must be at least 1 second
        /// or
        /// Token cleanup batch size interval must be at least 1</exception>
        public TokenCleanup(IServiceProvider serviceProvider, ILogger <TokenCleanup> logger, OperationalServiceOptions options)
        {
            this.options = options ?? throw new ArgumentNullException(nameof(options));
            if (this.options.TokenCleanupInterval < 1)
            {
                throw new ArgumentException("Token cleanup interval must be at least 1 second");
            }

            if (this.options.TokenCleanupBatchSize < 1)
            {
                throw new ArgumentException("Token cleanup batch size interval must be at least 1");
            }

            this.logger          = logger ?? throw new ArgumentNullException(nameof(logger));
            this.serviceProvider = serviceProvider ?? throw new ArgumentNullException(nameof(serviceProvider));
        }
Exemplo n.º 2
0
 /// <summary>
 /// Initializes a new instance of the <see cref="TokenCleanupHost" /> class.
 /// </summary>
 /// <param name="tokenCleanup">The token cleanup.</param>
 /// <param name="options">The options.</param>
 public TokenCleanupHost(TokenCleanup tokenCleanup, OperationalServiceOptions options)
 {
     this.tokenCleanup = tokenCleanup;
     this.options      = options;
 }
Exemplo n.º 3
0
        public void ConfigureAuthServices(IServiceCollection services, ServerSettings serverSettings)
        {
            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary <string, string>();
            string connectionString   = this.Configuration.GetConnectionString("DefaultConnection");
            var    migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;

            services.AddDbContext <UnityAuthDbContext>(options =>
            {
                options.UseSqlServer(connectionString, sql => sql.MigrationsAssembly(migrationsAssembly));
            });

            services.AddIdentity <ApplicationUser, ApplicationUserRole>()
            .AddRoleManager <ApplicationUserRoleManager>()
            .AddUserManager <ApplicationUserManager>()
            .AddEntityFrameworkStores <UnityAuthDbContext>()
            .AddDefaultTokenProviders();

            // configure identity server with in-memory stores, keys, clients and scopes
            services.AddIdentityServer()

            // .AddClientStore<UnityClientStore>()
            .AddProfileService <UnityUserProfileService>()

            // .AddClientStoreCache<UnityClientStore>()
            .AddSigningCredential(IdentityServerBuilderExtensionsCrypto.CreateRsaSecurityKey())

            // this adds the config data from DB (clients, resources)
            .AddConfigurationStore(options =>
            {
                options.ConfigureDbContext = builder =>
                                             builder.UseSqlServer(
                    connectionString,
                    sql => sql.MigrationsAssembly(migrationsAssembly));
            })

            // this adds the operational data from DB (codes, tokens, consents)
            .AddOperationalStore(options =>
            {
                options.ConfigureDbContext = builder =>
                                             builder.UseSqlServer(
                    connectionString,
                    sql => sql.MigrationsAssembly(migrationsAssembly));

                // this enables automatic token cleanup. this is optional.
                options.EnableTokenCleanup   = true;
                options.TokenCleanupInterval = SessionSecurity.TokenCleanupInterval;
            })
            .AddDefaultEndpoints()
            .AddRequiredPlatformServices()

            // .AddInMemoryPersistedGrants()
            // .AddInMemoryIdentityResources(Defaults.GetIdentityResources())
            // .AddInMemoryApiResources(Defaults.GetApiResources())
            // .AddInMemoryClients(Defaults.GetClients())
            .AddAspNetIdentity <ApplicationUser>();

            services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
            .AddIdentityServerAuthentication(options =>
            {
                options.Authority            = serverSettings.HostAddress;
                options.ApiName              = "api";
                options.RequireHttpsMetadata = false;
                options.SaveToken            = true;
                options.ApiSecret            = "secret";
                options.SupportedTokens      = SupportedTokens.Both;
                options.JwtBearerEvents      = new AuthJwtBearerEvents();
            });

            services.Configure <IdentityOptions>(options =>
            {
                // Password settings
                options.Password.RequireDigit           = true;
                options.Password.RequiredLength         = 6;
                options.Password.RequireNonAlphanumeric = false;
                options.Password.RequireUppercase       = true;
                options.Password.RequireLowercase       = false;
                options.Password.RequiredUniqueChars    = 6;

                // Lockout settings
                options.Lockout.DefaultLockoutTimeSpan  = TimeSpan.FromMinutes(30);
                options.Lockout.MaxFailedAccessAttempts = 5;
                options.Lockout.AllowedForNewUsers      = true;

                // User settings
                options.User.RequireUniqueEmail = true;
            });

            services.ConfigureApplicationCookie(options =>
            {
                // Cookie settings
                options.Cookie.HttpOnly   = true;
                options.Cookie.Expiration = TimeSpan.FromMinutes(SessionSecurity.SessionExpiryTime);
                options.LoginPath         = "/Account/Login";        // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login
                options.LogoutPath        = "/Account/Logout";       // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout
                options.AccessDeniedPath  = "/Account/AccessDenied"; // If the AccessDeniedPath is not set here, ASP.NET Core will default to /Account/AccessDenied
                options.SlidingExpiration = true;
            });

            // services
            //    .AddMvcCore(options =>
            //    {
            //        // require scope1 or scope2
            //        var policy = ScopePolicy.Create("apiv1");
            //        options.Filters.Add(new AuthorizeFilter(policy));
            //    })
            //    .AddJsonFormatters()
            //    .AddAuthorization();

            // services.AddAuthorization(options =>
            // {
            //    options.AddPolicy("apiv1Policy", builder =>
            //    {
            //        // require scope1
            //        builder.RequireScope("apiv1");
            //    });
            // });

            // add CORS policy for non-IdentityServer endpoints
            services.AddCors(options =>
            {
                options.AddPolicy("apiCorsPolicy", policy =>
                {
                    policy.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod();
                });
            });

            // Add application services.
            services.AddTransient <IEmailSender, EmailSender>();

            // Add application services.
            services.AddTransient <ISmsSender, SmsSender>();
            services.AddSingleton <TokenCleanup>();
            services.AddSingleton <IHostedService, TokenCleanupHost>();

            var storeOptions = new OperationalServiceOptions();

            services.AddSingleton(storeOptions);

            storeOptions.EnableTokenCleanup    = true;
            storeOptions.TokenCleanupInterval  = Convert.ToInt32(TimeSpan.FromMinutes(SessionSecurity.SessionExpiryTime).TotalSeconds);
            storeOptions.TokenCleanupBatchSize = SessionSecurity.TokenCleanupBatchSize;
        }