void AssertAllowed(string origin, System.Web.Cors.CorsPolicy cp)
{
Assert.IsTrue(cp.AllowAnyHeader);
Assert.IsTrue(cp.AllowAnyMethod);
Assert.AreEqual(1, cp.Origins.Count);
CollectionAssert.Contains(cp.Origins.ToArray(), origin);
}
void AssertAllowed(string origin, CorsPolicy cp)
{
cp.AllowAnyHeader.Should().BeTrue();
cp.AllowAnyMethod.Should().BeTrue();
cp.Origins.Count.Should().Be(1);
cp.Origins.Should().Contain(origin);
}
void AssertAllowed(string origin, CorsPolicy cp)
{
cp.AllowAnyHeader.Should().BeTrue();
cp.AllowAnyMethod.Should().BeTrue();
cp.Origins.Count.Should().Be(1);
cp.Origins.Should().Contain(origin);
}
/// <summary>Configures the authentication.
/// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864</summary>
/// <param name="app">The app.</param>
public void ConfigureAuth(IAppBuilder app)
{
// Changing this setting requires a website restart
var corsOrigin = BootStrapper.GetApplicationSetting("Cors_Origin", string.Empty);
if (!corsOrigin.IsBlank())
{
var policy = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = corsOrigin.Equals("*"),
SupportsCredentials = true
};
if (!policy.AllowAnyOrigin)
{
corsOrigin.Split(',').ForEach(origin => policy.Origins.Add(origin.Trim()));
}
app.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
}
app.CreatePerOwinContext(IdentityDbContext.Create);
app.CreatePerOwinContext <IdentityUserManager>(IdentityUserManager.Create);
app.CreatePerOwinContext <IdentitySignInManager>(IdentitySignInManager.Create);
app.UseKentorOwinCookieSaver();
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = SecurityOptions.IdentityServerOptions.IssuerUri,
RequiredScopes = new[] { SecurityOptions.Scope },
NameClaimType = Constants.ClaimTypes.PreferredUserName,
RoleClaimType = Constants.ClaimTypes.Role
});
app.UseCookieAuthentication(SecurityOptions.CookieOptions);
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.Map("/identity", identityApp => { identityApp.UseIdentityServer(SecurityOptions.IdentityServerOptions); });
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
// app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
// app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
System.Web.Cors.CorsPolicy Allow(string origin)
{
var policy = new System.Web.Cors.CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
};
policy.Origins.Add(origin);
return policy;
}
System.Web.Cors.CorsPolicy Allow(string origin)
{
var p = new System.Web.Cors.CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
};
p.Origins.Add(origin);
return(p);
}
private Task <System.Web.Cors.CorsPolicy> ResolvePolicy()
{
var corsPolicy = new System.Web.Cors.CorsPolicy()
{
AllowAnyMethod = true,
AllowAnyHeader = true,
SupportsCredentials = true
};
corsPolicy.Origins.Add("http://ng2a-hneu-web-ui.azurewebsites.net");
corsPolicy.Origins.Add("http://localhost:3000");
return(Task.FromResult(corsPolicy));
}
public static void SetupCorsPolicy(this IAppBuilder app)
{
var corsPolicy = new System.Web.Cors.CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true
};
corsPolicy.GetType().GetProperty(nameof(corsPolicy.ExposedHeaders)).SetValue(corsPolicy, CorsHelper.GetExposedHeaders());
app.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
});
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
var policy = new System.Web.Cors.CorsPolicy()
{
AllowAnyHeader = false,
AllowAnyMethod = true,
SupportsCredentials = true
};
policy.Origins.Add("http://localhost:4200"); //be sure to include the port: example: "http://localhost:8081"
policy.Origins.Add("http://localhost"); //be sure to include the port:
policy.Origins.Add("http://octo.computerwebservices.net"); //be sure to include the port:
app.UseCors(new Microsoft.Owin.Cors.CorsOptions {
PolicyProvider = new Microsoft.Owin.Cors.CorsPolicyProvider
{
PolicyResolver = a => Task.FromResult(policy)
}
});
app.MapSignalR();
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context and user manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
//Enable global CORS Permissions
//Info: http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/
var corsPolicy = new System.Web.Cors.CorsPolicy()
{
AllowAnyHeader = true, AllowAnyMethod = true, AllowAnyOrigin = false,
};
string clientURL = ConfigurationManager.AppSettings["clientURL"];
corsPolicy.Origins.Add(clientURL);
//app.UseCors(CorsOptions.AllowAll);
app.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
});
// Configure the application for OAuth based flow
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true,
};
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
}
public void Configuration(IAppBuilder app)
{
// Dependency injection settings
var container = new UnityContainer();
var config = WebApiConfig.Register(container);
app.Use <LoggingMiddleware>();
// For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=316888
//enable cors origin requestsit
//app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
/*var myProvider = new AuthorizationServerProvider(config.DependencyResolver as IServiceBus);
* OAuthAuthorizationServerOptions options = new OAuthAuthorizationServerOptions
* {
* AllowInsecureHttp = true,
* TokenEndpointPath = new PathString("/token"),
* AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), // OAuth token valid 1 day
* Provider = myProvider,
* RefreshTokenProvider = new SimpleRefreshTokenProvider()
* };
* app.UseOAuthAuthorizationServer(options);
* app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());*/
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
//AllowedAudiences = new[] { "KL²", "KL² Web Admin", "KL² Tablet" },
TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = JwtTokenProvider._jwtSecret.ToSymmetricSecurityKey(),
ValidIssuer = JwtTokenProvider._appDomain,
ValidateAudience = false,
ValidateLifetime = true,
ClockSkew = TimeSpan.FromMinutes(0)
}
});
app.UseWebApi(config);
// Branch the pipeline here for requests that start with "/signalr"
app.Map("/signalr", map =>
{
// Setup the CORS middleware to run before SignalR.
// By default this will allow all origins. You can
// configure the set of origins and/or http verbs by
// providing a cors options with a different policy.
map.UseCors(CorsOptions.AllowAll);
map.RunSignalR(SignalRConfig.Register(container));
});
//app.MapSignalR(SignalRConfig.Register(container));
var corsPolicy = new System.Web.Cors.CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true
};
// ExposedHeaders has a private setter for some reason so one must use reflection to set it.
corsPolicy.GetType()
.GetProperty(nameof(corsPolicy.ExposedHeaders))
.SetValue(corsPolicy, tusdotnet.Helpers.CorsHelper.GetExposedHeaders());
app.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
});
app.UseTus(context => new DefaultTusConfiguration
{
Store = ((UnityResolver)config.DependencyResolver).Resolve <IFileProvider>().GetTusStore(),
UrlPath = "/files",
Events = new Events
{
OnFileCompleteAsync = async ctx =>
{
if (ctx.Store is ITusReadableStore readableStore)
{
var fileProvider = ((UnityResolver)config.DependencyResolver).Resolve <IFileProvider>();
var file = await ctx.GetFileAsync();
if (file == null)
{
return;
}
//await readableStore.GetFileAsync(ctx.FileId, ctx.CancellationToken);
var metadata = await file.GetMetadataAsync(ctx.CancellationToken);
string filename = metadata?.ContainsKey("filename") == true ? metadata["filename"].GetString(System.Text.Encoding.UTF8) : file.Id;
if (metadata?.ContainsKey("computeHash") == true)
{
HashAlgorithm murmur128 = MurmurHash.Create128(managed: false);
using (var ms = await fileProvider.OpenRead(file.Id, DirectoryEnum.Uploaded))
{
var streamHash = murmur128.ComputeHash(ms).ToHashString();
filename = $"{streamHash}{Path.GetExtension(filename)}";
}
}
// On doit déplacer le fichier vers PublishedFiles en le renommant
await fileProvider.Complete(file.Id, filename);
// TODO : ajouter une metadata indiquant un traitement avec FFMPEG (encodage vidéo, traitement image)
// Supprimer les fichiers temp
var tempFiles = await fileProvider.EnumerateFiles(DirectoryEnum.Uploaded, $"{file.Id}.*");
foreach (string tmpFile in tempFiles)
{
await fileProvider.Delete(tmpFile, DirectoryEnum.Uploaded);
}
fileProvider.WriteAllText($"{fileProvider.UploadedFilesDirectory}/{file.Id}.name", filename);
}
}
}
});
public void Configuration(IAppBuilder app)
{
var corsPolicy = new System.Web.Cors.CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true
};
// ReSharper disable once PossibleNullReferenceException - nameof will cause compiler error if the property does not exist.
corsPolicy.GetType()
.GetProperty(nameof(corsPolicy.ExposedHeaders))
.SetValue(corsPolicy, CorsHelper.GetExposedHeaders());
app.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
});
app.Use(async(context, next) =>
{
try
{
await next.Invoke();
}
catch (Exception exc)
{
Console.Error.WriteLine(exc);
}
});
app.UseTus(request =>
{
return(new DefaultTusConfiguration
{
Store = _tusDiskStore,
UrlPath = "/files",
OnUploadCompleteAsync = (fileId, store, cancellationToken) =>
{
Console.WriteLine(
$"Upload of {fileId} is complete. Callback also got a store of type {store.GetType().FullName}");
// If the store implements ITusReadableStore one could access the completed file here.
// The default TusDiskStore implements this interface:
// var file = await ((ITusReadableStore)store).GetFileAsync(fileId, cancellationToken);
return Task.FromResult(true);
},
// Set an expiration time where incomplete files can no longer be updated.
// This value can either be absolute or sliding.
// Absolute expiration will be saved per file on create
// Sliding expiration will be saved per file on create and updated on each patch/update.
Expiration = _absoluteExpiration
});
});
app.Use(async(context, next) =>
{
// All GET requests to tusdotnet are forwared so that you can handle file downloads.
// This is done because the file's metadata is domain specific and thus cannot be handled
// in a generic way by tusdotnet.
if (!context.Request.Method.Equals("get", StringComparison.InvariantCultureIgnoreCase))
{
await next.Invoke();
return;
}
if (context.Request.Uri.LocalPath.StartsWith("/files/", StringComparison.Ordinal))
{
var fileId = context.Request.Uri.LocalPath.Replace("/files/", "").Trim();
if (!string.IsNullOrEmpty(fileId))
{
var file = await _tusDiskStore.GetFileAsync(fileId, context.Request.CallCancelled);
if (file == null)
{
context.Response.StatusCode = 404;
await context.Response.WriteAsync($"File with id {fileId} was not found.", context.Request.CallCancelled);
return;
}
var fileStream = await file.GetContentAsync(context.Request.CallCancelled);
var metadata = await file.GetMetadataAsync(context.Request.CallCancelled);
context.Response.ContentType = metadata.ContainsKey("contentType")
? metadata["contentType"].GetString(Encoding.UTF8)
: "application/octet-stream";
if (metadata.ContainsKey("name"))
{
var name = metadata["name"].GetString(Encoding.UTF8);
context.Response.Headers.Add("Content-Disposition", new[] { $"attachment; filename=\"{name}\"" });
}
await fileStream.CopyToAsync(context.Response.Body, 81920, context.Request.CallCancelled);
return;
}
}
switch (context.Request.Uri.LocalPath)
{
case "/":
context.Response.ContentType = "text/html";
await context.Response.WriteAsync(File.ReadAllText("../../index.html"), context.Request.CallCancelled);
break;
case "/tus.js":
context.Response.ContentType = "application/js";
await context.Response.WriteAsync(File.ReadAllText("../../tus.js"), context.Request.CallCancelled);
break;
default:
context.Response.StatusCode = 404;
break;
}
});
// Setup cleanup job to remove incomplete expired files.
// This is just a simple example. In production one would use a cronjob/webjob and poll an endpoint that runs RemoveExpiredFilesAsync.
var onAppDisposingToken = new OwinContext(app.Properties).Get <CancellationToken>("host.OnAppDisposing");
Task.Run(async() =>
{
while (!onAppDisposingToken.IsCancellationRequested)
{
Console.WriteLine("Running cleanup job...");
var numberOfRemovedFiles = await _tusDiskStore.RemoveExpiredFilesAsync(onAppDisposingToken);
Console.WriteLine(
$"Removed {numberOfRemovedFiles} expired files. Scheduled to run again in {_absoluteExpiration.Timeout.TotalMilliseconds} ms");
await Task.Delay(_absoluteExpiration.Timeout, onAppDisposingToken);
}
}, onAppDisposingToken);
}
protected virtual System.Web.Cors.CorsPolicy Allow(string origin)
{
var p = new System.Web.Cors.CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
};
p.Origins.Add(origin);
return p;
}
/// <summary>Configures the authentication.
/// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864</summary>
/// <param name="app">The app.</param>
public void ConfigureAuth(IAppBuilder app)
{
// Changing this setting requires a website restart
var corsOrigin = BootStrapper.GetApplicationSetting("Cors_Origin", string.Empty);
if (!corsOrigin.IsBlank())
{
var policy = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = corsOrigin.Equals("*"),
SupportsCredentials = true
};
if (!policy.AllowAnyOrigin)
{
corsOrigin.Split(',').ForEach(origin => policy.Origins.Add(origin.Trim()));
}
app.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
}
app.CreatePerOwinContext(IdentityDbContext.Create);
app.CreatePerOwinContext<IdentityUserManager>(IdentityUserManager.Create);
app.CreatePerOwinContext<IdentitySignInManager>(IdentitySignInManager.Create);
app.UseKentorOwinCookieSaver();
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = SecurityOptions.IdentityServerOptions.IssuerUri,
RequiredScopes = new[] { SecurityOptions.Scope },
NameClaimType = Constants.ClaimTypes.PreferredUserName,
RoleClaimType = Constants.ClaimTypes.Role
});
app.UseCookieAuthentication(SecurityOptions.CookieOptions);
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.Map("/identity", identityApp => { identityApp.UseIdentityServer(SecurityOptions.IdentityServerOptions); });
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
// app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
// app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
