internal static CastlepointIdentityServerConfig GetCPIDConfig()
{
// Get the Castlepoint configuration for this client
string cpConfigSecret = Utils.GetSecretOrEnvVarAsString(SecretNames.ConfigFileIDServer);
if (cpConfigSecret.Length == 0)
{
Console.WriteLine("ERROR: service configuration file is empty or does not exist: " + SecretNames.ConfigFileIDServer);
return(null);
}
CastlepointIdentityServerConfig cpConfig = JsonConvert.DeserializeObject <CastlepointIdentityServerConfig>(cpConfigSecret);
return(cpConfig);
}
// GM 20200727 DEPRECATED IdentityServer4
//public static IEnumerable<ApiResource> GetApiResources()
//{
// return new List<ApiResource>
// {
// new ApiResource("castlepoint", "Castlepoint API")
// {
// UserClaims = { JwtClaimTypes.Name, JwtClaimTypes.Email, JwtClaimTypes.Id, JwtClaimTypes.JwtId, JwtClaimTypes.Subject }
// }
// };
//}
internal static IEnumerable <Client> GetClients(CastlepointIdentityServerConfig cpIdentityConfig)
{
return(new List <Client>
{
new Client
{
ClientId = "js",
ClientName = "Castlepoint Javascript",
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RedirectUris = { cpIdentityConfig.RedirectUrl },
PostLogoutRedirectUris = { cpIdentityConfig.PostLogoutUrl },
AllowedCorsOrigins = { cpIdentityConfig.AllowedCORSUrls },
// scopes that client has access to
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"castlepoint"
}
},
// OpenID Connect implicit flow client (MVC)
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.Implicit,
// where to redirect to after login
RedirectUris = { "http://localhost:5002/signin-oidc" },
// where to redirect to after logout
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowedScopes = new List <string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"castlepoint"
}
}
});
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
// Load configuration
CastlepointIdentityServerConfig cpIDConfig = Utils.GetCPIDConfig();
if (cpIDConfig == null)
{
throw new ApplicationException("ERROR: service configuration file is null, cannot start service");
}
string corsUrl = cpIDConfig.AllowedCORSUrls.Trim();
Console.WriteLine("CORS: " + corsUrl);
// Configure CORS
services.AddCors(options =>
{
// this defines a CORS policy called "default"
options.AddPolicy("default", policy =>
{
policy.WithOrigins(corsUrl)
.AllowAnyHeader()
.AllowAnyMethod();
});
});
// load signing credential certificate
Console.WriteLine("Loading signing certificate...");
byte[] signingCert = Utils.GetSecretOrEnvVarAsByte(cpIDConfig.SigningCertificateName);
var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(signingCert, cpIDConfig.SigningCertificatePassword);
// configure identity server with in-memory stores, keys, clients and scopes
services.AddIdentityServer(options =>
{
Console.WriteLine("Checking for ISSUER_URI...");
string issuerUri = string.Empty;
if (Environment.GetEnvironmentVariable("ISSUER_URI") != null && Environment.GetEnvironmentVariable("ISSUER_URI") != "")
{
issuerUri = Environment.GetEnvironmentVariable("ISSUER_URI").Trim();
Console.WriteLine("ISSUER_URI=" + issuerUri);
options.IssuerUri = issuerUri;
Console.WriteLine("options.IssuerUri=" + issuerUri);
}
})
.AddSigningCredential(cert)
//.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryApiScopes(Config.ApiScopes)
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryClients(Config.GetClients(cpIDConfig))
.AddTestUsers(Config.GetUsers());
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
options.EnableEndpointRouting = false;
});
services.AddAuthentication(sharedOptions =>
{
//sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
//sharedOptions.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
//sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
// .AddAzureAD(options => Configuration.Bind("AzureAd", options))
.AddCookie()
//.AddOpenIdConnect("adfs", "ADFS authentication", options =>
//{
// //options.MetadataAddress = "https://localhost:5000/.well-known/openid-configuration";
// //options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; ;
// //options.Authority = "https://localhost:5001";
// //options.RequireHttpsMetadata = false;
// //options.ResponseType = OpenIdConnectResponseType.Code;
// //options.UsePkce = true;
// //options.Scope.Clear();
// //options.Scope.Add("openid");
// //options.Scope.Add("profile");
// //options.Scope.Add("email");
// //options.SaveTokens = true;
// //options.MetadataAddress = "https://localhost:5000/adfs/.well-known/openid-configuration";
// //options.ClientId = "aa788ef2-99ba-4dd9-97e5-de98ea797ef4";
// options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
// options.SignOutScheme = IdentityServerConstants.SignoutScheme;
// options.Authority = $"https://login.microsoftonline.com/976fba20-6af6-4743-8a64-13886793c542/oauth2/";
// options.ClientId = "5382774d-442b-424c-bbb2-0025bf050728";
// options.ResponseType = OpenIdConnectResponseType.Code;
// options.CallbackPath = "/signin-adfs";
// options.SignedOutCallbackPath = "/signout-callback-adfs";
// options.RemoteSignOutPath = "/signout-adfs";
// options.TokenValidationParameters = new TokenValidationParameters
// {
// NameClaimType = "name",
// RoleClaimType = "role"
// };
//})
.AddOpenIdConnect("azuread", "Login with Azure AD", options =>
{
options.Authority = $"https://login.microsoftonline.com/common";
options.TokenValidationParameters =
new TokenValidationParameters {
ValidateIssuer = false
};
options.ClientId = "aa788ef2-99ba-4dd9-97e5-de98ea797ef4";
options.CallbackPath = "/signin-oidc";
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
});
//.AddOpenIdConnect("AzureAD", "AzureAD", options =>
//{
// // Configuration.GetSection("AzureAD").Bind(options); ;
// options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
// options.RemoteAuthenticationTimeout = TimeSpan.FromSeconds(120);
// options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
// options.RequireHttpsMetadata = false;
// options.SaveTokens = true;
//});
services.Configure <OpenIdConnectOptions>("azuread", options =>
{
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Events = new OpenIdConnectEvents()
{
OnRedirectToIdentityProviderForSignOut = context =>
{
context.HandleResponse();
context.Response.Redirect("/Account/Logout");
return(Task.FromResult(0));
}
};
});
services.Configure <OpenIdConnectOptions>("adfs", options =>
{
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Events = new OpenIdConnectEvents()
{
OnRedirectToIdentityProviderForSignOut = context =>
{
context.HandleResponse();
context.Response.Redirect("/Account/Logout");
return(Task.FromResult(0));
}
};
});
//services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
//{
// options.Authority = options.Authority + "/v2.0/"; // Microsoft identity platform
// options.TokenValidationParameters.ValidateIssuer = false; // accept several tenants (here simplified)
//});
}
