private void ConfigureWebApi(IAppBuilder app)
{
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "{controller}/{action}"
);
config.Formatters.JsonFormatter.SerializerSettings.Formatting = Formatting.Indented;
app.Map("/api", api =>
{
var corsOptions = new CorsOptions()
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = ctx =>
{
var policy = new CorsPolicy();
policy.Origins.Add("http://localhost:3054");
policy.AllowAnyHeader = true;
policy.Methods.Add("GET");
return Task.FromResult(policy);
}
}
};
api.UseCors(corsOptions);
api.UseWebApi(config);
});
}
public void Configuration(IAppBuilder app)
{
CorsPolicy tokenCorsPolicy = new CorsPolicy
{
AllowAnyOrigin = true,
AllowAnyHeader = true,
AllowAnyMethod = true
};
CorsOptions corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = request => Task.FromResult(request.Path.ToString().StartsWith("/token") ? tokenCorsPolicy : null)
}
};
app.UseCors(corsOptions);
HttpConfiguration webApiConfig = new HttpConfiguration();
app.UseWebApi(webApiConfig);
ConfigureAuth(app);
}
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
var container = new Container();
ConfigureWebApi(config);
ConfigureDependencyInjection(config, container);
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true,
AllowAnyOrigin = true
};
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions);
app.UseWebApi(config);
}
public void Configuration(IAppBuilder app)
{
var cors = new CorsOptions() { CorsEngine = new CorsEngine(), PolicyProvider = new CorsPolicyProvider() };
app.UseCors(cors);
app.UseSerilogRequestContext();
ConfigureAuth(app);
}
//
/// <summary>
/// taken from http://benfoster.io/blog/aspnet-webapi-cors
/// do a more discrete cors instead of allow-all.
/// </summary>
/// <param name="app">injected IAppBuilder</param>
public void UseOwinCorsOrigins(IAppBuilder app)
{
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
// Try and load allowed origins from web.config. If none are
// configured then allow all origins.
const string _keyCorsAllowOrigin = "cors:allowOrigins";
string _origins = NSG.Library.Helpers.Config.GetStringAppSettingConfigValue(_keyCorsAllowOrigin, "");
if (_origins == "")
{
corsPolicy.AllowAnyOrigin = true;
}
else
{
foreach (var _origin in _origins.Split(','))
{
corsPolicy.Origins.Add(_origin);
}
}
//
var corsOptions = new Microsoft.Owin.Cors.CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
//
app.UseCors(corsOptions);
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
//WebApiConfig.Register(GlobalConfiguration.Configuration);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
//BundleConfig.RegisterBundles(BundleTable.Bundles);
//Database.SetInitializer<DisciturContext>(null);
GlobalConfiguration.Configuration.Services.Replace(
typeof(IHttpControllerActivator),
new WindsorCompositionRoot(this.container));
//app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
bool isCorsEnabled = Convert.ToBoolean(ConfigurationManager.AppSettings["CORSEnabled"]);
string corsOrigin = ConfigurationManager.AppSettings["CORSOrigin"];
if (isCorsEnabled)
{
Microsoft.Owin.Cors.CorsOptions corsOptions = new Microsoft.Owin.Cors.CorsOptions();
corsOptions.PolicyProvider = new ConfigCorsPolicy(corsOrigin);
app.UseCors(corsOptions);
}
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions());
//app.UseCookieAuthentication(new CookieAuthenticationOptions
//{
// AuthenticationType = OAuthDefaults.AuthenticationType,
// LoginPath = new PathString("/Account/Login")
//});
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication();
//http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/
//https://stackoverflow.com/questions/25997592/dependency-injection-using-simpleinjector-and-oauthauthorizationserverprovider/26034641#26034641
}
// This code configures Web API. The Startup class is specified as a type
// parameter in the WebApp.Start method.
public void Configuration(IAppBuilder appBuilder)
{
// Configure Web API for self-host.
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = c => Task.FromResult(new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true,
SupportsCredentials = true
})
}
};
appBuilder.UseCors(corsOptions);
appBuilder.UseWebApi(config);
}
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
//UseRedisBackplane();
//UseServiceBusBackplane();
//UseSqlBackplane();
// Branch the pipeline here for requests that start with "/signalr"
app.Map("/signalr", map =>
{
CorsPolicy corsPolicy = new CorsPolicy()
{
AllowAnyHeader = true,
//AllowAnyOrigin = true,
AllowAnyMethod = true,
SupportsCredentials = true
};
// Get Allowed Origins from Config and split by comma. Can be changed to any character that you chose.
string[] origins = AppSettingsConfig.CorsPolicyOrigins.Split(',');
// To split by multiple types use the following example as a template:
//string[] origins = AppSettingsConfig.CorsPolicyOrigins.Split(',', '+');
foreach (string origin in origins)
{
corsPolicy.Origins.Add(origin);
}
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
// Setup the CORS middleware to run before SignalR.
// By default this will allow all origins. You can
// configure the set of origins and/or http verbs by
// providing a cors options with a different policy.
map.UseCors(corsOptions);
var hubConfiguration = new HubConfiguration
{
// You can enable JSONP by uncommenting line below.
// JSONP requests are insecure but some older browsers (and some
// versions of IE) require JSONP to work cross domain
EnableDetailedErrors = true,
//EnableJSONP = true,
//EnableJavaScriptProxies = true
};
// Run the SignalR pipeline. We're not using MapSignalR
// since this branch already runs under the "/signalr"
// path.
map.RunSignalR(hubConfiguration);
});
//app.MapSignalR();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseAppBuilder(appBuilder =>
{
appBuilder.SetDataProtectionProvider(new MachineKeyProtectionProvider());
appBuilder.Map("/signalr", map =>
{
// Setup the CORS middleware to run before SignalR.
// By default this will allow all origins. You can
// configure the set of origins and/or http verbs by
// providing a cors options with a different policy.
//http://ng2a-hneu-web-ui.azurewebsites.net
var corsOptions = new Microsoft.Owin.Cors.CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => ResolvePolicy()
}
};
map.UseCors(corsOptions);
//map.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
var hubConfiguration = new HubConfiguration
{
// You can enable JSONP by uncommenting line below.
// JSONP requests are insecure but some older browsers (and some
// versions of IE) require JSONP to work cross domain
// EnableJSONP = true
EnableDetailedErrors = true
};
// Run the SignalR pipeline. We're not using MapSignalR
// since this branch already runs under the "/signalr"
// path.
map.RunSignalR(hubConfiguration);
});
//var options = new CorsOptions();
//options.AddPolicy("", new )
//appBuilder.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
});
app.UseApplicationInsightsRequestTelemetry();
app.UseApplicationInsightsExceptionTelemetry();
app.UseMvc();
GlobalHost.HubPipeline.AddModule(new LoggingPipelineModule());
app.UseStaticFiles();
}
/// <summary>
/// Creates a new instance of CorsMiddleware.
/// </summary>
/// <param name="next"></param>
/// <param name="options"></param>
public CorsMiddleware(OwinMiddleware next, CorsOptions options)
: base(next)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
_corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider();
_corsEngine = options.CorsEngine ?? new CorsEngine();
}
/// <summary>
/// Adds a CORS middleware to your web application pipeline to allow cross domain requests.
/// </summary>
/// <param name="app">The IAppBuilder passed to your configuration method</param>
/// <param name="options">An options class that controls the middleware behavior</param>
/// <returns>The original app parameter</returns>
public static IAppBuilder UseCors(this IAppBuilder app, CorsOptions options)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
return app.Use(typeof(CorsMiddleware), options);
}
/// <summary>
/// Creates a new instance of CorsMiddleware.
/// </summary>
/// <param name="next"></param>
/// <param name="options"></param>
public CorsMiddleware(AppFunc next, CorsOptions options)
{
if (next == null)
{
throw new ArgumentNullException("next");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
_next = next;
_corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider();
_corsEngine = options.CorsEngine ?? new CorsEngine();
}
/// <summary>
/// Creates a new instance of CorsMiddleware.
/// </summary>
/// <param name="next"></param>
/// <param name="options"></param>
public CorsMiddleware(AppFunc next, CorsOptions options)
{
if (next == null)
{
throw new ArgumentNullException("next");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
_next = next;
_corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider();
_corsEngine = options.CorsEngine ?? new CorsEngine();
}
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
var container = IocConfig.Setup();
config.DependencyResolver = new DependencyResolver(container);
config.Services.Add(typeof(IExceptionLogger), new GlobalExceptionLogger(container.GetInstance<ILoggingService>()));
// Web API routes
config.MapHttpAttributeRoutes();
ConfigureOAuth(app);
//http://benfoster.io/blog/aspnet-webapi-cors
//To Allow CROSS-ORIGIN requests Globally at application level
var corsPolicy = new CorsPolicy { AllowAnyMethod= true, AllowAnyHeader = true};
var corsSettings = (NameValueCollection)ConfigurationManager.GetSection("CorsSettings");
var allowedOrigins = corsSettings["AllowedOrigins"];
//corsPolicy.Headers.Add("content-type");
//corsPolicy.Headers.Add("accept");
if (allowedOrigins != null)
{
foreach (var origin in allowedOrigins.Split(';'))
{
corsPolicy.Origins.Add(origin);
}
}
else
{
corsPolicy.AllowAnyOrigin = true;
}
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions);
app.UseWebApi(config);
}
public void Configuration(IAppBuilder app)
{
// For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=316888
// SqlServerTypes.Utilities.LoadNativeAssemblies(AppDomain.CurrentDomain.BaseDirectory);
var policy = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true,
SupportsCredentials = true,
};
policy.ExposedHeaders.Add("Location");
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
};
app.UseCors(corsOptions);
app.UseUnityContainer();
var configuration = new HttpConfiguration();
configuration.MapHttpAttributeRoutes();
configuration.AddKatanaUnityDependencyResolver();
var jsonFormatter = new JsonMediaTypeFormatter();
var settings = jsonFormatter.SerializerSettings;
settings.ContractResolver = new CamelCasePropertyNamesContractResolver();
jsonFormatter.SerializerSettings.Converters.Add(new OgrEntityConverter());
jsonFormatter.SerializerSettings.Converters.Add(new DbGeographyGeoJsonConverter());
configuration.Services.Replace(typeof(IContentNegotiator), new JsonContentNegotiator(jsonFormatter));
app.GetUnityContainer().RegisterType<IDataSource>(new HierarchicalLifetimeManager(),
new InjectionFactory(factory));
app.Map(new PathString("/api"), builder =>
{
builder.UseWebApi(configuration);
});
}
public void ConfigureAuth(IAppBuilder app)
{
var tokenCorsPolicy = new CorsPolicy {
AllowAnyOrigin = true,
AllowAnyHeader = true,
AllowAnyMethod = true
};
var corsOptions = new CorsOptions {
PolicyProvider = new CorsPolicyProvider {
PolicyResolver = request => Task.FromResult(
request.Path.ToString().StartsWith("/auth/token") ? tokenCorsPolicy : null
)
}
};
app.UseCors(corsOptions);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
}
public static void Register(IAppBuilder app, HttpConfiguration config)
{
var corsPolicy = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true
};
var applicationConfiguration =
(config.Properties["container"] as IUnityContainer).Resolve<IApplicationConfiguration>();
if (applicationConfiguration == null)
{
throw new ConfigurationErrorsException("AssetViewConfiguration was not available");
}
if (applicationConfiguration.CorsOrigins.Any())
{
foreach (var corsOrigin in applicationConfiguration.CorsOrigins)
{
corsPolicy.Origins.Add(corsOrigin);
}
}
else
{
corsPolicy.AllowAnyOrigin = true;
}
var corsOptions = new CorsOptions
{
PolicyProvider =
new CorsPolicyProvider {PolicyResolver = context => Task.FromResult(corsPolicy)}
};
app.UseCors(corsOptions);
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
corsPolicy.Origins.Add("http://localhost:9017");
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions); //Microsoft.Owin.Cors.CorsOptions.AllowAll
// Configure the db context and user manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure the application for OAuth based flow
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
}
/// <summary>
/// Configures the application to use the OAuthBearerToken middleware
/// </summary>
/// <param name="app">The application to mount the middleware on</param>
public void ConfigureAuth(IAppBuilder app)
{
// app.UseCookieAuthentication(new CookieAuthenticationOptions());
// app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalBearer);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Application",
AuthenticationMode = AuthenticationMode.Passive,
LoginPath = new PathString("/Login"),
LogoutPath = new PathString("/Logout"),
});
app.SetDefaultSignInAsAuthenticationType("External");
CorsOptions cors = new CorsOptions();
app.UseCors(cors);
// Mounts the middleware on the provided app with the options configured
// above
app.UseOAuthBearerTokens(OAuthOptions);
// app.UseMicrosoftAccountAuthentication(
//clientId: "",
//clientSecret: "");
// app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
// app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
// app.UseGoogleAuthentication();
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
//WebApiConfig.Register(GlobalConfiguration.Configuration);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
//BundleConfig.RegisterBundles(BundleTable.Bundles);
//Database.SetInitializer<DisciturContext>(null);
GlobalConfiguration.Configuration.Services.Replace(
typeof(IHttpControllerActivator),
new WindsorCompositionRoot(this.container));
//app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
bool isCorsEnabled = Convert.ToBoolean(ConfigurationManager.AppSettings["CORSEnabled"]);
string corsOrigin = ConfigurationManager.AppSettings["CORSOrigin"];
if (isCorsEnabled)
{
Microsoft.Owin.Cors.CorsOptions corsOptions = new Microsoft.Owin.Cors.CorsOptions();
corsOptions.PolicyProvider = new ConfigCorsPolicy(corsOrigin);
app.UseCors(corsOptions);
}
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions());
//app.UseCookieAuthentication(new CookieAuthenticationOptions
//{
// AuthenticationType = OAuthDefaults.AuthenticationType,
// LoginPath = new PathString("/Account/Login")
//});
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication();
//http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/
//https://stackoverflow.com/questions/25997592/dependency-injection-using-simpleinjector-and-oauthauthorizationserverprovider/26034641#26034641
}
