private static async Task AddAllPermissionsToRole(RoleManager <ApplicationRole> roleManager, ILogger <DbInitializer> logger, string role)
{
var permissionList = new List <string>();
permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Configs>());
permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Users>());
permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Groups>());
//var permissionList
var roleEntity = await roleManager.FindByNameAsync(role);
foreach (var per in permissionList)
{
await roleManager.AddClaimAsync(roleEntity, new Claim(CustomClaimValueTypes.Permission, per));
}
}
public void ConfigureServices(IServiceCollection services)
{
//var cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "damienbodserver.pfx"), "");
//services.AddTransient<UserManager<ApplicationUser>>();
//services.AddTransient<RoleManager<ApplicationRole>>();
//services.AddTransient<SignInManager<ApplicationRole>>();
services.AddDbContext <ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddStorageCoreDataAccess <ApplicationDbContext>();
// configure expiring token of EmailConfirmationToken
var emailConfirmTokenProviderName = Configuration.GetSection("TokenProviders").GetSection("EmailConfirmTokenProvider").GetValue <string>("Name");
var emailConfirmTokenProviderTokenLifespan = Configuration.GetSection("TokenProviders").GetSection("EmailConfirmTokenProvider").GetValue <double>("TokenLifespan");
services.Configure <IdentityOptions>(options => options.Tokens.EmailConfirmationTokenProvider = emailConfirmTokenProviderName);
services.Configure <EmailConfirmProtectorTokenProviderOptions>(options => options.TokenLifespan = TimeSpan.FromMilliseconds(emailConfirmTokenProviderTokenLifespan));
services.AddScoped <UserStore <ApplicationUser, ApplicationRole, ApplicationDbContext, Guid, IdentityUserClaim <Guid>, ApplicationUserRole, IdentityUserLogin <Guid>, IdentityUserToken <Guid>, IdentityRoleClaim <Guid> >, ApplicationUserStore>();
services.AddScoped <UserManager <ApplicationUser>, ApplicationUserManager>();
services.AddScoped <IUserClaimsPrincipalFactory <ApplicationUser>, ApplicationUserClaimsPrincipalFactory <ApplicationUser, ApplicationRole> >();
services.AddScoped <ApplicationUserStore, ApplicationUserStore>();
services.AddScoped <ApplicationUserManager, ApplicationUserManager>();
services.AddIdentity <ApplicationUser, ApplicationRole>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequiredLength = 4;
})
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddUserStore <ApplicationUserStore>()
.AddUserManager <ApplicationUserManager>()
.AddClaimsPrincipalFactory <ApplicationUserClaimsPrincipalFactory <ApplicationUser, ApplicationRole> >()
.AddDefaultTokenProviders()
.AddTokenProvider <EmailConfirmDataProtectorTokenProvider <ApplicationUser> >(emailConfirmTokenProviderName);
var corsPolicy = new Microsoft.AspNetCore.Cors.Infrastructure.CorsPolicy();
corsPolicy.Headers.Add("*");
corsPolicy.Methods.Add("*");
corsPolicy.Origins.Add("*");
corsPolicy.SupportsCredentials = true;
services.AddCors(x => x.AddPolicy("corsGlobalPolicy", corsPolicy));
var guestPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireClaim("scope", "dataEventRecords")
.Build();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Resources.GetIdentityResources())
.AddInMemoryApiResources(Resources.GetApiResources())
.AddInMemoryClients(Clients.GetClients())
.AddAspNetIdentity <ApplicationUser>()
.AddProfileService <IdentityProfileService>()
.AddAuthorizeInteractionResponseGenerator <AccountChooserResponseGenerator>();
services.AddTransient <IProfileService, IdentityProfileService>();
services.AddTransient <IExtensionGrantValidator, DelegationGrantValidator>();
services.AddScoped <IAuthorizationHandler, PermissionHandler>();
var connectionString = Configuration.GetConnectionString("DefaultConnection");
services.AddDependencies(Configuration, connectionString);
SqlConnectionFactory.ConnectionString = connectionString;
services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5050" + "/";
options.ApiName = "api2";
options.ApiSecret = "secret";
options.SupportedTokens = SupportedTokens.Both;
options.RequireHttpsMetadata = false;
});
services.AddAuthorization(options =>
{
// Note: It is policy for Authorize atribute
options.DefaultPolicy = new AuthorizationPolicyBuilder(new[] { JwtBearerDefaults.AuthenticationScheme, IdentityConstants.ApplicationScheme })
.RequireAuthenticatedUser()
.Build();
// Note: Adding permisions as policy
var permissionList = new List <string>();
permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Configs>());
permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Users>());
permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Groups>());
foreach (var permission in permissionList)
{
options.AddPolicy(
permission,
policy => {
policy.AddAuthenticationSchemes(new[] { JwtBearerDefaults.AuthenticationScheme, IdentityConstants.ApplicationScheme });
policy.Requirements.Add(new PermissionRequirement(permission));
});
}
});
services.AddMvc().AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
});
}
public IActionResult Get()
{
var roles = ClassHelper.GetConstantValues <SystemRoleScopes.Groups>();
return(Ok(roles));
}
