private static async Task AddAllPermissionsToRole(RoleManager <ApplicationRole> roleManager, ILogger <DbInitializer> logger, string role) { var permissionList = new List <string>(); permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Configs>()); permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Users>()); permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Groups>()); //var permissionList var roleEntity = await roleManager.FindByNameAsync(role); foreach (var per in permissionList) { await roleManager.AddClaimAsync(roleEntity, new Claim(CustomClaimValueTypes.Permission, per)); } }
public void ConfigureServices(IServiceCollection services) { //var cert = new X509Certificate2(Path.Combine(_environment.ContentRootPath, "damienbodserver.pfx"), ""); //services.AddTransient<UserManager<ApplicationUser>>(); //services.AddTransient<RoleManager<ApplicationRole>>(); //services.AddTransient<SignInManager<ApplicationRole>>(); services.AddDbContext <ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))); services.AddStorageCoreDataAccess <ApplicationDbContext>(); // configure expiring token of EmailConfirmationToken var emailConfirmTokenProviderName = Configuration.GetSection("TokenProviders").GetSection("EmailConfirmTokenProvider").GetValue <string>("Name"); var emailConfirmTokenProviderTokenLifespan = Configuration.GetSection("TokenProviders").GetSection("EmailConfirmTokenProvider").GetValue <double>("TokenLifespan"); services.Configure <IdentityOptions>(options => options.Tokens.EmailConfirmationTokenProvider = emailConfirmTokenProviderName); services.Configure <EmailConfirmProtectorTokenProviderOptions>(options => options.TokenLifespan = TimeSpan.FromMilliseconds(emailConfirmTokenProviderTokenLifespan)); services.AddScoped <UserStore <ApplicationUser, ApplicationRole, ApplicationDbContext, Guid, IdentityUserClaim <Guid>, ApplicationUserRole, IdentityUserLogin <Guid>, IdentityUserToken <Guid>, IdentityRoleClaim <Guid> >, ApplicationUserStore>(); services.AddScoped <UserManager <ApplicationUser>, ApplicationUserManager>(); services.AddScoped <IUserClaimsPrincipalFactory <ApplicationUser>, ApplicationUserClaimsPrincipalFactory <ApplicationUser, ApplicationRole> >(); services.AddScoped <ApplicationUserStore, ApplicationUserStore>(); services.AddScoped <ApplicationUserManager, ApplicationUserManager>(); services.AddIdentity <ApplicationUser, ApplicationRole>(options => { options.Password.RequireDigit = false; options.Password.RequireNonAlphanumeric = false; options.Password.RequireUppercase = false; options.Password.RequiredLength = 4; }) .AddEntityFrameworkStores <ApplicationDbContext>() .AddUserStore <ApplicationUserStore>() .AddUserManager <ApplicationUserManager>() .AddClaimsPrincipalFactory <ApplicationUserClaimsPrincipalFactory <ApplicationUser, ApplicationRole> >() .AddDefaultTokenProviders() .AddTokenProvider <EmailConfirmDataProtectorTokenProvider <ApplicationUser> >(emailConfirmTokenProviderName); var corsPolicy = new Microsoft.AspNetCore.Cors.Infrastructure.CorsPolicy(); corsPolicy.Headers.Add("*"); corsPolicy.Methods.Add("*"); corsPolicy.Origins.Add("*"); corsPolicy.SupportsCredentials = true; services.AddCors(x => x.AddPolicy("corsGlobalPolicy", corsPolicy)); var guestPolicy = new AuthorizationPolicyBuilder() .RequireAuthenticatedUser() .RequireClaim("scope", "dataEventRecords") .Build(); services.AddIdentityServer() .AddDeveloperSigningCredential() .AddInMemoryIdentityResources(Resources.GetIdentityResources()) .AddInMemoryApiResources(Resources.GetApiResources()) .AddInMemoryClients(Clients.GetClients()) .AddAspNetIdentity <ApplicationUser>() .AddProfileService <IdentityProfileService>() .AddAuthorizeInteractionResponseGenerator <AccountChooserResponseGenerator>(); services.AddTransient <IProfileService, IdentityProfileService>(); services.AddTransient <IExtensionGrantValidator, DelegationGrantValidator>(); services.AddScoped <IAuthorizationHandler, PermissionHandler>(); var connectionString = Configuration.GetConnectionString("DefaultConnection"); services.AddDependencies(Configuration, connectionString); SqlConnectionFactory.ConnectionString = connectionString; services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme) .AddIdentityServerAuthentication(options => { options.Authority = "http://localhost:5050" + "/"; options.ApiName = "api2"; options.ApiSecret = "secret"; options.SupportedTokens = SupportedTokens.Both; options.RequireHttpsMetadata = false; }); services.AddAuthorization(options => { // Note: It is policy for Authorize atribute options.DefaultPolicy = new AuthorizationPolicyBuilder(new[] { JwtBearerDefaults.AuthenticationScheme, IdentityConstants.ApplicationScheme }) .RequireAuthenticatedUser() .Build(); // Note: Adding permisions as policy var permissionList = new List <string>(); permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Configs>()); permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Users>()); permissionList.AddRange(ClassHelper.GetConstantValues <SystemStaticPermissions.Groups>()); foreach (var permission in permissionList) { options.AddPolicy( permission, policy => { policy.AddAuthenticationSchemes(new[] { JwtBearerDefaults.AuthenticationScheme, IdentityConstants.ApplicationScheme }); policy.Requirements.Add(new PermissionRequirement(permission)); }); } }); services.AddMvc().AddJsonOptions(options => { options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore; }); }
public IActionResult Get() { var roles = ClassHelper.GetConstantValues <SystemRoleScopes.Groups>(); return(Ok(roles)); }