// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddTransient <IHttpContextAccessor, HttpContextAccessor>(); services.AddControllers() .AddNewtonsoftJson() .SetCompatibilityVersion(CompatibilityVersion.Version_3_0); #region Enable Authentication IdentityModelEventSource.ShowPII = true; //Add this line services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { //options.Authority = "https://localhost:6001"; // Base-address of your identityserver //options.RequireHttpsMetadata = true; string authServerBaseUrl = this.Configuration["Host:AuthServer"]; bool isRequireHttpsMetadata = (!string.IsNullOrEmpty(authServerBaseUrl) && authServerBaseUrl.StartsWith("https")) ? true : false; options.Authority = string.IsNullOrEmpty(authServerBaseUrl) ? "https://localhost:6001" : authServerBaseUrl; options.RequireHttpsMetadata = isRequireHttpsMetadata; options.Audience = "MyBackendApi2"; // API Resource name options.TokenValidationParameters.ClockSkew = TimeSpan.Zero; // The JWT security token handler allows for 5 min clock skew in default options.BackchannelHttpHandler = AuthMetadataUtils.GetHttpHandler(); options.Events = new JwtBearerEvents() { OnAuthenticationFailed = (e) => { // Some callback here ... return(Task.CompletedTask); } }; }); #endregion #region Enable policy-based authorization // Required: Role "admin" services.AddAuthorization(options => options.AddPolicy("AdminPolicy", policy => policy.RequireRole("admin"))); // Required: Role "user" services.AddAuthorization(options => options.AddPolicy("UserPolicy", policy => policy.RequireRole("user"))); // Required: Role "sit" services.AddAuthorization(options => options.AddPolicy("SitPolicy", policy => policy.RequireRole("sit"))); // Required: Role "admin" OR "user" services.AddAuthorization(options => options.AddPolicy("AdminOrUserPolicy", policy => policy.RequireRole("admin", "user"))); // Required: Department "Sales" services.AddAuthorization(options => options.AddPolicy("SalesDepartmentPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales"))); // Required: Department "CRM" services.AddAuthorization(options => options.AddPolicy("CrmDepartmentPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "CRM"))); // Required: Department "Sales" AND Role "admin" services.AddAuthorization(options => options.AddPolicy("SalesDepartmentAndAdminPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales").RequireRole("admin"))); // Required: Department "Sales" AND Role "admin" or "user" services.AddAuthorization(options => options.AddPolicy("SalesDepartmentAndAdminOrUserPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales").RequireRole("admin", "user"))); // Required: Department "Sales" OR Role "admin" services.AddAuthorization(options => options.AddPolicy("SalesDepartmentOrAdminPolicy", policy => policy.RequireAssertion( context => context.User.Claims.Any( x => (x.Type.Equals(CustomClaimTypes.Department) && x.Value.Equals("Sales")) || (x.Type.Equals(ClaimTypes.Role) && x.Value.Equals("admin")))))); #endregion #region Enable custom Authorization Handlers (The registration order matters!) services.AddSingleton <IAuthorizationHandler, EmailDomainAuthHandler>(); services.AddSingleton <IAuthorizationHandler, UserNameAuthHandler>(); services.AddAuthorization(options => { var emailDomainRequirement = new EmailDomainRequirement("fake.com"); var userNameRequirement = new UserNameRequirement("jblin"); // options.InvokeHandlersAfterFailure = false; // Default: true options.AddPolicy("DoaminAndUsernamePolicy", policy => policy.AddRequirements(emailDomainRequirement, userNameRequirement)); }); #endregion #region Inject AppSetting configuration services.Configure <AppSettings>(this.Configuration); #endregion #region HttpClient Factory services.AddHttpClient("AuthHttpClient", config => { config.Timeout = TimeSpan.FromMinutes(5); // config.BaseAddress = new Uri("https://localhost:6001/"); config.DefaultRequestHeaders.Add("Accept", "application/json"); }) .ConfigurePrimaryHttpMessageHandler(h => { var handler = new HttpClientHandler(); // Enable sending request to server with untrusted SSL cert handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; return(handler); }) .SetHandlerLifetime(TimeSpan.FromMinutes(5)); // HttpMessageHandler lifetime = 2 min // services.AddHttpClient<IIdentityClient, IdentityClient>().SetHandlerLifetime(TimeSpan.FromMinutes(2)) // HttpMessageHandler default lifetime = 2 min // .ConfigurePrimaryHttpMessageHandler(h => // { // var handler = new HttpClientHandler(); // if (this.env.IsDevelopment()) // { // //Allow untrusted Https connection // handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; // } // return handler; // }); #endregion #region Identity Client services.AddSingleton <IIdentityClient, IdentityClient>(); #endregion #region Inject Cache service services.AddCacheServices(); #endregion }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddTransient <IHttpContextAccessor, HttpContextAccessor>(); // services.AddControllers() services.AddControllersWithViews() .AddRazorOptions( options => { //{2} is area, {1} is controller,{0} is the action options.ViewLocationFormats.Add("/Areas/{1}/Views/{0}.cshtml"); }) .AddNewtonsoftJson() .SetCompatibilityVersion(CompatibilityVersion.Version_3_0); #region OpenAPI specification (Swagger) services.AddOpenApiSpec <CustomSwaggerConfig>(); #endregion #region Enable Authentication services.AddJwtAuthentication(this.appSettings); services.AddOpenIdAuthentication(this.appSettings); #endregion #region Enable policy-based authorization // Required: Role "admin" services.AddAuthorization(options => options.AddPolicy("AdminPolicy", policy => policy.RequireRole("admin"))); // Required: Role "user" services.AddAuthorization(options => options.AddPolicy("UserPolicy", policy => policy.RequireRole("user"))); // Required: Role "sit" services.AddAuthorization(options => options.AddPolicy("SitPolicy", policy => policy.RequireRole("sit"))); // Required: Role "admin" OR "user" services.AddAuthorization(options => options.AddPolicy("AdminOrUserPolicy", policy => policy.RequireRole("admin", "user"))); // Required: Department "Sales" services.AddAuthorization(options => options.AddPolicy("SalesDepartmentPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales"))); // Required: Department "CRM" services.AddAuthorization(options => options.AddPolicy("CrmDepartmentPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "CRM"))); // Required: Department "Sales" AND Role "admin" services.AddAuthorization(options => options.AddPolicy("SalesDepartmentAndAdminPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales").RequireRole("admin"))); // Required: Department "Sales" AND Role "admin" or "user" services.AddAuthorization(options => options.AddPolicy("SalesDepartmentAndAdminOrUserPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales").RequireRole("admin", "user"))); // Required: Department "Sales" OR Role "admin" services.AddAuthorization(options => options.AddPolicy("SalesDepartmentOrAdminPolicy", policy => policy.RequireAssertion( context => context.User.Claims.Any( x => (x.Type.Equals(CustomClaimTypes.Department) && x.Value.Equals("Sales")) || (x.Type.Equals(ClaimTypes.Role) && x.Value.Equals("admin")))))); #endregion #region Enable custom Authorization Handlers (The registration order matters!) services.AddSingleton <IAuthorizationHandler, EmailDomainAuthHandler>(); services.AddSingleton <IAuthorizationHandler, UserNameAuthHandler>(); services.AddAuthorization(options => { var emailDomainRequirement = new EmailDomainRequirement("xxx.com"); var userNameRequirement = new UserNameRequirement("jblin"); // options.InvokeHandlersAfterFailure = false; // Default: true options.AddPolicy("DoaminAndUsernamePolicy", policy => policy.AddRequirements(emailDomainRequirement, userNameRequirement)); }); #endregion #region Inject AppSetting configuration services.Configure <AppSettings>(this.Configuration); #endregion #region HttpClient Factory services.AddHttpClient(HttpClientNameFactory.AuthHttpClient, config => { config.Timeout = TimeSpan.FromMinutes(5); // config.BaseAddress = new Uri("https://localhost:6001/"); config.DefaultRequestHeaders.Add("Accept", "application/json"); }) .ConfigurePrimaryHttpMessageHandler(h => { var handler = new HttpClientHandler(); // Enable sending request to server with untrusted SSL cert handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; return(handler); }) .SetHandlerLifetime(TimeSpan.FromMinutes(5)); // HttpMessageHandler lifetime = 2 min // services.AddHttpClient<IIdentityClient, IdentityClient>().SetHandlerLifetime(TimeSpan.FromMinutes(2)) // HttpMessageHandler default lifetime = 2 min // .ConfigurePrimaryHttpMessageHandler(h => // { // var handler = new HttpClientHandler(); // if (this.env.IsDevelopment()) // { // //Allow untrusted Https connection // handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; // } // return handler; // }); #endregion #region Identity Client services.AddSingleton <IIdentityClient, IdentityClient>(); #endregion #region Inject Cache service services.AddCacheServices(); #endregion #region Inject other custom services/utils...etc services.AddCustomServices(); #endregion }