// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
var appSettings = configuration.GetSection(nameof(AppSettings)).Get <AppSettings>();
services.AddSingleton(appSettings);
string conn = configuration.GetConnectionString("Identity");
services.AddDbContext <AppIdentityDbContext>(options =>
{
options.UseMySql(configuration.GetConnectionString("Identity"));
});
services.AddIdentity <AppUser, IdentityRole>(options =>
{
options.Password.RequireNonAlphanumeric = false;
options.User.RequireUniqueEmail = true;
options.SignIn.RequireConfirmedEmail = true;
})
.AddEntityFrameworkStores <AppIdentityDbContext>()
.AddDefaultTokenProviders();
var builder = services.AddIdentityServer()
// this adds the operational data from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = options => options.UseMySql(configuration.GetConnectionString("Identity"));
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 30; // interval in seconds
})
.AddInMemoryIdentityResources(ResourceConfig.GetIdentityResources())
.AddInMemoryApiResources(ResourceConfig.GetApiResources())
.AddInMemoryClients(ResourceConfig.GetClients(""))
.AddAspNetIdentity <AppUser>();
services.AddSingleton <IEmailSender, EmailSender>(s => new EmailSender(appSettings.EmailConfig));
if (environment.IsDevelopment())
{
builder.AddDeveloperSigningCredential();
}
else
{
throw new Exception("need to configure key material");
}
services.AddControllersWithViews();
}
public void ConfigureServices(IServiceCollection services)
{
// Initialize strongly-typed general configuration and add it to our dependency injection container
IConfigurationSection generalConfigSection = Configuration.GetSection("GeneralConfig");
GeneralConfig generalConfig = generalConfigSection.Get <GeneralConfig>();
services.Configure <GeneralConfig>(options => generalConfigSection.Bind(options));
// Configure CORS based on the origins specified in our configuration
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder
.WithOrigins(generalConfig.AllowedCorsOrigins)
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
services.Configure <CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
/* Configure our instance of IdentityServer. This is where
* much of the magic happens. */
services.AddIdentityServer()
/* Add statically-generated clients, identity resources, and API resources
* for our quickstart. For an important production application we'd probably
* want to configure this from a persistent store. */
.AddInMemoryClients(ClientConfig.GetClients())
.AddInMemoryIdentityResources(ResourceConfig.GetIdentityResources())
.AddInMemoryApiResources(ResourceConfig.GetApiResources())
.AddInMemoryPersistedGrants()
/* Add our test users alice and bob for demo purposes. For a production
* application we'd obviously want to replace this with a persistent user
* store, which generally would be implementation-specific. */
.AddTestUsers(TestUsersConfig.GetUsers())
/* Use AddDeveloperSigningCredential for debugging only. When we deploy
* we should consider using AddSigningCredential. */
.AddDeveloperSigningCredential()
/* ProfileService is used to issue claims for our id tokens
* and access tokens. */
.AddProfileService <ProfileService>();
// Configure external identity providers
services.AddAuthentication()
/* As a demo external identity provider we're using the hosted IdentityServer demo
* application. Users can log in via their Google account or as alice/alice or bob/bob. */
.AddOpenIdConnect("oidc", "OpenID Connect", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.Authority = "https://demo.identityserver.io/";
options.ClientId = "implicit";
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}