Пример #1
0
        public void ConfigureServices(IServiceCollection services)
        {
            var issuerSigningKey           = ExtractIssuerSigningKey("openid_key.txt");
            var sigJsonWebKey              = ExtractJsonWebKeyFromRSA("openid_key.txt", "RS256");
            var firstMtlsClientJsonWebKey  = ExtractJsonWebKeyFromRSA("first_mtlsClient_key.txt", "PS256");
            var secondMtlsClientJsonWebKey = ExtractJsonWebKeyFromRSA("second_mtlsClient_key.txt", "PS256");
            var json = firstMtlsClientJsonWebKey.Serialize().ToString();
            var jObj = secondMtlsClientJsonWebKey.Serialize();

            services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin()
                                                          .AllowAnyMethod()
                                                          .AllowAnyHeader()));
            services.AddMvc(option => option.EnableEndpointRouting = false).AddNewtonsoftJson();
            services.AddAuthorization(opts => opts.AddDefaultOAUTHAuthorizationPolicy());
            services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
            .AddCookie()
            .AddJwtBearer(OAuth.Constants.AuthenticationScheme, cfg =>
            {
                cfg.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
                {
                    ValidAudiences = new List <string>
                    {
                        "gatewayClient"
                    },
                    ValidateIssuer           = false,
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey         = issuerSigningKey
                };
            })
            .AddCertificate(o =>
            {
                o.RevocationFlag = X509RevocationFlag.EntireChain;
                o.RevocationMode = X509RevocationMode.NoCheck;
            });
            services.AddSIDOpenID(opt =>
            {
                opt.IsLocalhostAllowed              = true;
                opt.IsRedirectionUrlHTTPSRequired   = false;
                opt.IsInitiateLoginUriHTTPSRequired = true;
            }, opt =>
            {
                opt.MtlsEnabled   = true;
                opt.DefaultScopes = new List <string>
                {
                    SIDOpenIdConstants.StandardScopes.Profile.Name,
                    SIDOpenIdConstants.StandardScopes.Email.Name,
                    SIDOpenIdConstants.StandardScopes.Address.Name,
                    SIDOpenIdConstants.StandardScopes.Phone.Name,
                    SIDOpenIdConstants.StandardScopes.OfflineAccessScope.Name
                };
            })
            .AddClients(DefaultConfiguration.GetClients(firstMtlsClientJsonWebKey, secondMtlsClientJsonWebKey, sigJsonWebKey), DefaultConfiguration.Scopes)
            .AddAcrs(DefaultConfiguration.AcrLst)
            .AddUsers(DefaultConfiguration.Users)
            .AddJsonWebKeys(new List <JsonWebKey> {
                sigJsonWebKey
            })
            .AddLoginPasswordAuthentication()
            .AddSMSAuthentication();
            // ConfigureFireBase();
            var d = Directory.GetCurrentDirectory();

            services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(Directory.GetCurrentDirectory()));
            services.Configure <ForwardedHeadersOptions>(options =>
            {
                options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
            });
        }