public void ConfigureServices(IServiceCollection services) { _logger.Debug("Building services collection"); services.AddSingleton(ApiSettings); services.AddSingleton(Configuration); AssemblyLoaderHelper.LoadAssembliesFromExecutingFolder(); var pluginInfos = LoadPlugins(); services.AddSingleton(pluginInfos); // this allows the solution to resolve the claims principal. this is not best practice defined by the // netcore team, as the claims principal is on the controllers. // c.f. https://docs.microsoft.com/en-us/aspnet/core/migration/claimsprincipal-current?view=aspnetcore-3.1 services.AddHttpContextAccessor(); // this is opening up all sites to connect to the server. this should probably be reviewed. services.AddCors( options => { options.AddPolicy( CorsPolicyName, builder => builder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .WithExposedHeaders("*")); }); // will apply the MvcConfigurator at runtime. var mvcBuilder = services .AddControllers(options => options.OutputFormatters.Add(new GraphMLMediaTypeOutputFormatter())) .AddNewtonsoftJson( options => { options.SerializerSettings.NullValueHandling = NullValueHandling.Ignore; options.SerializerSettings.DateTimeZoneHandling = DateTimeZoneHandling.Utc; options.SerializerSettings.DateParseHandling = DateParseHandling.None; options.SerializerSettings.Formatting = Formatting.Indented; options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); }); // Add controllers for the plugins foreach (var pluginInfo in pluginInfos) { var pluginAssembly = pluginInfo.Assembly; // This loads MVC application parts from plugin assemblies var partFactory = ApplicationPartFactory.GetApplicationPartFactory(pluginAssembly); foreach (var part in partFactory.GetApplicationParts(pluginAssembly)) { mvcBuilder.PartManager.ApplicationParts.Add(part); } } mvcBuilder.AddControllersAsServices(); services.AddMvc() .ConfigureApiBehaviorOptions( options => { options.InvalidModelStateResponseFactory = actionContext => new BadRequestObjectResult(ErrorTranslator.GetErrorMessage(actionContext.ModelState)); }); services.AddAuthentication(EdFiAuthenticationTypes.OAuth) .AddScheme <AuthenticationSchemeOptions, EdFiOAuthAuthenticationHandler>(EdFiAuthenticationTypes.OAuth, null); services.AddApplicationInsightsTelemetry( options => { options.ApplicationVersion = ApiVersionConstants.Version; }); if (ApiSettings.IsFeatureEnabled(ApiFeature.IdentityManagement.GetConfigKeyName())) { services.AddAuthorization( options => { options.AddPolicy("IdentityManagement", policy => policy.RequireAssertion( context => context.User .HasClaim(c => c.Type == $"{EdFiConventions.EdFiOdsResourceClaimBaseUri}/domains/identity"))); }); } }