// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddTransient <IHttpContextAccessor, HttpContextAccessor>();
services.AddControllers()
.AddNewtonsoftJson()
.SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
#region Enable Authentication
IdentityModelEventSource.ShowPII = true; //Add this line
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
//options.Authority = "https://localhost:6001"; // Base-address of your identityserver
//options.RequireHttpsMetadata = true;
string authServerBaseUrl = this.Configuration["Host:AuthServer"];
bool isRequireHttpsMetadata = (!string.IsNullOrEmpty(authServerBaseUrl) && authServerBaseUrl.StartsWith("https")) ? true : false;
options.Authority = string.IsNullOrEmpty(authServerBaseUrl) ? "https://localhost:6001" : authServerBaseUrl;
options.RequireHttpsMetadata = isRequireHttpsMetadata;
options.Audience = "MyBackendApi2"; // API Resource name
options.TokenValidationParameters.ClockSkew = TimeSpan.Zero; // The JWT security token handler allows for 5 min clock skew in default
options.BackchannelHttpHandler = AuthMetadataUtils.GetHttpHandler();
options.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = (e) =>
{
// Some callback here ...
return(Task.CompletedTask);
}
};
});
#endregion
#region Enable policy-based authorization
// Required: Role "admin"
services.AddAuthorization(options => options.AddPolicy("AdminPolicy", policy => policy.RequireRole("admin")));
// Required: Role "user"
services.AddAuthorization(options => options.AddPolicy("UserPolicy", policy => policy.RequireRole("user")));
// Required: Role "sit"
services.AddAuthorization(options => options.AddPolicy("SitPolicy", policy => policy.RequireRole("sit")));
// Required: Role "admin" OR "user"
services.AddAuthorization(options => options.AddPolicy("AdminOrUserPolicy", policy => policy.RequireRole("admin", "user")));
// Required: Department "Sales"
services.AddAuthorization(options => options.AddPolicy("SalesDepartmentPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales")));
// Required: Department "CRM"
services.AddAuthorization(options => options.AddPolicy("CrmDepartmentPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "CRM")));
// Required: Department "Sales" AND Role "admin"
services.AddAuthorization(options => options.AddPolicy("SalesDepartmentAndAdminPolicy",
policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales").RequireRole("admin")));
// Required: Department "Sales" AND Role "admin" or "user"
services.AddAuthorization(options => options.AddPolicy("SalesDepartmentAndAdminOrUserPolicy",
policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales").RequireRole("admin", "user")));
// Required: Department "Sales" OR Role "admin"
services.AddAuthorization(options => options.AddPolicy("SalesDepartmentOrAdminPolicy", policy => policy.RequireAssertion(
context => context.User.Claims.Any(
x => (x.Type.Equals(CustomClaimTypes.Department) && x.Value.Equals("Sales")) || (x.Type.Equals(ClaimTypes.Role) && x.Value.Equals("admin"))))));
#endregion
#region Enable custom Authorization Handlers (The registration order matters!)
services.AddSingleton <IAuthorizationHandler, EmailDomainAuthHandler>();
services.AddSingleton <IAuthorizationHandler, UserNameAuthHandler>();
services.AddAuthorization(options =>
{
var emailDomainRequirement = new EmailDomainRequirement("fake.com");
var userNameRequirement = new UserNameRequirement("jblin");
// options.InvokeHandlersAfterFailure = false; // Default: true
options.AddPolicy("DoaminAndUsernamePolicy", policy =>
policy.AddRequirements(emailDomainRequirement, userNameRequirement));
});
#endregion
#region Inject AppSetting configuration
services.Configure <AppSettings>(this.Configuration);
#endregion
#region HttpClient Factory
services.AddHttpClient("AuthHttpClient",
config =>
{
config.Timeout = TimeSpan.FromMinutes(5);
// config.BaseAddress = new Uri("https://localhost:6001/");
config.DefaultRequestHeaders.Add("Accept", "application/json");
})
.ConfigurePrimaryHttpMessageHandler(h =>
{
var handler = new HttpClientHandler();
// Enable sending request to server with untrusted SSL cert
handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
return(handler);
})
.SetHandlerLifetime(TimeSpan.FromMinutes(5)); // HttpMessageHandler lifetime = 2 min
// services.AddHttpClient<IIdentityClient, IdentityClient>().SetHandlerLifetime(TimeSpan.FromMinutes(2)) // HttpMessageHandler default lifetime = 2 min
// .ConfigurePrimaryHttpMessageHandler(h =>
// {
// var handler = new HttpClientHandler();
// if (this.env.IsDevelopment())
// {
// //Allow untrusted Https connection
// handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
// }
// return handler;
// });
#endregion
#region Identity Client
services.AddSingleton <IIdentityClient, IdentityClient>();
#endregion
#region Inject Cache service
services.AddCacheServices();
#endregion
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddTransient <IHttpContextAccessor, HttpContextAccessor>();
// services.AddControllers()
services.AddControllersWithViews()
.AddRazorOptions(
options => {
//{2} is area, {1} is controller,{0} is the action
options.ViewLocationFormats.Add("/Areas/{1}/Views/{0}.cshtml");
})
.AddNewtonsoftJson()
.SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
#region OpenAPI specification (Swagger)
services.AddOpenApiSpec <CustomSwaggerConfig>();
#endregion
#region Enable Authentication
services.AddJwtAuthentication(this.appSettings);
services.AddOpenIdAuthentication(this.appSettings);
#endregion
#region Enable policy-based authorization
// Required: Role "admin"
services.AddAuthorization(options => options.AddPolicy("AdminPolicy", policy => policy.RequireRole("admin")));
// Required: Role "user"
services.AddAuthorization(options => options.AddPolicy("UserPolicy", policy => policy.RequireRole("user")));
// Required: Role "sit"
services.AddAuthorization(options => options.AddPolicy("SitPolicy", policy => policy.RequireRole("sit")));
// Required: Role "admin" OR "user"
services.AddAuthorization(options => options.AddPolicy("AdminOrUserPolicy", policy => policy.RequireRole("admin", "user")));
// Required: Department "Sales"
services.AddAuthorization(options => options.AddPolicy("SalesDepartmentPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales")));
// Required: Department "CRM"
services.AddAuthorization(options => options.AddPolicy("CrmDepartmentPolicy", policy => policy.RequireClaim(CustomClaimTypes.Department, "CRM")));
// Required: Department "Sales" AND Role "admin"
services.AddAuthorization(options => options.AddPolicy("SalesDepartmentAndAdminPolicy",
policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales").RequireRole("admin")));
// Required: Department "Sales" AND Role "admin" or "user"
services.AddAuthorization(options => options.AddPolicy("SalesDepartmentAndAdminOrUserPolicy",
policy => policy.RequireClaim(CustomClaimTypes.Department, "Sales").RequireRole("admin", "user")));
// Required: Department "Sales" OR Role "admin"
services.AddAuthorization(options => options.AddPolicy("SalesDepartmentOrAdminPolicy", policy => policy.RequireAssertion(
context => context.User.Claims.Any(
x => (x.Type.Equals(CustomClaimTypes.Department) && x.Value.Equals("Sales")) || (x.Type.Equals(ClaimTypes.Role) && x.Value.Equals("admin"))))));
#endregion
#region Enable custom Authorization Handlers (The registration order matters!)
services.AddSingleton <IAuthorizationHandler, EmailDomainAuthHandler>();
services.AddSingleton <IAuthorizationHandler, UserNameAuthHandler>();
services.AddAuthorization(options =>
{
var emailDomainRequirement = new EmailDomainRequirement("xxx.com");
var userNameRequirement = new UserNameRequirement("jblin");
// options.InvokeHandlersAfterFailure = false; // Default: true
options.AddPolicy("DoaminAndUsernamePolicy", policy =>
policy.AddRequirements(emailDomainRequirement, userNameRequirement));
});
#endregion
#region Inject AppSetting configuration
services.Configure <AppSettings>(this.Configuration);
#endregion
#region HttpClient Factory
services.AddHttpClient(HttpClientNameFactory.AuthHttpClient,
config =>
{
config.Timeout = TimeSpan.FromMinutes(5);
// config.BaseAddress = new Uri("https://localhost:6001/");
config.DefaultRequestHeaders.Add("Accept", "application/json");
})
.ConfigurePrimaryHttpMessageHandler(h =>
{
var handler = new HttpClientHandler();
// Enable sending request to server with untrusted SSL cert
handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
return(handler);
})
.SetHandlerLifetime(TimeSpan.FromMinutes(5)); // HttpMessageHandler lifetime = 2 min
// services.AddHttpClient<IIdentityClient, IdentityClient>().SetHandlerLifetime(TimeSpan.FromMinutes(2)) // HttpMessageHandler default lifetime = 2 min
// .ConfigurePrimaryHttpMessageHandler(h =>
// {
// var handler = new HttpClientHandler();
// if (this.env.IsDevelopment())
// {
// //Allow untrusted Https connection
// handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
// }
// return handler;
// });
#endregion
#region Identity Client
services.AddSingleton <IIdentityClient, IdentityClient>();
#endregion
#region Inject Cache service
services.AddCacheServices();
#endregion
#region Inject other custom services/utils...etc
services.AddCustomServices();
#endregion
}
