/// <summary> /// Adds the default secret validators. /// </summary> /// <param name="builder">The builder.</param> /// <returns></returns> public static IIdentityServerBuilder AddDefaultSecretValidators(this IIdentityServerBuilder builder) { builder.Services.AddTransient <ISecretValidator, HashedSharedSecretValidator>(); return(builder); }
/// <summary> /// Adds a CORS policy service. /// </summary> /// <typeparam name="T">The type of the concrete scope store class that is registered in DI.</typeparam> /// <param name="builder">The builder.</param> /// <returns></returns> public static IIdentityServerBuilder AddCorsPolicyService <T>(this IIdentityServerBuilder builder) where T : class, ICorsPolicyService { builder.Services.AddTransient <ICorsPolicyService, T>(); return(builder); }
/// <summary> /// Configure API & Resources /// Note: Api's have also to be configured for clients as part of allowed scope for a given clientID /// </summary> /// <param name="builder"></param> /// <returns></returns> public static IIdentityServerBuilder AddIdentityApiResources(this IIdentityServerBuilder builder) { builder.Services.AddTransient <IResourceStore, CustomResourceStore>(); return(builder); }
/// <summary> /// Configure Grants /// </summary> /// <param name="builder">The builder.</param> /// <returns></returns> public static IIdentityServerBuilder AddPersistedGrants(this IIdentityServerBuilder builder) { builder.Services.TryAddSingleton <IPersistedGrantStore, CustomPersistedGrantStore>(); return(builder); }
/// <summary> /// Configure ClientId / Secrets /// </summary> /// <param name="builder"></param> /// <param name="configurationOption"></param> /// <returns></returns> public static IIdentityServerBuilder AddClients(this IIdentityServerBuilder builder) { builder.Services.AddTransient <IClientStore, CustomClientStore>(); builder.Services.AddTransient <ICorsPolicyService, InMemoryCorsPolicyService>(); return(builder); }
/// <summary> /// Adds mongodb implementation for the "Asp Net Core Identity" part (saving user and roles) /// </summary> /// <remarks><![CDATA[ /// Contains implemenations for /// - IUserStore<T> /// - IRoleStore<T> /// ]]></remarks> public static IIdentityServerBuilder AddMongoDbForAspIdentity <TIdentity, TRole>(this IIdentityServerBuilder builder, IConfigurationRoot configurationRoot) where TIdentity : IdentityUser where TRole : IdentityRole { //User Mongodb for Asp.net identity in order to get users stored var configurationOptions = configurationRoot.Get <ConfigurationOptions>(); var client = new MongoClient(configurationOptions.MongoConnection); var database = client.GetDatabase(configurationOptions.MongoDatabaseName); // Configure Asp Net Core Identity / Role to use MongoDB builder.Services.AddSingleton <IUserStore <TIdentity> >(x => { var usersCollection = database.GetCollection <TIdentity>("Identity_Users"); IndexChecks.EnsureUniqueIndexOnNormalizedEmail(usersCollection); IndexChecks.EnsureUniqueIndexOnNormalizedUserName(usersCollection); return(new UserStore <TIdentity>(usersCollection)); }); builder.Services.AddSingleton <IRoleStore <TRole> >(x => { var rolesCollection = database.GetCollection <TRole>("Identity_Roles"); IndexChecks.EnsureUniqueIndexOnNormalizedRoleName(rolesCollection); return(new RoleStore <TRole>(rolesCollection)); }); builder.Services.AddIdentity <TIdentity, TRole>(); return(builder); }
/// <summary> /// Adds mongo repository (mongodb) for IdentityServer /// </summary> /// <param name="builder"></param> /// <returns></returns> public static IIdentityServerBuilder AddMongoRepository(this IIdentityServerBuilder builder) { builder.Services.AddTransient <IRepository, MongoRepository>(); return(builder); }
/// <summary> /// Add custom signing certificate from certification store according thumbprint or from file /// </summary> /// <param name="builder"></param> /// <param name="configuration"></param> /// <returns></returns> public static IIdentityServerBuilder AddCustomSigningCredential(this IIdentityServerBuilder builder, IConfiguration configuration) { var certificateConfiguration = configuration.GetSection(nameof(CertificateConfiguration)).Get <CertificateConfiguration>(); var azureKeyVaultConfiguration = configuration.GetSection(nameof(AzureKeyVaultConfiguration)).Get <AzureKeyVaultConfiguration>(); if (certificateConfiguration.UseSigningCertificateThumbprint) { if (string.IsNullOrWhiteSpace(certificateConfiguration.SigningCertificateThumbprint)) { throw new Exception(SigningCertificateThumbprintNotFound); } StoreLocation storeLocation = StoreLocation.LocalMachine; bool validOnly = certificateConfiguration.CertificateValidOnly; // Parse the Certificate StoreLocation string certStoreLocationLower = certificateConfiguration.CertificateStoreLocation.ToLower(); if (certStoreLocationLower == StoreLocation.CurrentUser.ToString().ToLower() || certificateConfiguration.CertificateStoreLocation == ((int)StoreLocation.CurrentUser).ToString()) { storeLocation = StoreLocation.CurrentUser; } else if (certStoreLocationLower == StoreLocation.LocalMachine.ToString().ToLower() || certStoreLocationLower == ((int)StoreLocation.LocalMachine).ToString()) { storeLocation = StoreLocation.LocalMachine; } else { storeLocation = StoreLocation.LocalMachine; validOnly = true; } // Open Certificate var certStore = new X509Store(StoreName.My, storeLocation); certStore.Open(OpenFlags.ReadOnly); var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, certificateConfiguration.SigningCertificateThumbprint, validOnly); if (certCollection.Count == 0) { throw new Exception(CertificateNotFound); } var certificate = certCollection[0]; builder.AddSigningCredential(certificate); } else if (certificateConfiguration.UseSigningCertificateForAzureKeyVault) { var x509Certificate2Certs = AzureKeyVaultHelpers.GetCertificates(azureKeyVaultConfiguration).GetAwaiter().GetResult(); builder.AddSigningCredential(x509Certificate2Certs.ActiveCertificate); } else if (certificateConfiguration.UseSigningCertificatePfxFile) { if (string.IsNullOrWhiteSpace(certificateConfiguration.SigningCertificatePfxFilePath)) { throw new Exception(SigningCertificatePathIsNotSpecified); } if (File.Exists(certificateConfiguration.SigningCertificatePfxFilePath)) { try { builder.AddSigningCredential(new X509Certificate2(certificateConfiguration.SigningCertificatePfxFilePath, certificateConfiguration.SigningCertificatePfxFilePassword)); } catch (Exception e) { throw new Exception("There was an error adding the key file - during the creation of the signing key", e); } } else { throw new Exception($"Signing key file: {certificateConfiguration.SigningCertificatePfxFilePath} not found"); } } else if (certificateConfiguration.UseTemporarySigningKeyForDevelopment) { builder.AddDeveloperSigningCredential(); } else { throw new Exception("Signing credential is not specified"); } return(builder); }
/// <summary> /// Adds the keys rotation. /// </summary> /// <param name="builder">The builder.</param> /// <param name="configureRsa">The configure RSA.</param> /// <returns></returns> public static IKeyRotationBuilder AddKeysRotation(this IIdentityServerBuilder builder, Action <KeyRotationOptions> configureKeysRotation = null) { return(builder.Services.AddKeysRotation(configureKeysRotation)); }