public static IServiceCollection AddConfiguredDbContext( this IServiceCollection serviceCollection, IdentitySiteSettings siteSettings) { switch (siteSettings.ActiveDatabase) { case ActiveDatabase.InMemoryDatabase: throw new NotSupportedException("Not Support now"); case ActiveDatabase.LocalDb: case ActiveDatabase.SqlServer: //serviceCollection.AddConfiguredMsSqlDbContext(siteSettings); break; case ActiveDatabase.SQLite: throw new NotSupportedException("Not Support now"); default: throw new NotSupportedException("Please set the ActiveDatabase in appsettings.json file."); } return(serviceCollection); }
private static X509Certificate2 LoadCertificateFromFile(IdentitySiteSettings siteSettings) { // NOTE: // You should check out the identity of your application pool and make sure // that the `Load user profile` option is turned on, otherwise the crypto subsystem won't work. var certificate = siteSettings.DataProtectionX509Certificate; var fileName = Path.Combine(ServerInfo.GetAppDataFolderPath(), certificate.FileName); // For decryption the certificate must be in the certificate store. It's a limitation of how EncryptedXml works. using (var store = new X509Store(StoreName.My, StoreLocation.CurrentUser)) { store.Open(OpenFlags.ReadWrite); store.Add(new X509Certificate2(fileName, certificate.Password, X509KeyStorageFlags.Exportable)); } return(new X509Certificate2( fileName, certificate.Password, keyStorageFlags: X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable)); }
public static IServiceCollection AddIdentityOptions( this IServiceCollection services, IdentitySiteSettings siteSettings) { if (siteSettings == null) { throw new ArgumentNullException(nameof(siteSettings)); } services.AddConfirmEmailDataProtectorTokenOptions(siteSettings); services.AddIdentity <User, Role>(identityOptions => { SetPasswordOptions(identityOptions.Password, siteSettings); SetSignInOptions(identityOptions.SignIn, siteSettings); SetUserOptions(identityOptions.User); SetLockoutOptions(identityOptions.Lockout, siteSettings); }).AddUserStore <ApplicationUserStore>() .AddUserManager <ApplicationUserManager>() .AddRoleStore <ApplicationRoleStore>() .AddRoleManager <ApplicationRoleManager>() .AddSignInManager <ApplicationSignInManager>() .AddErrorDescriber <CustomIdentityErrorDescriber>() // You **cannot** use .AddEntityFrameworkStores() when you customize everything //.AddEntityFrameworkStores<ApplicationDbContext, int>() .AddDefaultTokenProviders() .AddTokenProvider <ConfirmEmailDataProtectorTokenProvider <User> >(EmailConfirmationTokenProviderName); services.ConfigureApplicationCookie(identityOptionsCookies => { var provider = services.BuildServiceProvider(); SetApplicationCookieOptions(provider, identityOptionsCookies, siteSettings); }); services.EnableImmediateLogout(); return(services); }
public static IServiceCollection AddCustomDataProtection( this IServiceCollection services, IdentitySiteSettings siteSettings) { services.AddSingleton <IXmlRepository, DataProtectionKeyService>(); services.AddSingleton <IConfigureOptions <KeyManagementOptions> >(serviceProvider => { return(new ConfigureOptions <KeyManagementOptions>(options => { var scopeFactory = serviceProvider.GetRequiredService <IServiceScopeFactory>(); using var scope = scopeFactory.CreateScope(); options.XmlRepository = scope.ServiceProvider.GetRequiredService <IXmlRepository>(); })); }); var certificate = LoadCertificateFromFile(siteSettings); services .AddDataProtection() .SetDefaultKeyLifetime(siteSettings.DataProtectionOptions.DataProtectionKeyLifetime) .SetApplicationName(siteSettings.DataProtectionOptions.ApplicationName) .ProtectKeysWithCertificate(certificate); return(services); }
public AppSqlCacheConfiguration(IdentitySiteSettings siteSettings) { _siteSettings = siteSettings; }
private static void SetLockoutOptions(LockoutOptions identityOptionsLockout, IdentitySiteSettings siteSettings) { identityOptionsLockout.AllowedForNewUsers = siteSettings.LockoutOptions.AllowedForNewUsers; identityOptionsLockout.DefaultLockoutTimeSpan = siteSettings.LockoutOptions.DefaultLockoutTimeSpan; identityOptionsLockout.MaxFailedAccessAttempts = siteSettings.LockoutOptions.MaxFailedAccessAttempts; }
private static void SetApplicationCookieOptions(IServiceProvider provider, CookieAuthenticationOptions identityOptionsCookies, IdentitySiteSettings siteSettings) { identityOptionsCookies.Cookie.Name = siteSettings.CookieOptions.CookieName; identityOptionsCookies.Cookie.HttpOnly = true; identityOptionsCookies.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; identityOptionsCookies.Cookie.SameSite = SameSiteMode.Lax; identityOptionsCookies.Cookie.IsEssential = true; // this cookie will always be stored regardless of the user's consent identityOptionsCookies.ExpireTimeSpan = siteSettings.CookieOptions.ExpireTimeSpan; identityOptionsCookies.SlidingExpiration = siteSettings.CookieOptions.SlidingExpiration; identityOptionsCookies.LoginPath = siteSettings.CookieOptions.LoginPath; identityOptionsCookies.LogoutPath = siteSettings.CookieOptions.LogoutPath; identityOptionsCookies.AccessDeniedPath = siteSettings.CookieOptions.AccessDeniedPath; if (siteSettings.CookieOptions.UseDistributedCacheTicketStore) { // To manage large identity cookies identityOptionsCookies.SessionStore = provider.GetRequiredService <ITicketStore>(); } }
private static void AddConfirmEmailDataProtectorTokenOptions(this IServiceCollection services, IdentitySiteSettings siteSettings) { services.Configure <IdentityOptions>(options => { options.Tokens.EmailConfirmationTokenProvider = EmailConfirmationTokenProviderName; }); services.Configure <ConfirmEmailDataProtectionTokenProviderOptions>(options => { options.TokenLifespan = siteSettings.EmailConfirmationTokenProviderLifespan; }); }
private static void SetSignInOptions(SignInOptions identityOptionsSignIn, IdentitySiteSettings siteSettings) { identityOptionsSignIn.RequireConfirmedEmail = siteSettings.EnableEmailConfirmation; }
private static void SetPasswordOptions(PasswordOptions identityOptionsPassword, IdentitySiteSettings siteSettings) { identityOptionsPassword.RequireDigit = siteSettings.PasswordOptions.RequireDigit; identityOptionsPassword.RequireLowercase = siteSettings.PasswordOptions.RequireLowercase; identityOptionsPassword.RequireNonAlphanumeric = siteSettings.PasswordOptions.RequireNonAlphanumeric; identityOptionsPassword.RequireUppercase = siteSettings.PasswordOptions.RequireUppercase; identityOptionsPassword.RequiredLength = siteSettings.PasswordOptions.RequiredLength; }