public static IIdentityServerBuilder AddCustomIdentityServerServices(
this IServiceCollection services, IWebHostEnvironment env, GlobalSettings globalSettings)
{
var issuerUri = new Uri(globalSettings.BaseServiceUri.InternalIdentity);
var identityServerBuilder = services
.AddIdentityServer(options =>
{
options.Endpoints.EnableAuthorizeEndpoint = false;
options.Endpoints.EnableIntrospectionEndpoint = false;
options.Endpoints.EnableEndSessionEndpoint = false;
options.Endpoints.EnableUserInfoEndpoint = false;
options.Endpoints.EnableCheckSessionEndpoint = false;
options.Endpoints.EnableTokenRevocationEndpoint = false;
options.IssuerUri = $"{issuerUri.Scheme}://{issuerUri.Host}";
options.Caching.ClientStoreExpiration = new TimeSpan(0, 5, 0);
})
.AddInMemoryCaching()
.AddInMemoryApiResources(ApiResources.GetApiResources())
.AddClientStoreCache <ClientStore>();
if (env.IsDevelopment())
{
identityServerBuilder.AddDeveloperSigningCredential(false);
}
else if (globalSettings.SelfHosted &&
CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword) &&
File.Exists("identity.pfx"))
{
var identityServerCert = CoreHelpers.GetCertificate("identity.pfx",
globalSettings.IdentityServer.CertificatePassword);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificateThumbprint))
{
var identityServerCert = CoreHelpers.GetCertificate(
globalSettings.IdentityServer.CertificateThumbprint);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else if (!globalSettings.SelfHosted &&
CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString) &&
CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword))
{
var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString);
var identityServerCert = CoreHelpers.GetBlobCertificateAsync(storageAccount, "certificates",
"identity.pfx", globalSettings.IdentityServer.CertificatePassword).GetAwaiter().GetResult();
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else
{
throw new Exception("No identity certificate to use.");
}
services.AddTransient <ClientStore>();
services.AddTransient <ICorsPolicyService, AllowAllCorsPolicyService>();
services.AddScoped <IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddScoped <IProfileService, ProfileService>();
services.AddSingleton <IPersistedGrantStore, PersistedGrantStore>();
return(identityServerBuilder);
}
public static void AddCustomDataProtectionServices(
this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings)
{
if (env.IsDevelopment())
{
return;
}
if (globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.DataProtection.Directory))
{
services.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(globalSettings.DataProtection.Directory));
}
if (!globalSettings.SelfHosted && CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString))
{
var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString);
X509Certificate2 dataProtectionCert = null;
if (CoreHelpers.SettingHasValue(globalSettings.DataProtection.CertificateThumbprint))
{
dataProtectionCert = CoreHelpers.GetCertificate(
globalSettings.DataProtection.CertificateThumbprint);
}
else if (CoreHelpers.SettingHasValue(globalSettings.DataProtection.CertificatePassword))
{
dataProtectionCert = CoreHelpers.GetBlobCertificateAsync(storageAccount, "certificates",
"dataprotection.pfx", globalSettings.DataProtection.CertificatePassword)
.GetAwaiter().GetResult();
}
services.AddDataProtection()
.PersistKeysToAzureBlobStorage(storageAccount, "aspnet-dataprotection/keys.xml")
.ProtectKeysWithCertificate(dataProtectionCert);
}
}
public static IIdentityServerBuilder AddIdentityServerCertificate(
this IIdentityServerBuilder identityServerBuilder, IWebHostEnvironment env, GlobalSettings globalSettings)
{
if (globalSettings.SelfHosted &&
CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword) &&
File.Exists("identity.pfx"))
{
var identityServerCert = CoreHelpers.GetCertificate("identity.pfx",
globalSettings.IdentityServer.CertificatePassword);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else if (CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificateThumbprint))
{
var identityServerCert = CoreHelpers.GetCertificate(
globalSettings.IdentityServer.CertificateThumbprint);
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else if (!globalSettings.SelfHosted &&
CoreHelpers.SettingHasValue(globalSettings.Storage?.ConnectionString) &&
CoreHelpers.SettingHasValue(globalSettings.IdentityServer.CertificatePassword))
{
var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString);
var identityServerCert = CoreHelpers.GetBlobCertificateAsync(storageAccount, "certificates",
"identity.pfx", globalSettings.IdentityServer.CertificatePassword).GetAwaiter().GetResult();
identityServerBuilder.AddSigningCredential(identityServerCert);
}
else if (env.IsDevelopment())
{
identityServerBuilder.AddDeveloperSigningCredential(false);
}
else
{
throw new Exception("No identity certificate to use.");
}
return(identityServerBuilder);
}
