Added containerized configuration for mvc and blazor-server

2 years ago · 07ea9ee156
4 changed files with 92 additions and 2 deletions
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs
@ -5,6 +5,7 @@ using Blazorise.Icons.FontAwesome;
 using Medallion.Threading;
 using Medallion.Threading.Redis;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@ -183,6 +184,49 @@ public class MyProjectNameBlazorModule : AbpModule
                options.Scope.Add("phone");
                options.Scope.Add("MyProjectName");
            });
+            /*
+            * This configuration is used when the AuthServer is running on the internal network such as docker or k8s.
+            * Configuring the redirecting URLs for internal network and the web
+            * The login and the logout URLs are configured to redirect to the AuthServer real DNS for browser.
+            * The token acquired and validated from the the internal network AuthServer URL. 
+            */
+            if (configuration.GetValue<bool>("AuthServer:IsContainerized"))
+            {
+                context.Services.Configure<OpenIdConnectOptions>("oidc", options =>
+                {
+                    options.TokenValidationParameters.ValidIssuers = new[]
+                    {
+                        configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/'),
+                        configuration["AuthServer:Authority"]!.EnsureEndsWith('/')
+                    };
+
+                    options.MetadataAddress = configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/') +
+                                            ".well-known/openid-configuration";
+
+                    var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider;
+                    options.Events.OnRedirectToIdentityProvider = async ctx =>
+                    {
+                        // Intercept the redirection so the browser navigates to the right URL in your host
+                        ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/authorize";
+
+                        if (previousOnRedirectToIdentityProvider != null)
+                        {
+                            await previousOnRedirectToIdentityProvider(ctx);
+                        }
+                    };
+                    var previousOnRedirectToIdentityProviderForSignOut = options.Events.OnRedirectToIdentityProviderForSignOut;
+                    options.Events.OnRedirectToIdentityProviderForSignOut = async ctx =>
+                    {
+                        // Intercept the redirection for signout so the browser navigates to the right URL in your host
+                        ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/logout";
+
+                        if (previousOnRedirectToIdentityProviderForSignOut != null)
+                        {
+                            await previousOnRedirectToIdentityProviderForSignOut(ctx);
+                        }
+                    };
+                });
+            }
    }

    private void ConfigureVirtualFileSystem(IWebHostEnvironment hostingEnvironment)
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/appsettings.json
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/appsettings.json
@ -14,7 +14,8 @@
    "Authority": "https://localhost:44301",
    "RequireHttpsMetadata": true,
    "ClientId": "MyProjectName_BlazorServerTiered",
-    "ClientSecret": "1q2w3e*"
+    "ClientSecret": "1q2w3e*",
+    "IsContainerized": false
  },
  "StringEncryption": {
    "DefaultPassPhrase": "gsKnGZ041HLL4IM8"
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs
@ -2,6 +2,7 @@ using System;
 using System.IO;
 using Medallion.Threading;
 using Medallion.Threading.Redis;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@ -165,6 +166,49 @@ public class MyProjectNameWebModule : AbpModule
                options.Scope.Add("phone");
                options.Scope.Add("MyProjectName");
            });
+            /*
+            * This configuration is used when the AuthServer is running on the internal network such as docker or k8s.
+            * Configuring the redirecting URLs for internal network and the web
+            * The login and the logout URLs are configured to redirect to the AuthServer real DNS for browser.
+            * The token acquired and validated from the the internal network AuthServer URL. 
+            */
+            if (configuration.GetValue<bool>("AuthServer:IsContainerized"))
+            {
+                context.Services.Configure<OpenIdConnectOptions>("oidc", options =>
+                {
+                    options.TokenValidationParameters.ValidIssuers = new[]
+                    {
+                        configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/'),
+                        configuration["AuthServer:Authority"]!.EnsureEndsWith('/')
+                    };
+
+                    options.MetadataAddress = configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/') +
+                                            ".well-known/openid-configuration";
+
+                    var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider;
+                    options.Events.OnRedirectToIdentityProvider = async ctx =>
+                    {
+                        // Intercept the redirection so the browser navigates to the right URL in your host
+                        ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/authorize";
+
+                        if (previousOnRedirectToIdentityProvider != null)
+                        {
+                            await previousOnRedirectToIdentityProvider(ctx);
+                        }
+                    };
+                    var previousOnRedirectToIdentityProviderForSignOut = options.Events.OnRedirectToIdentityProviderForSignOut;
+                    options.Events.OnRedirectToIdentityProviderForSignOut = async ctx =>
+                    {
+                        // Intercept the redirection for signout so the browser navigates to the right URL in your host
+                        ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/logout";
+
+                        if (previousOnRedirectToIdentityProviderForSignOut != null)
+                        {
+                            await previousOnRedirectToIdentityProviderForSignOut(ctx);
+                        }
+                    };
+                });
+            }
    }

    private void ConfigureAutoMapper()
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json
@ -14,7 +14,8 @@
    "Authority": "https://localhost:44301",
    "RequireHttpsMetadata": true,
    "ClientId": "MyProjectName_Web",
-    "ClientSecret": "1q2w3e*"
+    "ClientSecret": "1q2w3e*",
+    "IsContainerized": false
  },
  "StringEncryption": {
    "DefaultPassPhrase": "gsKnGZ041HLL4IM8"