|
|
@ -24,6 +24,9 @@ namespace Microsoft.AspNet.Builder { |
|
|
public static class OpenIddictExtensions { |
|
|
public static class OpenIddictExtensions { |
|
|
public static OpenIddictBuilder AddOpenIddictCore<TApplication>( |
|
|
public static OpenIddictBuilder AddOpenIddictCore<TApplication>( |
|
|
[NotNull] this IdentityBuilder builder) where TApplication : class { |
|
|
[NotNull] this IdentityBuilder builder) where TApplication : class { |
|
|
|
|
|
builder.Services.AddAuthentication(); |
|
|
|
|
|
builder.Services.AddCaching(); |
|
|
|
|
|
|
|
|
builder.Services.AddSingleton( |
|
|
builder.Services.AddSingleton( |
|
|
typeof(OpenIdConnectServerProvider), |
|
|
typeof(OpenIdConnectServerProvider), |
|
|
typeof(OpenIddictProvider<,>).MakeGenericType( |
|
|
typeof(OpenIddictProvider<,>).MakeGenericType( |
|
|
@ -56,75 +59,74 @@ namespace Microsoft.AspNet.Builder { |
|
|
// Call the configuration delegate defined by the user.
|
|
|
// Call the configuration delegate defined by the user.
|
|
|
configuration(instance); |
|
|
configuration(instance); |
|
|
|
|
|
|
|
|
var types = app.ApplicationServices.GetRequiredService<OpenIddictBuilder>(); |
|
|
if (!instance.UseCustomViews) { |
|
|
|
|
|
app.UseStaticFiles(new StaticFileOptions { |
|
|
|
|
|
FileProvider = new EmbeddedFileProvider( |
|
|
|
|
|
assembly: Assembly.Load(new AssemblyName("OpenIddict.Assets")), |
|
|
|
|
|
baseNamespace: "OpenIddict.Assets") |
|
|
|
|
|
}); |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
// Run OpenIddict in an isolated environment.
|
|
|
app.UseCors(options => { |
|
|
return app.Isolate(builder => { |
|
|
options.AllowAnyHeader(); |
|
|
// Add the options to the ASP.NET context
|
|
|
options.AllowAnyMethod(); |
|
|
// before executing the rest of the pipeline.
|
|
|
options.AllowAnyOrigin(); |
|
|
builder.Use(next => context => { |
|
|
options.AllowCredentials(); |
|
|
context.Items[typeof(OpenIddictOptions)] = instance; |
|
|
}); |
|
|
|
|
|
|
|
|
return next(context); |
|
|
// Add OpenIdConnectServerMiddleware to the ASP.NET 5 pipeline.
|
|
|
}); |
|
|
app.UseOpenIdConnectServer(options => { |
|
|
|
|
|
// Resolve the OpenIddict provider from the global services container.
|
|
|
|
|
|
options.Provider = app.ApplicationServices.GetRequiredService<OpenIdConnectServerProvider>(); |
|
|
|
|
|
|
|
|
#if DNX451
|
|
|
// Copy the OpenIddict options to the ASOS configuration.
|
|
|
builder.UseKatana(owin => { |
|
|
options.Options.AuthenticationScheme = instance.AuthenticationScheme; |
|
|
// Insert a new middleware responsible of setting the Content-Security-Policy header.
|
|
|
|
|
|
// See https://nwebsec.codeplex.com/wikipage?title=Configuring%20Content%20Security%20Policy&referringTitle=NWebsec
|
|
|
|
|
|
owin.UseCsp(options => options.DefaultSources(directive => directive.Self()) |
|
|
|
|
|
.ImageSources(directive => directive.Self().CustomSources("*")) |
|
|
|
|
|
.ScriptSources(directive => directive.UnsafeInline()) |
|
|
|
|
|
.StyleSources(directive => directive.Self().UnsafeInline())); |
|
|
|
|
|
|
|
|
|
|
|
// Insert a new middleware responsible of setting the X-Content-Type-Options header.
|
|
|
|
|
|
// See https://nwebsec.codeplex.com/wikipage?title=Configuring%20security%20headers&referringTitle=NWebsec
|
|
|
|
|
|
owin.UseXContentTypeOptions(); |
|
|
|
|
|
|
|
|
|
|
|
// Insert a new middleware responsible of setting the X-Frame-Options header.
|
|
|
|
|
|
// See https://nwebsec.codeplex.com/wikipage?title=Configuring%20security%20headers&referringTitle=NWebsec
|
|
|
|
|
|
owin.UseXfo(options => options.Deny()); |
|
|
|
|
|
|
|
|
|
|
|
// Insert a new middleware responsible of setting the X-Xss-Protection header.
|
|
|
|
|
|
// See https://nwebsec.codeplex.com/wikipage?title=Configuring%20security%20headers&referringTitle=NWebsec
|
|
|
|
|
|
owin.UseXXssProtection(options => options.EnabledWithBlockMode()); |
|
|
|
|
|
}); |
|
|
|
|
|
#endif
|
|
|
|
|
|
if (!instance.UseCustomViews) { |
|
|
|
|
|
builder.UseStaticFiles(new StaticFileOptions { |
|
|
|
|
|
FileProvider = new EmbeddedFileProvider( |
|
|
|
|
|
assembly: Assembly.Load(new AssemblyName("OpenIddict.Assets")), |
|
|
|
|
|
baseNamespace: "OpenIddict.Assets") |
|
|
|
|
|
}); |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
builder.UseCors(options => { |
|
|
options.Options.Issuer = instance.Issuer; |
|
|
options.AllowAnyHeader(); |
|
|
|
|
|
options.AllowAnyMethod(); |
|
|
|
|
|
options.AllowAnyOrigin(); |
|
|
|
|
|
options.AllowCredentials(); |
|
|
|
|
|
}); |
|
|
|
|
|
|
|
|
|
|
|
// Add OpenIdConnectServerMiddleware to the ASP.NET 5 pipeline.
|
|
|
options.Options.AuthorizationEndpointPath = instance.AuthorizationEndpointPath; |
|
|
builder.UseOpenIdConnectServer(options => { |
|
|
options.Options.LogoutEndpointPath = instance.LogoutEndpointPath; |
|
|
// Resolve the OpenIddict provider from the global services container.
|
|
|
|
|
|
options.Provider = app.ApplicationServices.GetRequiredService<OpenIdConnectServerProvider>(); |
|
|
|
|
|
|
|
|
|
|
|
// Copy the OpenIddict options to the ASOS configuration.
|
|
|
options.Options.AccessTokenLifetime = instance.AccessTokenLifetime; |
|
|
options.Options.AuthenticationScheme = instance.AuthenticationScheme; |
|
|
options.Options.AuthorizationCodeLifetime = instance.AuthorizationCodeLifetime; |
|
|
|
|
|
options.Options.IdentityTokenLifetime = instance.IdentityTokenLifetime; |
|
|
|
|
|
options.Options.RefreshTokenLifetime = instance.RefreshTokenLifetime; |
|
|
|
|
|
|
|
|
options.Options.Issuer = instance.Issuer; |
|
|
options.Options.ApplicationCanDisplayErrors = instance.ApplicationCanDisplayErrors; |
|
|
|
|
|
options.Options.AllowInsecureHttp = instance.AllowInsecureHttp; |
|
|
|
|
|
}); |
|
|
|
|
|
|
|
|
options.Options.AuthorizationEndpointPath = instance.AuthorizationEndpointPath; |
|
|
#if DNX451
|
|
|
options.Options.LogoutEndpointPath = instance.LogoutEndpointPath; |
|
|
app.UseKatana(owin => { |
|
|
|
|
|
// Insert a new middleware responsible of setting the Content-Security-Policy header.
|
|
|
|
|
|
// See https://nwebsec.codeplex.com/wikipage?title=Configuring%20Content%20Security%20Policy&referringTitle=NWebsec
|
|
|
|
|
|
owin.UseCsp(options => options.DefaultSources(directive => directive.Self()) |
|
|
|
|
|
.ImageSources(directive => directive.Self().CustomSources("*")) |
|
|
|
|
|
.ScriptSources(directive => directive.UnsafeInline()) |
|
|
|
|
|
.StyleSources(directive => directive.Self().UnsafeInline())); |
|
|
|
|
|
|
|
|
|
|
|
// Insert a new middleware responsible of setting the X-Content-Type-Options header.
|
|
|
|
|
|
// See https://nwebsec.codeplex.com/wikipage?title=Configuring%20security%20headers&referringTitle=NWebsec
|
|
|
|
|
|
owin.UseXContentTypeOptions(); |
|
|
|
|
|
|
|
|
|
|
|
// Insert a new middleware responsible of setting the X-Frame-Options header.
|
|
|
|
|
|
// See https://nwebsec.codeplex.com/wikipage?title=Configuring%20security%20headers&referringTitle=NWebsec
|
|
|
|
|
|
owin.UseXfo(options => options.Deny()); |
|
|
|
|
|
|
|
|
|
|
|
// Insert a new middleware responsible of setting the X-Xss-Protection header.
|
|
|
|
|
|
// See https://nwebsec.codeplex.com/wikipage?title=Configuring%20security%20headers&referringTitle=NWebsec
|
|
|
|
|
|
owin.UseXXssProtection(options => options.EnabledWithBlockMode()); |
|
|
|
|
|
}); |
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
options.Options.AccessTokenLifetime = instance.AccessTokenLifetime; |
|
|
// Run the rest of the pipeline in an isolated environment.
|
|
|
options.Options.AuthorizationCodeLifetime = instance.AuthorizationCodeLifetime; |
|
|
return app.Isolate(builder => { |
|
|
options.Options.IdentityTokenLifetime = instance.IdentityTokenLifetime; |
|
|
// Add the options to the ASP.NET context
|
|
|
options.Options.RefreshTokenLifetime = instance.RefreshTokenLifetime; |
|
|
// before executing the rest of the pipeline.
|
|
|
|
|
|
builder.Use(next => context => { |
|
|
|
|
|
context.Items[typeof(OpenIddictOptions)] = instance; |
|
|
|
|
|
|
|
|
options.Options.ApplicationCanDisplayErrors = instance.ApplicationCanDisplayErrors; |
|
|
return next(context); |
|
|
options.Options.AllowInsecureHttp = instance.AllowInsecureHttp; |
|
|
|
|
|
}); |
|
|
}); |
|
|
|
|
|
|
|
|
// Register ASP.NET MVC 6 and the actions
|
|
|
// Register ASP.NET MVC 6 and the actions
|
|
|
@ -157,13 +159,12 @@ namespace Microsoft.AspNet.Builder { |
|
|
} |
|
|
} |
|
|
}); |
|
|
}); |
|
|
}, services => { |
|
|
}, services => { |
|
|
services.AddAuthentication(); |
|
|
var builder = app.ApplicationServices.GetRequiredService<OpenIddictBuilder>(); |
|
|
services.AddCaching(); |
|
|
|
|
|
|
|
|
|
|
|
services.AddMvc() |
|
|
services.AddMvc() |
|
|
// Register the OpenIddict controller.
|
|
|
// Register the OpenIddict controller.
|
|
|
.AddControllersAsServices(new[] { |
|
|
.AddControllersAsServices(new[] { |
|
|
typeof(OpenIddictController<,>).MakeGenericType(types.UserType, types.ApplicationType) |
|
|
typeof(OpenIddictController<,>).MakeGenericType(builder.UserType, builder.ApplicationType) |
|
|
}) |
|
|
}) |
|
|
|
|
|
|
|
|
// Update the Razor options to use an embedded provider
|
|
|
// Update the Razor options to use an embedded provider
|
|
|
@ -177,23 +178,23 @@ namespace Microsoft.AspNet.Builder { |
|
|
}); |
|
|
}); |
|
|
|
|
|
|
|
|
// Register the sign-in manager in the isolated container.
|
|
|
// Register the sign-in manager in the isolated container.
|
|
|
services.AddScoped(typeof(SignInManager<>).MakeGenericType(types.UserType), provider => { |
|
|
services.AddScoped(typeof(SignInManager<>).MakeGenericType(builder.UserType), provider => { |
|
|
var accessor = provider.GetRequiredService<IHttpContextAccessor>(); |
|
|
var accessor = provider.GetRequiredService<IHttpContextAccessor>(); |
|
|
var container = (IServiceProvider) accessor.HttpContext.Items[typeof(IServiceProvider)]; |
|
|
var container = (IServiceProvider) accessor.HttpContext.Items[typeof(IServiceProvider)]; |
|
|
Debug.Assert(container != null); |
|
|
Debug.Assert(container != null); |
|
|
|
|
|
|
|
|
// Resolve the sign-in manager from the parent container.
|
|
|
// Resolve the sign-in manager from the parent container.
|
|
|
return container.GetRequiredService(typeof(SignInManager<>).MakeGenericType(types.UserType)); |
|
|
return container.GetRequiredService(typeof(SignInManager<>).MakeGenericType(builder.UserType)); |
|
|
}); |
|
|
}); |
|
|
|
|
|
|
|
|
// Register the user manager in the isolated container.
|
|
|
// Register the user manager in the isolated container.
|
|
|
services.AddScoped(typeof(OpenIddictManager<,>).MakeGenericType(types.UserType, types.ApplicationType), provider => { |
|
|
services.AddScoped(typeof(OpenIddictManager<,>).MakeGenericType(builder.UserType, builder.ApplicationType), provider => { |
|
|
var accessor = provider.GetRequiredService<IHttpContextAccessor>(); |
|
|
var accessor = provider.GetRequiredService<IHttpContextAccessor>(); |
|
|
var container = (IServiceProvider) accessor.HttpContext.Items[typeof(IServiceProvider)]; |
|
|
var container = (IServiceProvider) accessor.HttpContext.Items[typeof(IServiceProvider)]; |
|
|
Debug.Assert(container != null); |
|
|
Debug.Assert(container != null); |
|
|
|
|
|
|
|
|
// Resolve the user manager from the parent container.
|
|
|
// Resolve the user manager from the parent container.
|
|
|
return container.GetRequiredService(typeof(OpenIddictManager<,>).MakeGenericType(types.UserType, types.ApplicationType)); |
|
|
return container.GetRequiredService(typeof(OpenIddictManager<,>).MakeGenericType(builder.UserType, builder.ApplicationType)); |
|
|
}); |
|
|
}); |
|
|
}); |
|
|
}); |
|
|
} |
|
|
} |
|
|
|
Kévin Chalet
10 years ago