fix authentication issue in identity.api
This commit is contained in:
Tarun Jain
parent
892da8b2c2
commit
a464a6996e
@ -1,4 +1,7 @@
|
||||
namespace Microsoft.eShopOnContainers.Mobile.Shopping.HttpAggregator;
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
|
||||
namespace Microsoft.eShopOnContainers.Mobile.Shopping.HttpAggregator;
|
||||
|
||||
public class Startup
|
||||
{
|
||||
@ -151,6 +154,18 @@ public static class ServiceCollectionExtensions
|
||||
|
||||
return services;
|
||||
}
|
||||
public static IServiceCollection AddCustomAuthorization(this IServiceCollection services, IConfiguration configuration)
|
||||
{
|
||||
services.AddAuthorization(options =>
|
||||
{
|
||||
options.AddPolicy("ApiScope", policy =>
|
||||
{
|
||||
policy.RequireAuthenticatedUser();
|
||||
policy.RequireClaim("scope", "mobileshoppingagg");
|
||||
});
|
||||
});
|
||||
return services;
|
||||
}
|
||||
|
||||
public static IServiceCollection AddHttpServices(this IServiceCollection services)
|
||||
{
|
||||
|
||||
@ -1,4 +1,7 @@
|
||||
namespace Microsoft.eShopOnContainers.Web.Shopping.HttpAggregator;
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
|
||||
namespace Microsoft.eShopOnContainers.Web.Shopping.HttpAggregator;
|
||||
|
||||
public class Startup
|
||||
{
|
||||
@ -22,6 +25,7 @@ public class Startup
|
||||
|
||||
services.AddCustomMvc(Configuration)
|
||||
.AddCustomAuthentication(Configuration)
|
||||
//.AddCustomAuthorization(Configuration)
|
||||
.AddDevspaces()
|
||||
.AddApplicationServices()
|
||||
.AddGrpcServices();
|
||||
@ -83,12 +87,7 @@ public static class ServiceCollectionExtensions
|
||||
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Remove("sub");
|
||||
|
||||
var identityUrl = configuration.GetValue<string>("urls:identity");
|
||||
services.AddAuthentication(options =>
|
||||
{
|
||||
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
|
||||
})
|
||||
services.AddAuthentication("Bearer")
|
||||
.AddJwtBearer(options =>
|
||||
{
|
||||
options.Authority = identityUrl;
|
||||
@ -102,7 +101,6 @@ public static class ServiceCollectionExtensions
|
||||
|
||||
return services;
|
||||
}
|
||||
|
||||
public static IServiceCollection AddCustomMvc(this IServiceCollection services, IConfiguration configuration)
|
||||
{
|
||||
services.AddOptions();
|
||||
|
||||
@ -1,3 +1,6 @@
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
|
||||
namespace Microsoft.eShopOnContainers.Services.Basket.API;
|
||||
public class Startup
|
||||
{
|
||||
@ -214,20 +217,20 @@ public class Startup
|
||||
|
||||
var identityUrl = Configuration.GetValue<string>("IdentityUrl");
|
||||
|
||||
services.AddAuthentication(options =>
|
||||
{
|
||||
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
|
||||
}).AddJwtBearer(options =>
|
||||
services.AddAuthentication("Bearer").AddJwtBearer(options =>
|
||||
{
|
||||
options.Authority = identityUrl;
|
||||
options.RequireHttpsMetadata = false;
|
||||
options.Audience = "basket";
|
||||
options.TokenValidationParameters = new TokenValidationParameters
|
||||
options.TokenValidationParameters.ValidateAudience = false;
|
||||
});
|
||||
services.AddAuthorization(options =>
|
||||
{
|
||||
options.AddPolicy("ApiScope", policy =>
|
||||
{
|
||||
ValidateAudience = false
|
||||
};
|
||||
policy.RequireAuthenticatedUser();
|
||||
policy.RequireClaim("scope", "basket");
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@ -110,7 +110,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
|
||||
new Secret("secret".Sha256())
|
||||
},
|
||||
ClientUri = $"{configuration["MvcClient"]}", // public uri of the client
|
||||
AllowedGrantTypes = GrantTypes.Hybrid,
|
||||
AllowedGrantTypes = GrantTypes.Code,
|
||||
AllowAccessTokensViaBrowser = false,
|
||||
RequireConsent = false,
|
||||
AllowOfflineAccess = true,
|
||||
@ -147,7 +147,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
|
||||
new Secret("secret".Sha256())
|
||||
},
|
||||
ClientUri = $"{configuration["WebhooksWebClient"]}", // public uri of the client
|
||||
AllowedGrantTypes = GrantTypes.Hybrid,
|
||||
AllowedGrantTypes = GrantTypes.Code,
|
||||
AllowAccessTokensViaBrowser = false,
|
||||
RequireConsent = false,
|
||||
AllowOfflineAccess = true,
|
||||
@ -179,7 +179,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration
|
||||
new Secret("secret".Sha256())
|
||||
},
|
||||
ClientUri = $"{configuration["Mvc"]}", // public uri of the client
|
||||
AllowedGrantTypes = GrantTypes.Hybrid,
|
||||
AllowedGrantTypes = GrantTypes.Code,
|
||||
AllowAccessTokensViaBrowser = true,
|
||||
RequireConsent = false,
|
||||
AllowOfflineAccess = true,
|
||||
|
||||
@ -55,7 +55,7 @@ public static class ProgramExtensions
|
||||
{
|
||||
var identityServerBuilder = builder.Services.AddIdentityServer(options =>
|
||||
{
|
||||
options.IssuerUri = builder.Configuration["IssuerUrl"];
|
||||
options.IssuerUri = "null";
|
||||
options.Authentication.CookieLifetime = TimeSpan.FromHours(2);
|
||||
|
||||
options.Events.RaiseErrorEvents = true;
|
||||
|
||||
@ -0,0 +1 @@
|
||||
{"Version":1,"Id":"3139DF3FF07C8E3881CFA9743F89A787","Created":"2022-12-13T11:30:03.9474661Z","Algorithm":"RS256","IsX509Certificate":false,"Data":"CfDJ8LWRXnsATcxOsVa-h-Gywwx7S1URlnPkv5vJtTle9xG_ytf2YXKlRsyey8qFhmrfLZ9uixxUmHTLywyrhUV6-gdvwyirWsUU8qn3SNe4rlPgNYHESkjYwWHERmwrMQIjRell8Xnot5UU1tfIvdpX9AbruzjEuAtYg668fBiXv338XfZ-2DW2RlYxT2TsPAak5ZsGXuIojYCLC3S4uGRz8AhSoko_DSl2KXQqXsqJWTNqAmiEHkVtHeFzc_o2gJIbegzqi7l4F2jDxM0-gkkRZYk6AZlN25wYb90xYaM82bKbzEnqPhLEIkuM-3QTGnjLZIF9jFp1qftq6dDm0feovXXM3SQCsgQPvZ6rKHR_8f-Z072t8PiRxDTgVQKywQ5bCS3u3Mq89hOZf_o_IBNT4uO_hDBqv4eFhj_AAy1Kk2K_QJZhF94bPLsujkkoFjWlNXvm6-Layr9chiY7ZQGxb5QtJr03Y5CT7w6hO2LsdsYEyJLs4kWBdlILT5FjrB4LCVHJlVDGxPBNuGzZL75rSGDa38FCKsUhoBvu7T5XFTm37FaBYrgY7MASQrlHQjGPwyRrjGe-M2ZwTCrtd_MwAHJnJsLoYs6SLQLpQa4sII2qgjRr2UmfDlXP12E6wJrpWfSL6QV13CoCy4hEko4LAy4tG2Yz0HzsqFzPYL142UeJC5z-d9JNdJr9Ya8TqVc7biOJCdY47jeOF5wJpM_BWTzT584w5HRs_1LVNsmjm9l6w1v5I04uNxbpopfRS0B1J2NPS3bfpS2lGuQlyPsZJwNgkZNwxDwCQMa8cgwREnaKWXOeKNksWmS6-ve2M5DguPaKVYF30AyJ1ECqWLX-CLJScBym-ZwVM-2pdfKw3pucfXXUqsXK1lTZSWi7A8gFtnsUZFUC2lkltBT80xuw7f9ojIfoYZjGSwl1mwM5LN5IuwUyppToU7vct9GueMaBjNP5bTrWS1XwiU_oOJbjIx8gNdN-DWNG8-5VmdgXoaJDcd_ZRLaM2XpWcpB5R2MwodIe3HGdpieTDxdqh9Nd1TzQO3FivfxcW0K21CQC-xYaRsx8Ii3djek6k90C304VFRF_QLe4lTOIaAjxxDSFVKbn8tVOZyINRI3FRAXOOaVBoGR1Wsn7bXVGNGbM5eN6wCPOzE-g5_489Sq2MWgczq33_GHW8rGc840OXiqJVu7fL4LVIuG7hPzaVZD3Q-jCu3xG3rYmr2ophVP3HNhl7QDgtpHLYNAIdzZNXz7ROKJU7ws0uZq34plYnLhXEzNe8ntV1N3qCbv1lMk7RjfffZxRwE0OM0mbIC--SPqKG_Cm0cD2k04vS36N9mr1LCmDNiFQRcOqzqxgk8mJdl0Vna-IYycviWyUBs63y6n7bDU3RAifVTSVPUrrrAIMTT5uk4ZVLbO_tGKvKWaSsi7TMypJXd993tut8SPwCl8iNZS3qPwIUXx8IpStnAmJmqcWLZcldZa1bfOWqXW2s22xLNgexft7Xosp-gPNPsICPwtux_tXN-XbbgopGnWgrsyrXctm95OcfEUOVYna73ZA5cukdUbfftGVBitwe7DkG1Jb3MJLZbo2ykiqW71mLgDqvQ2KD_PHw410v-51jsXkUPNknyeSuHiRXomo2HqUf-y0xvx2S73v58yM39XadMJUMYrQlw9lnWBqCDcYoutAVakgWAXSPYELDX2BbmpZsa099h6HlKJptmSLqp2D3J7fHGGWZpdBr9hxVQ56TkMDUNCEd5W1Bc5ecT7b1R5u6IuM16A5aEGOa_phaGuqc9cUhD0UmRBDO6FE-LbfjCnzhjroAOYEujJloOcAYEAL1zx3wUHd_-0hVkmffPWC_Wu2uV8EyQQwlj8bVgCEz6R6bqxl8TN5993C2joikVDCcFYSi8RingP-ItGC5TVTxx0kWweImuBA9s6eoqUZ7TMLKOAQHTxjx5g8mBkLs94RVWhChIUif513Br0aJGxwjBvhN_NBWDFJSbP-l581YNCrmALfS4IX2jeV81bnOAAde53Yplaski3eoR2Z3daNdAJNVqOBe32gHf1eTwDCXrgqd5wYsXxW_YJ-P2kKN2CpuPE-so6tdoCLqFmXu4-3q3vGGE_nVvp-MnhHwLP50U6-h7_MDh105qlIxduM91AT7I3XPTQGrOeIv_eBrng3vULA_ohah-OzbPxpPmYSNFS8YUlGChhPgmMWHKnaYbirh-Df4rc6sK5OFEyRVlCzeKon8hFsmwIEEk7uAR2AysF1PJWjoObQkM-3vqJphkTBBYsZEmngjvQlV8TnGY6P0GRe5gNOaT0BZ71SIlKQY1iLq5NmzEGM1iIOEJI-JA3VHhXs2mw7WDKpsE_k5kbFDlgdachB778jMTSs8xWjESxyidPz-tjqvWaDg482VjoOVYBQOGyUuFRMKVJ9xZBE03nVLG29cKVCNJ_KylBUy0O4LkHskJRzrbZE_HlcoCafl1z1","DataProtected":true}
|
||||
@ -1,3 +1,6 @@
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
|
||||
namespace Microsoft.eShopOnContainers.Services.Ordering.API;
|
||||
|
||||
public class Startup
|
||||
@ -22,10 +25,11 @@ public class Startup
|
||||
.AddHealthChecks(Configuration)
|
||||
.AddCustomDbContext(Configuration)
|
||||
.AddCustomSwagger(Configuration)
|
||||
.AddCustomAuthentication(Configuration)
|
||||
.AddCustomAuthorization(Configuration)
|
||||
.AddCustomIntegrations(Configuration)
|
||||
.AddCustomConfiguration(Configuration)
|
||||
.AddEventBus(Configuration)
|
||||
.AddCustomAuthentication(Configuration);
|
||||
.AddEventBus(Configuration);
|
||||
//configure autofac
|
||||
|
||||
var container = new ContainerBuilder();
|
||||
@ -372,20 +376,12 @@ static class CustomExtensionsMethods
|
||||
|
||||
var identityUrl = configuration.GetValue<string>("IdentityUrl");
|
||||
|
||||
services.AddAuthentication(options =>
|
||||
{
|
||||
options.DefaultAuthenticateScheme = AspNetCore.Authentication.JwtBearer.JwtBearerDefaults.AuthenticationScheme;
|
||||
options.DefaultChallengeScheme = AspNetCore.Authentication.JwtBearer.JwtBearerDefaults.AuthenticationScheme;
|
||||
|
||||
}).AddJwtBearer(options =>
|
||||
services.AddAuthentication("Bearer").AddJwtBearer(options =>
|
||||
{
|
||||
options.Authority = identityUrl;
|
||||
options.RequireHttpsMetadata = false;
|
||||
options.Audience = "orders";
|
||||
options.TokenValidationParameters = new TokenValidationParameters
|
||||
{
|
||||
ValidateAudience = false
|
||||
};
|
||||
options.TokenValidationParameters.ValidateAudience = false;
|
||||
});
|
||||
|
||||
return services;
|
||||
@ -397,7 +393,7 @@ static class CustomExtensionsMethods
|
||||
options.AddPolicy("ApiScope", policy =>
|
||||
{
|
||||
policy.RequireAuthenticatedUser();
|
||||
policy.RequireClaim("scope", "ordering");
|
||||
policy.RequireClaim("scope", "orders");
|
||||
});
|
||||
});
|
||||
return services;
|
||||
|
||||
@ -1,3 +1,6 @@
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
|
||||
namespace Microsoft.eShopOnContainers.Services.Ordering.SignalrHub;
|
||||
|
||||
public class Startup
|
||||
@ -151,16 +154,12 @@ public class Startup
|
||||
|
||||
var identityUrl = Configuration.GetValue<string>("IdentityUrl");
|
||||
|
||||
services.AddAuthentication(options =>
|
||||
{
|
||||
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
|
||||
|
||||
}).AddJwtBearer(options =>
|
||||
services.AddAuthentication("Bearer").AddJwtBearer(options =>
|
||||
{
|
||||
options.Authority = identityUrl;
|
||||
options.RequireHttpsMetadata = false;
|
||||
options.Audience = "orders.signalrhub";
|
||||
options.TokenValidationParameters.ValidateAudience = false;
|
||||
options.Events = new JwtBearerEvents
|
||||
{
|
||||
OnMessageReceived = context =>
|
||||
@ -176,6 +175,14 @@ public class Startup
|
||||
}
|
||||
};
|
||||
});
|
||||
services.AddAuthorization(options =>
|
||||
{
|
||||
options.AddPolicy("ApiScope", policy =>
|
||||
{
|
||||
policy.RequireAuthenticatedUser();
|
||||
policy.RequireClaim("scope", "orders.signalrhub");
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
private void RegisterEventBus(IServiceCollection services)
|
||||
|
||||
@ -1,3 +1,6 @@
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
|
||||
namespace Webhooks.API;
|
||||
public class Startup
|
||||
{
|
||||
@ -303,12 +306,23 @@ internal static class CustomExtensionMethods
|
||||
options.Authority = identityUrl;
|
||||
options.RequireHttpsMetadata = false;
|
||||
options.Audience = "webhooks";
|
||||
options.TokenValidationParameters = new TokenValidationParameters
|
||||
{
|
||||
ValidateAudience = false
|
||||
};
|
||||
options.TokenValidationParameters.ValidateAudience = false;
|
||||
});
|
||||
|
||||
return services;
|
||||
}
|
||||
|
||||
|
||||
public static IServiceCollection AddCustomAuthorization(this IServiceCollection services, IConfiguration configuration)
|
||||
{
|
||||
services.AddAuthorization(options =>
|
||||
{
|
||||
options.AddPolicy("ApiScope", policy =>
|
||||
{
|
||||
policy.RequireAuthenticatedUser();
|
||||
policy.RequireClaim("scope", "webhooks");
|
||||
});
|
||||
});
|
||||
return services;
|
||||
}
|
||||
}
|
||||
|
||||
@ -164,7 +164,7 @@ static class ServiceCollectionExtensions
|
||||
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
})
|
||||
.AddCookie(setup => setup.ExpireTimeSpan = TimeSpan.FromMinutes(sessionCookieLifetime))
|
||||
.AddOpenIdConnect(options =>
|
||||
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
|
||||
{
|
||||
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
options.Authority = identityUrl.ToString();
|
||||
@ -181,6 +181,7 @@ static class ServiceCollectionExtensions
|
||||
options.Scope.Add("basket");
|
||||
options.Scope.Add("webshoppingagg");
|
||||
options.Scope.Add("orders.signalrhub");
|
||||
options.Scope.Add("webhooks");
|
||||
});
|
||||
|
||||
return services;
|
||||
|
||||
@ -121,7 +121,7 @@ static class ServiceExtensions
|
||||
options.SignedOutRedirectUri = callBackUrl.ToString();
|
||||
options.ClientId = "webhooksclient";
|
||||
options.ClientSecret = "secret";
|
||||
options.ResponseType = "code id_token";
|
||||
options.ResponseType = "code";
|
||||
options.SaveTokens = true;
|
||||
options.GetClaimsFromUserInfoEndpoint = true;
|
||||
options.RequireHttpsMetadata = false;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user