6e973a494e
- Hinzufügen der `Encryptor`-Klasse für AES-Verschlüsselung und -Entschlüsselung. - Implementierung des `EncryptionController` zur Bereitstellung von Endpunkten für Verschlüsselung, Entschlüsselung und Generierung von Verschlüsselungsparametern. - Erweiterung der DI-Konfiguration mit `AddEncryptor`-Erweiterungsmethode und Integration in `Program.cs`. - Bedingte Registrierung des `EncryptionController` basierend auf der Konfiguration `UseEncryptor`, um sicherzustellen, dass der Controller nur bei Bedarf verfügbar ist. - Implementierung von Lazy Loading für die Verbindungszeichenfolge in `UserManagerDbContext` zur sicheren Handhabung von verschlüsselten Verbindungszeichenfolgen.
119 lines
4.2 KiB
C#
119 lines
4.2 KiB
C#
using Microsoft.EntityFrameworkCore;
|
|
using DigitalData.UserManager.Infrastructure.Repositories;
|
|
using DigitalData.UserManager.Application;
|
|
using DigitalData.Core.Application;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using NLog.Web;
|
|
using NLog;
|
|
using DigitalData.Core.API;
|
|
using DigitalData.UserManager.API;
|
|
using DigitalData.UserManager.API.Controllers;
|
|
using DigitalData.UserManager.Application.Services;
|
|
|
|
var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
|
|
logger.Debug("init main");
|
|
|
|
try {
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
var config = builder.Configuration;
|
|
|
|
builder.Services.AddEncryptor(builder.Configuration.GetSection("EncryptionParameters"));
|
|
|
|
if (builder.Configuration.GetValue<bool>("RunAsWindowsService"))
|
|
builder.Host.UseWindowsService();
|
|
|
|
builder.Logging.ClearProviders();
|
|
builder.Host.UseNLog();
|
|
|
|
builder.Services.AddControllers();
|
|
|
|
if (builder.Configuration.GetValue<bool>("UseSwagger"))
|
|
{
|
|
builder.Services.AddEndpointsApiExplorer();
|
|
builder.Services.AddSwaggerGen();
|
|
}
|
|
|
|
builder.Services.AddControllers(opt =>
|
|
{
|
|
opt.Conventions.Add(new RemoveIfControllerConvention()
|
|
.AndIf(c => c.ControllerName == nameof(EncryptionController).Replace("Controller", ""))
|
|
.AndIf(c => !config.GetValue<bool>("UseEncryptor")));
|
|
});
|
|
|
|
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
|
.AddCookie(options =>
|
|
{
|
|
options.Cookie.HttpOnly = true; // Makes the cookie inaccessible to client-side scripts for security
|
|
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
|
|
options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
|
|
options.LoginPath = "/api/auth/login";
|
|
options.LogoutPath = "/api/auth/logout";
|
|
});
|
|
|
|
// Once the app is built, the password will be decrypted with Encryptor. lazy loading also acts as a call back method.
|
|
Lazy<string>? cnn_str = null;
|
|
|
|
builder.Services.AddDbContext<UserManagerDbContext>(options => options.UseSqlServer(cnn_str!.Value).EnableDetailedErrors());
|
|
|
|
var allowedOrigins = builder.Configuration.GetSection("AllowedOrigins").Get<string[]>() ?? throw new InvalidOperationException("In appsettings there is no allowed origin.");
|
|
|
|
builder.Services.AddCors(options =>
|
|
{
|
|
options.AddPolicy(name: "DefaultCorsPolicy",
|
|
builder =>
|
|
{
|
|
builder.WithOrigins(allowedOrigins)
|
|
.AllowAnyMethod()
|
|
.AllowAnyHeader()
|
|
.AllowCredentials();
|
|
});
|
|
});
|
|
|
|
//builder.Services.AddAutoMapper(typeof(DirectoryMappingProfile).Assembly);
|
|
builder.Services.AddUserManager<UserManagerDbContext>();
|
|
|
|
builder.ConfigureBySection<DirectorySearchOptions>();
|
|
builder.Services.AddDirectorySearchService();
|
|
|
|
builder.Services.AddCookieBasedLocalizer();
|
|
|
|
var app = builder.Build();
|
|
|
|
cnn_str = new(() =>
|
|
{
|
|
var encryptor = app.Services.GetRequiredService<Encryptor>();
|
|
var eCnnStr = config.GetConnectionString("DD_ECM_Connection") ?? throw new InvalidOperationException("Connection string 'DD_ECM_Connection' is missing from the configuration.");
|
|
var cnnStr = encryptor.Decrypt(eCnnStr);
|
|
return cnnStr;
|
|
});
|
|
|
|
app.UseCors("DefaultCorsPolicy");
|
|
|
|
if (builder.Configuration.GetValue<bool>("UseSwagger"))
|
|
{
|
|
app.UseSwagger();
|
|
app.UseSwaggerUI();
|
|
}
|
|
|
|
app.UseCookieBasedLocalizer("de-DE", "en-US");
|
|
|
|
app.UseDefaultFiles();
|
|
app.UseStaticFiles();
|
|
|
|
app.UseRouting();
|
|
app.UseHttpsRedirection();
|
|
app.UseAuthentication();
|
|
app.UseAuthorization();
|
|
|
|
app.MapControllers();
|
|
|
|
app.MapDefaultControllerRoute();
|
|
|
|
app.Run();
|
|
}
|
|
catch (Exception exception)
|
|
{
|
|
logger.Error(exception, "Stopped program because of exception");
|
|
throw;
|
|
} |