be78947b48
Updated `Program.cs` to eliminate the Windows service conditional check. Updated `DigitalData.Core.Abstractions` and `DigitalData.Core.Application` to versions 3.4.1 and 3.2.1, respectively. Removed the `DigitalData.Core.Infrastructure` package reference. In `DigitalData.UserManager.Infrastructure.csproj`, updated `DigitalData.Core.Infrastructure` to version 2.0.1 and added `Microsoft.EntityFrameworkCore.Relational` for net7.0, net8.0, and net9.0 with corresponding versions.
215 lines
8.2 KiB
C#
215 lines
8.2 KiB
C#
using Microsoft.EntityFrameworkCore;
|
|
using DigitalData.UserManager.Infrastructure.Repositories;
|
|
using DigitalData.UserManager.Application;
|
|
using DigitalData.Core.Application;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using NLog.Web;
|
|
using NLog;
|
|
using DigitalData.Core.API;
|
|
using DigitalData.UserManager.API.Controllers;
|
|
using DigitalData.UserManager.Application.Services;
|
|
using Microsoft.Data.SqlClient;
|
|
using Newtonsoft.Json;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using DigitalData.UserManager.Application.DTOs.User;
|
|
using DigitalData.UserManager.API.Models;
|
|
using DigitalData.Auth.Client;
|
|
using DigitalData.UserManager.API;
|
|
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
|
using Microsoft.Extensions.Options;
|
|
using DigitalData.Core.Abstractions.Security.Extensions;
|
|
using Microsoft.OpenApi.Models;
|
|
using DigitalData.UserManager.DependencyInjection;
|
|
|
|
var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
|
|
logger.Debug("init main");
|
|
|
|
try {
|
|
var builder = WebApplication.CreateBuilder();
|
|
|
|
var config = builder.Configuration;
|
|
|
|
builder.Services.AddEncryptor(builder.Configuration.GetSection("EncryptionParameters"));
|
|
|
|
builder.Logging.ClearProviders();
|
|
builder.Host.UseNLog();
|
|
|
|
builder.Services.AddControllers(opt =>
|
|
{
|
|
opt.Conventions.Add(new RemoveIfControllerConvention()
|
|
.AndIf(c => c.ControllerName == nameof(EncryptionController).Replace("Controller", ""))
|
|
.AndIf(c => !config.GetValue<bool>("UseEncryptor")));
|
|
}).AddNewtonsoftJson(options =>
|
|
{
|
|
options.SerializerSettings.DateTimeZoneHandling = config.GetValue<DateTimeZoneHandling>("DateTimeZoneHandling");
|
|
});
|
|
|
|
if (builder.Configuration.GetValue<bool>("UseSwagger"))
|
|
{
|
|
builder.Services.AddEndpointsApiExplorer();
|
|
builder.Services.AddSwaggerGen();
|
|
}
|
|
|
|
builder.Services.AddControllers(opt =>
|
|
{
|
|
opt.Conventions.Add(new RemoveIfControllerConvention()
|
|
.AndIf(c => c.ControllerName == nameof(EncryptionController).Replace("Controller", ""))
|
|
.AndIf(c => !config.GetValue<bool>("UseEncryptor")));
|
|
});
|
|
|
|
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
|
.AddCookie(options =>
|
|
{
|
|
options.Cookie.HttpOnly = true; // Makes the cookie inaccessible to client-side scripts for security
|
|
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
|
|
options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
|
|
options.LoginPath = "/api/auth/login";
|
|
options.LogoutPath = "/api/auth/logout";
|
|
});
|
|
|
|
// Once the app is built, the password will be decrypted with Encryptor. lazy loading also acts as a call back method.
|
|
Lazy<string>? cnn_str = null;
|
|
|
|
builder.Services.AddUserManager(options => options.UseSqlServer(cnn_str!.Value).EnableSensitiveDataLogging());
|
|
|
|
var allowedOrigins = builder.Configuration.GetSection("AllowedOrigins").Get<string[]>() ?? throw new InvalidOperationException("In appsettings there is no allowed origin.");
|
|
|
|
builder.Services.AddCors(options =>
|
|
{
|
|
options.AddPolicy(name: "DefaultCorsPolicy",
|
|
builder =>
|
|
{
|
|
builder.WithOrigins(allowedOrigins)
|
|
.AllowAnyMethod()
|
|
.AllowAnyHeader()
|
|
.AllowCredentials();
|
|
});
|
|
});
|
|
|
|
builder.ConfigureBySection<DirectorySearchOptions>();
|
|
builder.Services.AddDirectorySearchService(config.GetSection("DirectorySearchOptions"));
|
|
builder.Services.AddJWTService<UserReadDto>(user => new SecurityTokenDescriptor()
|
|
{
|
|
Claims = user.ToClaimList().ToDictionary(claim => claim.Type, claim => claim.Value as object)
|
|
});
|
|
|
|
var lazyProvider = new LazyServiceProvider();
|
|
|
|
builder.Services.AddAuthHubClient(config.GetSection("AuthClientParams"));
|
|
|
|
var authTokenKeys = config.GetSection(nameof(AuthTokenKeys)).Get<AuthTokenKeys>() ?? new();
|
|
|
|
builder.Services
|
|
.AddAuthentication(options =>
|
|
{
|
|
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
|
|
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
|
|
})
|
|
.AddJwtBearer(opt =>
|
|
{
|
|
opt.TokenValidationParameters = new TokenValidationParameters
|
|
{
|
|
ValidateIssuerSigningKey = true,
|
|
IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) =>
|
|
{
|
|
var clientParams = lazyProvider.GetRequiredService<IOptions<ClientParams>>()?.Value;
|
|
var publicKey = clientParams!.PublicKeys.Get(authTokenKeys.Issuer, authTokenKeys.Audience);
|
|
return new List<SecurityKey>() { publicKey.SecurityKey };
|
|
},
|
|
ValidateIssuer = true,
|
|
ValidIssuer = authTokenKeys.Issuer,
|
|
ValidateAudience = true,
|
|
ValidAudience = authTokenKeys.Audience,
|
|
};
|
|
|
|
opt.Events = new JwtBearerEvents
|
|
{
|
|
OnMessageReceived = context =>
|
|
{
|
|
// if there is no token read related cookie or query string
|
|
if (context.Token is null) // if there is no token
|
|
{
|
|
if (context.Request.Cookies.TryGetValue(authTokenKeys.Cookie, out var cookieToken) && cookieToken is not null)
|
|
context.Token = cookieToken;
|
|
else if (context.Request.Query.TryGetValue(authTokenKeys.QueryString, out var queryStrToken))
|
|
context.Token = queryStrToken;
|
|
}
|
|
return Task.CompletedTask;
|
|
}
|
|
};
|
|
});
|
|
|
|
builder.Services.AddSwaggerGen(setupAct =>
|
|
{
|
|
setupAct.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
|
|
{
|
|
Description = "JWT Authorization header using the Bearer scheme. Example: \"Bearer {token}\"",
|
|
Name = "Authorization",
|
|
In = ParameterLocation.Header,
|
|
Type = SecuritySchemeType.Http,
|
|
Scheme = "Bearer"
|
|
});
|
|
|
|
setupAct.AddSecurityRequirement(new OpenApiSecurityRequirement
|
|
{
|
|
{
|
|
new OpenApiSecurityScheme
|
|
{
|
|
Reference = new OpenApiReference
|
|
{
|
|
Type = ReferenceType.SecurityScheme,
|
|
Id = "Bearer"
|
|
}
|
|
},
|
|
Array.Empty<string>()
|
|
}
|
|
});
|
|
});
|
|
|
|
builder.Services.AddCookieBasedLocalizer();
|
|
|
|
var app = builder.Build();
|
|
|
|
lazyProvider.Factory = () => app.Services;
|
|
|
|
cnn_str = new(() =>
|
|
{
|
|
var encryptor = app.Services.GetRequiredService<Encryptor>();
|
|
var eCnnStr = config.GetConnectionString("UM_DEF") ?? throw new InvalidOperationException("Connection string 'DD_ECM_Connection' is missing from the configuration.");
|
|
|
|
SqlConnectionStringBuilder cnnStrBuilder = new(eCnnStr);
|
|
cnnStrBuilder.UserID = encryptor.Decrypt(cnnStrBuilder.UserID);
|
|
cnnStrBuilder.Password = encryptor.Decrypt(cnnStrBuilder.Password);
|
|
var dCnnStr = cnnStrBuilder.ConnectionString;
|
|
return dCnnStr;
|
|
});
|
|
|
|
app.UseCors("DefaultCorsPolicy");
|
|
|
|
if (builder.Configuration.GetValue<bool>("UseSwagger"))
|
|
{
|
|
app.UseSwagger();
|
|
app.UseSwaggerUI();
|
|
}
|
|
|
|
app.UseCookieBasedLocalizer("de-DE", "en-US");
|
|
|
|
app.UseDefaultFiles();
|
|
app.UseStaticFiles();
|
|
|
|
app.UseRouting();
|
|
app.UseHttpsRedirection();
|
|
app.UseAuthentication();
|
|
app.UseAuthorization();
|
|
|
|
app.MapControllers();
|
|
|
|
app.MapDefaultControllerRoute();
|
|
|
|
app.Run();
|
|
}
|
|
catch (Exception exception)
|
|
{
|
|
logger.Error(exception, "Stopped program because of exception");
|
|
throw;
|
|
} |