Cookie-basierte automatische Autorisierung wurde konfiguriert. Middlevare für Benutzerberechtigung hinzugefügt

2024-04-15 17:24:27 +02:00
parent 49cfeb28d9
commit 87c839549a
31 changed files with 1111 additions and 44 deletions
--- a/EnvelopeGenerator.Web/Program.cs
+++ b/EnvelopeGenerator.Web/Program.cs
@@ -11,6 +11,8 @@ using NLog;
 using Quartz;
 using NLog.Web;
 using DigitalData.Core.API;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using DigitalData.Core.Application;

 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
 logger.Info("Logging initialized!");
@@ -49,7 +51,7 @@ try
    builder.Services.AddDbContext<EGDbContext>(options =>
        options.UseSqlServer(connStr));

-    //Inject CRUD Service and repositories
+    //Inject CRUD Service and repositoriesad
    builder.Services.AddScoped<IConfigRepository, ConfigRepository>();
    builder.Services.AddScoped<IDocumentReceiverElementRepository, DocumentReceiverElementRepository>();
    builder.Services.AddScoped<IEnvelopeDocumentRepository, EnvelopeDocumentRepository>();
@@ -82,7 +84,51 @@ try

    //Auto mapping profiles
    builder.Services.AddAutoMapper(typeof(BasicDtoMappingProfile).Assembly);
-    
+
+    builder.Services.Configure<CookiePolicyOptions>(options =>
+    {
+        options.CheckConsentNeeded = context =>
+        {
+            var consentCookie = context.Request.Cookies["cookie-consent-settings"];
+            return consentCookie != "necessary=false";
+        };
+
+        options.MinimumSameSitePolicy = SameSiteMode.Strict;
+        options.ConsentCookie.Name = "cookie-consent-settings";
+    });
+
+    builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
+    .AddCookie(options =>
+    {
+        options.Cookie.HttpOnly = true;  // Makes the cookie inaccessible to client-side scripts for security
+        options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
+        options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
+        // Set up event handlers for dynamic login and logout paths
+        options.Events = new CookieAuthenticationEvents
+        {
+            OnRedirectToLogin = context =>
+            {
+                // Dynamically calculate the redirection path, for example:
+                var envelopeReceiverId = context.HttpContext.Request.RouteValues["envelopeReceiverId"];
+                context.RedirectUri = $"/EnvelopeKey/{envelopeReceiverId}/Locked";
+
+                context.Response.Redirect(context.RedirectUri);
+                return Task.CompletedTask;
+            },
+            OnRedirectToLogout = context =>
+            {
+                // Apply a similar redirection logic for logout
+                var envelopeReceiverId = context.HttpContext.Request.RouteValues["envelopeReceiverId"];
+                context.RedirectUri = $"/EnvelopeKey/{envelopeReceiverId}/Success";
+
+                context.Response.Redirect(context.RedirectUri);
+                return Task.CompletedTask;
+            }
+        }; 
+    });
+
+    builder.Services.AddCookieConsentSettings();
+
    var app = builder.Build();

    // Configure the HTTP request pipeline.
@@ -98,9 +144,11 @@ try

    app.UseHttpsRedirection();
    app.UseStaticFiles();
+    app.UseCookiePolicy();

    app.UseRouting();

+    app.UseAuthentication();
    app.UseAuthorization();

    app.MapControllers();