AppStd/WorkFlow
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
WorkFlow/WorkFlow.API/Program.cs
Developer 02 65ad9e6da0 feat: Cookie-basierte Authentifizierung zur Anwendung hinzufügen 
- `CookieAuthenticationDefaults.AuthenticationScheme` zur Benutzerauthentifizierung integriert.
- Cookie-Einstellungen konfiguriert, um die Sicherheit zu erhöhen:
  - `HttpOnly`-Flag gesetzt, um den Zugriff von clientseitigen Skripten zu verhindern.
  - `SecurePolicy` so eingestellt, dass Cookies nur über HTTPS-Anfragen gesendet werden.
  - `SameSite` auf `Strict` gesetzt, um CSRF-Angriffe zu mindern.
- Benutzerdefinierte Anmelde-(`/api/auth/login`) und Abmeldepfade (`/api/auth/logout`) definiert.
2024-10-25 01:45:17 +02:00

47 lines
1.5 KiB
C#
Raw Blame History

using WorkFlow.Application;
using DigitalData.UserManager.Application;
using Microsoft.EntityFrameworkCore;
using WorkFlow.Infrastructure;
using Microsoft.AspNetCore.Authentication.Cookies;
var builder = WebApplication.CreateBuilder(args);
var config = builder.Configuration;
// Add services to the container.
var cnn_str = config.GetConnectionString("Default") ?? throw new ("Default connection string not found.");
builder.Services.AddDbContext<WFDBContext>(options => options.UseSqlServer(cnn_str).EnableDetailedErrors());
builder.Services.AddWorkFlow().AddUserManager<WFDBContext>();
builder.Services.AddControllers();
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.Cookie.HttpOnly = true; // Makes the cookie inaccessible to client-side scripts for security
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
options.LoginPath = "/api/auth/login";
options.LogoutPath = "/api/auth/logout";
});
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
Reference in New Issue View Git Blame Copy Permalink