51 lines
1.7 KiB
C#
51 lines
1.7 KiB
C#
using WorkFlow.Application;
|
|
using DigitalData.UserManager.Application;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using WorkFlow.Infrastructure;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using DigitalData.Core.API;
|
|
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
var config = builder.Configuration;
|
|
|
|
// Add services to the container.
|
|
var cnn_str = config.GetConnectionString("Default") ?? throw new ("Default connection string not found.");
|
|
builder.Services.AddDbContext<WFDBContext>(options => options.UseSqlServer(cnn_str).EnableDetailedErrors());
|
|
builder.Services.AddWorkFlow().AddUserManager<WFDBContext>();
|
|
builder.Services.AddCookieBasedLocalizer();
|
|
|
|
builder.Services.AddControllers();
|
|
|
|
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
|
.AddCookie(options =>
|
|
{
|
|
options.Cookie.HttpOnly = true; // Makes the cookie inaccessible to client-side scripts for security
|
|
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
|
|
options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
|
|
options.LoginPath = "/api/auth/login";
|
|
options.LogoutPath = "/api/auth/logout";
|
|
});
|
|
|
|
builder.Services.AddEndpointsApiExplorer();
|
|
builder.Services.AddSwaggerGen();
|
|
|
|
var app = builder.Build();
|
|
|
|
// Configure the HTTP request pipeline.
|
|
if (app.Environment.IsDevelopment())
|
|
{
|
|
app.UseSwagger();
|
|
app.UseSwaggerUI();
|
|
}
|
|
|
|
app.UseHttpsRedirection();
|
|
|
|
app.UseAuthentication();
|
|
|
|
app.UseAuthorization();
|
|
|
|
app.UseCookieBasedLocalizer("de-DE");
|
|
|
|
app.MapControllers();
|
|
|
|
app.Run(); |