Skip to content

Commit

Permalink
feat: disable strict SSL
Browse files Browse the repository at this point in the history
  • Loading branch information
@aguacongas
aguacongas committed Apr 18, 2020
1 parent d3d741c commit 373050d
Show file tree
Hide file tree
Showing 30 changed files with 255 additions and 133 deletions.
7 changes: 7 additions & 0 deletions sample/MultiTiers/Aguacongas.TheIdServer.Private/Dockerfile-private
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
FROM aguacongas/aguacongastheidserver:unstable as base
COPY Aguacongas.TheIdServer.Private/appsettings.Docker.json .
COPY Aguacongas.TheIdServer.Private/wwwroot/appsettings.Docker.json ./wwwroot/appsettings.json
ENV ASPNETCORE_ENVIRONMENT=Docker
ENV ASPNETCORE_Kestrel__Certificates__Default__Path=/usr/local/share/ca-certificates/aspnetapp.crt
ENV ASPNETCORE_URLS="https://+:5443;http://+:5000"
ENV ASPNETCORE_HTTPS_PORT=5443
7 changes: 7 additions & 0 deletions sample/MultiTiers/Aguacongas.TheIdServer.Private/appsettings.Docker.Development.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"IdentityServer": {
"Key": {
"Type": "Development"
}
}
}
48 changes: 48 additions & 0 deletions sample/MultiTiers/Aguacongas.TheIdServer.Private/appsettings.Docker.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
{
"ConnectionStrings": {
"DefaultConnection": "Data Source=./sql.db"
},
"DbType": "Sqlite",
"IdentityServer": {
"Key": {
"Type": "Development"
}
},
"ApiAuthentication": {
"Authority": "https://private:443"
},
"EmailApiAuthentication": {
"Authority": "https://private:443",
"ApiUrl": "https://private:443/api/email"
},
"Serilog": {
"LevelSwitches": {
"$controlSwitch": "Debug"
},
"MinimumLevel": {
"ControlledBy": "$controlSwitch"
},
"WriteTo": [
{
"Name": "Seq",
"Args": {
"serverUrl": "http://seq:5341",
"controlLevelSwitch": "$controlSwitch",
"apiKey": "Lk1fBj9QYhEbtyLSSEeS"
}
},
{
"Name": "Console",
"Args": {
"outputTemplate": "[{Timestamp:HH:mm:ss} {Level}] {SourceContext}{NewLine}{Message:lj}{NewLine}{Exception}{NewLine}",
"theme": "Serilog.Sinks.SystemConsole.Themes.AnsiConsoleTheme::Literate, Serilog.Sinks.Console"
}
}
],
"Enrich": [
"FromLogContext",
"WithMachineName",
"WithThreadId"
]
}
}
12 changes: 12 additions & 0 deletions sample/MultiTiers/Aguacongas.TheIdServer.Private/wwwroot/appsettings.Docker.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"configurationEndpoint": "appsettings.Development.json",
"apiBaseUrl": "https://localhost:5443/api",
"welcomeContenUrl": "/welcome-fragment.html",
"administratorEmail": "[email protected]",
"authority": "https://localhost:5443/",
"client_id": "theidserveradmin",
"redirect_uri": "https://localhost:5443/authentication/login-callback",
"post_logout_redirect_uri": "https://localhost:5443/authentication/logout-callback",
"response_type": "code",
"scope": "openid profile theidserveradminapi"
}
2 changes: 1 addition & 1 deletion sample/MultiTiers/Aguacongas.TheIdServer.Public/Aguacongas.TheIdServer.Public.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
<PackageReference Include="Microsoft.AspNetCore.Authentication.OAuth" Version="2.2.0" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="3.1.3" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.Twitter" Version="3.1.3" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="3.2.0-preview3.20168.3" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="3.2.0-preview4.20210.8" />
<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="3.1.3" />
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.3" />
<PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="3.1.3" />
Expand Down
8 changes: 4 additions & 4 deletions src/Aguacongas.TheIdServer.BlazorApp/Aguacongas.TheIdServer.BlazorApp.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,11 @@

<ItemGroup>
<PackageReference Include="Aguacongas.AspNetCore.Authentication.EntityFramework" Version="3.1.1" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="3.2.0-preview3.20168.3" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Build" Version="3.2.0-preview3.20168.3" PrivateAssets="all" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="3.2.0-preview3.20168.3" PrivateAssets="all" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="3.2.0-preview4.20210.8" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Build" Version="3.2.0-preview4.20210.8" PrivateAssets="all" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="3.2.0-preview4.20210.8" PrivateAssets="all" />
<PackageReference Include="Microsoft.AspNetCore.Blazor.HttpClient" Version="3.2.0-preview3.20168.3" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="3.2.0-preview3.20168.3" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="3.2.0-preview4.20210.8" />
<PackageReference Include="Microsoft.Extensions.Http" Version="3.1.3" />
<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="6.5.0" />
<PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
Expand Down
15 changes: 11 additions & 4 deletions src/Aguacongas.TheIdServer.BlazorApp/Extensions/AuthorizationOptionsExtensions.cs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
using Aguacongas.IdentityServer.Store;
using Microsoft.EntityFrameworkCore.Internal;
using System;
using System.Linq;

namespace Microsoft.AspNetCore.Authorization
{
Expand All @@ -7,11 +10,15 @@ public static class AuthorizationOptionsExtensions
public static void AddIdentityServerPolicies(this AuthorizationOptions options)
{
options.AddPolicy(SharedConstants.WRITER, policy =>
policy.RequireAssertion(context =>
context.User.IsInRole(SharedConstants.WRITER)));
policy.RequireAssertion(context => context.User.Identity.IsAuthenticated &&
context.User.Claims
.Any(c => c.Type == "role" && c.Value.Contains(SharedConstants.WRITER))
));
options.AddPolicy(SharedConstants.READER, policy =>
policy.RequireAssertion(context =>
context.User.IsInRole(SharedConstants.READER)));
policy.RequireAssertion(context => context.User.Identity.IsAuthenticated &&
context.User.Claims
.Any(c => c.Type == "role" && c.Value.Contains(SharedConstants.READER))
));
}
}
}
15 changes: 8 additions & 7 deletions src/Aguacongas.TheIdServer.BlazorApp/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,31 +20,32 @@ public class Program
public static async Task Main(string[] args)
{
var builder = WebAssemblyHostBuilder.CreateDefault(args);
builder.RootComponents.Add<App>("app");
ConfigureServices(builder.Services);
builder.RootComponents.Add<App>("app");
ConfigureServices(builder.Services, builder.HostEnvironment.BaseAddress);
await builder.Build().RunAsync();
}

public static void ConfigureServices(IServiceCollection services)
public static void ConfigureServices(IServiceCollection services, string baseAddress)
{
services
.AddOptions()
.AddBaseAddressHttpClient()
.AddOptions()
.AddApiAuthorization(options =>
{
var provider = services.BuildServiceProvider();
var configuration = provider.GetRequiredService<IConfiguration>();
options.ProviderOptions.ConfigurationEndpoint = configuration.GetValue<string>("ConfigurationEndpoint");
options.UserOptions.RoleClaim = "role";
})
.AddAuthorizationCore(options =>
});

services.AddAuthorizationCore(options =>
{
options.AddIdentityServerPolicies();
})
.AddIdentityServer4AdminHttpStores(p =>
{
return Task.FromResult(CreateApiHttpClient(p));
})
.AddSingleton(new HttpClient { BaseAddress = new Uri(baseAddress) })
.AddSingleton(p =>
{
var configuration = p.GetRequiredService<IConfiguration>();
Expand Down
2 changes: 2 additions & 0 deletions src/Aguacongas.TheIdServer.BlazorApp/Properties/launchSettings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,15 @@
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"Aguacongas.TheIdServer.BlazorApp": {
"commandName": "Project",
"inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
"launchBrowser": true,
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
Expand Down
2 changes: 1 addition & 1 deletion src/Aguacongas.TheIdServer.Identity/Extensions/IdentityBuilderExtensions.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ public static IdentityBuilder AddTheIdServerStores(this IdentityBuilder builder,
configureOptions(options);
var services = builder.Services;
services.AddTransient<OAuthDelegatingHandler>()
.AddTransient<HttpClient>()
.AddHttpClient(options.HttpClientName)
.ConfigurePrimaryHttpMessageHandler(p => p.GetRequiredService<HttpClientHandler>())
.AddHttpMessageHandler<OAuthDelegatingHandler>();

builder.AddTheIdServerStores(provider => provider.CreateApiHttpClient(options));
Expand Down
2 changes: 1 addition & 1 deletion src/Aguacongas.TheIdServer/Aguacongas.TheIdServer.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
<PackageReference Include="Microsoft.AspNetCore.Authentication.OAuth" Version="2.2.0" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="3.1.3" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.Twitter" Version="3.1.3" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="3.2.0-preview3.20168.3" />
<PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="3.2.0-preview4.20210.8" />
<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="3.1.3" />
<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.3" />
<PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="3.1.3" />
Expand Down
49 changes: 9 additions & 40 deletions src/Aguacongas.TheIdServer/Areas/Identity/IdentityHostingStartup.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
using Aguacongas.TheIdServer.Areas.Identity.Services;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Identity.UI.Services;
using Microsoft.CodeAnalysis.Emit;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
Expand All @@ -15,52 +16,20 @@ public class IdentityHostingStartup : IHostingStartup
public void Configure(IWebHostBuilder builder)
{
builder.ConfigureServices((context, services) => {
services.Configure<IdentityServerOptions>("EmailOptions", context.Configuration.GetSection("EmailApiAuthentication"))
.AddSingleton(p =>
{
using var scope = p.CreateScope();
return new EmailOAuthTokenManager(new HttpClient(),
new EmailOptions(scope.ServiceProvider.GetRequiredService<IOptionsSnapshot<IdentityServerOptions>>()));
})
services.Configure<EmailOptions>(context.Configuration.GetSection("EmailApiAuthentication"))
.AddSingleton<OAuthTokenManager<EmailOptions>>()
.AddTransient(p => new HttpClient(p.GetRequiredService<HttpClientHandler>()))
.AddTransient<IEmailSender>(p =>
{
var factory = p.GetRequiredService<IHttpClientFactory>();
var options = p.GetRequiredService<IOptionsSnapshot<IdentityServerOptions>>().Get("EmailOptions");
return new EmailApiSender(factory.CreateClient(options.HttpClientName), options);
var options = p.GetRequiredService<IOptions<EmailOptions>>();
return new EmailApiSender(factory.CreateClient(options.Value.HttpClientName), options);
})
.AddTransient<EmailOAuthDelegatingHandler>()
.AddTransient<OAuthDelegatingHandler<EmailOptions>>()
.AddHttpClient(context.Configuration.GetValue<string>("EmailApiAuthentication:HttpClientName"))
.AddHttpMessageHandler<EmailOAuthDelegatingHandler>();
.ConfigurePrimaryHttpMessageHandler(p => p.GetRequiredService<HttpClientHandler>())
.AddHttpMessageHandler<OAuthDelegatingHandler<EmailOptions>>();
});
}

class EmailOptions : IOptions<IdentityServerOptions>
{
private readonly IOptionsSnapshot<IdentityServerOptions> _optionsSnapshot;

public EmailOptions(IOptionsSnapshot<IdentityServerOptions> optionsSnapshot)
{
_optionsSnapshot = optionsSnapshot;
}

public IdentityServerOptions Value => _optionsSnapshot.Get("EmailOptions");
}

class EmailOAuthDelegatingHandler : OAuthDelegatingHandler
{
public EmailOAuthDelegatingHandler(EmailOAuthTokenManager manager)
: base(manager)
{
}
}

class EmailOAuthTokenManager : OAuthTokenManager
{
public EmailOAuthTokenManager(HttpClient httpClient, IOptions<IdentityServerOptions> options)
: base(httpClient, options)
{
}
}
}
}
41 changes: 15 additions & 26 deletions src/Aguacongas.TheIdServer/Areas/Identity/Pages/Account/Register.cshtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,36 +30,25 @@
<button type="submit" class="btn btn-default">Register</button>
</form>
</div>
<div class="col-md-6 col-md-offset-2">
<section>
<h4>Use another service to register.</h4>
<hr />
@{
if ((Model.ExternalLogins?.Count ?? 0) == 0)
{
@if ((Model.ExternalLogins?.Count ?? 0) > 0)
{
<div class="col-md-6 col-md-offset-2">
<section>
<h4>Use another service to register.</h4>
<hr />
<form id="external-account" asp-page="./ExternalLogin" asp-route-returnUrl="@Model.ReturnUrl" method="post" class="form-horizontal">
<div>
<p>
There are no external authentication services configured. See <a href="https://go.microsoft.com/fwlink/?LinkID=532715">this article</a>
for details on setting up this ASP.NET application to support logging in via external services.
@foreach (var provider in Model.ExternalLogins)
{
<button type="submit" class="btn btn-default" name="provider" value="@provider.Name" title="Log in using your @provider.DisplayName account">@provider.DisplayName</button>
}
</p>
</div>
}
else
{
<form id="external-account" asp-page="./ExternalLogin" asp-route-returnUrl="@Model.ReturnUrl" method="post" class="form-horizontal">
<div>
<p>
@foreach (var provider in Model.ExternalLogins)
{
<button type="submit" class="btn btn-default" name="provider" value="@provider.Name" title="Log in using your @provider.DisplayName account">@provider.DisplayName</button>
}
</p>
</div>
</form>
}
}
</section>
</div>
</form>
</section>
</div>
}
</div>

@section Scripts {
Expand Down
7 changes: 4 additions & 3 deletions src/Aguacongas.TheIdServer/Areas/Identity/Services/EmailApiSender.cs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
using Aguacongas.IdentityServer.Admin.Models;
using Aguacongas.IdentityServer.Http.Store;
using Microsoft.AspNetCore.Identity.UI.Services;
using Microsoft.Extensions.Options;
using System;
using System.Net.Http;
using System.Text;
Expand All @@ -12,9 +13,9 @@ namespace Aguacongas.TheIdServer.Areas.Identity.Services
public class EmailApiSender : IEmailSender
{
private readonly HttpClient _httpClient;
private readonly IdentityServerOptions _options;
private readonly IOptions<EmailOptions> _options;

public EmailApiSender(HttpClient httpClient, IdentityServerOptions options)
public EmailApiSender(HttpClient httpClient, IOptions<EmailOptions> options)
{
_httpClient = httpClient ?? throw new ArgumentNullException(nameof(httpClient));
_options = options ?? throw new ArgumentNullException(nameof(options));
Expand All @@ -28,7 +29,7 @@ public async Task SendEmailAsync(string email, string subject, string htmlMessag
Message = htmlMessage,
Subject = subject
}), Encoding.UTF8, "application/json");
using var response = await _httpClient.PostAsync(_options.ApiUrl, content)
using var response = await _httpClient.PostAsync(_options.Value.ApiUrl, content)
.ConfigureAwait(false);
response.EnsureSuccessStatusCode();
}
Expand Down
8 changes: 8 additions & 0 deletions src/Aguacongas.TheIdServer/Areas/Identity/Services/EmailOptions.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
using Aguacongas.IdentityServer.Http.Store;

namespace Aguacongas.TheIdServer.Areas.Identity.Services
{
public class EmailOptions : IdentityServerOptions
{
}
}
6 changes: 4 additions & 2 deletions src/Aguacongas.TheIdServer/Config.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ public static IEnumerable<Client> GetClients()
{
"http://localhost:5001/authentication/login-callback",
"https://localhost:5443/authentication/login-callback",
"https://localhost:443/authentication/login-callback",
"http://exemple.com/authentication/login-callback",
"https://theidserver.herokuapp.com/authentication/login-callback"
},
Expand All @@ -141,18 +142,19 @@ public static IEnumerable<Client> GetClients()
{
"http://localhost:5001/authentication/logout-callback",
"https://localhost:5443/authentication/logout-callback",
"https://localhost:443/authentication/logout-callback",
"http://exemple.com/authentication/logout-callback",
"https://theidserver.herokuapp.com/authentication/logout-callback"
},
AllowedCorsOrigins =
{
"http://localhost:5001/",
"https://localhost:5443",
"https://localhost:443",
"http://exemple.com/",
"https://theidserver.herokuapp.com"
},
AllowedScopes = { "openid", "profile", "theidserveradminapi" },
AccessTokenType = AccessTokenType.Reference
AllowedScopes = { "openid", "profile", "theidserveradminapi" }
},

// Multi-tiers public server client
Expand Down
Loading

0 comments on commit 373050d

Please sign in to comment.