paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

require the goodclaim

Browse Source
This commit is contained in:
Paul Schneider
2025-02-15 19:57:08 +00:00
parent 4dd7353235
commit 18368ef874
1 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/Api/Program.cs
View File

@ -10,6 +10,7 @@
copies or substantial portions of the Software. copies or substantial portions of the Software.
*/ */
using IdentityModel;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.EntityFrameworkCore; using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
@ -27,9 +28,11 @@ internal class Program
var builder = WebApplication.CreateBuilder(args); var builder = WebApplication.CreateBuilder(args);
var services = builder.Services; var services = builder.Services;
builder.Services.AddDistributedMemoryCache();
// accepts any access token issued by identity server // accepts any access token issued by identity server
// adds an authorization policy for scope 'api1' // adds an authorization policy for scope 'scope1'
services services
.AddAuthorization(options => .AddAuthorization(options =>
{ {
@ -37,7 +40,7 @@ internal class Program
{ {
policy policy
.RequireAuthenticatedUser() .RequireAuthenticatedUser()
.RequireClaim("scope", "scope2"); .RequireClaim(JwtClaimTypes.Scope, new string [] {"scope2"});
}); });
}) })
.AddCors(options => .AddCors(options =>
@ -50,10 +53,10 @@ internal class Program
.AllowAnyMethod(); .AllowAnyMethod();
}); });
}) })
.AddControllersWithViews(); .AddControllers();
// accepts any access token issued by identity server // accepts any access token issued by identity server
var authenticationBuilder = services.AddAuthentication() var authenticationBuilder = services.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", options => .AddJwtBearer("Bearer", options =>
{ {
options.IncludeErrorDetails = true; options.IncludeErrorDetails = true;
@ -68,7 +71,7 @@ internal class Program
services.AddSingleton<ILiveProcessor, LiveProcessor>(); services.AddSingleton<ILiveProcessor, LiveProcessor>();
services.AddTransient<IFileSystemAuthManager, FileSystemAuthManager>(); services.AddTransient<IFileSystemAuthManager, FileSystemAuthManager>();
services.AddIdentityApiEndpoints<ApplicationUser>(); services.AddIdentityApiEndpoints<ApplicationUser>();
builder.Services.AddSession(); services.AddSession();
services.AddTransient<ITrueEmailSender, MailSender>() services.AddTransient<ITrueEmailSender, MailSender>()
.AddTransient<IBillingService, BillingService>() .AddTransient<IBillingService, BillingService>()
@ -90,8 +93,12 @@ internal class Program
endpoints.MapDefaultControllerRoute() endpoints.MapDefaultControllerRoute()
.RequireAuthorization(); .RequireAuthorization();
}); });
app.MapIdentityApi<ApplicationUser>().RequireAuthorization("ApiScope"); app.MapIdentityApi<ApplicationUser>().RequireAuthorization("ApiScope");
app.UseSession();
app.MapGet("/identity", (HttpContext context) =>
new JsonResult(context?.User?.Claims.Select(c => new { c.Type, c.Value }))
).RequireAuthorization("ApiScope");
app.UseSession();
await app.RunAsync(); await app.RunAsync();
}; };