From 07ea9ee15697662e9a49e825a0e162eff295cb4a Mon Sep 17 00:00:00 2001 From: Galip Tolga Erdem Date: Wed, 11 Oct 2023 16:17:27 -0400 Subject: [PATCH] Added containerized configuration for mvc and blazor-server --- .../MyProjectNameBlazorModule.cs | 44 +++++++++++++++++++ .../appsettings.json | 3 +- .../MyProjectNameWebModule.cs | 44 +++++++++++++++++++ .../appsettings.json | 3 +- 4 files changed, 92 insertions(+), 2 deletions(-) diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs index 8dcdc03ddba..04ae40fea89 100644 --- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs +++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs @@ -5,6 +5,7 @@ using Medallion.Threading; using Medallion.Threading.Redis; using Microsoft.AspNetCore.Authentication.Cookies; +using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Hosting; @@ -183,6 +184,49 @@ private void ConfigureAuthentication(ServiceConfigurationContext context, IConfi options.Scope.Add("phone"); options.Scope.Add("MyProjectName"); }); + /* + * This configuration is used when the AuthServer is running on the internal network such as docker or k8s. + * Configuring the redirecting URLs for internal network and the web + * The login and the logout URLs are configured to redirect to the AuthServer real DNS for browser. + * The token acquired and validated from the the internal network AuthServer URL. + */ + if (configuration.GetValue("AuthServer:IsContainerized")) + { + context.Services.Configure("oidc", options => + { + options.TokenValidationParameters.ValidIssuers = new[] + { + configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/'), + configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + }; + + options.MetadataAddress = configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/') + + ".well-known/openid-configuration"; + + var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider; + options.Events.OnRedirectToIdentityProvider = async ctx => + { + // Intercept the redirection so the browser navigates to the right URL in your host + ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/authorize"; + + if (previousOnRedirectToIdentityProvider != null) + { + await previousOnRedirectToIdentityProvider(ctx); + } + }; + var previousOnRedirectToIdentityProviderForSignOut = options.Events.OnRedirectToIdentityProviderForSignOut; + options.Events.OnRedirectToIdentityProviderForSignOut = async ctx => + { + // Intercept the redirection for signout so the browser navigates to the right URL in your host + ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/logout"; + + if (previousOnRedirectToIdentityProviderForSignOut != null) + { + await previousOnRedirectToIdentityProviderForSignOut(ctx); + } + }; + }); + } } private void ConfigureVirtualFileSystem(IWebHostEnvironment hostingEnvironment) diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/appsettings.json b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/appsettings.json index e2a29100440..9dd9cc7247d 100644 --- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/appsettings.json +++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/appsettings.json @@ -14,7 +14,8 @@ "Authority": "https://localhost:44301", "RequireHttpsMetadata": true, "ClientId": "MyProjectName_BlazorServerTiered", - "ClientSecret": "1q2w3e*" + "ClientSecret": "1q2w3e*", + "IsContainerized": false }, "StringEncryption": { "DefaultPassPhrase": "gsKnGZ041HLL4IM8" diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs index ebe66893fac..fd200236276 100644 --- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs +++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs @@ -2,6 +2,7 @@ using System.IO; using Medallion.Threading; using Medallion.Threading.Redis; +using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Hosting; @@ -165,6 +166,49 @@ private void ConfigureAuthentication(ServiceConfigurationContext context, IConfi options.Scope.Add("phone"); options.Scope.Add("MyProjectName"); }); + /* + * This configuration is used when the AuthServer is running on the internal network such as docker or k8s. + * Configuring the redirecting URLs for internal network and the web + * The login and the logout URLs are configured to redirect to the AuthServer real DNS for browser. + * The token acquired and validated from the the internal network AuthServer URL. + */ + if (configuration.GetValue("AuthServer:IsContainerized")) + { + context.Services.Configure("oidc", options => + { + options.TokenValidationParameters.ValidIssuers = new[] + { + configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/'), + configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + }; + + options.MetadataAddress = configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/') + + ".well-known/openid-configuration"; + + var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider; + options.Events.OnRedirectToIdentityProvider = async ctx => + { + // Intercept the redirection so the browser navigates to the right URL in your host + ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/authorize"; + + if (previousOnRedirectToIdentityProvider != null) + { + await previousOnRedirectToIdentityProvider(ctx); + } + }; + var previousOnRedirectToIdentityProviderForSignOut = options.Events.OnRedirectToIdentityProviderForSignOut; + options.Events.OnRedirectToIdentityProviderForSignOut = async ctx => + { + // Intercept the redirection for signout so the browser navigates to the right URL in your host + ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/logout"; + + if (previousOnRedirectToIdentityProviderForSignOut != null) + { + await previousOnRedirectToIdentityProviderForSignOut(ctx); + } + }; + }); + } } private void ConfigureAutoMapper() diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json index 377bae4bf57..37d8c916383 100644 --- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json +++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json @@ -14,7 +14,8 @@ "Authority": "https://localhost:44301", "RequireHttpsMetadata": true, "ClientId": "MyProjectName_Web", - "ClientSecret": "1q2w3e*" + "ClientSecret": "1q2w3e*", + "IsContainerized": false }, "StringEncryption": { "DefaultPassPhrase": "gsKnGZ041HLL4IM8"