abpframework · maliming · Oct 12, 2023 · Oct 11, 2023
diff --git a/...et-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs b/...et-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/MyProjectNameBlazorModule.cs
@@ -5,6 +5,7 @@
 using Medallion.Threading;
 using Medallion.Threading.Redis;
 using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@@ -183,6 +184,49 @@ private void ConfigureAuthentication(ServiceConfigurationContext context, IConfi
                 options.Scope.Add("phone");
                 options.Scope.Add("MyProjectName");
             });
+            /*
+            * This configuration is used when the AuthServer is running on the internal network such as docker or k8s.
+            * Configuring the redirecting URLs for internal network and the web
+            * The login and the logout URLs are configured to redirect to the AuthServer real DNS for browser.
+            * The token acquired and validated from the the internal network AuthServer URL. 
+            */
+            if (configuration.GetValue<bool>("AuthServer:IsContainerized"))
+            {
+                context.Services.Configure<OpenIdConnectOptions>("oidc", options =>
+                {
+                    options.TokenValidationParameters.ValidIssuers = new[]
+                    {
+                        configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/'),
+                        configuration["AuthServer:Authority"]!.EnsureEndsWith('/')
+                    };
+
+                    options.MetadataAddress = configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/') +
+                                            ".well-known/openid-configuration";
+
+                    var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider;
+                    options.Events.OnRedirectToIdentityProvider = async ctx =>
+                    {
+                        // Intercept the redirection so the browser navigates to the right URL in your host
+                        ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/authorize";
+
+                        if (previousOnRedirectToIdentityProvider != null)
+                        {
+                            await previousOnRedirectToIdentityProvider(ctx);
+                        }
+                    };
+                    var previousOnRedirectToIdentityProviderForSignOut = options.Events.OnRedirectToIdentityProviderForSignOut;
+                    options.Events.OnRedirectToIdentityProviderForSignOut = async ctx =>
+                    {
+                        // Intercept the redirection for signout so the browser navigates to the right URL in your host
+                        ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/logout";
+
+                        if (previousOnRedirectToIdentityProviderForSignOut != null)
+                        {
+                            await previousOnRedirectToIdentityProviderForSignOut(ctx);
+                        }
+                    };
+                });
+            }
     }
 
     private void ConfigureVirtualFileSystem(IWebHostEnvironment hostingEnvironment)

diff --git a/...tes/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/appsettings.json b/...tes/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server.Tiered/appsettings.json
@@ -14,7 +14,8 @@
     "Authority": "https://localhost:44301",
     "RequireHttpsMetadata": true,
     "ClientId": "MyProjectName_BlazorServerTiered",
-    "ClientSecret": "1q2w3e*"
+    "ClientSecret": "1q2w3e*",
+    "IsContainerized": false
   },
   "StringEncryption": {
     "DefaultPassPhrase": "gsKnGZ041HLL4IM8"

diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/MyProjectNameWebModule.cs
@@ -2,6 +2,7 @@
 using System.IO;
 using Medallion.Threading;
 using Medallion.Threading.Redis;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
@@ -165,6 +166,49 @@ private void ConfigureAuthentication(ServiceConfigurationContext context, IConfi
                 options.Scope.Add("phone");
                 options.Scope.Add("MyProjectName");
             });
+            /*
+            * This configuration is used when the AuthServer is running on the internal network such as docker or k8s.
+            * Configuring the redirecting URLs for internal network and the web
+            * The login and the logout URLs are configured to redirect to the AuthServer real DNS for browser.
+            * The token acquired and validated from the the internal network AuthServer URL. 
+            */
+            if (configuration.GetValue<bool>("AuthServer:IsContainerized"))
+            {
+                context.Services.Configure<OpenIdConnectOptions>("oidc", options =>
+                {
+                    options.TokenValidationParameters.ValidIssuers = new[]
+                    {
+                        configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/'),
+                        configuration["AuthServer:Authority"]!.EnsureEndsWith('/')
+                    };
+
+                    options.MetadataAddress = configuration["AuthServer:MetaAddress"]!.EnsureEndsWith('/') +
+                                            ".well-known/openid-configuration";
+
+                    var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider;
+                    options.Events.OnRedirectToIdentityProvider = async ctx =>
+                    {
+                        // Intercept the redirection so the browser navigates to the right URL in your host
+                        ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/authorize";
+
+                        if (previousOnRedirectToIdentityProvider != null)
+                        {
+                            await previousOnRedirectToIdentityProvider(ctx);
+                        }
+                    };
+                    var previousOnRedirectToIdentityProviderForSignOut = options.Events.OnRedirectToIdentityProviderForSignOut;
+                    options.Events.OnRedirectToIdentityProviderForSignOut = async ctx =>
+                    {
+                        // Intercept the redirection for signout so the browser navigates to the right URL in your host
+                        ctx.ProtocolMessage.IssuerAddress = configuration["AuthServer:Authority"]!.EnsureEndsWith('/') + "connect/logout";
+
+                        if (previousOnRedirectToIdentityProviderForSignOut != null)
+                        {
+                            await previousOnRedirectToIdentityProviderForSignOut(ctx);
+                        }
+                    };
+                });
+            }
     }
 
     private void ConfigureAutoMapper()

diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Web.Host/appsettings.json
@@ -14,7 +14,8 @@
     "Authority": "https://localhost:44301",
     "RequireHttpsMetadata": true,
     "ClientId": "MyProjectName_Web",
-    "ClientSecret": "1q2w3e*"
+    "ClientSecret": "1q2w3e*",
+    "IsContainerized": false
   },
   "StringEncryption": {
     "DefaultPassPhrase": "gsKnGZ041HLL4IM8"