using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.HttpsPolicy; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; using Microsoft.OpenApi.Models; using OidcSamples.TrafficPoliceApi.Data; using System; using System.Collections.Generic; using System.Globalization; using System.IdentityModel.Tokens.Jwt; using System.Linq; using System.Net; using System.Threading.Tasks; namespace OidcSamples.TrafficPoliceApi { public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { // Dirty Hack: Disable verifying SSL certificates 😬 ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap["sub"] = "sub"; services.AddCors(options => { options.AddPolicy(name: "Default", builder => { builder.AllowAnyHeader().AllowAnyOrigin().AllowAnyMethod(); }); }); services.AddDbContext(options => options.UseNpgsql(Configuration.GetConnectionString("DefaultConnection")) .UseSnakeCaseNamingConvention() ); services.AddCors(options => options.AddPolicy("Default", builder => { builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod(); })); services.AddControllers(); services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new OpenApiInfo { Title = "OidcSamples.TrafficPoliceApi", Version = "v1" }); }); services.AddAuthorization(configure => { //var policy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme) // .RequireAuthenticatedUser() // .Build(); configure.AddPolicy("Default", configure.DefaultPolicy); //configure.DefaultPolicy = policy; }); // 1. Add Authentication Services services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { options.Authority = "http://localhost:10000"; options.Audience = "traffic-police-api"; options.RequireHttpsMetadata = false; }); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseSwagger(); app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "OidcSamples.TrafficPoliceApi v1")); } app.UseCookiePolicy(new CookiePolicyOptions { MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.Lax }); app.UseCors("Default"); app.UseRouting(); app.UseCors("Default"); // 2. Enable authentication middleware app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers().RequireAuthorization(); }); } } }