-
-
Notifications
You must be signed in to change notification settings - Fork 80
/
Copy pathAuthExtensions.cs
85 lines (70 loc) · 3.18 KB
/
AuthExtensions.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
using System;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
namespace LinkDotNet.Blog.Web.Authentication.OpenIdConnect;
public static class AuthExtensions
{
public static void UseAuthentication(this IServiceCollection services)
{
using var provider = services.BuildServiceProvider();
var authInformation = provider.GetRequiredService<IOptions<AuthInformation>>();
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = _ => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(authInformation.Value.Provider, options =>
{
options.Authority = $"https://{authInformation.Value.Domain}";
options.ClientId = authInformation.Value.ClientId;
options.ClientSecret = authInformation.Value.ClientSecret;
options.ResponseType = "code";
options.Scope.Clear();
options.Scope.Add("openid");
// Set the callback path, so Auth provider will call back to http://localhost:1234/callback
// Also ensure that you have added the URL as an Allowed Callback URL in your Auth provider dashboard
options.CallbackPath = new PathString("/callback");
// Configure the Claims Issuer to be Auth provider
options.ClaimsIssuer = authInformation.Value.Provider;
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProviderForSignOut = async context => await HandleRedirect(authInformation.Value, context),
};
});
services.AddAuthorization(options =>
{
options.AddPolicy("Admin", policy => policy.RequireRole("Admin"));
options.AddPolicy("Member", policy => policy.RequireRole("Member"));
});
services.AddHttpContextAccessor();
services.AddScoped<ILoginManager, AuthLoginManager>();
}
private static Task HandleRedirect(AuthInformation auth, RedirectContext context)
{
var postLogoutUri = context.Properties.RedirectUri;
if (!string.IsNullOrEmpty(postLogoutUri))
{
if (postLogoutUri.StartsWith('/'))
{
var request = context.Request;
postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
}
auth.LogoutUri += $"&returnTo={Uri.EscapeDataString(postLogoutUri)}";
}
context.Response.Redirect(auth.LogoutUri);
context.HandleResponse();
return Task.CompletedTask;
}
}