FriendsCodeTogether · DaSernet · Oct 20, 2020 · Oct 18, 2020 · Oct 19, 2020 · Oct 19, 2020
diff --git a/CosNet.API/Controllers/WeatherForecastController.cs b/CosNet.API/Controllers/WeatherForecastController.cs
@@ -2,11 +2,13 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 
 namespace CosNet.API.Controllers
 {
+    [Authorize]
     [ApiController]
     [Route("[controller]")]
     public class WeatherForecastController : ControllerBase

diff --git a/CosNet.API/CosNet.API.csproj b/CosNet.API/CosNet.API.csproj
@@ -6,6 +6,7 @@
 
   <ItemGroup>
     <PackageReference Include="AutoMapper.Extensions.Microsoft.DependencyInjection" Version="8.1.0" />
+    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.9" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="3.1.9">
       <PrivateAssets>all</PrivateAssets>

diff --git a/CosNet.API/Properties/launchSettings.json b/CosNet.API/Properties/launchSettings.json
@@ -1,30 +1,31 @@
 {
-   "iisSettings": {
-      "windowsAuthentication": false,
-      "anonymousAuthentication": true,
-      "iisExpress": {
-         "applicationUrl": "http://localhost:56531",
-         "sslPort": 44308
+  "$schema": "http://json.schemastore.org/launchsettings.json",
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:6001",
+      "sslPort": 44308
+    }
+  },
+  "profiles": {
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "weatherforecast",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
       }
-   },
-   "$schema": "http://json.schemastore.org/launchsettings.json",
-   "profiles": {
-      "IIS Express": {
-         "commandName": "IISExpress",
-         "launchBrowser": true,
-         "launchUrl": "weatherforecast",
-         "environmentVariables": {
-            "ASPNETCORE_ENVIRONMENT": "Development"
-         }
+    },
+    "CosNet.API": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "launchUrl": "weatherforecast",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development",
+        "COSNET_API_SECRET": "apisecret"
       },
-      "CosNet.API": {
-         "commandName": "Project",
-         "launchBrowser": true,
-         "launchUrl": "cosplay",
-         "environmentVariables": {
-            "ASPNETCORE_ENVIRONMENT": "Development"
-         },
-         "applicationUrl": "https://localhost:6001;http://localhost:6000"
-      }
-   }
+      "applicationUrl": "https://localhost:6001;http://localhost:6000"
+    }
+  }
 }
diff --git a/CosNet.API/Startup.cs b/CosNet.API/Startup.cs
@@ -5,6 +5,7 @@
 using System.Threading.Tasks;
 using AutoMapper;
 using CosNet.API.DBContexts;
+using IdentityServer4.AccessTokenValidation;
 using CosNet.API.Repositories;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -32,15 +33,34 @@ public Startup(IConfiguration configuration)
       public void ConfigureServices(IServiceCollection services)
       {
          services.AddControllers();
-         services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
-         services.AddTransient<ICosplayRepository, CosplayRepository>();
-         //register the swagger generator, defining a swagger document
          services.AddMvc();
 
+         services.AddCors(options =>
+         {
+            options.AddPolicy(
+               "cosnet-cors-policy",
+               builder => builder.WithOrigins(Configuration.GetSection("CosNetWebUIUrl").Value)
+                  .AllowAnyMethod()
+                  .AllowAnyHeader()
+                  .AllowCredentials());
+         });
+
+         services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
+
          services.AddSwaggerGen(c =>
          {
-            c.SwaggerDoc("v1", new OpenApiInfo { Title = "CosNet API", Version = "v1" });
+               c.SwaggerDoc("v1", new OpenApiInfo { Title = "CosNet API", Version = "v1" });
          });
+
+         services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
+            .AddIdentityServerAuthentication(options =>
+            {
+               options.Authority = Configuration.GetSection("CosNetIDPUrl").Value;
+               options.ApiName = "cosnet-api";
+               options.ApiSecret = Environment.GetEnvironmentVariable("COSNET_API_SECRET");
+            });
+
+         services.AddTransient<ICosplayRepository, CosplayRepository>();
          services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
       }
 
@@ -54,11 +74,6 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 
          app.UseHttpsRedirection();
 
-         app.UseCors(options =>
-         {
-            options.AllowAnyOrigin();
-         });
-
          app.UseSwagger();
 
          app.UseSwaggerUI(c =>
@@ -69,6 +84,10 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 
          app.UseRouting();
 
+         app.UseCors("cosnet-cors-policy");
+
+         app.UseAuthentication();
+
          app.UseAuthorization();
 
          app.UseEndpoints(endpoints =>

diff --git a/CosNet.API/appsettings.Development.json b/CosNet.API/appsettings.Development.json
@@ -1,11 +1,12 @@
 {
-  "Logging": {
-    "LogLevel": {
-      "Default": "Information",
-      "Microsoft": "Warning",
-      "Microsoft.Hosting.Lifetime": "Information"
-    }
-  },
+   "Logging": {
+      "LogLevel": {
+         "Default": "Information",
+         "Microsoft": "Warning",
+         "Microsoft.Hosting.Lifetime": "Information"
+      }
+   },
 
-  "CosNetIDPUrl": "https://localhost:7001"
+   "CosNetWebUIUrl": "https://localhost:5001",
+   "CosNetIDPUrl": "https://localhost:7001"
 }
diff --git a/CosNet.API/appsettings.json b/CosNet.API/appsettings.json
@@ -1,17 +1,18 @@
 {
-  "ConnectionStrings": {
-    "DefaultConnection": "Server=(localdb)\\MSSQLLocalDB;Database=CosNet;Trusted_Connection=True;MultipleActiveResultSets=true"
-  },
+   "ConnectionStrings": {
+      "DefaultConnection": "Server=(localdb)\\MSSQLLocalDB;Database=CosNet;Trusted_Connection=True;MultipleActiveResultSets=true"
+   },
 
-  "CosNetIDPUrl": "https://cosnet-idp.azurewebsites.net",
+   "CosNetWebUIUrl": "https://cosnet.azurewebsites.net",
+   "CosNetIDPUrl": "https://cosnet-idp.azurewebsites.net",
 
-  "Logging": {
-    "LogLevel": {
-      "Default": "Information",
-      "Microsoft": "Warning",
-      "Microsoft.Hosting.Lifetime": "Information"
-    }
-  },
+   "Logging": {
+      "LogLevel": {
+         "Default": "Information",
+         "Microsoft": "Warning",
+         "Microsoft.Hosting.Lifetime": "Information"
+      }
+   },
 
-  "AllowedHosts": "*"
+   "AllowedHosts": "*"
 }
diff --git a/CosNet.IDP/Config.cs b/CosNet.IDP/Config.cs
@@ -2,57 +2,62 @@
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 
 
+using IdentityServer4;
 using IdentityServer4.Models;
 using System.Collections.Generic;
+using System.Configuration;
 
 namespace CosNet.IDP
 {
-    public static class Config
-    {
-        public static IEnumerable<IdentityResource> IdentityResources =>
-                   new IdentityResource[]
-                   {
-                new IdentityResources.OpenId(),
-                new IdentityResources.Profile(),
-                   };
-
-        public static IEnumerable<ApiScope> ApiScopes =>
-            new ApiScope[]
+   public static class Config
+   {
+      public static IEnumerable<IdentityResource> IdentityResources =>
+         new IdentityResource[]
+         {
+            new IdentityResources.OpenId(),
+            new IdentityResources.Profile(),
+         };
+
+      public static IEnumerable<ApiScope> ApiScopes =>
+         new ApiScope[]
+         {
+            new ApiScope("cosnet-api")
+         };
+
+      public static IEnumerable<ApiResource> ApiResources =>
+         new ApiResource[]
+         {
+            new ApiResource(
+               "cosnet-api",
+               "CosNet API",
+               new List<string>() { "role" })
             {
-                new ApiScope("scope1"),
-                new ApiScope("scope2"),
-            };
-
-        public static IEnumerable<Client> Clients =>
-            new Client[]
+               Scopes = { "cosnet-api"},
+               ApiSecrets = { new Secret(System.Environment.GetEnvironmentVariable("COSNET_API_SECRET").Sha256()) }
+            }
+         };
+
+      public static IEnumerable<Client> Clients =>
+         new Client[]
+         {
+            new Client
             {
-                // m2m client credentials flow client
-                new Client
-                {
-                    ClientId = "m2m.client",
-                    ClientName = "Client Credentials Client",
-
-                    AllowedGrantTypes = GrantTypes.ClientCredentials,
-                    ClientSecrets = { new Secret("511536EF-F270-4058-80CA-1C89C192F69A".Sha256()) },
-
-                    AllowedScopes = { "scope1" }
-                },
-
-                // interactive client using code flow + pkce
-                new Client
-                {
-                    ClientId = "interactive",
-                    ClientSecrets = { new Secret("49C1A7E1-0C79-4A89-A3D6-A37998FB86B0".Sha256()) },
-
-                    AllowedGrantTypes = GrantTypes.Code,
-
-                    RedirectUris = { "https://localhost:44300/signin-oidc" },
-                    FrontChannelLogoutUri = "https://localhost:44300/signout-oidc",
-                    PostLogoutRedirectUris = { "https://localhost:44300/signout-callback-oidc" },
-
-                    AllowOfflineAccess = true,
-                    AllowedScopes = { "openid", "profile", "scope2" }
-                },
-            };
-    }
-}
+               ClientId = "cosnetwebui",
+               AllowedGrantTypes = GrantTypes.Code,
+               RequireClientSecret = false,
+               AllowedCorsOrigins = { System.Environment.GetEnvironmentVariable("COSNET_WEBUI_URL") },
+               RedirectUris = { $"{System.Environment.GetEnvironmentVariable("COSNET_WEBUI_URL")}/authentication/login-callback" },
+               FrontChannelLogoutUri = $"{System.Environment.GetEnvironmentVariable("COSNET_WEBUI_URL")}/",
+               PostLogoutRedirectUris = { $"{System.Environment.GetEnvironmentVariable("COSNET_WEBUI_URL")}/" },
+
+               AllowOfflineAccess = true,
+               AllowedScopes =
+               {
+                  IdentityServerConstants.StandardScopes.OpenId,
+                  IdentityServerConstants.StandardScopes.Profile,
+                  "cosnet-api"
+               }
+            },
+         };
+   }
+}
diff --git a/CosNet.IDP/CosNet.IDP.csproj b/CosNet.IDP/CosNet.IDP.csproj
@@ -19,5 +19,6 @@
 
     <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="3.1.9" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="3.1.9" />
+    <PackageReference Include="System.Configuration.ConfigurationManager" Version="4.7.0" />
   </ItemGroup>
-</Project>
+</Project>
diff --git a/CosNet.IDP/Properties/launchSettings.json b/CosNet.IDP/Properties/launchSettings.json
@@ -4,7 +4,9 @@
       "commandName": "Project",
       "launchBrowser": true,
       "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
+         "ASPNETCORE_ENVIRONMENT": "Development",
+         "COSNET_WEBUI_URL": "https://localhost:5001",
+         "COSNET_API_SECRET": "apisecret"
       },
       "applicationUrl": "https://localhost:7001"
     }

diff --git a/CosNet.IDP/Startup.cs b/CosNet.IDP/Startup.cs
@@ -49,6 +49,7 @@ public void ConfigureServices(IServiceCollection services)
             })
                 .AddInMemoryIdentityResources(Config.IdentityResources)
                 .AddInMemoryApiScopes(Config.ApiScopes)
+                .AddInMemoryApiResources(Config.ApiResources)
                 .AddInMemoryClients(Config.Clients)
                 .AddAspNetIdentity<ApplicationUser>();
 
@@ -59,7 +60,7 @@ public void ConfigureServices(IServiceCollection services)
                 .AddGoogle(options =>
                 {
                     options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
-                    
+
                     // register your IdentityServer with Google at https://console.developers.google.com
                     // enable the Google+ API
                     // set the redirect URI to https://localhost:5001/signin-google
@@ -79,12 +80,15 @@ public void Configure(IApplicationBuilder app)
             app.UseStaticFiles();
 
             app.UseRouting();
+
             app.UseIdentityServer();
+
             app.UseAuthorization();
+
             app.UseEndpoints(endpoints =>
             {
                 endpoints.MapDefaultControllerRoute();
             });
         }
     }
-}
+}
diff --git a/CosNet.WebUI/CosNet.WebUI.csproj b/CosNet.WebUI/CosNet.WebUI.csproj
@@ -6,13 +6,14 @@
       <ServiceWorkerAssetsManifest>service-worker-assets.js</ServiceWorkerAssetsManifest>
    </PropertyGroup>
 
-   <ItemGroup>
-      <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="3.2.1" />
-      <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Build" Version="3.2.1" PrivateAssets="all" />
-      <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="3.2.1" PrivateAssets="all" />
-      <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="3.2.1" />
-      <PackageReference Include="System.Net.Http.Json" Version="3.2.1" />
-   </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="3.2.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Build" Version="3.2.1" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="3.2.1" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="3.2.1" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="3.1.9" />
+    <PackageReference Include="System.Net.Http.Json" Version="3.2.1" />
+  </ItemGroup>
 
    <ItemGroup>
       <ProjectReference Include="..\CosNet.Shared\CosNet.Shared.csproj" />
@@ -21,4 +22,4 @@
    <ItemGroup>
       <ServiceWorker Include="wwwroot\service-worker.js" PublishedContent="wwwroot\service-worker.published.js" />
    </ItemGroup>
-</Project>
+</Project>