API wip.

src/AuthServer/AuthServer.Api/AuthServer.Api.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFramework>netcoreapp2.2</TargetFramework>
@@ -8,11 +8,17 @@
 
   <ItemGroup>
     <PackageReference Include="IdentityServer4" Version="2.3.2" />
+    <PackageReference Include="IdentityServer4.AspNetIdentity" Version="2.3.0" />
     <PackageReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.AspNetCore.Razor.Design" Version="2.2.0" PrivateAssets="All" />
     <PackageReference Include="Microsoft.Extensions.Logging.Filter" Version="1.1.2" />
     <PackageReference Include="serilog.extensions.logging" Version="2.0.2" />
     <PackageReference Include="serilog.sinks.file" Version="4.0.0" />
   </ItemGroup>
 
+
+  <ItemGroup>
+    <ProjectReference Include="..\AuthServer.Infrastructure\AuthServer.Infrastructure.csproj" />
+  </ItemGroup>
+
 </Project>

src/AuthServer/AuthServer.Api/Config.cs

@@ -0,0 +1,58 @@
+using System.Collections.Generic;
+using AuthServer.Infrastructure.Constants;
+using IdentityServer4;
+using IdentityServer4.Models;
+
+namespace AuthServer.Api
+{
+    public class Config
+    {
+        public static IEnumerable<IdentityResource> GetIdentityResources()
+        {
+            return new List<IdentityResource>
+            {
+                new IdentityResources.OpenId(),
+                new IdentityResources.Email(),
+                new IdentityResources.Profile(),
+            };
+        }
+
+        public static IEnumerable<ApiResource> GetApiResources()
+        {
+            return new List<ApiResource>
+            {
+                new ApiResource(Roles.Consumer, "Aycoutay API")
+            };
+        }
+
+        public static IEnumerable<Client> GetClients()
+        {
+            // client credentials client
+            return new List<Client>
+            {
+                // resource owner password grant client
+                new Client
+                {
+                    ClientId = "ro.aycoutay-mobile",
+                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
+
+                    ClientSecrets =
+                    {
+                        new Secret("secret".Sha256())
+                    },
+                    AllowedScopes = {
+                        IdentityServerConstants.StandardScopes.OpenId,
+                        IdentityServerConstants.StandardScopes.Profile,
+                        IdentityServerConstants.StandardScopes.Email,
+                        IdentityServerConstants.StandardScopes.Address,
+                        Roles.Consumer
+                    },
+                    AllowOfflineAccess = true,
+                    // Access token life time is 90 days
+                    AccessTokenLifetime = 7776000,
+                    AbsoluteRefreshTokenLifetime = 10368000  // 120 days
+                }
+            };
+        }
+    }
+}

src/AuthServer/AuthServer.Api/Controllers/AccountsController.cs

@@ -0,0 +1,44 @@
+using AuthServer.Infrastructure.Data.Identity;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using AuthServer.Api.Models;
+using AuthServer.Infrastructure.Constants;
+using System.Threading.Tasks;
+
+namespace AuthServer.Api.Controllers
+{
+    [Route("api/[controller]")]
+    [ApiController]
+    public class AccountsController : ControllerBase
+    {
+        private readonly UserManager<AppUser> _userManager;
+
+        public AccountsController(UserManager<AppUser> userManager)
+        {
+            _userManager = userManager;
+        }
+
+        [HttpPost]
+        public async Task<IActionResult> Register([FromBody]RegisterRequestViewModel model)
+        {
+            if (!ModelState.IsValid)
+            {
+                return BadRequest(ModelState);
+            }
+
+            var user = new AppUser { UserName = model.Email, Name = model.Name, Email = model.Email };
+
+            var result = await _userManager.CreateAsync(user, model.Password);
+
+            if (!result.Succeeded) return BadRequest(result.Errors);
+
+            await _userManager.AddToRoleAsync(user, Roles.Consumer);
+            await _userManager.AddClaimAsync(user, new System.Security.Claims.Claim("userName", user.UserName));
+            await _userManager.AddClaimAsync(user, new System.Security.Claims.Claim("name", user.Name));
+            await _userManager.AddClaimAsync(user, new System.Security.Claims.Claim("email", user.Email));
+            await _userManager.AddClaimAsync(user, new System.Security.Claims.Claim("role", Roles.Consumer));
+
+            return Ok(new RegisterResponseViewModel(user));
+        }
+    }
+}

src/AuthServer/AuthServer.Api/Models/RegisterRequestViewModel.cs

@@ -0,0 +1,29 @@
+using System.ComponentModel.DataAnnotations;
+
+
+namespace AuthServer.Api.Models
+{
+    public class RegisterRequestViewModel
+    {
+        [Required]
+        [StringLength(50, ErrorMessage = "The {0} must be at least {2} and at max {1} characters long.", MinimumLength = 2)]
+        [Display(Name = "Name")]
+        public string Name { get; set; }
+
+        [Required]
+        [EmailAddress]
+        [Display(Name = "Email")]
+        public string Email { get; set; }
+
+        [Required]
+        [StringLength(100, ErrorMessage = "The {0} must be at least {2} and at max {1} characters long.", MinimumLength = 6)]
+        [DataType(DataType.Password)]
+        [Display(Name = "Password")]
+        public string Password { get; set; }
+
+        [DataType(DataType.Password)]
+        [Display(Name = "Confirm password")]
+        [Compare("Password", ErrorMessage = "The password and confirmation password do not match.")]
+        public string ConfirmPassword { get; set; }
+    }
+}

src/AuthServer/AuthServer.Api/Models/RegisterResponseViewModel.cs

@@ -0,0 +1,18 @@
+using AuthServer.Infrastructure.Data.Identity;
+
+namespace AuthServer.Api.Models
+{
+    public class RegisterResponseViewModel
+    {
+        public string Id { get; set; }
+        public string Name { get; set; }
+        public string Email { get; set; }
+
+        public RegisterResponseViewModel(AppUser user)
+        {
+            Id = user.Id;
+            Name = user.Name;
+            Email = user.Email;
+        }
+    }
+}

src/AuthServer/AuthServer.Api/Startup.cs

@@ -1,11 +1,19 @@
-using Microsoft.AspNetCore.Builder;
+using AuthServer.Api;
+using AuthServer.Infrastructure.Data.Identity;
+using AuthServer.Infrastructure.Services;
+using IdentityServer4.Services;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Serilog;
+using System.Net.Http;
 
 namespace AuthServer
 {
@@ -21,12 +29,35 @@ public Startup(IConfiguration configuration)
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
-            services.Configure<CookiePolicyOptions>(options =>
-            {
-                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
-                options.CheckConsentNeeded = context => true;
-                options.MinimumSameSitePolicy = SameSiteMode.None;
-            });
+            services.AddDbContext<AppIdentityDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("Default")));
+
+            services.AddIdentity<AppUser, IdentityRole>()
+                .AddEntityFrameworkStores<AppIdentityDbContext>()
+                .AddDefaultTokenProviders();
+
+            services.AddIdentityServer()
+                .AddDeveloperSigningCredential()
+                // this adds the operational data from DB (codes, tokens, consents)
+                .AddOperationalStore(options =>
+                {
+                    options.ConfigureDbContext = builder => builder.UseSqlServer(Configuration.GetConnectionString("Default"));
+
+                    // this enables automatic token cleanup. this is optional.
+                    options.EnableTokenCleanup = true;
+                    options.TokenCleanupInterval = 30; // interval in seconds
+                })
+                //.AddInMemoryPersistedGrants()
+                .AddInMemoryIdentityResources(Config.GetIdentityResources())
+                .AddInMemoryApiResources(Config.GetApiResources())
+                .AddInMemoryClients(Config.GetClients())
+                .AddAspNetIdentity<AppUser>();      
+
+
+            services.AddTransient<IProfileService, IdentityClaimsProfileService>();
+
+            services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin()
+               .AllowAnyMethod()
+               .AllowAnyHeader()));
 
             services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
         }
@@ -58,7 +89,9 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF
                 .AddSerilog(serilog.CreateLogger());
 
             app.UseStaticFiles();
-            app.UseCookiePolicy();
+            app.UseCors("AllowAll");
+            app.UseHttpsRedirection();
+            app.UseIdentityServer();
 
             app.UseMvc(routes =>
             {

src/AuthServer/AuthServer.Api/appsettings.json

@@ -4,5 +4,11 @@
       "Default": "Warning"
     }
   },
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "ConnectionStrings": {
+    "Default": "Server=(localdb)\\mssqllocaldb;Database=AuthServer;Trusted_Connection=True;MultipleActiveResultSets=true"
+  },
+  "Security": {
+    "OpenIdConnectAuthority": "https://aycoutay-dev.azurewebsites.net/auth/"
+  }
 }