这是我的观点:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using MyProject.STS4.ManagementSite.Data;
using MyProject.STS4.ManagementSite.Models;
using MyProject.STS4.ManagementSite.Services;
using MyProject.STS4.ManagementSite.Tenant;
using IdentityServer4.Services;
using Microsoft.Extensions.DependencyInjection.Extensions;
using System.Reflection;
using IdentityServer4.EntityFramework.DbContexts;
using IdentityServer4.EntityFramework.Mappers;
using Microsoft.IdentityModel.Tokens;
using IdentityServer4;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System.Globalization;
using System.Security.Claims;
using MyProject.STS4.ManagementSite.Models.Mail;
namespace MyProject.STS4.ManagementSite
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Read this part of the appsettings.json and convert it into the SmtpConfig
services.Configure<SmtpConfig>(Configuration.GetSection("Smtp"));
string connectionString = Configuration.GetConnectionString("DefaultConnection");
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"),
sqlOptions => sqlOptions.MigrationsAssembly(migrationsAssembly)
));
// Explicitly added
//services.TryAddScoped<IUserClaimsPrincipalFactory<TenantUser>, UserClaimsPrincipalFactory<TenantUser, IdentityRole>>();
services.AddIdentity<TenantUser, IdentityRole>(options =>
{
// This should send a mail when registering
options.SignIn.RequireConfirmedEmail = false;
options.User.RequireUniqueEmail = false;
// Allows emails toe be used in the username
options.User.AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+";
})
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders()
.AddUserValidator<TenantUserValidator>(); // register our own validator
// Add application services.
services.AddTransient<IEmailSender, EmailSender>();
services.AddMvc();
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddAspNetIdentity<TenantUser>()
// this adds the config data from DB (clients, resources)
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
})
// this adds the operational data from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 30;
});
// Add the possible authentication methods
services.AddAuthentication()
.AddGoogle("Google", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.ClientId = "[...]";
options.ClientSecret = "[...]";
})
.AddOpenIdConnect("oidc", "OpenID Connect", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.Authority = "http://localhost:5000/";
options.RequireHttpsMetadata = false;
options.ClientId = "implicit";
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
// This is still to test Azure Auth
//.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
//{
// ClientId = Configuration["AzureAD:ClientId"],
// Authority = string.Format(CultureInfo.InvariantCulture, Configuration["AzureAd:AadInstance"], "common", "/v2.0"),
// ResponseType = OpenIdConnectResponseType.IdToken,
// Events = new OpenIdConnectEvents
// {
// OnTokenValidated = TokenValidated
// },
// TokenValidationParameters = new TokenValidationParameters
// {
// // Instead of using the default validation (validating against
// // a single issuer value, as we do in line of business apps),
// // we inject our own multitenant validation logic
// ValidateIssuer = false,
// NameClaimType = "name"
// }
//}
//);
// Registering this service allows for checking if user is active and enhancing the user with extra data (such as the claims)
services.AddTransient<IProfileService, TenantUserProfileService>();
}
private Task TokenValidated(TokenValidatedContext context)
{
/* ---------------------
// Replace this with your logic to validate the issuer/tenant
---------------------
// Retriever caller data from the incoming principal
string issuer = context.SecurityToken.Issuer;
string subject = context.SecurityToken.Subject;
string tenantID = context.Ticket.Principal.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
// Build a dictionary of approved tenants
IEnumerable<string> approvedTenantIds = new List<string>
{
"<Your tenantID>",
"9188040d-6c67-4c5b-b112-36a304b66dad" // MSA Tenant
};
o
if (!approvedTenantIds.Contains(tenantID))
throw new SecurityTokenValidationException();
--------------------- */
var claimsIdentity = (ClaimsIdentity)context.Principal.Identity;
//add your custom claims here
claimsIdentity.AddClaim(new Claim("test", "helloworld!!!"));
return Task.FromResult(0);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
// this will do the initial DB population
SeedData.EnsureSeedData(app.ApplicationServices);
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
// app.UseAuthentication(); // not needed, since UseIdentityServer adds the authentication middleware
app.UseIdentityServer();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
}
这就是我运行此活动指示器的方式,也就是这样启动运行活动指示器的方法:this.IsBusy = true;
但我看不到