dcovington
/
Campaign_Tracker
1
0
Fork 0
Code Issues 4 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
2 Branches
17MB
Tree: 6ec1b34821
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6ec1b34821'
${ noResults }
Campaign_Tracker/Campaign_Tracker.Server/Program.cs

140 lines
5.0KB
Raw Blame History 

  1. using System.Security.Claims;

  2. using System.Text;

  3. using Campaign_Tracker.Server.Authentication;

  4. using Campaign_Tracker.Server.Configuration;

  5. using Microsoft.AspNetCore.Authentication.JwtBearer;

  6. using Microsoft.IdentityModel.Protocols.OpenIdConnect;

  7. using Microsoft.IdentityModel.Tokens;

  8. 

  9. var builder = WebApplication.CreateBuilder(args);

  10. DotEnvConfiguration.Load(builder.Configuration, builder.Environment.ContentRootPath);

  11. 

  12. // Add services to the container.

  13. 

  14. builder.Services.AddControllers();

  15. // Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi

  16. builder.Services.AddOpenApi();

  17. builder.Services.Configure<KeycloakOptions>(builder.Configuration.GetSection(KeycloakOptions.SectionName));

  18. builder.Services.AddSingleton<IAuthenticationAuditStore, InMemoryAuthenticationAuditStore>();

  19. builder.Services.AddHttpClient<IKeycloakTokenClient, KeycloakTokenClient>();

  20. 

  21. var allowedOrigins = builder.Configuration.GetSection("AllowedOrigins").Get<string[]>() ?? [];

  22. builder.Services.AddCors(options =>

  23. {

  24.     options.AddPolicy("ConfiguredOrigins", policy =>

  25.     {

  26.         if (allowedOrigins.Length > 0)

  27.         {

  28.             policy.WithOrigins(allowedOrigins)

  29.                 .AllowAnyHeader()

  30.                 .AllowAnyMethod();

  31.         }

  32.     });

  33. });

  34. 

  35. var keycloakOptions = builder.Configuration

  36.     .GetSection(KeycloakOptions.SectionName)

  37.     .Get<KeycloakOptions>() ?? new KeycloakOptions();

  38. 

  39. builder.Services

  40.     .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)

  41.     .AddJwtBearer(options =>

  42.     {

  43.         options.Audience = keycloakOptions.TokenAudience;

  44.         options.RequireHttpsMetadata = !keycloakOptions.DisableHttpsMetadata;

  45.         if (!string.IsNullOrWhiteSpace(keycloakOptions.MetadataAddress))

  46.         {

  47.             options.MetadataAddress = keycloakOptions.MetadataAddress;

  48.         }

  49.         options.TokenValidationParameters = new TokenValidationParameters

  50.         {

  51.             ValidateIssuer = true,

  52.             ValidIssuer = keycloakOptions.TokenIssuer,

  53.             ValidateAudience = true,

  54.             ValidAudience = keycloakOptions.TokenAudience,

  55.             ValidateLifetime = true,

  56.             NameClaimType = ClaimTypes.Name,

  57.             RoleClaimType = ClaimTypes.Role,

  58.         };

  59. 

  60.         if (!string.IsNullOrWhiteSpace(keycloakOptions.TestSigningKey))

  61.         {

  62.             var issuerSigningKey =

  63.                 new SymmetricSecurityKey(Encoding.UTF8.GetBytes(keycloakOptions.TestSigningKey));

  64. 

  65.             options.TokenValidationParameters.ValidateIssuerSigningKey = true;

  66.             options.TokenValidationParameters.IssuerSigningKey = issuerSigningKey;

  67.             options.TokenValidationParameters.IssuerSigningKeys = [issuerSigningKey];

  68.             options.Configuration = new OpenIdConnectConfiguration

  69.             {

  70.                 Issuer = keycloakOptions.TokenIssuer,

  71.             };

  72.             options.Configuration.SigningKeys.Add(issuerSigningKey);

  73.         }

  74.         else

  75.         {

  76.             options.Authority = keycloakOptions.Authority;

  77.         }

  78. 

  79.         options.Events = new JwtBearerEvents

  80.         {

  81.             OnTokenValidated = context =>

  82.             {

  83.                 var auditStore = context.HttpContext.RequestServices

  84.                     .GetRequiredService<IAuthenticationAuditStore>();

  85.                 var subject = context.Principal?.Identity?.Name

  86.                     ?? context.Principal?.FindFirstValue(ClaimTypes.NameIdentifier)

  87.                     ?? "unknown";

  88. 

  89.                 auditStore.RecordSuccess(subject, context.HttpContext.TraceIdentifier);

  90.                 return Task.CompletedTask;

  91.             },

  92.             OnAuthenticationFailed = context =>

  93.             {

  94.                 var auditStore = context.HttpContext.RequestServices

  95.                     .GetRequiredService<IAuthenticationAuditStore>();

  96. 

  97.                 var reason = context.Exception is null

  98.                     ? "invalid bearer token"

  99.                     : $"invalid bearer token: {context.Exception.GetType().Name}";

  100.                 auditStore.RecordFailure(reason, context.HttpContext.TraceIdentifier);

  101.                 return Task.CompletedTask;

  102.             },

  103.             OnChallenge = context =>

  104.             {

  105.                 if (context.AuthenticateFailure is null &&

  106.                     context.Request.Headers.ContainsKey("Authorization"))

  107.                 {

  108.                     var auditStore = context.HttpContext.RequestServices

  109.                         .GetRequiredService<IAuthenticationAuditStore>();

  110. 

  111.                     auditStore.RecordFailure("invalid authorization header", context.HttpContext.TraceIdentifier);

  112.                 }

  113. 

  114.                 return Task.CompletedTask;

  115.             },

  116.         };

  117.     });

  118. builder.Services.AddAuthorization();

  119. 

  120. var app = builder.Build();

  121. 

  122. // Configure the HTTP request pipeline.

  123. if (app.Environment.IsDevelopment())

  124. {

  125.     app.MapOpenApi();

  126. }

  127. 

  128. app.UseHttpsRedirection();

  129. 

  130. app.UseCors("ConfiguredOrigins");

  131. app.UseAuthentication();

  132. app.UseAuthorization();

  133. 

  134. app.MapControllers();

  135. app.MapGet("/health", () => Results.Ok(new { status = "ok" }));

  136. 

  137. app.Run();

  138. 

  139. public partial class Program;

Powered by TurnKey Linux.