Last active
August 25, 2019 13:04
-
-
Save demonguru18/2466a7b28572da57d5277b34397e397e to your computer and use it in GitHub Desktop.
How to Enable Cors In Asp.Net Core Web API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using Microsoft.AspNetCore.Builder; | |
using Microsoft.AspNetCore.Hosting; | |
using Microsoft.AspNetCore.HttpsPolicy; | |
using Microsoft.AspNetCore.Mvc; | |
using Microsoft.AspNetCore.SpaServices.AngularCli; | |
using Microsoft.Extensions.Configuration; | |
using Microsoft.Extensions.DependencyInjection; | |
using NG_Core_Auth.Data; | |
using Microsoft.EntityFrameworkCore; | |
using Microsoft.AspNetCore.Identity; | |
using System; | |
using Microsoft.AspNetCore.Authentication.JwtBearer; | |
using Microsoft.IdentityModel.Tokens; | |
using NG_Core_Auth.Helpers; | |
using System.Text; | |
namespace NG_Core_Auth | |
{ | |
public class Startup | |
{ | |
public Startup(IConfiguration configuration) | |
{ | |
Configuration = configuration; | |
} | |
public IConfiguration Configuration { get; } | |
// This method gets called by the runtime. Use this method to add services to the container. | |
public void ConfigureServices(IServiceCollection services) | |
{ | |
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); | |
// In production, the Angular files will be served from this directory | |
services.AddSpaStaticFiles(configuration => | |
{ | |
configuration.RootPath = "ClientApp/dist"; | |
}); | |
// Enable CORS | |
services.AddCors(options => | |
{ | |
options.AddPolicy("EnableCORS", builder => | |
{ | |
builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials().Build(); | |
}); | |
}); | |
// Conect to Database | |
services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))); | |
// Specifiying we are going to use Identity Framework | |
services.AddIdentity<IdentityUser, IdentityRole>(options => | |
{ | |
options.Password.RequireDigit = true; | |
options.Password.RequiredLength = 6; | |
options.Password.RequireNonAlphanumeric = true; | |
options.Password.RequireUppercase = true; | |
options.Password.RequireLowercase = true; | |
options.User.RequireUniqueEmail = true; | |
// Lockout settings. | |
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5); | |
options.Lockout.MaxFailedAccessAttempts = 5; | |
options.Lockout.AllowedForNewUsers = true; | |
}).AddEntityFrameworkStores<ApplicationDbContext>().AddDefaultTokenProviders() ; | |
// Configure strongly typed settings objects | |
var appSettingsSection = Configuration.GetSection("AppSettings"); | |
services.Configure<AppSettings>(appSettingsSection); | |
var appSettings = appSettingsSection.Get<AppSettings>(); | |
var key = Encoding.ASCII.GetBytes(appSettings.Secret); | |
// Authentication Middleware | |
services.AddAuthentication(o => | |
{ | |
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; | |
o.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme; | |
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; | |
}).AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => | |
{ | |
options.TokenValidationParameters = new TokenValidationParameters | |
{ | |
ValidateIssuerSigningKey = true, | |
ValidateIssuer = true, | |
ValidateAudience = true, | |
ValidIssuer = appSettings.Site, | |
ValidAudience = appSettings.Audience, | |
IssuerSigningKey = new SymmetricSecurityKey(key) | |
}; | |
}); | |
services.AddAuthorization(options => | |
{ | |
options.AddPolicy("RequireLoggedIn", policy => policy.RequireRole("Admin", "Customer", "Moderator").RequireAuthenticatedUser()); | |
options.AddPolicy("RequireAdministratorRole", policy => policy.RequireRole("Admin").RequireAuthenticatedUser()); | |
}); | |
/* | |
Requirement: | |
User should be Authenticated | |
User Must be Authorized. | |
In Order to view products (GetAllProducts). | |
*/ | |
} | |
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. | |
public void Configure(IApplicationBuilder app, IHostingEnvironment env) | |
{ | |
if (env.IsDevelopment()) | |
{ | |
app.UseDeveloperExceptionPage(); | |
} | |
else | |
{ | |
app.UseExceptionHandler("/Error"); | |
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. | |
app.UseHsts(); | |
} | |
app.UseCors("EnableCORS"); | |
app.UseHttpsRedirection(); | |
app.UseStaticFiles(); | |
app.UseSpaStaticFiles(); | |
app.UseAuthentication(); | |
app.UseMvc(routes => | |
{ | |
routes.MapRoute( | |
name: "default", | |
template: "{controller}/{action=Index}/{id?}"); | |
}); | |
app.UseSpa(spa => | |
{ | |
// To learn more about options for serving an Angular SPA from ASP.NET Core, | |
// see https://go.microsoft.com/fwlink/?linkid=864501 | |
spa.Options.SourcePath = "ClientApp"; | |
if (env.IsDevelopment()) | |
{ | |
spa.UseAngularCliServer(npmScript: "start"); | |
} | |
}); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment