Last active
March 26, 2017 16:53
-
-
Save samueleresca/622b50631610c9b9aa1f5eedcf9b613e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using AspNet.Security.OpenIdConnect.Primitives; | |
using Blog.Turnmeup.DAL.Models; | |
using Microsoft.AspNetCore.Builder; | |
using Microsoft.AspNetCore.Identity.EntityFrameworkCore; | |
using Microsoft.EntityFrameworkCore; | |
using Microsoft.Extensions.Configuration; | |
using Microsoft.Extensions.DependencyInjection; | |
namespace Blog.Turnmeup.API | |
{ | |
public partial class Startup | |
{ | |
private void ConfigureServicesAuth(IServiceCollection services) | |
{ | |
services.AddDbContext<IdentityDbContext>(options => | |
{ | |
options.UseSqlServer(Configuration.GetConnectionString("AuthServer")); | |
// Register the entity sets needed by OpenIddict. | |
// Note: use the generic overload if you need | |
// to replace the default OpenIddict entities. | |
options.UseOpenIddict(); | |
}); | |
// Register the OpenIddict services. | |
services.AddOpenIddict(options => | |
{ | |
// Register the Entity Framework stores. | |
options.AddEntityFrameworkCoreStores<IdentityDbContext>(); | |
// Register the ASP.NET Core MVC binder used by OpenIddict. | |
// Note: if you don't call this method, you won't be able to | |
// bind OpenIdConnectRequest or OpenIdConnectResponse parameters. | |
options.AddMvcBinders(); | |
// Enable the token endpoint (required to use the password flow). | |
options.EnableTokenEndpoint("/connect/token"); | |
// Allow client applications to use the grant_type=password flow. | |
options.AllowPasswordFlow(); | |
// During development, you can disable the HTTPS requirement. | |
options.DisableHttpsRequirement(); | |
}); | |
// TODO: Inject custom validation | |
// services.AddTransient<IPasswordValidator<AppUser>, CustomPasswordValidator>(); | |
// services.AddTransient<IUserValidator<AppUser>, CustomUserValidator>(); | |
// Register the Identity services. | |
services.AddIdentity<AppUser, IdentityRole>(opts => { | |
opts.Password.RequiredLength = 6; | |
opts.Password.RequireNonAlphanumeric = false; | |
opts.Password.RequireLowercase = false; | |
opts.Password.RequireUppercase = false; | |
opts.Password.RequireDigit = false; | |
}) | |
.AddEntityFrameworkStores<IdentityDbContext>() | |
.AddDefaultTokenProviders(); | |
// Configure Identity to use the same JWT claims as OpenIddict instead | |
// of the legacy WS-Federation claims it uses by default (ClaimTypes), | |
// which saves you from doing the mapping in your authorization controller. | |
services.Configure<IdentityOptions>(options => | |
{ | |
options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name; | |
options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject; | |
options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role; | |
}); | |
} | |
private void ConfigureAuth(IApplicationBuilder app) | |
{ | |
app.UseIdentity(); | |
app.UseOpenIddict(); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment