diff --git a/samples/Sample.Dashboard.Auth/MyDashboardAuthenticationHandler.cs b/samples/Sample.Dashboard.Auth/MyDashboardAuthenticationHandler.cs index 2c413db9c..1b8048186 100644 --- a/samples/Sample.Dashboard.Auth/MyDashboardAuthenticationHandler.cs +++ b/samples/Sample.Dashboard.Auth/MyDashboardAuthenticationHandler.cs @@ -3,6 +3,7 @@ using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; @@ -23,7 +24,7 @@ public class MyDashboardAuthenticationHandler : AuthenticationHandler options, ILoggerFactory logger, UrlEncoder encoder) : base(options, logger, encoder) { - options.CurrentValue.ForwardChallenge = ""; + // options.CurrentValue.ForwardChallenge = ""; } protected override Task HandleAuthenticateAsync() @@ -31,14 +32,17 @@ protected override Task HandleAuthenticateAsync() var testAuthHeaderPresent = Request.Headers["X-Base-Token"].Contains("xxx"); var authResult = testAuthHeaderPresent ? CreateAuthenticatonTicket() : AuthenticateResult.NoResult(); - + return Task.FromResult(authResult); } protected override Task HandleChallengeAsync(AuthenticationProperties properties) { - Response.Headers["WWW-Authenticate"] = MyDashboardAuthenticationSchemeDefaults.Scheme; - return base.HandleChallengeAsync(properties); + //Response.Headers["WWW-Authenticate"] = MyDashboardAuthenticationSchemeDefaults.Scheme; + //return base.HandleChallengeAsync(properties); + + // Challenge use OpenId for AddCapWithOpenIdAndCustomAuthorization + return Context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, properties); } private AuthenticateResult CreateAuthenticatonTicket() diff --git a/samples/Sample.Dashboard.Auth/Properties/launchSettings.json b/samples/Sample.Dashboard.Auth/Properties/launchSettings.json index 240d046c2..953698474 100644 --- a/samples/Sample.Dashboard.Auth/Properties/launchSettings.json +++ b/samples/Sample.Dashboard.Auth/Properties/launchSettings.json @@ -19,10 +19,11 @@ "Sample.Dashboard.Auth": { "commandName": "Project", "launchBrowser": true, + "launchUrl": "cap", "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" }, - "applicationUrl": "https://localhost:5001" + "applicationUrl": "https://localhost:5001/" } } } \ No newline at end of file diff --git a/samples/Sample.Dashboard.Auth/Startup.cs b/samples/Sample.Dashboard.Auth/Startup.cs index 5d2cc4519..1a476d9e1 100644 --- a/samples/Sample.Dashboard.Auth/Startup.cs +++ b/samples/Sample.Dashboard.Auth/Startup.cs @@ -10,10 +10,11 @@ public class Startup { public void ConfigureServices(IServiceCollection services) { - AddCapWithOpenIdAuthorization(services); + // AddCapWithOpenIdAuthorization(services); // AddCapWithAnonymousAccess(services); // AddCapWithCustomAuthorization(services); - + AddCapWithOpenIdAndCustomAuthorization(services); + services.AddCors(x => { x.AddDefaultPolicy(p => @@ -41,10 +42,10 @@ public void Configure(IApplicationBuilder app) private IServiceCollection AddCapWithOpenIdAuthorization(IServiceCollection services) { const string DashboardAuthorizationPolicy = "DashboardAuthorizationPolicy"; - + services .AddAuthorization(options => - { + { options.AddPolicy(DashboardAuthorizationPolicy, policy => policy .AddAuthenticationSchemes(OpenIdConnectDefaults.AuthenticationScheme) .RequireAuthenticatedUser()); @@ -64,11 +65,12 @@ private IServiceCollection AddCapWithOpenIdAuthorization(IServiceCollection serv options.Scope.Add("openid"); options.Scope.Add("profile"); }); - + services.AddCap(cap => { cap.UseDashboard(d => { + d.AllowAnonymousExplicit = false; d.AuthorizationPolicy = DashboardAuthorizationPolicy; }); cap.UseInMemoryStorage(); @@ -77,21 +79,21 @@ private IServiceCollection AddCapWithOpenIdAuthorization(IServiceCollection serv return services; } - + private IServiceCollection AddCapWithCustomAuthorization(IServiceCollection services) { const string MyDashboardAuthenticationPolicy = "MyDashboardAuthenticationPolicy"; - + services .AddAuthorization(options => - { + { options.AddPolicy(MyDashboardAuthenticationPolicy, policy => policy .AddAuthenticationSchemes(MyDashboardAuthenticationSchemeDefaults.Scheme) .RequireAuthenticatedUser()); }) .AddAuthentication() - .AddScheme(MyDashboardAuthenticationSchemeDefaults.Scheme,null); - + .AddScheme(MyDashboardAuthenticationSchemeDefaults.Scheme, null); + services.AddCap(cap => { cap.UseDashboard(d => @@ -104,7 +106,49 @@ private IServiceCollection AddCapWithCustomAuthorization(IServiceCollection serv return services; } - + + private IServiceCollection AddCapWithOpenIdAndCustomAuthorization(IServiceCollection services) + { + const string DashboardAuthorizationPolicy = "DashboardAuthorizationPolicy"; + + services + .AddAuthorization(options => + { + options.AddPolicy(DashboardAuthorizationPolicy, policy => policy + .AddAuthenticationSchemes(OpenIdConnectDefaults.AuthenticationScheme, MyDashboardAuthenticationSchemeDefaults.Scheme) + .RequireAuthenticatedUser()); + }) + .AddAuthentication(opt => opt.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme) + .AddScheme(MyDashboardAuthenticationSchemeDefaults.Scheme, null) + .AddCookie() + .AddOpenIdConnect(options => + { + options.RequireHttpsMetadata = false; + options.Authority = "https://demo.duendesoftware.com/"; + options.ClientId = "interactive.confidential"; + options.ClientSecret = "secret"; + options.ResponseType = "code"; + options.UsePkce = true; + + options.Scope.Clear(); + options.Scope.Add("openid"); + options.Scope.Add("profile"); + }); + + services.AddCap(cap => + { + cap.UseDashboard(d => + { + d.AllowAnonymousExplicit = false; + d.AuthorizationPolicy = DashboardAuthorizationPolicy; + }); + cap.UseInMemoryStorage(); + cap.UseInMemoryMessageQueue(); + }); + + return services; + } + private IServiceCollection AddCapWithAnonymousAccess(IServiceCollection services) { services.AddCap(cap =>