-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathProgram.cs
141 lines (119 loc) · 4.71 KB
/
Program.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
using System.IdentityModel.Tokens.Jwt;
using System.Text.Json;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using Microsoft.IdentityModel.Protocols;
using System.Net.Http;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddControllers();
builder.Services.AddRazorPages();
// Enable PII logging (only for development, remove in production)
if (builder.Environment.IsDevelopment())
{
IdentityModelEventSource.ShowPII = true;
}
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "IDme";
})
.AddCookie()
.AddOpenIdConnect("IDme", options =>
{
options.ClientId = builder.Configuration["IDme:ClientId"];
options.ClientSecret = builder.Configuration["IDme:ClientSecret"];
options.Authority = "https://api.idmelabs.com/oidc";
// Set the custom endpoints and JWKS URI
options.Configuration = new OpenIdConnectConfiguration
{
AuthorizationEndpoint = "https://api.idmelabs.com/oauth/authorize",
TokenEndpoint = "https://api.idmelabs.com/oauth/token",
UserInfoEndpoint = "https://api.idmelabs.com/api/public/v3/userinfo",
JwksUri = "https://api.idmelabs.com/oidc/.well-known/jwks"
};
// Implement custom ConfigurationManager
var httpClient = new HttpClient(new HttpClientHandler
{
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
});
options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
"https://api.idmelabs.com/oidc/.well-known/openid-configuration",
new OpenIdConnectConfigurationRetriever(),
new HttpDocumentRetriever(httpClient)
);
options.ResponseType = OpenIdConnectResponseType.Code;
options.CallbackPath = new PathString("/authorization-code/callback");
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("http://idmanagement.gov/ns/assurance/ial/2/aal/2");
// Configure token validation parameters
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = "https://api.idmelabs.com/oidc",
ValidateAudience = true,
ValidAudience = options.ClientId,
ValidateLifetime = true,
ValidateIssuerSigningKey = true
};
// Add event handlers for debugging
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = context =>
{
var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<Program>>();
logger.LogInformation("Token validated successfully");
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<Program>>();
logger.LogError($"Authentication failed: {context.Exception.Message}");
return Task.CompletedTask;
},
OnRedirectToIdentityProviderForSignOut = context =>
{
var logoutUri = "/";
context.Response.Redirect(logoutUri);
context.HandleResponse();
return Task.CompletedTask;
}
};
// Enable logging for the backchannel
options.BackchannelHttpHandler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
};
// Disable HTTPS requirement for development (remove in production)
options.RequireHttpsMetadata = !builder.Environment.IsDevelopment();
});
// Add logging
builder.Logging.AddConfiguration(builder.Configuration.GetSection("Logging"));
builder.Logging.AddConsole();
builder.Logging.AddDebug();
builder.Services.AddMvc();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
app.MapControllerRoute(
name: "profile",
pattern: "Profile/{action=Index}/{id?}");
app.Run();