ProxyKit/src/Recipes/04_IdSrv.cs at master · sswedan/ProxyKit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Extensions;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;

namespace ProxyKit.Recipes
{
    public class IdSrv : Recipe<IdSrv.Startup>
    {
        public class Startup
        {
            private readonly AppConfiguration _appConfiguration;

            public Startup(IConfiguration configuration)
            {
                _appConfiguration = new AppConfiguration();
                configuration.Bind(_appConfiguration);
            }

            public void ConfigureServices(IServiceCollection services)
            {
                services.Configure<CookiePolicyOptions>(options =>
                {
                    options.CheckConsentNeeded = context => true;
                    options.MinimumSameSitePolicy = SameSiteMode.None;
                });

                services.AddAuthentication(options =>
                    {
                        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                        options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    })
                    .AddCookie()
                    .AddOpenIdConnect("IdSrv", options =>
                    {
                        options.SignInScheme = "Cookies";

                        options.Authority = this._appConfiguration.Authority;

                        options.ClientId = this._appConfiguration.ClientId;
                        options.ClientSecret = this._appConfiguration.ClientSecret;
                        options.ResponseType = "code id_token";

                        options.Scope.Add("api");
                        options.Scope.Add("openid");
                        options.Scope.Add("profile");
                        options.Scope.Add("email");
                        options.Scope.Add("offline_access");
                    });

                services.AddProxy();
            }

            public void Configure(IApplicationBuilder app)
            {
                app.UseCookiePolicy();

                app.UseAuthentication();

                app.Use(async (context, next) =>
                {
                    if (!context.User.Identity.IsAuthenticated)
                    {
                        await context.ChallengeAsync("IdSrv", new AuthenticationProperties
                        {
                            RedirectUri = context.Request.GetEncodedUrl()
                        });
                        return;
                    }

                    await next();
                });

                app.RunProxy(
                    context => context
                        .ForwardTo(_appConfiguration.ForwardUrl)
                        .AddXForwardedHeaders()
                        .Send());
            }
        }

        public class AppConfiguration
        {
            public string ClientId { get; set; }

            public string ClientSecret { get; set; }

            public string Authority { get; set; }

            public string ForwardUrl { get; set; }
        }
    }
}