The Startup blazorboilerplate class source code analysis: https://github.com/enkodellc/blazorboilerplate/blob/master/src/BlazorBoilerplate.Server/Startup.cs
--------------------------------------------------
1、 services.AddIdentity<ApplicationUser, IdentityRole<Guid>>()
.AddRoles<IdentityRole<Guid>>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddScoped<IUserClaimsPrincipalFactory<ApplicationUser>, AdditionalUserClaimsPrincipalFactory>();
// Adds IdentityServer
var identityServerBuilder = services.AddIdentityServer(options =>
{
options.IssuerUri = authAuthority;
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
})
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = DbContextOptionsBuilder;
})
.AddOperationalStore(options =>
{
options.ConfigureDbContext = DbContextOptionsBuilder;
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 3600; //In Seconds 1 hour
})
.AddAspNetIdentity<ApplicationUser>();
2、===========================================
var authBuilder = services.AddAuthentication(options =>
{
options.DefaultScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
})
. AddIdentityServerAuthentication (options =>
{
options.Authority = authAuthority;
options.SupportedTokens = SupportedTokens.Jwt;
options.RequireHttpsMetadata = _environment.IsProduction() ? true : false;
options.ApiName = IdentityServerConfig.ApiName;
});
#########################################
services.Configure<IdentityOptions>(options =>
{
// Password settings
options.Password.RequireDigit = false;
options.Password.RequiredLength = 6;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
//options.Password.RequiredUniqueChars = 6;
// Lockout settings
options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes (30);
options.Lockout.MaxFailedAccessAttempts = 10;
options.Lockout.AllowedForNewUsers = true;
// Require Confirmed Email User settings
if (Convert.ToBoolean(Configuration["BlazorBoilerplate:RequireConfirmedEmail"] ?? "false"))
{
options.User.RequireUniqueEmail = false;
options.SignIn.RequireConfirmedEmail = true;
}
});
3、=========================================================
//Add Policies / Claims / Authorization - https://stormpath.com/blog/tutorial-policy-based-authorization-asp-net-core
services.AddAuthorization(options =>
{
options.AddPolicy(Policies.IsAdmin, Policies.IsAdminPolicy());
options.AddPolicy(Policies.IsUser, Policies.IsUserPolicy());
options.AddPolicy(Policies.IsReadOnly, Policies.IsReadOnlyPolicy());
options.AddPolicy(Policies.IsMyDomain, Policies.IsMyDomainPolicy()); // valid only on serverside operations
});
services.AddTransient<IAuthorizationHandler, DomainRequirementHandler>();
4、************************************************************************************
services.Configure<CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = In the Si te Mo de.None;
});
services.ConfigureExternalCookie(options =>
{
// macOS login fix
PodcastRSSMail o o o ns.Co miles of .Sa meSite = In the Si te Mo de.None;
});
services.ConfigureApplicationCookie(options =>
{
// macOS login fix
PodcastRSSMail o o o ns.Co miles of .Sa meSite = In the Si te Mo de.None;
options.Cookie.HttpOnly = false;
// Suppress redirect on API URLs in ASP.NET Core -> https://stackoverflow.com/a/56384729/54159
options.Events = new CookieAuthenticationEvents()
{
OnRedirectToAccessDenied = context =>
{
if (context.Request.Path.StartsWithSegments("/api"))
{
context.Response.StatusCode = (int)(HttpStatusCode.Unauthorized);
}
return Task.CompletedTask;
},
OnRedirectToLogin = context =>
{
context.Response.StatusCode = 401;
return Task.CompletedTask;
}
};
});
services.Configure<IdentityOptions>(options => | |
{ | |
// Password settings | |
options.Password.RequireDigit = false; | |
options.Password.RequiredLength = 6; | |
options.Password.RequireNonAlphanumeric = false; | |
options.Password.RequireUppercase = false; | |
options.Password.RequireLowercase = false; | |
//options.Password.RequiredUniqueChars = 6; | |
// Lockout settings | |
options . Lockout . DefaultLockoutTimeSpan = TimeSpan . FromMinutes ( 30 ); | |
options.Lockout.MaxFailedAccessAttempts = 10; | |
options.Lockout.AllowedForNewUsers = true; | |
// Require Confirmed Email User settings | |
if (Convert.ToBoolean(Configuration["BlazorBoilerplate:RequireConfirmedEmail"] ?? "false")) | |
{ | |
options.User.RequireUniqueEmail = false; | |
options.SignIn.RequireConfirmedEmail = true; | |
} | |
}); |