using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Identity.UI;
using Microsoft.EntityFrameworkCore;
using Rue25.Data;
using Rue25.Models;
var builder =
WebApplication.CreateBuilder(args);
// Add services to the container.
var connectionString =
builder.Configuration.GetConnectionString("DefaultConnection");
builder.Services.AddDbContext<ApplicationDbContext>(options
=>
options.UseSqlServer(connectionString));
builder.Services.AddDatabaseDeveloperPageExceptionFilter();
builder.Services.AddDefaultIdentity<ApplicationUser>(options
=> options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores<ApplicationDbContext>();
builder.Services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
//*AntiforgeryToken
// Angular's default header name for
sending the XSRF token.
builder.Services.AddAntiforgery(options
=>
{
options.HeaderName = "X-XSRF-TOKEN";
//options.Cookie.Name
= "X-XSRF-TOKEN";
//"X-CSRF-TOKEN-OurAppName";
//
Set Cookie properties using CookieBuilder properties†.
//options.FormFieldName
= "AntiforgeryFieldname";
//options.HeaderName
= "X-CSRF-TOKEN-HEADERNAME";
//options.SuppressXFrameOptionsHeader
= false;
});
builder.Services.AddAuthentication()
.AddIdentityServerJwt();
builder.Services.AddControllersWithViews();
builder.Services.AddRazorPages();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseMigrationsEndPoint();
}
else
{
//
The default HSTS value is 30 days. You may want to change this for production
scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseIdentityServer();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "api",
pattern: "/{controller}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
app.MapFallbackToFile("index.html"); ;
app.Run();
//--< AntiForgery >--
//app.us
////*add in Configure(.. , IAntiforgery
antiforgery)
//
app.Use(next => context =>
//
{
//
string path = context.Request.Path.Value;
//
string[] urlAreas = { "/api", "/swagger",
"articles" };
//
if (
// string.Equals(path,
"/", StringComparison.OrdinalIgnoreCase) ||
// string.Equals(path,
"/index.html", StringComparison.OrdinalIgnoreCase) ||
// urlAreas.Any(urlAreas =>
path.StartsWith(urlAreas))
// )
//
{
// // The request token can be sent
as a Javascript-readable cookie,
// // and Angular uses it by
default.
// var tokens =
antiforgery.GetAndStoreTokens(context);
// context.Response.Cookies.Append("XSRF-TOKEN",
tokens.RequestToken,
// new CookieOptions()
// {
// HttpOnly = false,
// Secure = false,
// IsEssential = true,
// SameSite = SameSiteMode.Strict
// });
// }
// return next(context);
// });
////--</ AntiForgery
>--
|