|
@@ -1,3 +1,4 @@
|
|
|
+using Microsoft.AspNetCore.Authentication.JwtBearer;
|
|
|
using Microsoft.AspNetCore.Builder;
|
|
|
using Microsoft.AspNetCore.Hosting;
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
@@ -5,19 +6,29 @@ using Microsoft.Extensions.Configuration;
|
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
|
using Microsoft.Extensions.Hosting;
|
|
|
using Microsoft.Extensions.Logging;
|
|
|
+using Microsoft.IdentityModel.Tokens;
|
|
|
using System;
|
|
|
using System.Collections.Generic;
|
|
|
+using System.IdentityModel.Tokens.Jwt;
|
|
|
using System.Linq;
|
|
|
using System.Threading.Tasks;
|
|
|
+using TEAMModelOS.Models;
|
|
|
+using TEAMModelOS.SDK.Context.Configuration;
|
|
|
+using TEAMModelOS.SDK.DI;
|
|
|
+using TEAMModelOS.SDK.Models.Service;
|
|
|
using VueCliMiddleware;
|
|
|
|
|
|
namespace TEAMModeBI
|
|
|
{
|
|
|
public class Startup
|
|
|
{
|
|
|
- public Startup(IConfiguration configuration)
|
|
|
+ public IWebHostEnvironment environment { get; set; }
|
|
|
+ readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
|
|
|
+ public Startup(IConfiguration configuration,IWebHostEnvironment env)
|
|
|
{
|
|
|
Configuration = configuration;
|
|
|
+ environment = env;
|
|
|
+ BaseConfigModel.SetBaseConfig(Configuration, env.ContentRootPath, env.WebRootPath);
|
|
|
}
|
|
|
|
|
|
public IConfiguration Configuration { get; }
|
|
@@ -25,6 +36,65 @@ namespace TEAMModeBI
|
|
|
// This method gets called by the runtime. Use this method to add services to the container.
|
|
|
public void ConfigureServices(IServiceCollection services)
|
|
|
{
|
|
|
+ // true,默認情況下,聲明映射將以舊格式映射聲明名稱,以適應較早的SAML應用程序,RoleClaimType = 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role'
|
|
|
+ // false,RoleClaimType = 'roles'
|
|
|
+ JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
|
|
|
+ services.AddAuthentication(options => options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme)
|
|
|
+ .AddJwtBearer(options => //AzureADJwtBearer
|
|
|
+ {
|
|
|
+ //options.SaveToken = true; //驗證令牌由服務器生成才有效,不適用於服務重啟或分布式架構
|
|
|
+ options.Authority = Configuration["Option:Authority"];
|
|
|
+ options.Audience = Configuration["Option:Audience"];
|
|
|
+ options.RequireHttpsMetadata = true;
|
|
|
+ options.TokenValidationParameters = new TokenValidationParameters
|
|
|
+ {
|
|
|
+ RoleClaimType = "roles",
|
|
|
+ ValidAudiences = new string[] { Configuration["Option:Audience"], $"api://{Configuration["Option:Audience"]}" }
|
|
|
+ };
|
|
|
+ options.Events = new JwtBearerEvents();
|
|
|
+ //下列事件有需要紀錄則打開
|
|
|
+ //options.Events.OnMessageReceived = async context => { await Task.FromResult(0); };
|
|
|
+ //options.Events.OnForbidden = async context => { await Task.FromResult(0); };
|
|
|
+ //options.Events.OnChallenge = async context => { await Task.FromResult(0); };
|
|
|
+ //options.Events.OnAuthenticationFailed = async context => { await Task.FromResult(0); };
|
|
|
+ options.Events.OnTokenValidated = async context =>
|
|
|
+ {
|
|
|
+ if (!context.Principal.Claims.Any(x => x.Type.Equals("http://schemas.microsoft.com/identity/claims/scope")) //ClaimConstants.Scope
|
|
|
+ && !context.Principal.Claims.Any(y => y.Type.Equals("roles"))) //ClaimConstants.Roles //http://schemas.microsoft.com/ws/2008/06/identity/claims/role
|
|
|
+ {
|
|
|
+ //TODO 需處理額外授權非角色及範圍的訪問異常紀錄
|
|
|
+ throw new UnauthorizedAccessException("Neither scope or roles claim was found in the bearer token.");
|
|
|
+ }
|
|
|
+ await Task.FromResult(0);
|
|
|
+ };
|
|
|
+ });
|
|
|
+ //設定跨域請求
|
|
|
+ services.AddCors(options =>
|
|
|
+ {
|
|
|
+ options.AddPolicy(MyAllowSpecificOrigins,
|
|
|
+ builder =>
|
|
|
+ {
|
|
|
+ builder.WithOrigins("http://teammodelos-test.chinacloudsites.cn",
|
|
|
+ "https://www.teammodel.cn", "https://localhost:5001",
|
|
|
+ "http://localhost:5000")
|
|
|
+
|
|
|
+ .AllowAnyHeader()
|
|
|
+ .AllowAnyMethod();
|
|
|
+ });
|
|
|
+ });
|
|
|
+ services.AddAzureStorage(Configuration.GetValue<string>("Azure:Storage:ConnectionString"));
|
|
|
+ services.AddAzureRedis(Configuration.GetValue<string>("Azure:Redis:ConnectionString"));
|
|
|
+ services.AddAzureCosmos(Configuration.GetValue<string>("Azure:Cosmos:ConnectionString"));
|
|
|
+ services.AddAzureServiceBus(Configuration.GetValue<string>("Azure:ServiceBus:ConnectionString"));
|
|
|
+ services.AddSnowflakeId(Convert.ToInt64(Configuration.GetValue<string>("Option:LocationNum")), 1);
|
|
|
+ services.AddHttpClient();
|
|
|
+ services.AddHttpClient<DingDing>();
|
|
|
+ services.AddHttpClient<NotificationService>();
|
|
|
+ services.AddMemoryCache();
|
|
|
+ services.AddControllers().AddJsonOptions(options => { options.JsonSerializerOptions.IgnoreNullValues = false; });
|
|
|
+ //HttpContextAccessor,并用来访问HttpContext。(提供組件或非控制器服務存取HttpContext)
|
|
|
+ services.AddHttpContextAccessor();
|
|
|
+ services.Configure<Option>(options => Configuration.GetSection("Option").Bind(options));
|
|
|
services.AddControllers();
|
|
|
services.AddSpaStaticFiles(configuration =>
|
|
|
{
|
|
@@ -41,7 +111,14 @@ namespace TEAMModeBI
|
|
|
}
|
|
|
|
|
|
app.UseRouting();
|
|
|
+ //以下需要按照順序載入中間件 如果应用调用 UseStaticFiles,请将 UseStaticFiles 置于 UseRouting之前。
|
|
|
+ app.UseStaticFiles();
|
|
|
app.UseSpaStaticFiles();
|
|
|
+ app.UseCors(MyAllowSpecificOrigins); //使用跨域設定
|
|
|
+ app.UseHttpsRedirection(); //開發中暫時關掉
|
|
|
+ //如果应用使用身份验证/授权功能(如 AuthorizePage 或 [Authorize]),请将对 UseAuthentication 和 UseAuthorization的
|
|
|
+ //调用放在之后、UseRouting 和 UseCors,但在 UseEndpoints之前
|
|
|
+ app.UseAuthentication();
|
|
|
app.UseAuthorization();
|
|
|
|
|
|
app.UseEndpoints(endpoints =>
|