using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.HttpsPolicy; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using TEAMModelOS.Models; using TEAMModelOS.SDK.DI; using System.IdentityModel.Tokens.Jwt; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.IdentityModel.Tokens; namespace TEAMModelAPI { public class Startup { readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins"; public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { JwtSecurityTokenHandler.DefaultMapInboundClaims = false; services.AddAuthentication(options => options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => //AzureADJwtBearer { //options.SaveToken = true; //驗證令牌由服務器生成才有效,不適用於服務重啟或分布式架構 options.Authority = Configuration["Option:Authority"]; options.Audience = Configuration["Option:Audience"]; options.RequireHttpsMetadata = true; options.TokenValidationParameters = new TokenValidationParameters { RoleClaimType = "roles", ValidAudiences = new string[] { Configuration["Option:Audience"], $"api://{Configuration["Option:Audience"]}" } }; options.Events = new JwtBearerEvents(); //下列事件有需要紀錄則打開 //options.Events.OnMessageReceived = async context => { await Task.FromResult(0); }; //options.Events.OnForbidden = async context => { await Task.FromResult(0); }; //options.Events.OnChallenge = async context => { await Task.FromResult(0); }; //options.Events.OnAuthenticationFailed = async context => { await Task.FromResult(0); }; options.Events.OnTokenValidated = async context => { if (!context.Principal.Claims.Any(x => x.Type == "http://schemas.microsoft.com/identity/claims/scope") //ClaimConstants.Scope && !context.Principal.Claims.Any(y => y.Type == "roles")) //ClaimConstants.Roles //http://schemas.microsoft.com/ws/2008/06/identity/claims/role { //TODO 需處理額外授權非角色及範圍的訪問異常紀錄 throw new UnauthorizedAccessException("Neither scope or roles claim was found in the bearer token."); } await Task.FromResult(0); }; }); //設定跨域請求 services.AddCors(options => { options.AddPolicy(MyAllowSpecificOrigins, builder => { builder.WithOrigins("http://teammodelos-test.chinacloudsites.cn", "https://www.teammodel.cn", "https://localhost:5001", "http://localhost:5000", "http://localhost:64524", "https://localhost:44341", "https://localhost:8888", "http://localhost:8888") .AllowAnyHeader() .AllowAnyMethod(); }); }); services.AddControllers().AddJsonOptions(options => { options.JsonSerializerOptions.IgnoreNullValues = false; }); services.AddAzureStorage(Configuration.GetValue("Azure:Storage:ConnectionString")); services.AddAzureRedis(Configuration.GetValue("Azure:Redis:ConnectionString")); services.AddAzureCosmos(Configuration.GetValue("Azure:Cosmos:ConnectionString")); services.AddMemoryCache(); services.AddSnowflakeId(Convert.ToInt64(Configuration.GetValue("Option:LocationNum")), 1); services.AddHttpClient(); services.AddHttpClient(); services.AddAzureServiceBus(Configuration.GetValue("Azure:ServiceBus:ConnectionString")); //HttpContextAccessor,并用来访问HttpContext。(提供組件或非控制器服務存取HttpContext) services.AddHttpContextAccessor(); services.Configure