TEAMModelOS/TEAMModelAPI/Startup.cs

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using TEAMModelOS.Models;
using TEAMModelOS.SDK.DI;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;

namespace TEAMModelAPI
{
    public class Startup
    {
        readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
           
            JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
            services.AddAuthentication(options => options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme)
                .AddJwtBearer(options => //AzureADJwtBearer
                {
                    //options.SaveToken = true; //驗證令牌由服務器生成才有效，不適用於服務重啟或分布式架構
                    options.Authority = Configuration["Option:Authority"];
                    options.Audience = Configuration["Option:Audience"];
                    options.RequireHttpsMetadata = true;
                    options.TokenValidationParameters = new TokenValidationParameters
                    {
                        RoleClaimType = "roles",
                        ValidAudiences = new string[] { Configuration["Option:Audience"], $"api://{Configuration["Option:Audience"]}" }
                    };
                    options.Events = new JwtBearerEvents();
                    //下列事件有需要紀錄則打開
                    //options.Events.OnMessageReceived = async context => { await Task.FromResult(0); };
                    //options.Events.OnForbidden = async context => { await Task.FromResult(0); };
                    //options.Events.OnChallenge = async context => { await Task.FromResult(0); };
                    //options.Events.OnAuthenticationFailed = async context => { await Task.FromResult(0); };
                    options.Events.OnTokenValidated = async context =>
                    {
                        if (!context.Principal.Claims.Any(x => x.Type == "http://schemas.microsoft.com/identity/claims/scope") //ClaimConstants.Scope
                        && !context.Principal.Claims.Any(y => y.Type == "roles")) //ClaimConstants.Roles //http://schemas.microsoft.com/ws/2008/06/identity/claims/role
                        {
                            //TODO 需處理額外授權非角色及範圍的訪問異常紀錄
                            throw new UnauthorizedAccessException("Neither scope or roles claim was found in the bearer token.");
                        }
                        await Task.FromResult(0);
                    };
                });
            //設定跨域請求
            services.AddCors(options =>
            {
                options.AddPolicy(MyAllowSpecificOrigins,
                builder =>
                {
                    builder.WithOrigins("http://teammodelos-test.chinacloudsites.cn",
                                        "https://www.teammodel.cn", "https://localhost:5001",
                                        "http://localhost:5000", "http://localhost:64524",
                                        "https://localhost:44341", "https://localhost:8888", "http://localhost:8888")
                    .AllowAnyHeader()
                    .AllowAnyMethod();
                });
            });
            services.AddControllers().AddJsonOptions(options => { options.JsonSerializerOptions.IgnoreNullValues = false; });
            services.AddAzureStorage(Configuration.GetValue<string>("Azure:Storage:ConnectionString"));
            services.AddAzureRedis(Configuration.GetValue<string>("Azure:Redis:ConnectionString"));
            services.AddAzureCosmos(Configuration.GetValue<string>("Azure:Cosmos:ConnectionString"));
            services.AddMemoryCache();
            services.AddSnowflakeId(Convert.ToInt64(Configuration.GetValue<string>("Option:LocationNum")), 1);
            services.AddHttpClient();
            services.AddHttpClient<DingDing>();
            services.AddAzureServiceBus(Configuration.GetValue<string>("Azure:ServiceBus:ConnectionString"));
            //HttpContextAccessor，并用来访问HttpContext。(提供組件或非控制器服務存取HttpContext)
            services.AddHttpContextAccessor();
            services.Configure<Option>(options => Configuration.GetSection("Option").Bind(options));
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseHttpsRedirection();

            app.UseRouting();
            app.UseCors(MyAllowSpecificOrigins); //使用跨域設定
            app.UseAuthentication();
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }
    }
}