87 lines
2.6 KiB
C#
87 lines
2.6 KiB
C#
using Keycloak.AuthServices.Authentication;
|
|
using Keycloak.AuthServices.Authorization;
|
|
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
|
|
using pointMaster.Controllers;
|
|
using pointMaster.Data;
|
|
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
builder.Services.AddDbContext<DataContext>(options =>
|
|
options
|
|
.UseNpgsql(builder.Configuration.GetConnectionString("DataContext") ?? throw new InvalidOperationException("Connection string 'DataContext' not found.")));
|
|
|
|
// Add services to the container.
|
|
builder.Services.AddControllersWithViews();
|
|
|
|
builder.Services.Configure<CookiePolicyOptions>(options =>
|
|
{
|
|
options.CheckConsentNeeded = context => true;
|
|
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
|
|
});
|
|
|
|
builder
|
|
.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
|
|
.AddKeycloakWebApp(
|
|
builder.Configuration.GetSection(KeycloakAuthenticationOptions.Section),
|
|
configureOpenIdConnectOptions: options =>
|
|
{
|
|
options.SaveTokens = true;
|
|
options.ResponseType = OpenIdConnectResponseType.Code;
|
|
options.Events = new OpenIdConnectEvents
|
|
{
|
|
OnSignedOutCallbackRedirect = context =>
|
|
{
|
|
context.Response.Redirect("/");
|
|
context.HandleResponse();
|
|
|
|
return Task.CompletedTask;
|
|
}
|
|
};
|
|
}
|
|
);
|
|
|
|
builder
|
|
.Services.AddKeycloakAuthorization(builder.Configuration)
|
|
.AddAuthorizationBuilder()
|
|
.AddPolicy(Roles.Admin, policy => policy.RequireRealmRoles(Roles.Admin))
|
|
.AddPolicy(Roles.Editor, policy => policy.RequireRealmRoles(Roles.Editor))
|
|
.AddPolicy(Roles.Postmaster, policy => policy.RequireRealmRoles(Roles.Postmaster));
|
|
|
|
builder
|
|
.Services.Configure<ForwardedHeadersOptions>(options =>
|
|
{
|
|
options.ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedFor | Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedProto;
|
|
});
|
|
|
|
var app = builder.Build();
|
|
|
|
if (!app.Environment.IsDevelopment())
|
|
{
|
|
app.UseExceptionHandler("/Home/Error");
|
|
app.UseHsts();
|
|
}
|
|
|
|
app.Use((context, next) =>
|
|
{
|
|
context.Request.Scheme = "https";
|
|
return next(context);
|
|
});
|
|
|
|
app.UseForwardedHeaders();
|
|
app.UseHttpsRedirection();
|
|
app.UseStaticFiles();
|
|
|
|
|
|
app.UseRouting();
|
|
app.UseAuthentication();
|
|
app.UseAuthorization();
|
|
|
|
app.MapControllerRoute(
|
|
name: "default",
|
|
pattern: "{controller=Home}/{action=Index}/{id?}"
|
|
);
|
|
|
|
app.Run();
|