-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathProgram.cs
101 lines (88 loc) · 3.71 KB
/
Program.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
using System.Security.Claims;
using BlazorSample.Components;
using GSS.Authentication.CAS;
using GSS.Authentication.CAS.AspNetCore;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddRazorPages();
builder.Services.AddRazorComponents()
.AddInteractiveServerComponents();
builder.Services.AddAuthorization(options =>
{
// Globally Require Authenticated Users
options.FallbackPolicy = options.DefaultPolicy;
});
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie()
.AddCAS(options =>
{
options.CasServerUrlBase = builder.Configuration["CAS:ServerUrlBase"]!;
options.SaveTokens = builder.Configuration.GetValue("CAS:SaveTokens", false);
options.Events.OnCreatingTicket = context =>
{
if (context.Identity == null)
return Task.CompletedTask;
// Map claims from assertion
var assertion = context.Assertion;
context.Identity.AddClaim(new Claim("auth_scheme", CasDefaults.AuthenticationType));
context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, assertion.PrincipalName));
if (assertion.Attributes.TryGetValue("display_name", out var displayName) &&
!string.IsNullOrWhiteSpace(displayName))
{
context.Identity.AddClaim(new Claim(ClaimTypes.Name, displayName!));
}
if (assertion.Attributes.TryGetValue("cn", out var fullName) &&
!string.IsNullOrWhiteSpace(fullName))
{
context.Identity.AddClaim(new Claim(ClaimTypes.Name, fullName!));
}
if (assertion.Attributes.TryGetValue("email", out var email) && !string.IsNullOrWhiteSpace(email))
{
context.Identity.AddClaim(new Claim(ClaimTypes.Email, email!));
}
return Task.CompletedTask;
};
})
.AddOpenIdConnect(options =>
{
options.ClientId = builder.Configuration["OIDC:ClientId"];
options.ClientSecret = builder.Configuration["OIDC:ClientSecret"];
options.Authority = builder.Configuration["OIDC:Authority"];
options.RequireHttpsMetadata = !builder.Environment.IsDevelopment();
// required for single logout
options.SaveTokens = builder.Configuration.GetValue("OIDC:SaveTokens", false);
options.ResponseType = OpenIdConnectResponseType.Code;
var scope = builder.Configuration["OIDC:Scope"];
if (!string.IsNullOrWhiteSpace(scope))
{
scope.Split(" ", StringSplitOptions.RemoveEmptyEntries).ToList().ForEach(s => options.Scope.Add(s));
}
options.Events.OnTokenValidated = context =>
{
if (context.Principal?.Identity is ClaimsIdentity claimIdentity)
{
claimIdentity.AddClaim(new Claim("auth_scheme", OpenIdConnectDefaults.AuthenticationScheme));
}
return Task.CompletedTask;
};
options.TokenValidationParameters.NameClaimType = builder.Configuration.GetValue("OIDC:NameClaimType", "name");
});
var app = builder.Build();
// Configure the HTTP request pipeline.
if (!app.Environment.IsDevelopment())
{
app.UseExceptionHandler("/Error", createScopeForErrors: true);
}
app.UseHttpsRedirection();
app.MapStaticAssets();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseAntiforgery();
app.MapRazorPages().WithStaticAssets();
app.MapRazorComponents<App>()
.AddInteractiveServerRenderMode();
app.Run();