From d236ed3018a278e8ad22d88abe03a302eb503911 Mon Sep 17 00:00:00 2001 From: TomPallister Date: Sun, 19 Feb 2017 13:59:17 +0000 Subject: [PATCH] trying to get identity server authing --- .../FileConfigurationController.cs | 10 ++- .../ServiceCollectionExtensions.cs | 51 ++++++++++++++++ .../Middleware/OcelotMiddlewareExtensions.cs | 22 +++++-- src/Ocelot/project.json | 61 ++++++++++--------- .../AdministrationTests.cs | 6 -- 5 files changed, 107 insertions(+), 43 deletions(-) diff --git a/src/Ocelot/Controllers/FileConfigurationController.cs b/src/Ocelot/Controllers/FileConfigurationController.cs index cf0a792a..3589bdb5 100644 --- a/src/Ocelot/Controllers/FileConfigurationController.cs +++ b/src/Ocelot/Controllers/FileConfigurationController.cs @@ -1,20 +1,24 @@ +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Ocelot.Services; namespace Ocelot.Controllers { - [RouteAttribute("configuration")] - public class FileConfigurationController + [Authorize(Roles = "Admin")] + [Route("configuration")] + public class FileConfigurationController : Controller { - private IGetFileConfiguration _getFileConfig; + private readonly IGetFileConfiguration _getFileConfig; public FileConfigurationController(IGetFileConfiguration getFileConfig) { _getFileConfig = getFileConfig; } + [HttpGet] public IActionResult Get() { + var user = this.HttpContext.User; return new OkObjectResult(_getFileConfig.Invoke().Data); } } diff --git a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs index 74e6f97e..c06d965b 100644 --- a/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs +++ b/src/Ocelot/DependencyInjection/ServiceCollectionExtensions.cs @@ -1,6 +1,10 @@ using System; +using System.Collections.Generic; using System.Net.Http; +using System.Security.Claims; using CacheManager.Core; +using IdentityServer4.Models; +using IdentityServer4.Test; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; @@ -61,6 +65,53 @@ namespace Ocelot.DependencyInjection public static IServiceCollection AddOcelot(this IServiceCollection services) { + services.AddIdentityServer() + .AddTemporarySigningCredential() + .AddInMemoryApiResources(new List + { + new ApiResource + { + Name = "admin", + Description = "Ocelot Administration", + Enabled = true, + DisplayName = "admin", + Scopes = new List() + { + new Scope("admin"), + new Scope("openid"), + new Scope("offline_access") + }, + ApiSecrets = new List + { + new Secret + { + Value = "secret".Sha256() + } + } + } + }) + .AddInMemoryClients(new List + { + new Client + { + ClientId = "admin", + AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, + ClientSecrets = new List {new Secret("secret".Sha256())}, + AllowedScopes = new List {"admin", "openid", "offline_access"}, + AccessTokenType = AccessTokenType.Jwt, + Enabled = true, + RequireClientSecret = false + } + }) + .AddTestUsers(new List + { + new TestUser + { + Username = "admin", + Password = "admin", + SubjectId = "admin", + } + }); services.AddMvcCore().AddJsonFormatters(); services.AddLogging(); services.AddSingleton(); diff --git a/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs b/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs index 269d646d..ab51e8da 100644 --- a/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs +++ b/src/Ocelot/Middleware/OcelotMiddlewareExtensions.cs @@ -1,4 +1,6 @@ -using Microsoft.AspNetCore.Builder; +using System.Collections.Generic; +using IdentityServer4.AccessTokenValidation; +using Microsoft.AspNetCore.Builder; using Ocelot.Authentication.Middleware; using Ocelot.Cache.Middleware; using Ocelot.Claims.Middleware; @@ -45,7 +47,7 @@ namespace Ocelot.Middleware public static async Task UseOcelot(this IApplicationBuilder builder, OcelotMiddlewareConfiguration middlewareConfiguration) { await CreateAdministrationArea(builder); - + // This is registered to catch any global exceptions that are not handled builder.UseExceptionHandlerMiddleware(); @@ -144,9 +146,21 @@ namespace Ocelot.Middleware if(!string.IsNullOrEmpty(configuration.AdministrationPath)) { - builder.Map(configuration.AdministrationPath, x => + builder.Map(configuration.AdministrationPath, app => { - x.UseMvc(); + app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions + { + Authority = "http://localhost:5000/admin", + ApiName = "admin", + RequireHttpsMetadata = false, + AllowedScopes = new List(), + SupportedTokens = SupportedTokens.Both, + ApiSecret = "secret" + }); + + app.UseIdentityServer(); + + app.UseMvc(); }); } } diff --git a/src/Ocelot/project.json b/src/Ocelot/project.json index 4e098803..7b169503 100644 --- a/src/Ocelot/project.json +++ b/src/Ocelot/project.json @@ -1,35 +1,36 @@ { "version": "0.0.0-dev", - "dependencies": { - "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0", - "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0", - "Microsoft.Extensions.Configuration.FileExtensions": "1.1.0", - "Microsoft.Extensions.Configuration.Json": "1.1.0", - "Microsoft.Extensions.Logging": "1.1.0", - "Microsoft.Extensions.Logging.Console": "1.1.0", - "Microsoft.Extensions.Logging.Debug": "1.1.0", - "Microsoft.Extensions.Options.ConfigurationExtensions": "1.1.0", - "Microsoft.AspNetCore.Http": "1.1.0", - "System.Text.RegularExpressions": "4.3.0", - "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0", - "Microsoft.AspNetCore.Authentication.JwtBearer": "1.1.0", - "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.1.0", - "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0", - "Microsoft.AspNetCore.Authentication.Google": "1.1.0", - "Microsoft.AspNetCore.Authentication.Facebook": "1.1.0", - "Microsoft.AspNetCore.Authentication.Twitter": "1.1.0", - "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.1.0", - "Microsoft.AspNetCore.Authentication": "1.1.0", - "IdentityServer4.AccessTokenValidation": "1.0.2", - "Microsoft.AspNetCore.Mvc": "1.1.0", - "Microsoft.AspNetCore.Server.Kestrel": "1.1.0", - "Microsoft.NETCore.App": "1.1.0", - "CacheManager.Core": "0.9.2", - "CacheManager.Microsoft.Extensions.Configuration": "0.9.2", - "CacheManager.Microsoft.Extensions.Logging": "0.9.2", - "Consul": "0.7.2.1", - "Polly": "5.0.3" - }, + "dependencies": { + "Microsoft.AspNetCore.Server.IISIntegration": "1.1.0", + "Microsoft.Extensions.Configuration.EnvironmentVariables": "1.1.0", + "Microsoft.Extensions.Configuration.FileExtensions": "1.1.0", + "Microsoft.Extensions.Configuration.Json": "1.1.0", + "Microsoft.Extensions.Logging": "1.1.0", + "Microsoft.Extensions.Logging.Console": "1.1.0", + "Microsoft.Extensions.Logging.Debug": "1.1.0", + "Microsoft.Extensions.Options.ConfigurationExtensions": "1.1.0", + "Microsoft.AspNetCore.Http": "1.1.0", + "System.Text.RegularExpressions": "4.3.0", + "Microsoft.AspNetCore.Authentication.OAuth": "1.1.0", + "Microsoft.AspNetCore.Authentication.JwtBearer": "1.1.0", + "Microsoft.AspNetCore.Authentication.OpenIdConnect": "1.1.0", + "Microsoft.AspNetCore.Authentication.Cookies": "1.1.0", + "Microsoft.AspNetCore.Authentication.Google": "1.1.0", + "Microsoft.AspNetCore.Authentication.Facebook": "1.1.0", + "Microsoft.AspNetCore.Authentication.Twitter": "1.1.0", + "Microsoft.AspNetCore.Authentication.MicrosoftAccount": "1.1.0", + "Microsoft.AspNetCore.Authentication": "1.1.0", + "IdentityServer4.AccessTokenValidation": "1.0.2", + "Microsoft.AspNetCore.Mvc": "1.1.0", + "Microsoft.AspNetCore.Server.Kestrel": "1.1.0", + "Microsoft.NETCore.App": "1.1.0", + "CacheManager.Core": "0.9.2", + "CacheManager.Microsoft.Extensions.Configuration": "0.9.2", + "CacheManager.Microsoft.Extensions.Logging": "0.9.2", + "Consul": "0.7.2.1", + "Polly": "5.0.3", + "IdentityServer4": "1.0.1" + }, "runtimes": { "win10-x64": {}, "osx.10.11-x64": {}, diff --git a/test/Ocelot.AcceptanceTests/AdministrationTests.cs b/test/Ocelot.AcceptanceTests/AdministrationTests.cs index 525d9be5..93c4a8b9 100644 --- a/test/Ocelot.AcceptanceTests/AdministrationTests.cs +++ b/test/Ocelot.AcceptanceTests/AdministrationTests.cs @@ -1,10 +1,6 @@ using System; using System.Collections.Generic; -using System.IO; using System.Net; -using Microsoft.AspNetCore.Builder; -using Microsoft.AspNetCore.Hosting; -using Microsoft.AspNetCore.Http; using Ocelot.Configuration.File; using TestStack.BDDfy; using Xunit; @@ -13,7 +9,6 @@ namespace Ocelot.AcceptanceTests { public class AdministrationTests : IDisposable { - private IWebHost _builder; private readonly Steps _steps; public AdministrationTests() @@ -81,7 +76,6 @@ namespace Ocelot.AcceptanceTests public void Dispose() { - _builder?.Dispose(); _steps.Dispose(); } }