React to security
This commit is contained in:
Hao Kung
parent
19f8830a57
commit
cf6008e947
|
|
@ -64,31 +64,6 @@ namespace MusicStore
|
|||
.AddEntityFrameworkStores<MusicStoreContext>()
|
||||
.AddDefaultTokenProviders();
|
||||
|
||||
services.AddFacebookAuthentication(options =>
|
||||
{
|
||||
options.AppId = "550624398330273";
|
||||
options.AppSecret = "10e56a291d6b618da61b1e0dae3a8954";
|
||||
});
|
||||
|
||||
services.AddGoogleAuthentication(options =>
|
||||
{
|
||||
options.ClientId = "977382855444.apps.googleusercontent.com";
|
||||
options.ClientSecret = "NafT482F70Vjj_9q1PU4B0pN";
|
||||
});
|
||||
|
||||
services.AddTwitterAuthentication(options =>
|
||||
{
|
||||
options.ConsumerKey = "9J3j3pSwgbWkgPFH7nAf0Spam";
|
||||
options.ConsumerSecret = "jUBYkQuBFyqp7G3CUB9SW3AfflFr9z3oQBiNvumYy87Al0W4h8";
|
||||
});
|
||||
|
||||
services.AddMicrosoftAccountAuthentication(options =>
|
||||
{
|
||||
options.Caption = "MicrosoftAccount - Requires project changes";
|
||||
options.ClientId = "000000004012C08A";
|
||||
options.ClientSecret = "GaMQ2hCnqAC6EcDLnXsAeBVIJOLmeutL";
|
||||
});
|
||||
|
||||
services.AddCors(options =>
|
||||
{
|
||||
options.AddPolicy("CorsPolicy", builder =>
|
||||
|
|
@ -111,7 +86,7 @@ namespace MusicStore
|
|||
services.AddSingleton<ISystemClock, SystemClock>();
|
||||
|
||||
// Configure Auth
|
||||
services.Configure<AuthorizationOptions>(options =>
|
||||
services.AddAuthorization(options =>
|
||||
{
|
||||
options.AddPolicy("ManageStore", new AuthorizationPolicyBuilder().RequireClaim("ManageStore", "Allowed").Build());
|
||||
});
|
||||
|
|
@ -179,11 +154,23 @@ namespace MusicStore
|
|||
// Add cookie-based authentication to the request pipeline
|
||||
app.UseIdentity();
|
||||
|
||||
app.UseFacebookAuthentication();
|
||||
app.UseFacebookAuthentication(options =>
|
||||
{
|
||||
options.AppId = "550624398330273";
|
||||
options.AppSecret = "10e56a291d6b618da61b1e0dae3a8954";
|
||||
});
|
||||
|
||||
app.UseGoogleAuthentication();
|
||||
app.UseGoogleAuthentication(options =>
|
||||
{
|
||||
options.ClientId = "977382855444.apps.googleusercontent.com";
|
||||
options.ClientSecret = "NafT482F70Vjj_9q1PU4B0pN";
|
||||
});
|
||||
|
||||
app.UseTwitterAuthentication();
|
||||
app.UseTwitterAuthentication(options =>
|
||||
{
|
||||
options.ConsumerKey = "9J3j3pSwgbWkgPFH7nAf0Spam";
|
||||
options.ConsumerSecret = "jUBYkQuBFyqp7G3CUB9SW3AfflFr9z3oQBiNvumYy87Al0W4h8";
|
||||
});
|
||||
|
||||
// The MicrosoftAccount service has restrictions that prevent the use of http://localhost:5001/ for test applications.
|
||||
// As such, here is how to change this sample to uses http://ktesting.com:5001/ instead.
|
||||
|
|
@ -200,7 +187,12 @@ namespace MusicStore
|
|||
|
||||
// The sample app can then be run via:
|
||||
// dnx . web
|
||||
app.UseMicrosoftAccountAuthentication();
|
||||
app.UseMicrosoftAccountAuthentication(options =>
|
||||
{
|
||||
options.Caption = "MicrosoftAccount - Requires project changes";
|
||||
options.ClientId = "000000004012C08A";
|
||||
options.ClientSecret = "GaMQ2hCnqAC6EcDLnXsAeBVIJOLmeutL";
|
||||
});
|
||||
|
||||
// Add MVC to the request pipeline
|
||||
app.UseMvc(routes =>
|
||||
|
|
|
|||
|
|
@ -73,12 +73,6 @@ namespace MusicStore
|
|||
.AddEntityFrameworkStores<MusicStoreContext>()
|
||||
.AddDefaultTokenProviders();
|
||||
|
||||
services.AddOpenIdConnectAuthentication(options =>
|
||||
{
|
||||
options.Authority = "https://login.windows.net/[tenantName].onmicrosoft.com";
|
||||
options.ClientId = "[ClientId]";
|
||||
});
|
||||
|
||||
services.AddCors(options =>
|
||||
{
|
||||
options.AddPolicy("CorsPolicy", builder =>
|
||||
|
|
@ -134,7 +128,11 @@ namespace MusicStore
|
|||
app.UseIdentity();
|
||||
|
||||
// Create an Azure Active directory application and copy paste the following
|
||||
app.UseOpenIdConnectAuthentication();
|
||||
app.UseOpenIdConnectAuthentication(options =>
|
||||
{
|
||||
options.Authority = "https://login.windows.net/[tenantName].onmicrosoft.com";
|
||||
options.ClientId = "[ClientId]";
|
||||
});
|
||||
|
||||
// Add MVC to the request pipeline
|
||||
app.UseMvc(routes =>
|
||||
|
|
|
|||
|
|
@ -65,28 +65,6 @@ namespace MusicStore
|
|||
.AddEntityFrameworkStores<MusicStoreContext>()
|
||||
.AddDefaultTokenProviders();
|
||||
|
||||
services.AddOpenIdConnectAuthentication(options =>
|
||||
{
|
||||
options.Authority = "https://login.windows.net/[tenantName].onmicrosoft.com";
|
||||
options.ClientId = "c99497aa-3ee2-4707-b8a8-c33f51323fef";
|
||||
options.BackchannelHttpHandler = new OpenIdConnectBackChannelHttpHandler();
|
||||
options.StringDataFormat = new CustomStringDataFormat();
|
||||
options.StateDataFormat = new CustomStateDataFormat();
|
||||
options.TokenValidationParameters.ValidateLifetime = false;
|
||||
options.ProtocolValidator.RequireNonce = true;
|
||||
options.ProtocolValidator.NonceLifetime = TimeSpan.FromDays(36500);
|
||||
options.UseTokenLifetime = false;
|
||||
|
||||
options.Events = new OpenIdConnectEvents
|
||||
{
|
||||
OnMessageReceived = TestOpenIdConnectEvents.MessageReceived,
|
||||
OnAuthorizationCodeReceived = TestOpenIdConnectEvents.AuthorizationCodeReceived,
|
||||
OnRedirectToAuthenticationEndpoint = TestOpenIdConnectEvents.RedirectToAuthenticationEndpoint,
|
||||
OnAuthenticationValidated = TestOpenIdConnectEvents.AuthenticationValidated,
|
||||
OnAuthorizationResponseReceived = TestOpenIdConnectEvents.AuthorizationResponseRecieved
|
||||
};
|
||||
});
|
||||
|
||||
services.AddCors(options =>
|
||||
{
|
||||
options.AddPolicy("CorsPolicy", builder =>
|
||||
|
|
@ -142,7 +120,27 @@ namespace MusicStore
|
|||
app.UseIdentity();
|
||||
|
||||
// Create an Azure Active directory application and copy paste the following
|
||||
app.UseOpenIdConnectAuthentication();
|
||||
app.UseOpenIdConnectAuthentication(options =>
|
||||
{
|
||||
options.Authority = "https://login.windows.net/[tenantName].onmicrosoft.com";
|
||||
options.ClientId = "c99497aa-3ee2-4707-b8a8-c33f51323fef";
|
||||
options.BackchannelHttpHandler = new OpenIdConnectBackChannelHttpHandler();
|
||||
options.StringDataFormat = new CustomStringDataFormat();
|
||||
options.StateDataFormat = new CustomStateDataFormat();
|
||||
options.TokenValidationParameters.ValidateLifetime = false;
|
||||
options.ProtocolValidator.RequireNonce = true;
|
||||
options.ProtocolValidator.NonceLifetime = TimeSpan.FromDays(36500);
|
||||
options.UseTokenLifetime = false;
|
||||
|
||||
options.Events = new OpenIdConnectEvents
|
||||
{
|
||||
OnMessageReceived = TestOpenIdConnectEvents.MessageReceived,
|
||||
OnAuthorizationCodeReceived = TestOpenIdConnectEvents.AuthorizationCodeReceived,
|
||||
OnRedirectToAuthenticationEndpoint = TestOpenIdConnectEvents.RedirectToAuthenticationEndpoint,
|
||||
OnAuthenticationValidated = TestOpenIdConnectEvents.AuthenticationValidated,
|
||||
OnAuthorizationResponseReceived = TestOpenIdConnectEvents.AuthorizationResponseRecieved
|
||||
};
|
||||
});
|
||||
|
||||
// Add MVC to the request pipeline
|
||||
app.UseMvc(routes =>
|
||||
|
|
|
|||
|
|
@ -75,69 +75,6 @@ namespace MusicStore
|
|||
.AddEntityFrameworkStores<MusicStoreContext>()
|
||||
.AddDefaultTokenProviders();
|
||||
|
||||
services.AddFacebookAuthentication(options =>
|
||||
{
|
||||
options.AppId = "[AppId]";
|
||||
options.AppSecret = "[AppSecret]";
|
||||
options.Events = new OAuthEvents()
|
||||
{
|
||||
OnAuthenticated = TestFacebookEvents.OnAuthenticated,
|
||||
OnReturnEndpoint = TestFacebookEvents.OnReturnEndpoint,
|
||||
OnApplyRedirect = TestFacebookEvents.OnApplyRedirect
|
||||
};
|
||||
options.BackchannelHttpHandler = new FacebookMockBackChannelHttpHandler();
|
||||
options.StateDataFormat = new CustomStateDataFormat();
|
||||
options.Scope.Add("email");
|
||||
options.Scope.Add("read_friendlists");
|
||||
options.Scope.Add("user_checkins");
|
||||
});
|
||||
|
||||
services.AddGoogleAuthentication(options =>
|
||||
{
|
||||
options.ClientId = "[ClientId]";
|
||||
options.ClientSecret = "[ClientSecret]";
|
||||
options.AccessType = "offline";
|
||||
options.Events = new OAuthEvents()
|
||||
{
|
||||
OnAuthenticated = TestGoogleEvents.OnAuthenticated,
|
||||
OnReturnEndpoint = TestGoogleEvents.OnReturnEndpoint,
|
||||
OnApplyRedirect = TestGoogleEvents.OnApplyRedirect
|
||||
};
|
||||
options.StateDataFormat = new CustomStateDataFormat();
|
||||
options.BackchannelHttpHandler = new GoogleMockBackChannelHttpHandler();
|
||||
});
|
||||
|
||||
services.AddTwitterAuthentication(options =>
|
||||
{
|
||||
options.ConsumerKey = "[ConsumerKey]";
|
||||
options.ConsumerSecret = "[ConsumerSecret]";
|
||||
options.Events = new TwitterEvents()
|
||||
{
|
||||
OnAuthenticated = TestTwitterEvents.OnAuthenticated,
|
||||
OnReturnEndpoint = TestTwitterEvents.OnReturnEndpoint,
|
||||
OnApplyRedirect = TestTwitterEvents.OnApplyRedirect
|
||||
};
|
||||
options.StateDataFormat = new CustomTwitterStateDataFormat();
|
||||
options.BackchannelHttpHandler = new TwitterMockBackChannelHttpHandler();
|
||||
});
|
||||
|
||||
services.AddMicrosoftAccountAuthentication(options =>
|
||||
{
|
||||
options.Caption = "MicrosoftAccount - Requires project changes";
|
||||
options.ClientId = "[ClientId]";
|
||||
options.ClientSecret = "[ClientSecret]";
|
||||
options.Events = new OAuthEvents()
|
||||
{
|
||||
OnAuthenticated = TestMicrosoftAccountEvents.OnAuthenticated,
|
||||
OnReturnEndpoint = TestMicrosoftAccountEvents.OnReturnEndpoint,
|
||||
OnApplyRedirect = TestMicrosoftAccountEvents.OnApplyRedirect
|
||||
};
|
||||
options.BackchannelHttpHandler = new MicrosoftAccountMockBackChannelHandler();
|
||||
options.StateDataFormat = new CustomStateDataFormat();
|
||||
options.Scope.Add("wl.basic");
|
||||
options.Scope.Add("wl.signin");
|
||||
});
|
||||
|
||||
services.AddCors(options =>
|
||||
{
|
||||
options.AddPolicy("CorsPolicy", builder =>
|
||||
|
|
@ -160,7 +97,7 @@ namespace MusicStore
|
|||
services.AddSingleton<ISystemClock, SystemClock>();
|
||||
|
||||
// Configure Auth
|
||||
services.Configure<AuthorizationOptions>(options =>
|
||||
services.AddAuthorization(options =>
|
||||
{
|
||||
options.AddPolicy("ManageStore", new AuthorizationPolicyBuilder().RequireClaim("ManageStore", "Allowed").Build());
|
||||
});
|
||||
|
|
@ -192,13 +129,68 @@ namespace MusicStore
|
|||
// Add cookie-based authentication to the request pipeline
|
||||
app.UseIdentity();
|
||||
|
||||
app.UseFacebookAuthentication();
|
||||
app.UseFacebookAuthentication(options =>
|
||||
{
|
||||
options.AppId = "[AppId]";
|
||||
options.AppSecret = "[AppSecret]";
|
||||
options.Events = new OAuthEvents()
|
||||
{
|
||||
OnAuthenticated = TestFacebookEvents.OnAuthenticated,
|
||||
OnReturnEndpoint = TestFacebookEvents.OnReturnEndpoint,
|
||||
OnApplyRedirect = TestFacebookEvents.OnApplyRedirect
|
||||
};
|
||||
options.BackchannelHttpHandler = new FacebookMockBackChannelHttpHandler();
|
||||
options.StateDataFormat = new CustomStateDataFormat();
|
||||
options.Scope.Add("email");
|
||||
options.Scope.Add("read_friendlists");
|
||||
options.Scope.Add("user_checkins");
|
||||
});
|
||||
|
||||
app.UseGoogleAuthentication();
|
||||
app.UseGoogleAuthentication(options =>
|
||||
{
|
||||
options.ClientId = "[ClientId]";
|
||||
options.ClientSecret = "[ClientSecret]";
|
||||
options.AccessType = "offline";
|
||||
options.Events = new OAuthEvents()
|
||||
{
|
||||
OnAuthenticated = TestGoogleEvents.OnAuthenticated,
|
||||
OnReturnEndpoint = TestGoogleEvents.OnReturnEndpoint,
|
||||
OnApplyRedirect = TestGoogleEvents.OnApplyRedirect
|
||||
};
|
||||
options.StateDataFormat = new CustomStateDataFormat();
|
||||
options.BackchannelHttpHandler = new GoogleMockBackChannelHttpHandler();
|
||||
});
|
||||
|
||||
app.UseTwitterAuthentication();
|
||||
app.UseTwitterAuthentication(options =>
|
||||
{
|
||||
options.ConsumerKey = "[ConsumerKey]";
|
||||
options.ConsumerSecret = "[ConsumerSecret]";
|
||||
options.Events = new TwitterEvents()
|
||||
{
|
||||
OnAuthenticated = TestTwitterEvents.OnAuthenticated,
|
||||
OnReturnEndpoint = TestTwitterEvents.OnReturnEndpoint,
|
||||
OnApplyRedirect = TestTwitterEvents.OnApplyRedirect
|
||||
};
|
||||
options.StateDataFormat = new CustomTwitterStateDataFormat();
|
||||
options.BackchannelHttpHandler = new TwitterMockBackChannelHttpHandler();
|
||||
});
|
||||
|
||||
app.UseMicrosoftAccountAuthentication();
|
||||
app.UseMicrosoftAccountAuthentication(options =>
|
||||
{
|
||||
options.Caption = "MicrosoftAccount - Requires project changes";
|
||||
options.ClientId = "[ClientId]";
|
||||
options.ClientSecret = "[ClientSecret]";
|
||||
options.Events = new OAuthEvents()
|
||||
{
|
||||
OnAuthenticated = TestMicrosoftAccountEvents.OnAuthenticated,
|
||||
OnReturnEndpoint = TestMicrosoftAccountEvents.OnReturnEndpoint,
|
||||
OnApplyRedirect = TestMicrosoftAccountEvents.OnApplyRedirect
|
||||
};
|
||||
options.BackchannelHttpHandler = new MicrosoftAccountMockBackChannelHandler();
|
||||
options.StateDataFormat = new CustomStateDataFormat();
|
||||
options.Scope.Add("wl.basic");
|
||||
options.Scope.Add("wl.signin");
|
||||
});
|
||||
|
||||
// Add MVC to the request pipeline
|
||||
app.UseMvc(routes =>
|
||||
|
|
|
|||
Loading…
Reference in New Issue