using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; #if (OrganizationalAuth) using Microsoft.AspNetCore.Authentication.Cookies; #endif #if (MultiOrgAuth) using Microsoft.AspNetCore.Authentication.OpenIdConnect; #endif using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; #if (IndividualAuth) using Microsoft.AspNetCore.Identity.EntityFrameworkCore; using Microsoft.EntityFrameworkCore; #endif using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; #if (OrganizationalAuth && OrgReadAccess) using Microsoft.IdentityModel.Protocols.OpenIdConnect; #endif #if (MultiOrgAuth) using Microsoft.IdentityModel.Tokens; #endif #if (IndividualAuth) using Company.WebApplication1.Data; using Company.WebApplication1.Models; using Company.WebApplication1.Services; #endif namespace Company.WebApplication1 { public class Startup { public Startup(IHostingEnvironment env) { #if (IndividualAuth || OrganizationalAuth) var builder = new ConfigurationBuilder() .SetBasePath(env.ContentRootPath) .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true) .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true); if (env.IsDevelopment()) { // For more details on using the user secret store see https://go.microsoft.com/fwlink/?LinkID=532709 builder.AddUserSecrets(); } #else var builder = new ConfigurationBuilder() .SetBasePath(env.ContentRootPath) .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true) .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true) .AddEnvironmentVariables(); #endif #if (IndividualAuth || MultiOrgAuth || SingleOrgAuth) builder.AddEnvironmentVariables(); #endif Configuration = builder.Build(); } public IConfigurationRoot Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { // Add framework services. #if (IndividualAuth) services.AddDbContext(options => #if (UseLocalDB) options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))); #else options.UseSqlite(Configuration.GetConnectionString("DefaultConnection"))); #endif services.AddIdentity() .AddEntityFrameworkStores() .AddDefaultTokenProviders(); #endif services.AddMvc(); #if (IndividualAuth) // Add application services. services.AddTransient(); services.AddTransient(); #elseif (OrganizationalAuth) services.AddAuthentication( SharedOptions => SharedOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme); #endif } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); #if (IndividualAuth) app.UseDatabaseErrorPage(); #endif #if (UseBrowserLink) app.UseBrowserLink(); #endif } else { app.UseExceptionHandler("/Home/Error"); } app.UseStaticFiles(); #if (IndividualAuth) app.UseIdentity(); // Add external authentication middleware below. To configure them please see https://go.microsoft.com/fwlink/?LinkID=532715 #elseif (OrganizationalAuth) app.UseCookieAuthentication(); app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions { ClientId = Configuration["Authentication:AzureAd:ClientId"], #if (OrgReadAccess) ClientSecret = Configuration["Authentication:AzureAd:ClientSecret"], #endif #if (MultiOrgAuth) Authority = Configuration["Authentication:AzureAd:AADInstance"] + "Common", #elseif (SingleOrgAuth) Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:TenantId"], #endif #endif #if (MultiOrgAuth) CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"], #if (OrgReadAccess) ResponseType = OpenIdConnectResponseType.CodeIdToken, #endif TokenValidationParameters = new TokenValidationParameters { // Instead of using the default validation (validating against a single issuer value, as we do in line of business apps), // we inject our own multitenant validation logic ValidateIssuer = false, // If the app is meant to be accessed by entire organizations, add your issuer validation logic here. //IssuerValidator = (issuer, securityToken, validationParameters) => { // if (myIssuerValidationLogic(issuer)) return issuer; //} }, Events = new OpenIdConnectEvents { OnTicketReceived = (context) => { // If your authentication logic is based on users then add your logic here return Task.FromResult(0); }, OnAuthenticationFailed = (context) => { context.Response.Redirect("/Home/Error"); context.HandleResponse(); // Suppress the exception return Task.FromResult(0); }, // If your application needs to do authenticate single users, add your user validation below. //OnTokenValidated = (context) => //{ // return myUserValidationLogic(context.Ticket.Principal); //} } #elseif (SingleOrgAuth) #if (OrgReadAccess) CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"], ResponseType = OpenIdConnectResponseType.CodeIdToken #else CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"] #endif #endif #if (OrganizationalAuth) }); #endif app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); } } }