Auth added to blazor

2021-10-13 20:39:11 -04:00
parent 2552ad4d87
commit cccd609233
9 changed files with 153 additions and 16 deletions
--- a/Web/Startup.cs
+++ b/Web/Startup.cs
@@ -2,6 +2,8 @@ using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Components;
 using Microsoft.AspNetCore.Hosting;
@@ -9,6 +11,8 @@ using Microsoft.AspNetCore.HttpsPolicy;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
 using Web.Data;

 namespace Web
@@ -28,17 +32,40 @@ namespace Web
        {
            services.AddRazorPages();
            services.AddServerSideBlazor();
+            services.AddHttpContextAccessor();
            services.AddSingleton<WeatherForecastService>();
            services.AddAuthentication(options =>
                {
-                    options.DefaultScheme = "Cookies";
+                    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    options.DefaultChallengeScheme = "oidc";
                })
-                .AddCookie("Cookies")
+                .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddOpenIdConnect(options =>
                {
-                    options.Authority = "https://authentik.mattstop.com/application/o/petrie-panel/";
-                    options.ClientId = "85bcc426a47ac2c3575b6d590ec4f53db237e212";
+                    options.Authority = Configuration["oidc:authority"];
+                    options.ClientId = Configuration["oidc:client_id"];
+                    options.ClientSecret = Configuration["oidc:client_secret"];
+
+                    options.ResponseType = OpenIdConnectResponseType.Code;
+                    options.GetClaimsFromUserInfoEndpoint = true;
+                    options.SaveTokens = true;
+                    options.Scope.Add("openid");
+                    options.Scope.Add("profile");
+                    options.Scope.Add("email");
+                    options.TokenValidationParameters = new 
+                        TokenValidationParameters
+                        {
+                            NameClaimType = "name"
+                        };
+                    options.Events = new OpenIdConnectEvents
+                    {
+                        OnAccessDenied = context =>
+                        {
+                            context.HandleResponse();
+                            context.Response.Redirect("/");
+                            return Task.CompletedTask;
+                        }
+                    };
                });
        }

@@ -60,7 +87,8 @@ namespace Web
            app.UseStaticFiles();

            app.UseRouting();
-            //app.UseAuthentication();
+            app.UseAuthentication();
+            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {