diff --git a/modules/openiddict/app/OpenIddict.Demo.API/Program.cs b/modules/openiddict/app/OpenIddict.Demo.API/Program.cs
index 6218c5b9f7..9fe034cecf 100644
--- a/modules/openiddict/app/OpenIddict.Demo.API/Program.cs
+++ b/modules/openiddict/app/OpenIddict.Demo.API/Program.cs
@@ -18,10 +18,6 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
{
options.Authority = "https://localhost:44301";
options.Audience = "AbpAPIResource";
-
- // See OpenIddictServerModule`s PreConfigureServices method.
- options.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_C40DBB176E78"));
- options.TokenValidationParameters.TokenDecryptionKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80"));
});
var app = builder.Build();
diff --git a/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Pages/Index.cshtml b/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Pages/Index.cshtml
index 1d2feb2a8d..d2f8710862 100644
--- a/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Pages/Index.cshtml
+++ b/modules/openiddict/app/OpenIddict.Demo.Client.Mvc/Pages/Index.cshtml
@@ -30,14 +30,37 @@
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", await HttpContext.GetTokenAsync("access_token"));
var response = await client.SendAsync(request);
- response.EnsureSuccessStatusCode();
+
+
+
+ @{
+ var apiResponse = response.StatusCode.ToString();
+ if (response.IsSuccessStatusCode)
+ {
+ apiResponse = JsonSerializer.Serialize(JsonDocument.Parse(await response.Content.ReadAsStringAsync()), new JsonSerializerOptions
+ {
+ WriteIndented = true
+ });
+ }
+ }
+ @apiResponse;
+
+
+ request = new HttpRequestMessage(HttpMethod.Get, "https://localhost:44301/api/claims");
+ request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", await HttpContext.GetTokenAsync("access_token"));
+
+ response = await client.SendAsync(request);
@{
- var apiResponse = JsonSerializer.Serialize(JsonDocument.Parse(await response.Content.ReadAsStringAsync()), new JsonSerializerOptions
+ apiResponse = response.StatusCode.ToString();
+ if (response.IsSuccessStatusCode)
{
- WriteIndented = true
- });
+ apiResponse = JsonSerializer.Serialize(JsonDocument.Parse(await response.Content.ReadAsStringAsync()), new JsonSerializerOptions
+ {
+ WriteIndented = true
+ });
+ }
}
@apiResponse;
diff --git a/modules/openiddict/app/OpenIddict.Demo.Server/Controllers/ClaimsController.cs b/modules/openiddict/app/OpenIddict.Demo.Server/Controllers/ClaimsController.cs
new file mode 100644
index 0000000000..49597709b9
--- /dev/null
+++ b/modules/openiddict/app/OpenIddict.Demo.Server/Controllers/ClaimsController.cs
@@ -0,0 +1,16 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace OpenIddict.Demo.Server.Controllers;
+
+[ApiController]
+[Authorize]
+[Route("api/claims")]
+public class ClaimsController : Controller
+{
+ [HttpGet]
+ public JsonResult Get()
+ {
+ return Json(User.Claims.Select(x => new {Type = x.Type, Value = x.Value}));
+ }
+}
diff --git a/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddictServerModule.cs b/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddictServerModule.cs
index 616b3ef0c7..a2509f8576 100644
--- a/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddictServerModule.cs
+++ b/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddictServerModule.cs
@@ -1,10 +1,7 @@
-using System.Text;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
using Microsoft.EntityFrameworkCore;
-using Microsoft.IdentityModel.Tokens;
-using OpenIddict.Abstractions;
using OpenIddict.Demo.Server.EntityFrameworkCore;
-using OpenIddict.Server.AspNetCore;
-using OpenIddict.Validation.AspNetCore;
using Volo.Abp;
using Volo.Abp.Account;
using Volo.Abp.Account.Web;
@@ -81,12 +78,32 @@ public class OpenIddictServerModule : AbpModule
{
public override void PreConfigureServices(ServiceConfigurationContext context)
{
+ PreConfigure(options =>
+ {
+ //https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
+ options.AddDevelopmentEncryptionAndSigningCertificate = false;
+ });
+
PreConfigure(builder =>
{
- //https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
//https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
- builder.AddSigningKey(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_C40DBB176E78")));
- builder.AddEncryptionKey(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80")));
+ using (var algorithm = RSA.Create(keySizeInBits: 2048))
+ {
+ var subject = new X500DistinguishedName("CN=Fabrikam Encryption Certificate");
+ var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+ request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));
+ var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(2));
+ builder.AddSigningCertificate(certificate);
+ }
+
+ using (var algorithm = RSA.Create(keySizeInBits: 2048))
+ {
+ var subject = new X500DistinguishedName("CN=Fabrikam Signing Certificate");
+ var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+ request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment, critical: true));
+ var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(2));
+ builder.AddEncryptionCertificate(certificate);
+ }
});
PreConfigure(options =>
@@ -110,18 +127,6 @@ public class OpenIddictServerModule : AbpModule
public override void ConfigureServices(ServiceConfigurationContext context)
{
- context.Services.ConfigureApplicationCookie(options =>
- {
- options.ForwardDefaultSelector = ctx => ctx.Request.Path.StartsWithSegments("/api")
- ? OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme
- : null;
- });
-
- Configure(options =>
- {
- options.AddDevelopmentEncryptionAndSigningCertificate = false;
- });
-
context.Services.AddAbpDbContext(options =>
{
options.AddDefaultRepositories(includeAllEntities: true);
diff --git a/modules/openiddict/app/OpenIddict.Demo.Server/Program.cs b/modules/openiddict/app/OpenIddict.Demo.Server/Program.cs
index 3bfc26a9a3..bee5baa950 100644
--- a/modules/openiddict/app/OpenIddict.Demo.Server/Program.cs
+++ b/modules/openiddict/app/OpenIddict.Demo.Server/Program.cs
@@ -27,20 +27,6 @@ builder.Services.Configure(options =>
options.Languages.Add(new LanguageInfo("zh-Hant", "zh-Hant", "繁體中文"));
});
-// Use Microsoft.AspNetCore.Authentication.JwtBearer instead of OpenIddict.Validation.AspNetCore
-// builder.Services.AddAuthentication()
-// .AddJwtBearer(options =>
-// {
-// options.Authority = "https://localhost:44301";
-// options.Audience = "AbpAPIResource";
-//
-// options.MapInboundClaims = false;
-//
-// // See OpenIddictServerModule`s PreConfigureServices method.
-// options.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_C40DBB176E78"));
-// options.TokenValidationParameters.TokenDecryptionKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80"));
-// });
-
await builder.AddApplicationAsync();
var app = builder.Build();
@@ -70,6 +56,7 @@ app.UseCors();
//app.UseJwtTokenMiddleware();
app.UseAuthentication();
+app.UseAbpOpenIddictValidation();
app.UseMultiTenancy();
app.UseAuthorization();
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Jwt/JwtTokenMiddleware.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/AspNetCore/Builder/ApplicationBuilderAbpOpenIddictMiddlewareExtension.cs
similarity index 58%
rename from modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Jwt/JwtTokenMiddleware.cs
rename to modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/AspNetCore/Builder/ApplicationBuilderAbpOpenIddictMiddlewareExtension.cs
index f0f2efb33e..7d8be5570b 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Jwt/JwtTokenMiddleware.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/AspNetCore/Builder/ApplicationBuilderAbpOpenIddictMiddlewareExtension.cs
@@ -1,13 +1,11 @@
using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Builder;
+using OpenIddict.Validation.AspNetCore;
-namespace Volo.Abp.OpenIddict.Jwt;
+namespace Microsoft.AspNetCore.Builder;
-//TODO: Should we move this to another package..?
-
-public static class JwtTokenMiddleware
+public static class ApplicationBuilderAbpOpenIddictMiddlewareExtension
{
- public static IApplicationBuilder UseJwtTokenMiddleware(this IApplicationBuilder app, string schema = "Bearer")
+ public static IApplicationBuilder UseAbpOpenIddictValidation(this IApplicationBuilder app, string schema = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)
{
return app.Use(async (ctx, next) =>
{
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs
index 8e103f92fa..e8196627ce 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs
@@ -104,6 +104,8 @@ public class AbpOpenIddictAspNetCoreModule : AbpModule
.AddDevelopmentSigningCertificate();
}
+ builder.DisableAccessTokenEncryption();
+
var wildcardDomainsOptions = services.ExecutePreConfiguredActions();
if (wildcardDomainsOptions.EnableWildcardDomainSupport)
{
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server.Mongo/MyProjectNameModule.cs b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server.Mongo/MyProjectNameModule.cs
index c987e5dff6..00e29aff65 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server.Mongo/MyProjectNameModule.cs
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server.Mongo/MyProjectNameModule.cs
@@ -117,13 +117,6 @@ public class MyProjectNameModule : AbpModule
);
});
- PreConfigure(builder =>
- {
- // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
- // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
- builder.DisableAccessTokenEncryption();
- });
-
PreConfigure(builder =>
{
builder.AddValidation(options =>
@@ -150,7 +143,6 @@ public class MyProjectNameModule : AbpModule
ConfigureAutoApiControllers();
ConfigureBlazorise(context);
ConfigureRouter(context);
- ConfigureAuthentication(context, configuration);
ConfigureMongoDB(context);
}
@@ -189,17 +181,6 @@ public class MyProjectNameModule : AbpModule
});
}
- private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
- {
- context.Services.AddAuthentication()
- .AddJwtBearer(options =>
- {
- options.Authority = configuration["AuthServer:Authority"];
- options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
- options.Audience = "MyProjectName";
- });
- }
-
private void ConfigureLocalizationServices()
{
Configure(options =>
@@ -338,7 +319,7 @@ public class MyProjectNameModule : AbpModule
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
- app.UseJwtTokenMiddleware();
+ app.UseAbpOpenIddictValidation();
if (IsMultiTenant)
{
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server.Mongo/appsettings.json b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server.Mongo/appsettings.json
index e08d35f224..7872199c7e 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server.Mongo/appsettings.json
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server.Mongo/appsettings.json
@@ -6,10 +6,6 @@
"ConnectionStrings": {
"Default": "mongodb://localhost:27017/MyProjectName",
},
- "AuthServer": {
- "Authority": "https://localhost:44300",
- "RequireHttpsMetadata": "false"
- },
"StringEncryption": {
"DefaultPassPhrase": "gsKnGZ041HLL4IM8"
}
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameModule.cs b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameModule.cs
index b9c8dca8f0..5be2bdc2e5 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameModule.cs
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameModule.cs
@@ -118,13 +118,6 @@ public class MyProjectNameModule : AbpModule
);
});
- PreConfigure(builder =>
- {
- // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
- // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
- builder.DisableAccessTokenEncryption();
- });
-
PreConfigure(builder =>
{
builder.AddValidation(options =>
@@ -151,7 +144,6 @@ public class MyProjectNameModule : AbpModule
ConfigureAutoApiControllers();
ConfigureBlazorise(context);
ConfigureRouter(context);
- ConfigureAuthentication(context, configuration);
ConfigureEfCore(context);
}
@@ -190,17 +182,6 @@ public class MyProjectNameModule : AbpModule
});
}
- private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
- {
- context.Services.AddAuthentication()
- .AddJwtBearer(options =>
- {
- options.Authority = configuration["AuthServer:Authority"];
- options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
- options.Audience = "MyProjectName";
- });
- }
-
private void ConfigureLocalizationServices()
{
Configure(options =>
@@ -346,7 +327,7 @@ public class MyProjectNameModule : AbpModule
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
- app.UseJwtTokenMiddleware();
+ app.UseAbpOpenIddictValidation();
if (IsMultiTenant)
{
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server/appsettings.json b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server/appsettings.json
index cc9e8226f2..250ecde40e 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server/appsettings.json
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.Server/appsettings.json
@@ -6,10 +6,6 @@
"ConnectionStrings": {
"Default": "Server=(LocalDb)\\MSSQLLocalDB;Database=MyProjectName;Trusted_Connection=True"
},
- "AuthServer": {
- "Authority": "https://localhost:44300",
- "RequireHttpsMetadata": "false"
- },
"StringEncryption": {
"DefaultPassPhrase": "gsKnGZ041HLL4IM8"
}
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host.Mongo/MyProjectNameModule.cs b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host.Mongo/MyProjectNameModule.cs
index 6a9474af7b..609432b523 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host.Mongo/MyProjectNameModule.cs
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host.Mongo/MyProjectNameModule.cs
@@ -108,13 +108,6 @@ public class MyProjectNameModule : AbpModule
);
});
- PreConfigure(builder =>
- {
- // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
- // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
- builder.DisableAccessTokenEncryption();
- });
-
PreConfigure(builder =>
{
builder.AddValidation(options =>
@@ -139,7 +132,6 @@ public class MyProjectNameModule : AbpModule
ConfigureAutoApiControllers();
ConfigureVirtualFiles(hostingEnvironment);
ConfigureLocalization();
- ConfigureAuthentication(context.Services, configuration);
ConfigureCors(context, configuration);
ConfigureDataProtection(context, configuration, hostingEnvironment);
ConfigureMongoDB(context);
@@ -176,17 +168,6 @@ public class MyProjectNameModule : AbpModule
});
}
- private void ConfigureAuthentication(IServiceCollection services, IConfiguration configuration)
- {
- services.AddAuthentication()
- .AddJwtBearer(options =>
- {
- options.Authority = configuration["AuthServer:Authority"];
- options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
- options.Audience = "MyProjectName";
- });
- }
-
private void ConfigureLocalization()
{
Configure(options =>
@@ -341,7 +322,7 @@ public class MyProjectNameModule : AbpModule
app.UseRouting();
app.UseCors();
app.UseAuthentication();
- app.UseJwtTokenMiddleware();
+ app.UseAbpOpenIddictValidation();
if (IsMultiTenant)
{
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host.Mongo/appsettings.json b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host.Mongo/appsettings.json
index a63bc0eeb8..284615a19b 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host.Mongo/appsettings.json
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host.Mongo/appsettings.json
@@ -11,11 +11,6 @@
"Redis": {
"Configuration": "127.0.0.1"
},
- "AuthServer": {
- "Authority": "https://localhost:44300",
- "RequireHttpsMetadata": "false",
- "SwaggerClientId": "MyProjectName_Swagger"
- },
"StringEncryption": {
"DefaultPassPhrase": "gsKnGZ041HLL4IM8"
},
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host/MyProjectNameModule.cs b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host/MyProjectNameModule.cs
index bc3a0eea8e..59b337a7c0 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host/MyProjectNameModule.cs
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host/MyProjectNameModule.cs
@@ -110,13 +110,6 @@ public class MyProjectNameModule : AbpModule
);
});
- PreConfigure(builder =>
- {
- // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
- // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
- builder.DisableAccessTokenEncryption();
- });
-
PreConfigure(builder =>
{
builder.AddValidation(options =>
@@ -141,7 +134,6 @@ public class MyProjectNameModule : AbpModule
ConfigureAutoApiControllers();
ConfigureVirtualFiles(hostingEnvironment);
ConfigureLocalization();
- ConfigureAuthentication(context.Services, configuration);
ConfigureCors(context, configuration);
ConfigureDataProtection(context, configuration, hostingEnvironment);
ConfigureEfCore(context);
@@ -178,17 +170,6 @@ public class MyProjectNameModule : AbpModule
});
}
- private void ConfigureAuthentication(IServiceCollection services, IConfiguration configuration)
- {
- services.AddAuthentication()
- .AddJwtBearer(options =>
- {
- options.Authority = configuration["AuthServer:Authority"];
- options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
- options.Audience = "MyProjectName";
- });
- }
-
private void ConfigureLocalization()
{
Configure(options =>
@@ -350,7 +331,7 @@ public class MyProjectNameModule : AbpModule
app.UseRouting();
app.UseCors();
app.UseAuthentication();
- app.UseJwtTokenMiddleware();
+ app.UseAbpOpenIddictValidation();
if (IsMultiTenant)
{
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host/appsettings.json b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host/appsettings.json
index 6c9d002cc6..251acbe2ac 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host/appsettings.json
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Host/appsettings.json
@@ -11,11 +11,6 @@
"Redis": {
"Configuration": "127.0.0.1"
},
- "AuthServer": {
- "Authority": "https://localhost:44300",
- "RequireHttpsMetadata": "false",
- "SwaggerClientId": "MyProjectName_Swagger"
- },
"StringEncryption": {
"DefaultPassPhrase": "gsKnGZ041HLL4IM8"
},
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc.Mongo/MyProjectNameModule.cs b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc.Mongo/MyProjectNameModule.cs
index 7a0d97014a..10cef836ae 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc.Mongo/MyProjectNameModule.cs
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc.Mongo/MyProjectNameModule.cs
@@ -110,13 +110,6 @@ public class MyProjectNameModule : AbpModule
);
});
- PreConfigure(builder =>
- {
- // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
- // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
- builder.DisableAccessTokenEncryption();
- });
-
PreConfigure(builder =>
{
builder.AddValidation(options =>
@@ -142,7 +135,6 @@ public class MyProjectNameModule : AbpModule
ConfigureAutoApiControllers();
ConfigureVirtualFiles(hostingEnvironment);
ConfigureLocalization();
- ConfigureAuthentication(context.Services, configuration);
ConfigureMongoDB(context);
}
@@ -176,17 +168,6 @@ public class MyProjectNameModule : AbpModule
});
}
- private void ConfigureAuthentication(IServiceCollection services, IConfiguration configuration)
- {
- services.AddAuthentication()
- .AddJwtBearer(options =>
- {
- options.Authority = configuration["AuthServer:Authority"];
- options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
- options.Audience = "MyProjectName";
- });
- }
-
private void ConfigureLocalization()
{
Configure(options =>
@@ -314,7 +295,7 @@ public class MyProjectNameModule : AbpModule
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
- app.UseJwtTokenMiddleware();
+ app.UseAbpOpenIddictValidation();
if (IsMultiTenant)
{
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc.Mongo/appsettings.json b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc.Mongo/appsettings.json
index 97ad461966..f64cfd6c90 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc.Mongo/appsettings.json
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc.Mongo/appsettings.json
@@ -5,10 +5,6 @@
"ConnectionStrings": {
"Default": "mongodb://localhost:27017/MyProjectName"
},
- "AuthServer": {
- "Authority": "https://localhost:44300",
- "RequireHttpsMetadata": "false"
- },
"StringEncryption": {
"DefaultPassPhrase": "gsKnGZ041HLL4IM8"
}
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc/MyProjectNameModule.cs b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc/MyProjectNameModule.cs
index 7f7a7a4da9..20a52729ed 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc/MyProjectNameModule.cs
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc/MyProjectNameModule.cs
@@ -112,13 +112,6 @@ public class MyProjectNameModule : AbpModule
);
});
- PreConfigure(builder =>
- {
- // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
- // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
- builder.DisableAccessTokenEncryption();
- });
-
PreConfigure(builder =>
{
builder.AddValidation(options =>
@@ -144,7 +137,6 @@ public class MyProjectNameModule : AbpModule
ConfigureAutoApiControllers();
ConfigureVirtualFiles(hostingEnvironment);
ConfigureLocalization();
- ConfigureAuthentication(context.Services, configuration);
ConfigureEfCore(context);
}
@@ -179,17 +171,6 @@ public class MyProjectNameModule : AbpModule
});
}
- private void ConfigureAuthentication(IServiceCollection services, IConfiguration configuration)
- {
- services.AddAuthentication()
- .AddJwtBearer(options =>
- {
- options.Authority = configuration["AuthServer:Authority"];
- options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
- options.Audience = "MyProjectName";
- });
- }
-
private void ConfigureLocalization()
{
Configure(options =>
@@ -323,7 +304,7 @@ public class MyProjectNameModule : AbpModule
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
- app.UseJwtTokenMiddleware();
+ app.UseAbpOpenIddictValidation();
if (IsMultiTenant)
{
diff --git a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc/appsettings.json b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc/appsettings.json
index 74bc952883..4d95841d08 100644
--- a/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc/appsettings.json
+++ b/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Mvc/appsettings.json
@@ -5,10 +5,6 @@
"ConnectionStrings": {
"Default": "Server=(LocalDb)\\MSSQLLocalDB;Database=MyProjectName;Trusted_Connection=True"
},
- "AuthServer": {
- "Authority": "https://localhost:44300",
- "RequireHttpsMetadata": "false"
- },
"StringEncryption": {
"DefaultPassPhrase": "gsKnGZ041HLL4IM8"
}
diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.AuthServer/MyProjectNameAuthServerModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.AuthServer/MyProjectNameAuthServerModule.cs
index 05ea1c90ea..225033259f 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.AuthServer/MyProjectNameAuthServerModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.AuthServer/MyProjectNameAuthServerModule.cs
@@ -48,13 +48,6 @@ public class MyProjectNameAuthServerModule : AbpModule
{
public override void PreConfigureServices(ServiceConfigurationContext context)
{
- PreConfigure(builder =>
- {
- // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
- // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
- builder.DisableAccessTokenEncryption();
- });
-
PreConfigure(builder =>
{
builder.AddValidation(options =>
diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameBlazorModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameBlazorModule.cs
index a01ea41953..4610600956 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameBlazorModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameBlazorModule.cs
@@ -1,4 +1,3 @@
-using System;
using System.IO;
using Blazorise.Bootstrap5;
using Blazorise.Icons.FontAwesome;
@@ -74,13 +73,6 @@ public class MyProjectNameBlazorModule : AbpModule
);
});
- PreConfigure(builder =>
- {
- // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
- // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
- builder.DisableAccessTokenEncryption();
- });
-
PreConfigure(builder =>
{
builder.AddValidation(options =>
@@ -99,7 +91,6 @@ public class MyProjectNameBlazorModule : AbpModule
ConfigureUrls(configuration);
ConfigureBundles();
- ConfigureAuthentication(context, configuration);
ConfigureAutoMapper();
ConfigureVirtualFileSystem(hostingEnvironment);
ConfigureLocalizationServices();
@@ -145,17 +136,6 @@ public class MyProjectNameBlazorModule : AbpModule
});
}
- private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
- {
- context.Services.AddAuthentication()
- .AddJwtBearer(options =>
- {
- options.Authority = configuration["AuthServer:Authority"];
- options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
- options.Audience = "MyProjectName";
- });
- }
-
private void ConfigureVirtualFileSystem(IWebHostEnvironment hostingEnvironment)
{
if (hostingEnvironment.IsDevelopment())
@@ -283,7 +263,7 @@ public class MyProjectNameBlazorModule : AbpModule
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
- app.UseJwtTokenMiddleware();
+ app.UseAbpOpenIddictValidation();
if (MultiTenancyConsts.IsEnabled)
{
diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs
index fc8211ee43..524a7e24bf 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs
@@ -50,13 +50,6 @@ public class MyProjectNameHttpApiHostModule : AbpModule
{
public override void PreConfigureServices(ServiceConfigurationContext context)
{
- PreConfigure(builder =>
- {
- // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
- // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
- builder.DisableAccessTokenEncryption();
- });
-
PreConfigure(builder =>
{
builder.AddValidation(options =>
@@ -76,7 +69,6 @@ public class MyProjectNameHttpApiHostModule : AbpModule
ConfigureBundles();
ConfigureUrls(configuration);
ConfigureConventionalControllers();
- ConfigureAuthentication(context, configuration);
ConfigureLocalization();
ConfigureVirtualFileSystem(context);
ConfigureCors(context, configuration);
@@ -138,23 +130,6 @@ public class MyProjectNameHttpApiHostModule : AbpModule
});
}
- private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
- {
- context.Services.AddAuthentication()
- .AddJwtBearer(options =>
- {
- options.Authority = configuration["AuthServer:Authority"];
- options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
- options.Audience = "MyProjectName";
- options.BackchannelHttpHandler = new HttpClientHandler
- {
- ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
- };
-
- options.MapInboundClaims = false;
- });
- }
-
private static void ConfigureSwaggerServices(ServiceConfigurationContext context, IConfiguration configuration)
{
context.Services.AddAbpSwaggerGenWithOAuth(
@@ -241,7 +216,7 @@ public class MyProjectNameHttpApiHostModule : AbpModule
app.UseRouting();
app.UseCors();
app.UseAuthentication();
- app.UseJwtTokenMiddleware();
+ app.UseAbpOpenIddictValidation();
if (MultiTenancyConsts.IsEnabled)
{
diff --git a/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.AuthServer/MyProjectNameAuthServerModule.cs b/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.AuthServer/MyProjectNameAuthServerModule.cs
index 831eb154bd..a3798432a7 100644
--- a/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.AuthServer/MyProjectNameAuthServerModule.cs
+++ b/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.AuthServer/MyProjectNameAuthServerModule.cs
@@ -156,14 +156,6 @@ public class MyProjectNameAuthServerModule : AbpModule
options.Applications["MVC"].RootUrl = configuration["App:SelfUrl"];
});
- context.Services.AddAuthentication()
- .AddJwtBearer(options =>
- {
- options.Authority = configuration["AuthServer:Authority"];
- options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
- options.Audience = configuration["AuthServer:ApiName"];
- });
-
Configure(options =>
{
options.KeyPrefix = "MyProjectName:";
@@ -226,7 +218,7 @@ public class MyProjectNameAuthServerModule : AbpModule
app.UseRouting();
app.UseCors();
app.UseAuthentication();
- app.UseJwtTokenMiddleware();
+ app.UseAbpOpenIddictValidation();
if (MultiTenancyConsts.IsEnabled)
{
diff --git a/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.AuthServer/appsettings.json b/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.AuthServer/appsettings.json
index 70b1fa6216..47304e7fc6 100644
--- a/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.AuthServer/appsettings.json
+++ b/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.AuthServer/appsettings.json
@@ -10,11 +10,6 @@
"Redis": {
"Configuration": "127.0.0.1"
},
- "AuthServer": {
- "Authority": "https://localhost:44301/",
- "RequireHttpsMetadata": "false",
- "ApiName": "MyProjectName"
- },
"OpenIddict": {
"Applications": {
"MyProjectName_Web": {