From d8bdcffd4c69787e69fb7ae3c3375a44a0067e7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Halil=20=C4=B0brahim=20Kalkan?= Date: Fri, 22 Nov 2019 15:31:24 +0300 Subject: [PATCH] Fix claims mapping for the microservice demo --- .../BackendAdminAppGatewayHostModule.cs | 29 +++++++++++++------ .../InternalGatewayHostModule.cs | 29 +++++++++++++------ .../PublicWebSiteGatewayHostModule.cs | 29 +++++++++++++------ .../BloggingServiceHostModule.cs | 27 ++++++++++++----- .../IdentityServiceHostModule.cs | 29 +++++++++++++------ .../ProductServiceHostModule.cs | 29 +++++++++++++------ 6 files changed, 119 insertions(+), 53 deletions(-) diff --git a/samples/MicroserviceDemo/gateways/BackendAdminAppGateway.Host/BackendAdminAppGatewayHostModule.cs b/samples/MicroserviceDemo/gateways/BackendAdminAppGateway.Host/BackendAdminAppGatewayHostModule.cs index d30dc8e4fb..81a109a6f0 100644 --- a/samples/MicroserviceDemo/gateways/BackendAdminAppGateway.Host/BackendAdminAppGatewayHostModule.cs +++ b/samples/MicroserviceDemo/gateways/BackendAdminAppGateway.Host/BackendAdminAppGatewayHostModule.cs @@ -1,4 +1,7 @@ -using Microsoft.AspNetCore.Builder; +using System.Collections.Generic; +using System.Linq; +using System.Security.Claims; +using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; using Microsoft.Extensions.DependencyInjection; using Ocelot.DependencyInjection; @@ -52,14 +55,6 @@ namespace BackendAdminAppGateway.Host options.Authority = configuration["AuthServer:Authority"]; options.ApiName = configuration["AuthServer:ApiName"]; options.RequireHttpsMetadata = false; - //TODO: Should create an extension method for that (may require to create a new ABP package depending on the IdentityServer4.AccessTokenValidation) - //options.InboundJwtClaimTypeMap["sub"] = AbpClaimTypes.UserId; - //options.InboundJwtClaimTypeMap["role"] = AbpClaimTypes.Role; - //options.InboundJwtClaimTypeMap["email"] = AbpClaimTypes.Email; - //options.InboundJwtClaimTypeMap["email_verified"] = AbpClaimTypes.EmailVerified; - //options.InboundJwtClaimTypeMap["phone_number"] = AbpClaimTypes.PhoneNumber; - //options.InboundJwtClaimTypeMap["phone_number_verified"] = AbpClaimTypes.PhoneNumberVerified; - //options.InboundJwtClaimTypeMap["name"] = AbpClaimTypes.UserName; }); context.Services.AddSwaggerGen(options => @@ -94,6 +89,22 @@ namespace BackendAdminAppGateway.Host app.UseVirtualFiles(); app.UseRouting(); app.UseAuthentication(); + + app.Use(async (ctx, next) => + { + var currentPrincipalAccessor = ctx.RequestServices.GetRequiredService(); + var map = new Dictionary() + { + { "sub", AbpClaimTypes.UserId }, + { "role", AbpClaimTypes.Role }, + { "email", AbpClaimTypes.Email }, + //any other map + }; + var mapClaims = currentPrincipalAccessor.Principal.Claims.Where(p => map.Keys.Contains(p.Type)).ToList(); + currentPrincipalAccessor.Principal.AddIdentity(new ClaimsIdentity(mapClaims.Select(p => new Claim(map[p.Type], p.Value, p.ValueType, p.Issuer)))); + await next(); + }); + app.UseSwagger(); app.UseSwaggerUI(options => { diff --git a/samples/MicroserviceDemo/gateways/InternalGateway.Host/InternalGatewayHostModule.cs b/samples/MicroserviceDemo/gateways/InternalGateway.Host/InternalGatewayHostModule.cs index 8b470f826f..a3572551f9 100644 --- a/samples/MicroserviceDemo/gateways/InternalGateway.Host/InternalGatewayHostModule.cs +++ b/samples/MicroserviceDemo/gateways/InternalGateway.Host/InternalGatewayHostModule.cs @@ -1,4 +1,7 @@ -using Microsoft.AspNetCore.Builder; +using System.Collections.Generic; +using System.Linq; +using System.Security.Claims; +using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; using Microsoft.Extensions.DependencyInjection; using Ocelot.DependencyInjection; @@ -41,14 +44,6 @@ namespace InternalGateway.Host options.Authority = configuration["AuthServer:Authority"]; options.ApiName = configuration["AuthServer:ApiName"]; options.RequireHttpsMetadata = false; - //TODO: Should create an extension method for that (may require to create a new ABP package depending on the IdentityServer4.AccessTokenValidation) - //options.InboundJwtClaimTypeMap["sub"] = AbpClaimTypes.UserId; - //options.InboundJwtClaimTypeMap["role"] = AbpClaimTypes.Role; - //options.InboundJwtClaimTypeMap["email"] = AbpClaimTypes.Email; - //options.InboundJwtClaimTypeMap["email_verified"] = AbpClaimTypes.EmailVerified; - //options.InboundJwtClaimTypeMap["phone_number"] = AbpClaimTypes.PhoneNumber; - //options.InboundJwtClaimTypeMap["phone_number_verified"] = AbpClaimTypes.PhoneNumberVerified; - //options.InboundJwtClaimTypeMap["name"] = AbpClaimTypes.UserName; }); context.Services.AddSwaggerGen(options => @@ -83,6 +78,22 @@ namespace InternalGateway.Host app.UseVirtualFiles(); app.UseRouting(); app.UseAuthentication(); + + app.Use(async (ctx, next) => + { + var currentPrincipalAccessor = ctx.RequestServices.GetRequiredService(); + var map = new Dictionary() + { + { "sub", AbpClaimTypes.UserId }, + { "role", AbpClaimTypes.Role }, + { "email", AbpClaimTypes.Email }, + //any other map + }; + var mapClaims = currentPrincipalAccessor.Principal.Claims.Where(p => map.Keys.Contains(p.Type)).ToList(); + currentPrincipalAccessor.Principal.AddIdentity(new ClaimsIdentity(mapClaims.Select(p => new Claim(map[p.Type], p.Value, p.ValueType, p.Issuer)))); + await next(); + }); + app.UseSwagger(); app.UseSwaggerUI(options => { diff --git a/samples/MicroserviceDemo/gateways/PublicWebSiteGateway.Host/PublicWebSiteGatewayHostModule.cs b/samples/MicroserviceDemo/gateways/PublicWebSiteGateway.Host/PublicWebSiteGatewayHostModule.cs index 2add48443a..0129663e5a 100644 --- a/samples/MicroserviceDemo/gateways/PublicWebSiteGateway.Host/PublicWebSiteGatewayHostModule.cs +++ b/samples/MicroserviceDemo/gateways/PublicWebSiteGateway.Host/PublicWebSiteGatewayHostModule.cs @@ -1,4 +1,7 @@ -using Microsoft.AspNetCore.Builder; +using System.Collections.Generic; +using System.Linq; +using System.Security.Claims; +using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; using Microsoft.Extensions.DependencyInjection; using Ocelot.DependencyInjection; @@ -39,14 +42,6 @@ namespace PublicWebSiteGateway.Host options.Authority = configuration["AuthServer:Authority"]; options.ApiName = configuration["AuthServer:ApiName"]; options.RequireHttpsMetadata = false; - //TODO: Should create an extension method for that (may require to create a new ABP package depending on the IdentityServer4.AccessTokenValidation) - //options.InboundJwtClaimTypeMap["sub"] = AbpClaimTypes.UserId; - //options.InboundJwtClaimTypeMap["role"] = AbpClaimTypes.Role; - //options.InboundJwtClaimTypeMap["email"] = AbpClaimTypes.Email; - //options.InboundJwtClaimTypeMap["email_verified"] = AbpClaimTypes.EmailVerified; - //options.InboundJwtClaimTypeMap["phone_number"] = AbpClaimTypes.PhoneNumber; - //options.InboundJwtClaimTypeMap["phone_number_verified"] = AbpClaimTypes.PhoneNumberVerified; - //options.InboundJwtClaimTypeMap["name"] = AbpClaimTypes.UserName; }); context.Services.AddSwaggerGen(options => @@ -81,6 +76,22 @@ namespace PublicWebSiteGateway.Host app.UseVirtualFiles(); app.UseRouting(); app.UseAuthentication(); + + app.Use(async (ctx, next) => + { + var currentPrincipalAccessor = ctx.RequestServices.GetRequiredService(); + var map = new Dictionary() + { + { "sub", AbpClaimTypes.UserId }, + { "role", AbpClaimTypes.Role }, + { "email", AbpClaimTypes.Email }, + //any other map + }; + var mapClaims = currentPrincipalAccessor.Principal.Claims.Where(p => map.Keys.Contains(p.Type)).ToList(); + currentPrincipalAccessor.Principal.AddIdentity(new ClaimsIdentity(mapClaims.Select(p => new Claim(map[p.Type], p.Value, p.ValueType, p.Issuer)))); + await next(); + }); + app.UseSwagger(); app.UseSwaggerUI(options => { diff --git a/samples/MicroserviceDemo/microservices/BloggingService.Host/BloggingServiceHostModule.cs b/samples/MicroserviceDemo/microservices/BloggingService.Host/BloggingServiceHostModule.cs index 1f80e0c605..2d7e945cf5 100644 --- a/samples/MicroserviceDemo/microservices/BloggingService.Host/BloggingServiceHostModule.cs +++ b/samples/MicroserviceDemo/microservices/BloggingService.Host/BloggingServiceHostModule.cs @@ -1,5 +1,8 @@ using System; +using System.Collections.Generic; using System.IO; +using System.Linq; +using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; @@ -57,14 +60,6 @@ namespace BloggingService.Host options.Authority = configuration["AuthServer:Authority"]; options.ApiName = configuration["AuthServer:ApiName"]; options.RequireHttpsMetadata = false; - //TODO: Should create an extension method for that (may require to create a new ABP package depending on the IdentityServer4.AccessTokenValidation) - //options.InboundJwtClaimTypeMap["sub"] = AbpClaimTypes.UserId; - //options.InboundJwtClaimTypeMap["role"] = AbpClaimTypes.Role; - //options.InboundJwtClaimTypeMap["email"] = AbpClaimTypes.Email; - //options.InboundJwtClaimTypeMap["email_verified"] = AbpClaimTypes.EmailVerified; - //options.InboundJwtClaimTypeMap["phone_number"] = AbpClaimTypes.PhoneNumber; - //options.InboundJwtClaimTypeMap["phone_number_verified"] = AbpClaimTypes.PhoneNumberVerified; - //options.InboundJwtClaimTypeMap["name"] = AbpClaimTypes.UserName; }); context.Services.AddSwaggerGen(options => @@ -113,6 +108,22 @@ namespace BloggingService.Host app.UseVirtualFiles(); app.UseRouting(); app.UseAuthentication(); + + app.Use(async (ctx, next) => + { + var currentPrincipalAccessor = ctx.RequestServices.GetRequiredService(); + var map = new Dictionary() + { + { "sub", AbpClaimTypes.UserId }, + { "role", AbpClaimTypes.Role }, + { "email", AbpClaimTypes.Email }, + //any other map + }; + var mapClaims = currentPrincipalAccessor.Principal.Claims.Where(p => map.Keys.Contains(p.Type)).ToList(); + currentPrincipalAccessor.Principal.AddIdentity(new ClaimsIdentity(mapClaims.Select(p => new Claim(map[p.Type], p.Value, p.ValueType, p.Issuer)))); + await next(); + }); + app.UseAbpRequestLocalization(); //TODO: localization? app.UseSwagger(); app.UseSwaggerUI(options => diff --git a/samples/MicroserviceDemo/microservices/IdentityService.Host/IdentityServiceHostModule.cs b/samples/MicroserviceDemo/microservices/IdentityService.Host/IdentityServiceHostModule.cs index 96899af0a0..2bf102a465 100644 --- a/samples/MicroserviceDemo/microservices/IdentityService.Host/IdentityServiceHostModule.cs +++ b/samples/MicroserviceDemo/microservices/IdentityService.Host/IdentityServiceHostModule.cs @@ -1,4 +1,7 @@ -using Microsoft.AspNetCore.Builder; +using System.Collections.Generic; +using System.Linq; +using System.Security.Claims; +using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; using Microsoft.Extensions.DependencyInjection; using StackExchange.Redis; @@ -44,14 +47,6 @@ namespace IdentityService.Host options.Authority = configuration["AuthServer:Authority"]; options.ApiName = configuration["AuthServer:ApiName"]; options.RequireHttpsMetadata = false; - //TODO: Should create an extension method for that (may require to create a new ABP package depending on the IdentityServer4.AccessTokenValidation) - //options.InboundJwtClaimTypeMap["sub"] = AbpClaimTypes.UserId; - //options.InboundJwtClaimTypeMap["role"] = AbpClaimTypes.Role; - //options.InboundJwtClaimTypeMap["email"] = AbpClaimTypes.Email; - //options.InboundJwtClaimTypeMap["email_verified"] = AbpClaimTypes.EmailVerified; - //options.InboundJwtClaimTypeMap["phone_number"] = AbpClaimTypes.PhoneNumber; - //options.InboundJwtClaimTypeMap["phone_number_verified"] = AbpClaimTypes.PhoneNumberVerified; - //options.InboundJwtClaimTypeMap["name"] = AbpClaimTypes.UserName; }); context.Services.AddSwaggerGen(options => @@ -95,6 +90,22 @@ namespace IdentityService.Host app.UseVirtualFiles(); app.UseRouting(); app.UseAuthentication(); + + app.Use(async (ctx, next) => + { + var currentPrincipalAccessor = ctx.RequestServices.GetRequiredService(); + var map = new Dictionary() + { + { "sub", AbpClaimTypes.UserId }, + { "role", AbpClaimTypes.Role }, + { "email", AbpClaimTypes.Email }, + //any other map + }; + var mapClaims = currentPrincipalAccessor.Principal.Claims.Where(p => map.Keys.Contains(p.Type)).ToList(); + currentPrincipalAccessor.Principal.AddIdentity(new ClaimsIdentity(mapClaims.Select(p => new Claim(map[p.Type], p.Value, p.ValueType, p.Issuer)))); + await next(); + }); + app.UseAbpRequestLocalization(); //TODO: localization? app.UseSwagger(); app.UseSwaggerUI(options => diff --git a/samples/MicroserviceDemo/microservices/ProductService.Host/ProductServiceHostModule.cs b/samples/MicroserviceDemo/microservices/ProductService.Host/ProductServiceHostModule.cs index 8389067092..97235133f9 100644 --- a/samples/MicroserviceDemo/microservices/ProductService.Host/ProductServiceHostModule.cs +++ b/samples/MicroserviceDemo/microservices/ProductService.Host/ProductServiceHostModule.cs @@ -1,4 +1,7 @@ -using Microsoft.AspNetCore.Builder; +using System.Collections.Generic; +using System.Linq; +using System.Security.Claims; +using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; using Microsoft.Extensions.DependencyInjection; using ProductManagement; @@ -46,14 +49,6 @@ namespace ProductService.Host options.Authority = configuration["AuthServer:Authority"]; options.ApiName = configuration["AuthServer:ApiName"]; options.RequireHttpsMetadata = false; - //TODO: Should create an extension method for that (may require to create a new ABP package depending on the IdentityServer4.AccessTokenValidation) - //options.InboundJwtClaimTypeMap["sub"] = AbpClaimTypes.UserId; - //options.InboundJwtClaimTypeMap["role"] = AbpClaimTypes.Role; - //options.InboundJwtClaimTypeMap["email"] = AbpClaimTypes.Email; - //options.InboundJwtClaimTypeMap["email_verified"] = AbpClaimTypes.EmailVerified; - //options.InboundJwtClaimTypeMap["phone_number"] = AbpClaimTypes.PhoneNumber; - //options.InboundJwtClaimTypeMap["phone_number_verified"] = AbpClaimTypes.PhoneNumberVerified; - //options.InboundJwtClaimTypeMap["name"] = AbpClaimTypes.UserName; }); context.Services.AddSwaggerGen(options => @@ -97,6 +92,22 @@ namespace ProductService.Host app.UseVirtualFiles(); app.UseRouting(); app.UseAuthentication(); + + app.Use(async (ctx, next) => + { + var currentPrincipalAccessor = ctx.RequestServices.GetRequiredService(); + var map = new Dictionary() + { + { "sub", AbpClaimTypes.UserId }, + { "role", AbpClaimTypes.Role }, + { "email", AbpClaimTypes.Email }, + //any other map + }; + var mapClaims = currentPrincipalAccessor.Principal.Claims.Where(p => map.Keys.Contains(p.Type)).ToList(); + currentPrincipalAccessor.Principal.AddIdentity(new ClaimsIdentity(mapClaims.Select(p => new Claim(map[p.Type], p.Value, p.ValueType, p.Issuer)))); + await next(); + }); + app.UseAbpRequestLocalization(); //TODO: localization? app.UseSwagger(); app.UseSwaggerUI(options =>