brunobritodev
diff --git a/‎keys/JPProjectOAuth.cer‎
791 Bytes b/‎keys/JPProjectOAuth.cer‎
791 Bytes
diff --git a/‎keys/JpProjectOAuth.pvk‎
1.18 KB b/‎keys/JpProjectOAuth.pvk‎
1.18 KB
diff --git a/‎src/Backend/Jp.UserManagement/jpProject_sso_log.txt‎
Lines changed: 75 additions & 0 deletions b/‎src/Backend/Jp.UserManagement/jpProject_sso_log.txt‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎src/Frontend/Jp.UI.SSO/Configuration/IdentityServerConfig.cs‎
Lines changed: 16 additions & 10 deletions b/‎src/Frontend/Jp.UI.SSO/Configuration/IdentityServerConfig.cs‎
Lines changed: 16 additions & 10 deletions
diff --git a/‎src/Frontend/Jp.UI.SSO/Startup.cs‎
Lines changed: 6 additions & 3 deletions b/‎src/Frontend/Jp.UI.SSO/Startup.cs‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎src/Frontend/Jp.UI.SSO/Util/SigninCredentialExtension.cs‎
Lines changed: 87 additions & 0 deletions b/‎src/Frontend/Jp.UI.SSO/Util/SigninCredentialExtension.cs‎
Lines changed: 87 additions & 0 deletions
@@ -619,3 +619,78 @@ WHERE [e].[Id] = @__get_Item_0
 2018-09-03 01:53:29.258 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/v1/swagger.json  
 2018-09-03 01:53:29.260 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
 2018-09-03 01:53:29.461 -03:00 [INF] Request finished in 202.9468ms 200 application/json;charset=utf-8
+2018-09-03 14:52:14.639 -03:00 [INF] User profile is available. Using 'C:\Users\bruno.brito\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
+2018-09-03 14:52:15.712 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/index.html  
+2018-09-03 14:52:15.742 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 14:52:15.783 -03:00 [INF] Request finished in 72.4872ms 200 text/html
+2018-09-03 14:52:15.870 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/swagger-ui.css  
+2018-09-03 14:52:15.870 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/swagger-ui-standalone-preset.js  
+2018-09-03 14:52:15.870 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/swagger-ui-bundle.js  
+2018-09-03 14:52:15.872 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 14:52:15.872 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 14:52:15.873 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 14:52:15.927 -03:00 [INF] Sending file. Request path: '/swagger-ui.css'. Physical path: 'N/A'
+2018-09-03 14:52:15.927 -03:00 [INF] Sending file. Request path: '/swagger-ui-standalone-preset.js'. Physical path: 'N/A'
+2018-09-03 14:52:15.934 -03:00 [INF] Request finished in 63.254ms 200 text/css
+2018-09-03 14:52:15.934 -03:00 [INF] Request finished in 63.254ms 200 application/javascript
+2018-09-03 14:52:16.033 -03:00 [INF] Sending file. Request path: '/swagger-ui-bundle.js'. Physical path: 'N/A'
+2018-09-03 14:52:16.035 -03:00 [INF] Request finished in 164.7783ms 200 application/javascript
+2018-09-03 14:52:16.326 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/v1/swagger.json  
+2018-09-03 14:52:16.327 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 14:52:16.359 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/favicon-32x32.png  
+2018-09-03 14:52:16.360 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 14:52:16.363 -03:00 [INF] Sending file. Request path: '/favicon-32x32.png'. Physical path: 'N/A'
+2018-09-03 14:52:16.365 -03:00 [INF] Request finished in 6.4668ms 200 image/png
+2018-09-03 14:52:16.370 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/favicon-16x16.png  
+2018-09-03 14:52:16.371 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 14:52:16.373 -03:00 [INF] Sending file. Request path: '/favicon-16x16.png'. Physical path: 'N/A'
+2018-09-03 14:52:16.376 -03:00 [INF] Request finished in 5.9045ms 200 image/png
+2018-09-03 14:52:16.493 -03:00 [INF] Request finished in 166.3778ms 200 application/json;charset=utf-8
+2018-09-03 14:53:44.168 -03:00 [INF] User profile is available. Using 'C:\Users\bruno.brito\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
+2018-09-03 14:53:45.125 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/index.html  
+2018-09-03 14:53:45.211 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 14:53:45.229 -03:00 [INF] Request finished in 105.718ms 200 text/html
+2018-09-03 14:53:45.772 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/v1/swagger.json  
+2018-09-03 14:53:45.774 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 14:53:45.924 -03:00 [INF] Request finished in 151.6338ms 200 application/json;charset=utf-8
+2018-09-03 14:54:13.996 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/oauth2-redirect.html  
+2018-09-03 14:54:13.998 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 14:54:14.011 -03:00 [INF] Sending file. Request path: '/oauth2-redirect.html'. Physical path: 'N/A'
+2018-09-03 14:54:14.014 -03:00 [INF] Request finished in 18.2516ms 200 text/html
+2018-09-03 14:54:20.112 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/Management/user-data  
+2018-09-03 14:54:20.355 -03:00 [INF] Successfully validated the token.
+2018-09-03 14:54:20.360 -03:00 [DBG] AuthenticationScheme: Bearer was successfully authenticated.
+2018-09-03 14:54:20.389 -03:00 [INF] Route matched with {action = "UserData", controller = "Management"}. Executing action Jp.UserManagement.Controllers.ManagementController.UserData (Jp.UserManagement)
+2018-09-03 14:54:20.404 -03:00 [INF] Authorization was successful.
+2018-09-03 14:54:20.516 -03:00 [INF] Executing action method Jp.UserManagement.Controllers.ManagementController.UserData (Jp.UserManagement) - Validation state: "Valid"
+2018-09-03 14:54:45.995 -03:00 [INF] Entity Framework Core 2.1.2-rtm-30932 initialized 'ApplicationDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: None
+2018-09-03 14:54:46.324 -03:00 [INF] Executed DbCommand (10ms) [Parameters=[@__get_Item_0='?' (DbType = Guid)], CommandType='"Text"', CommandTimeout='30']
+SELECT TOP(1) [e].[Id], [e].[AccessFailedCount], [e].[Bio], [e].[Company], [e].[ConcurrencyStamp], [e].[Email], [e].[EmailConfirmed], [e].[JobTitle], [e].[LockoutEnabled], [e].[LockoutEnd], [e].[Name], [e].[NormalizedEmail], [e].[NormalizedUserName], [e].[PasswordHash], [e].[PhoneNumber], [e].[PhoneNumberConfirmed], [e].[Picture], [e].[SecurityStamp], [e].[TwoFactorEnabled], [e].[Url], [e].[UserName]
+FROM [Users] AS [e]
+WHERE [e].[Id] = @__get_Item_0
+2018-09-03 14:54:46.429 -03:00 [INF] Executed action method Jp.UserManagement.Controllers.ManagementController.UserData (Jp.UserManagement), returned result Microsoft.AspNetCore.Mvc.OkObjectResult in 25905.5463ms.
+2018-09-03 14:54:46.438 -03:00 [INF] Executing ObjectResult, writing value of type 'Jp.Infra.CrossCutting.Tools.Model.DefaultResponse`1[[Jp.Application.ViewModels.ProfileViewModel, Jp.Application, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]'.
+2018-09-03 14:54:46.450 -03:00 [INF] Executed action Jp.UserManagement.Controllers.ManagementController.UserData (Jp.UserManagement) in 26056.407300000003ms
+2018-09-03 14:54:46.457 -03:00 [INF] Request finished in 26344.8842ms 200 application/json; charset=utf-8
+2018-09-03 15:32:26.606 -03:00 [INF] User profile is available. Using 'C:\Users\bruno.brito\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
+2018-09-03 15:32:27.495 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/index.html  
+2018-09-03 15:32:27.530 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 15:32:27.549 -03:00 [INF] Request finished in 58.2322ms 200 text/html
+2018-09-03 15:32:27.929 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/swagger/v1/swagger.json  
+2018-09-03 15:32:27.931 -03:00 [DBG] AuthenticationScheme: Bearer was not authenticated.
+2018-09-03 15:32:28.088 -03:00 [INF] Request finished in 158.9564ms 200 application/json;charset=utf-8
+2018-09-03 15:32:45.281 -03:00 [INF] Request starting HTTP/1.1 GET http://localhost:5003/Management/user-data  
+2018-09-03 15:32:45.530 -03:00 [INF] Successfully validated the token.
+2018-09-03 15:32:45.535 -03:00 [DBG] AuthenticationScheme: Bearer was successfully authenticated.
+2018-09-03 15:32:45.574 -03:00 [INF] Route matched with {action = "UserData", controller = "Management"}. Executing action Jp.UserManagement.Controllers.ManagementController.UserData (Jp.UserManagement)
+2018-09-03 15:32:45.587 -03:00 [INF] Authorization was successful.
+2018-09-03 15:32:45.694 -03:00 [INF] Executing action method Jp.UserManagement.Controllers.ManagementController.UserData (Jp.UserManagement) - Validation state: "Valid"
+2018-09-03 15:32:46.138 -03:00 [INF] Entity Framework Core 2.1.2-rtm-30932 initialized 'ApplicationDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: None
+2018-09-03 15:32:46.469 -03:00 [INF] Executed DbCommand (9ms) [Parameters=[@__get_Item_0='?' (DbType = Guid)], CommandType='"Text"', CommandTimeout='30']
+SELECT TOP(1) [e].[Id], [e].[AccessFailedCount], [e].[Bio], [e].[Company], [e].[ConcurrencyStamp], [e].[Email], [e].[EmailConfirmed], [e].[JobTitle], [e].[LockoutEnabled], [e].[LockoutEnd], [e].[Name], [e].[NormalizedEmail], [e].[NormalizedUserName], [e].[PasswordHash], [e].[PhoneNumber], [e].[PhoneNumberConfirmed], [e].[Picture], [e].[SecurityStamp], [e].[TwoFactorEnabled], [e].[Url], [e].[UserName]
+FROM [Users] AS [e]
+WHERE [e].[Id] = @__get_Item_0
+2018-09-03 15:32:46.575 -03:00 [INF] Executed action method Jp.UserManagement.Controllers.ManagementController.UserData (Jp.UserManagement), returned result Microsoft.AspNetCore.Mvc.OkObjectResult in 873.77150000000006ms.
+2018-09-03 15:32:46.584 -03:00 [INF] Executing ObjectResult, writing value of type 'Jp.Infra.CrossCutting.Tools.Model.DefaultResponse`1[[Jp.Application.ViewModels.ProfileViewModel, Jp.Application, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]'.
+2018-09-03 15:32:46.594 -03:00 [INF] Executed action Jp.UserManagement.Controllers.ManagementController.UserData (Jp.UserManagement) in 1017.3105ms
+2018-09-03 15:32:46.607 -03:00 [INF] Request finished in 1325.4112ms 200 application/json; charset=utf-8
@@ -1,16 +1,19 @@
 using System;
 using System.Reflection;
 using Jp.Infra.CrossCutting.Identity.Entities.Identity;
+using Jp.UI.SSO.Util;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
 
 namespace Jp.UI.SSO.Configuration
 {
     public static class IdentityServerConfig
     {
-        public static IServiceCollection AddIdentityServer(this IServiceCollection services, IConfiguration configuration, IHostingEnvironment environment)
+        public static IServiceCollection AddIdentityServer(this IServiceCollection services,
+            IConfiguration configuration, IHostingEnvironment environment, ILogger logger)
         {
             var connectionString = Environment.GetEnvironmentVariable("SQLSERVER_CONNECTION") ?? configuration.GetConnectionString("SSOConnection");
 
@@ -24,7 +27,7 @@ public static IServiceCollection AddIdentityServer(this IServiceCollection servi
                     options.Events.RaiseFailureEvents = true;
                     options.Events.RaiseSuccessEvents = true;
                     options.IssuerUri = Environment.GetEnvironmentVariable("ISSUER_URI");
-                    options.PublicOrigin = Environment.GetEnvironmentVariable("PUBLIC_ORIGIN");
+                    options.PublicOrigin = Environment.GetEnvironmentVariable("PUBLIC_URI");
                 })
                 .AddAspNetIdentity<UserIdentity>()
                 // this adds the config data from DB (clients, resources)
@@ -43,16 +46,19 @@ public static IServiceCollection AddIdentityServer(this IServiceCollection servi
                     //options.EnableTokenCleanup = true;
                     //options.TokenCleanupInterval = 15; // frequency in seconds to cleanup stale grants. 15 is useful during debugging
                 });
-            if (environment.IsDevelopment())
-            {
-                builder.AddDeveloperSigningCredential(false);
-            }
-            else
-            {
-                throw new Exception("need to configure key material");
-            }
+
+            builder.AddSigninCredentialFromConfig(configuration.GetSection("CertificateOptions"), logger);
+            //if (environment.IsDevelopment())
+            //{
+            //    builder.AddDeveloperSigningCredential(false);
+            //}
+            //else
+            //{
+            //    builder.AddSigninCredentialFromConfig(configuration.GetSection("CertificateOptions"), logger);
+            //}
 
             return services;
         }
+
     }
 }
@@ -1,4 +1,5 @@
-using IdentityServer4.Services;
+using IdentityServer4.Configuration;
+using IdentityServer4.Services;
 using Jp.Infra.CrossCutting.IoC;
 using Jp.UI.SSO.Configuration;
 using MediatR;
@@ -12,11 +13,13 @@ namespace Jp.UI.SSO
 {
     public class Startup
     {
+        private readonly ILogger _logger;
         public IConfiguration Configuration { get; }
         public IHostingEnvironment Environment { get; }
 
-        public Startup(IHostingEnvironment environment, ILogger<DefaultCorsPolicyService> logger)
+        public Startup(IHostingEnvironment environment, ILogger<Startup> logger)
         {
+            _logger = logger;
             var builder = new ConfigurationBuilder()
                 .SetBasePath(environment.ContentRootPath)
                 .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
@@ -46,7 +49,7 @@ public void ConfigureServices(IServiceCollection services)
             });
 
             // Configure identity server
-            services.AddIdentityServer(Configuration, Environment);
+            services.AddIdentityServer(Configuration, Environment, _logger);
 
             // Configure authentication and external logins
             services.AddSocialIntegration(Configuration);
 
@@ -0,0 +1,87 @@
+using System.IO;
+using System.Security.Cryptography.X509Certificates;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+
+namespace Jp.UI.SSO.Util
+{
+    /// <summary>
+    /// Impl of adding a signin key for identity server 4,
+    /// with an appsetting.json configuration look similar to:
+    /// "SigninKeyCredentials": {
+    ///     "KeyType": "KeyFile",
+    ///     "KeyFilePath": "C:\\certificates\\idsv4.pfx",
+    ///     "KeyStorePath": ""
+    /// }
+    /// </summary>
+    public static class SigninCredentialExtension
+    {
+        private const string KeyType = "KeyType";
+        private const string KeyTypeKeyFile = "File";
+        private const string KeyTypeKeyStore = "Store";
+        private const string KeyTypeTemporary = "Temporary";
+        private const string KeyFilePath = "FilePath";
+        private const string KeyFilePassword = "FilePassword";
+        private const string KeyStoreIssuer = "KeyStoreIssuer";
+
+        public static IIdentityServerBuilder AddSigninCredentialFromConfig(
+            this IIdentityServerBuilder builder, IConfigurationSection options, ILogger logger)
+        {
+            string keyType = options.GetValue<string>(KeyType);
+            logger.LogDebug($"SigninCredentialExtension keyType is {keyType}");
+
+            switch (keyType)
+            {
+                case KeyTypeTemporary:
+                    logger.LogDebug($"SigninCredentialExtension adding Temporary Signing Credential");
+                    builder.AddDeveloperSigningCredential(true);
+                    break;
+
+                case KeyTypeKeyFile:
+                    AddCertificateFromFile(builder, options, logger);
+                    break;
+
+                case KeyTypeKeyStore:
+                    AddCertificateFromStore(builder, options, logger);
+                    break;
+            }
+
+            return builder;
+        }
+
+        private static void AddCertificateFromStore(IIdentityServerBuilder builder,
+            IConfigurationSection options, ILogger logger)
+        {
+            var keyIssuer = options.GetValue<string>(KeyStoreIssuer);
+            logger.LogDebug($"SigninCredentialExtension adding key from store by {keyIssuer}");
+
+            X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
+            store.Open(OpenFlags.ReadOnly);
+
+            var certificates = store.Certificates.Find(X509FindType.FindByIssuerName, keyIssuer, true);
+
+            if (certificates.Count > 0)
+                builder.AddSigningCredential(certificates[0]);
+            else
+                logger.LogError("A matching key couldn't be found in the store");
+        }
+
+        private static void AddCertificateFromFile(IIdentityServerBuilder builder,
+            IConfigurationSection options, ILogger logger)
+        {
+            var keyFilePath = options.GetValue<string>(KeyFilePath);
+            var keyFilePassword = options.GetValue<string>(KeyFilePassword);
+
+            if (File.Exists(keyFilePath))
+            {
+                logger.LogDebug($"SigninCredentialExtension adding key from file {keyFilePath}");
+                builder.AddSigningCredential(new X509Certificate2(keyFilePath, keyFilePassword, X509KeyStorageFlags.MachineKeySet));
+            }
+            else
+            {
+                logger.LogError($"SigninCredentialExtension cannot find key file {keyFilePath}");
+            }
+        }
+    }
+}