OIDC Integration
This commit is contained in:
@@ -1,10 +1,13 @@
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
|
||||
using Microsoft.OpenApi.Models;
|
||||
|
||||
using Serilog;
|
||||
|
||||
using watcher_monitoring.Configuration;
|
||||
using watcher_monitoring.Data;
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
@@ -27,6 +30,10 @@ builder.Host.UseSerilog();
|
||||
DotNetEnv.Env.Load();
|
||||
builder.Configuration.AddEnvironmentVariables();
|
||||
|
||||
// OIDC-Einstellungen laden
|
||||
var oidcSettings = OidcSettings.FromEnvironment();
|
||||
builder.Services.AddSingleton(oidcSettings);
|
||||
|
||||
// Konfiguration laden
|
||||
var configuration = builder.Configuration;
|
||||
|
||||
@@ -44,7 +51,7 @@ builder.Services.AddDbContext<WatcherDbContext>((serviceProvider, options) =>
|
||||
builder.Services.AddControllersWithViews();
|
||||
|
||||
// Cookie-basierte Authentifizierung
|
||||
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
||||
var authBuilder = builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
||||
.AddCookie(options =>
|
||||
{
|
||||
options.LoginPath = "/Auth/Login";
|
||||
@@ -57,6 +64,36 @@ builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationSc
|
||||
options.Cookie.SameSite = SameSiteMode.Lax;
|
||||
});
|
||||
|
||||
// OIDC-Authentifizierung (wenn aktiviert)
|
||||
if (oidcSettings.IsValid)
|
||||
{
|
||||
Log.Information("OIDC-Authentifizierung aktiviert für Authority: {Authority}", oidcSettings.Authority);
|
||||
authBuilder.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
|
||||
{
|
||||
options.Authority = oidcSettings.Authority;
|
||||
options.ClientId = oidcSettings.ClientId;
|
||||
options.ClientSecret = oidcSettings.ClientSecret;
|
||||
options.ResponseType = OpenIdConnectResponseType.Code;
|
||||
options.SaveTokens = true;
|
||||
options.GetClaimsFromUserInfoEndpoint = true;
|
||||
options.CallbackPath = oidcSettings.CallbackPath;
|
||||
options.SignedOutCallbackPath = "/signout-callback-oidc";
|
||||
|
||||
options.Scope.Clear();
|
||||
foreach (var scope in oidcSettings.GetScopes())
|
||||
{
|
||||
options.Scope.Add(scope);
|
||||
}
|
||||
|
||||
options.TokenValidationParameters.NameClaimType = oidcSettings.ClaimUsername;
|
||||
options.TokenValidationParameters.RoleClaimType = "roles";
|
||||
});
|
||||
}
|
||||
else if (oidcSettings.Enabled)
|
||||
{
|
||||
Log.Warning("OIDC ist aktiviert aber nicht korrekt konfiguriert. Erforderlich: OIDC_AUTHORITY, OIDC_CLIENT_ID, OIDC_CLIENT_SECRET");
|
||||
}
|
||||
|
||||
builder.Services.AddAuthorization();
|
||||
|
||||
// Health Checks
|
||||
|
||||
Reference in New Issue
Block a user