Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 khwezi
|
ad2ea48592 | ||
 Khwezi Mngoma
|
bf36bb6bbc | ||
|
khwezi
|
0a9a459892 | ||
|
Khwezi Mngoma
|
00d43c8f10 | ||
|
khwezi
|
f5a69de0a0 | ||
|
Khwezi Mngoma
|
40a5f94941 | ||
|
khwezi
|
fc4db32f20 | ||
|
Khwezi Mngoma
|
9cb4b8264d | ||
|
Khwezi Mngoma
|
ddd823afab |
@@ -54,12 +54,22 @@ public static class Api
|
|||||||
|
|
||||||
public static IServiceCollection AddLiteCharmsWebSecurity(this IServiceCollection services, IConfiguration configuration)
|
public static IServiceCollection AddLiteCharmsWebSecurity(this IServiceCollection services, IConfiguration configuration)
|
||||||
{
|
{
|
||||||
var certificate = X509CertificateLoader.LoadPkcs12(Convert.FromBase64String(configuration["DataProtection:Certificate"]!), configuration["DataProtection:Password"]);
|
var certString = configuration["DataProtection:Certificate"] ?? configuration["DataProtection__Certificate"];
|
||||||
|
var certPassword = configuration["DataProtection:Password"] ?? configuration["DataProtection__Password"];
|
||||||
|
|
||||||
|
if (string.IsNullOrEmpty(certString))
|
||||||
|
throw new InvalidOperationException("Data Protection Certificate configuration is missing.");
|
||||||
|
|
||||||
|
var certificate = X509CertificateLoader.LoadPkcs12(Convert.FromBase64String(certString), certPassword);
|
||||||
|
|
||||||
services.AddDataProtection().PersistKeysToDbContext<DataProtectionDbContext>()
|
services.AddDataProtection().PersistKeysToDbContext<DataProtectionDbContext>()
|
||||||
.ProtectKeysWithCertificate(certificate)
|
.ProtectKeysWithCertificate(certificate)
|
||||||
.SetApplicationName("LiteCharmsApp");
|
.SetApplicationName("LiteCharmsApp");
|
||||||
|
|
||||||
|
services.Configure<DataProtectionOptions>(options => options.ApplicationDiscriminator = "LiteCharmsApp");
|
||||||
|
|
||||||
|
services.ConfigureCookieOidcSameSiteSupport();
|
||||||
|
|
||||||
var configSection = configuration.GetSection(nameof(LiteCharmsSettings));
|
var configSection = configuration.GetSection(nameof(LiteCharmsSettings));
|
||||||
|
|
||||||
var authOptions = new LiteCharmsSettings();
|
var authOptions = new LiteCharmsSettings();
|
||||||
@@ -124,6 +134,30 @@ public static class Api
|
|||||||
return services;
|
return services;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static void ConfigureCookieOidcSameSiteSupport(this IServiceCollection services) =>
|
||||||
|
services.Configure<CookiePolicyOptions>(options =>
|
||||||
|
{
|
||||||
|
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
|
||||||
|
options.OnAppendCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
|
||||||
|
options.OnDeleteCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
|
||||||
|
});
|
||||||
|
|
||||||
|
private static void CheckSameSite(HttpContext httpContext, CookieOptions options)
|
||||||
|
{
|
||||||
|
if (options.SameSite == SameSiteMode.None)
|
||||||
|
{
|
||||||
|
bool isSecure = httpContext.Request.IsHttps;
|
||||||
|
|
||||||
|
if (!isSecure && httpContext.Request.Headers.TryGetValue("X-Forwarded-Proto", out var proto))
|
||||||
|
isSecure = string.Equals(proto, "https", StringComparison.OrdinalIgnoreCase);
|
||||||
|
|
||||||
|
if (!isSecure && httpContext.Request.Headers.TryGetValue("Forwarded", out var forwarded))
|
||||||
|
isSecure = forwarded.ToString().Contains("proto=https", StringComparison.OrdinalIgnoreCase);
|
||||||
|
|
||||||
|
if (!isSecure) options.SameSite = SameSiteMode.Unspecified;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public static IServiceCollection AddLiteCharmsApiSecurity(this IServiceCollection services, IConfiguration configuration)
|
public static IServiceCollection AddLiteCharmsApiSecurity(this IServiceCollection services, IConfiguration configuration)
|
||||||
{
|
{
|
||||||
var configSection = configuration.GetSection(nameof(LiteCharmsSettings));
|
var configSection = configuration.GetSection(nameof(LiteCharmsSettings));
|
||||||
|
|||||||
Reference in New Issue
Block a user