Develop Reference

ClaimsIdentity cant access methods in official OpenIdDict Samples

I have been very frustrated trying to use openiddict. I can't use any of the pre-existing sample since their ClaimsIdentity uses methods that to me aren't available, for example the identity.SetClaims(), identity.SetScopes() and identity.GetScopes() don't work for me.
This is the official sample Zirku.Server:
var builder = WebApplication.CreateBuilder(args);
// OpenIddict offers native integration with Quartz.NET to perform scheduled tasks
// (like pruning orphaned authorizations/tokens from the database) at regular intervals.
builder.Services.AddQuartz(options =>
{
options.UseMicrosoftDependencyInjectionJobFactory();
options.UseSimpleTypeLoader();
options.UseInMemoryStore();
});
// Register the Quartz.NET service and configure it to block shutdown until jobs are complete.
builder.Services.AddQuartzHostedService(options => options.WaitForJobsToComplete = true);
builder.Services.AddDbContext<DbContext>(options =>
{
// Configure the context to use Microsoft SQL Server.
options.UseSqlServer(builder.Configuration.GetConnectionString("DefaultConnection"));
// Register the entity sets needed by OpenIddict.
// Note: use the generic overload if you need
// to replace the default OpenIddict entities.
options.UseOpenIddict();
});
builder.Services.AddOpenIddict()
// Register the OpenIddict core components.
.AddCore(options =>
{
options.UseEntityFrameworkCore()
.UseDbContext<DbContext>();
})
// Register the OpenIddict server components.
.AddServer(options =>
{
// Enable the authorization, introspection and token endpoints.
options.SetAuthorizationEndpointUris("/authorize")
.SetIntrospectionEndpointUris("/introspect")
.SetTokenEndpointUris("/token");
// Note: this sample only uses the authorization code flow but you can enable
// the other flows if you need to support implicit, password or client credentials.
options.AllowAuthorizationCodeFlow();
// Register the signing credentials.
options.AddDevelopmentSigningCertificate();
// Register the ASP.NET Core host and configure the ASP.NET Core-specific options.
//
// Note: unlike other samples, this sample doesn't use token endpoint pass-through
// to handle token requests in a custom MVC action. As such, the token requests
// will be automatically handled by OpenIddict, that will reuse the identity
// resolved from the authorization code to produce access and identity tokens.
//
options.UseAspNetCore()
.EnableAuthorizationEndpointPassthrough();
})
// Register the OpenIddict validation components.
.AddValidation(options =>
{
// Import the configuration from the local OpenIddict server instance.
options.UseLocalServer();
// Register the ASP.NET Core host.
options.UseAspNetCore();
});
builder.Services.AddAuthorization();
var app = builder.Build();
app.UseHttpsRedirection();
// Create new application registrations matching the values configured in Zirku.Client and Zirku.Api1.
// Note: in a real world application, this step should be part of a setup script.
await using (var scope = app.Services.CreateAsyncScope())
{
var context = scope.ServiceProvider.GetRequiredService<DbContext>();
await context.Database.EnsureCreatedAsync();
await CreateApplicationsAsync();
await CreateScopesAsync();
async Task CreateApplicationsAsync()
{
var manager = scope.ServiceProvider.GetRequiredService<IOpenIddictApplicationManager>();
if (await manager.FindByClientIdAsync("console_app") is null)
{
await manager.CreateAsync(new OpenIddictApplicationDescriptor
{
ClientId = "console_app",
RedirectUris =
{
new Uri("http://localhost:8739/")
},
Permissions =
{
Permissions.Endpoints.Authorization,
Permissions.Endpoints.Token,
Permissions.GrantTypes.AuthorizationCode,
Permissions.ResponseTypes.Code,
Permissions.Scopes.Email,
Permissions.Scopes.Profile,
Permissions.Scopes.Roles,
Permissions.Prefixes.Scope + "api1",
Permissions.Prefixes.Scope + "api2"
}
});
}
if (await manager.FindByClientIdAsync("resource_server_1") is null)
{
await manager.CreateAsync(new OpenIddictApplicationDescriptor
{
ClientId = "resource_server_1",
ClientSecret = "846B62D0-DEF9-4215-A99D-86E6B8DAB342",
Permissions =
{
Permissions.Endpoints.Introspection
}
});
}
// Note: no client registration is created for resource_server_2
// as it uses local token validation instead of introspection.
}
async Task CreateScopesAsync()
{
var manager = scope.ServiceProvider.GetRequiredService<IOpenIddictScopeManager>();
if (await manager.FindByNameAsync("api1") is null)
{
await manager.CreateAsync(new OpenIddictScopeDescriptor
{
Name = "api1",
Resources =
{
"resource_server_1"
}
});
}
if (await manager.FindByNameAsync("api2") is null)
{
await manager.CreateAsync(new OpenIddictScopeDescriptor
{
Name = "api2",
Resources =
{
"resource_server_2"
}
});
}
}
}
app.UseAuthentication();
app.UseAuthorization();
app.MapGet("/api", [Authorize(AuthenticationSchemes = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)]
(ClaimsPrincipal user) => user.Identity!.Name);
app.MapGet("/authorize", async (HttpContext context, IOpenIddictScopeManager manager) =>
{
// Retrieve the OpenIddict server request from the HTTP context.
var request = context.GetOpenIddictServerRequest();
var identifier = (int?)request["hardcoded_identity_id"];
if (identifier is not (1 or 2))
{
return Results.Challenge(
authenticationSchemes: new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
properties: new AuthenticationProperties(new Dictionary<string, string>
{
[OpenIddictServerAspNetCoreConstants.Properties.Error] = Errors.InvalidRequest,
[OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = "The specified hardcoded identity is invalid."
}));
}
// Create the claims-based identity that will be used by OpenIddict to generate tokens.
var identity = new ClaimsIdentity(
authenticationType: TokenValidationParameters.DefaultAuthenticationType,
nameType: Claims.Name,
roleType: Claims.Role);
// Add the claims that will be persisted in the tokens.
identity.AddClaim(new Claim(Claims.Subject, identifier.Value.ToString(CultureInfo.InvariantCulture)));
identity.AddClaim(new Claim(Claims.Name, identifier switch
{
1 => "Alice",
2 => "Bob",
_ => throw new InvalidOperationException()
}));
// Note: in this sample, the client is granted all the requested scopes for the first identity (Alice)
// but for the second one (Bob), only the "api1" scope can be granted, which will cause requests sent
// to Zirku.Api2 on behalf of Bob to be automatically rejected by the OpenIddict validation handler,
// as the access token representing Bob won't contain the "resource_server_2" audience required by Api2.
identity.SetScopes(identifier switch
{
1 => request.GetScopes(),
2 => new[] { "api1" }.Intersect(request.GetScopes()),
_ => throw new InvalidOperationException()
});
identity.SetResources(await manager.ListResourcesAsync(identity.GetScopes()).ToListAsync());
// Allow all claims to be added in the access tokens.
identity.SetDestinations(claim => new[] { Destinations.AccessToken });
return Results.SignIn(new ClaimsPrincipal(identity), properties: null, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
});
app.Run();
I have been trying to convert the samples to identity.AddClaim(), but I am not sure that it works as expected.
Please tell me what I am doing wrong. I am new to authorization and authentication so, as you can imagine, I am not good enough to figure out what is going wrong.
PS If you have any good up-to-date sources so that I can read up on the subject, that would be great.
PS 2 Excuse my english, it is not my first language

How to configure json Name Case policy while using MinimalApi

I'm trying to get result from my minimal API who configured in endpoints of my MVC web application
my Get action configured like this :
endpoints.MapGet(
"HO-CFDZU4/api/Currency/Get",
[PermissionAuthorize(PermissionName.ReadCurrencyDictionary)]
async ([FromServicesAttribute] CurrencyService curency) =>
{
var result = await DataSourceLoader.LoadAsync(curency.Get(), new DataSourceLoadOptions());
return Results.Ok(result);
});
As result i get response with object where property names changed to lowercase, and its not suit for me.
I want to get exactly same name in same case like i return form action.
To get similar effect in MVC i used this code :
services
.AddMvc()
.AddFluentValidation(x => x.RegisterValidatorsFromAssembly(AppDomain.CurrentDomain.GetAssemblies().Where(x => x.FullName.Contains("ApplicationCore")).Single()))
.AddMvcLocalization()
.AddMvcOptions(options =>{})
.AddRazorRuntimeCompilation()
.AddJsonOptions(options =>
{
options.JsonSerializerOptions.PropertyNamingPolicy = null;
options.JsonSerializerOptions.ReferenceHandler = ReferenceHandler.IgnoreCycles;
});
Which setup property naming policy for Json while using action in controllers, and i dont know how to setup same policy for minimalApi.
What Ive tried is to set [JsonPropertyName(name)] And it working good but we have lot of classes and i looking for more global solution.
I also tried configure JsonOptions globally like this:
services.Configure<JsonOptions>(options =>
{
options.JsonSerializerOptions.PropertyNamingPolicy = null;
options.JsonSerializerOptions.ReferenceHandler = ReferenceHandler.IgnoreCycles;
});
But it do nothing

Use JsonOptions from Microsoft.AspNetCore.Http.Json namespace (docs):
services.Configure<JsonOptions>(options =>
{
options.SerializerOptions.PropertyNamingPolicy = null;
options.SerializerOptions.ReferenceHandler = ReferenceHandler.IgnoreCycles;
});
UPD
If your application uses both Minimal APIs endpoints and MVC ones, then you try to configure options from both namespaces:
services.Configure<Microsoft.AspNetCore.Http.Json.JsonOptions>(options =>
{
options.SerializerOptions.PropertyNamingPolicy = null;
options.SerializerOptions.ReferenceHandler = ReferenceHandler.IgnoreCycles;
});
services.Configure<Microsoft.AspNetCore.Mvc.JsonOptions>(options =>
{
options.JsonSerializerOptions.PropertyNamingPolicy = null;
options.JsonSerializerOptions.ReferenceHandler = ReferenceHandler.IgnoreCycles;
});

HttpClient get call using asp net core 3.1 connection attempt failed

I am developing an application which is asp.net core 3.1 mvc application consuming .net core 2.1 api. On local host it working fine but when I publish my web application and try to call httpclient get call it gives me this error.
Here is my start up code.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<FormOptions>(options =>
{
options.ValueLengthLimit = int.MaxValue;
options.MultipartBodyLengthLimit = long.MaxValue; // <-- ! long.MaxValue
options.MultipartBoundaryLengthLimit = int.MaxValue;
options.MultipartHeadersCountLimit = int.MaxValue;
options.MultipartHeadersLengthLimit = int.MaxValue;
});
services.AddControllersWithViews();
services
.AddHttpClient<ApiClient>(opts =>
{
opts.BaseAddress = new Uri("http://falcon****-***-******.com"); /// --- base server url which my apiclient can hit.
});
services.Configure<SettingDTO>(Configuration.GetSection("AppSettings"));
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Account/Login";
});
ResolverService.RegisterModelServices(services, Configuration);
}
Here is my my api server link I kept it in appSettings
"WebApiBaseUrl": "http://falcon****-001-***.***.com/api/"
Here is my api client method.
private async Task<T> GetAsync<T>(Uri requestUrl, string urlParams)
{
var response = await _httpClient.GetAsync($"{requestUrl}?{urlParams}", HttpCompletionOption.ResponseHeadersRead);
response.EnsureSuccessStatusCode();
var resp = await response.Content.ReadAsStringAsync();
return JsonConvert.DeserializeObject<T>(resp);
}
I don't where I am doing it wrong but it is not working when I publish it. On local it is working fine.

ASP.NET Web API HttpContext Response is sent back before IOwinContext Response

We are using Owin middleware in an ASP.NET Web API 2 project hosted in IIS.
I am currently experiencing a strange phenomenon where the IOwinContext.Response.Body is not being written to, and actually, even when I have a break point set in the middleware after awake Next.Invoke(), and it gets hit, the response has already been sent back to the server even if I haven't continued yet.
When I look at the response body on the IOwinContext it is empty. However, I can get the response from the HttpContext.Response.Filter. When I use the HttpContext and hit the break point, then the response isn't sent back until I continue. Below is the current configuration method being used in our Startup.cs class.
public async void Configuration(IAppBuilder app)
{
try
{
// Global Config
var config = GlobalConfiguration.Configuration;
// configure dependency injection
UnityConfig.RegisterComponents();
// configure log for net
log4net.Config.XmlConfigurator.Configure();
// turn around all requests right here
app.Use(async (context, next) =>
{
if (context.Request.Path.ToString() == "/")
{
string text = "UP";
context.Response.StatusCode = 200;
context.Response.ReasonPhrase = text;
await context.Response.WriteAsync(text);
return;
}
await next.Invoke();
});
// Handle exceptions in the OWIN layer here
app.UseUncaughtExceptionHandler();
// add cors headers
app.Use(async (context, next) => { });
// some UI stuff
app.Use(async (context, next) => { });
// Log Request Metrics
app.UseLogRequestMetrics();
// Evaluate Partner Key
app.MapWhen(context => Regex.IsMatch(context.Request.Uri.PathAndQuery.ToLower(), #"/api"), newApp =>
{
#if !DEBUG
newApp.Use<Middleware1>();
#endif
newApp.Use<Middleware2>();
newApp.Use<Middleware3>(); // On the response path back, the IOwinResponse body is already empty
});
WebApiConfig.Register(config);
app.UseWebApi(config); // It seems like I'm losing the response in here, but I don't really know
config.EnsureInitialized();
// Configure object mapping
AutoMapperConfig.Configure();
}
catch (Exception ex)
{
await LogForNetErrorLogger.LogError(ex);
}
}
I'm pretty sure my middleware is messed up, but the response is already gone before it gets back to the first of my middlewares (Middleware3) after the await Next.Invoke()
Any insight or thought provoking would be appreciated. Also, if this isn't enough information please let me know.

So, as in my post above, the problem, I thought, was the HttpResponse was being sent back before the IOwinResponse was. As it turns out, I completely overlooked the mapping section:
app.MapWhen(context => Regex.IsMatch(context.Request.Uri.PathAndQuery.ToLower(), #"/api"), newApp =>
{
#if !DEBUG
newApp.Use<Middleware1>();
#endif
newApp.Use<Middleware2>();
newApp.Use<Middleware3>();
});
When you use app.Map() it branches the middleware. So, if the path matched "/api" it would branch. However, it was also still using the app.UseWebApi() component so that was why I had two different responses and why the response I was expecting wasn't written to the Middleware3 component's IOwinContext.
I fixed it by removing the app.MapWhen() method, changing it from this:
app.MapWhen(context => Regex.IsMatch(context.Request.Uri.PathAndQuery.ToLower(), #"/site"), newApp =>
{
#if !DEBUG
newApp.Use<Middleware1>();
#endif
newApp.Use<Middleware2>();
newApp.Use<Middleware3>(); // On the response path back, the IOwinResponse body is already empty
});
to this:
#if !DEBUG
newApp.Use<Middleware1>();
#endif
newApp.Use<Middleware2>();
newApp.Use<Middleware3>();
and putting this piece of code at the beginning of the middleware components Middleware1, Middleware2, Middleware3:
public override async Task Invoke(IOwinContext context)
{
if (!context.Request.Path.ToString().StartsWith("/api/"))
{
await Next.Invoke(context);
return;
}
// stuff I want to run if the above doesn't match
await Next.Invoke(context);
...
}
Well, at least the fix was simple, even if it took me three weeks to find it. If you want to read up on the IAppBuilder.MapWhen extension method, here is some documentation https://msdn.microsoft.com/en-us/library/owin.mapwhenextensions.mapwhen(v=vs.113).aspx.

Setup View engine in ASP.NET MVC6 to work with AspNet.TestHost.TestServer in Unit Tests

How to setup view engine in ASP.NET MVC 6 to work with test host created by TestServer. I've tried to implement the trick from MVC 6 repo:
[Fact]
public async Task CallMvc()
{
var client = GetTestHttpClient();
//call to HomeController.Index to get Home/Index.cshtml content
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "/");
var response = await client.SendAsync(request);
var content = await response.Content.ReadAsStringAsync();
PAssert.IsTrue(() => content != null);
}
private HttpClient GetTestHttpClient(Action<IServiceCollection> configureServices = null)
{
var applicationServices = CallContextServiceLocator.Locator.ServiceProvider;
var applicationEnvironment = applicationServices.GetRequiredService<IApplicationEnvironment>();
var libraryManager = applicationServices.GetRequiredService<ILibraryManager>();
var startupAssembly = typeof(Startup).Assembly;
var applicationName = startupAssembly.GetName().Name;
var library = libraryManager.GetLibraryInformation(applicationName);
var applicationRoot = Path.GetDirectoryName(library.Path);
var hostingEnvironment = new HostingEnvironment()
{
WebRootPath = applicationRoot
};
var loggerFactory = new LoggerFactory();
var startup = new Startup();
Action<IServiceCollection> configureServicesAction = services =>
{
services.AddInstance(applicationEnvironment);
services.AddInstance<IHostingEnvironment>(hostingEnvironment);
// Inject a custom assembly provider. Overrides AddMvc() because that uses TryAdd().
var assemblyProvider = new FixedSetAssemblyProvider();
assemblyProvider.CandidateAssemblies.Add(startupAssembly);
services.AddInstance<IAssemblyProvider>(assemblyProvider);
startup.ConfigureServices(services);
};
Action<IApplicationBuilder> configureApp = _ => startup.Configure(_, hostingEnvironment, loggerFactory);
var server = TestServer.Create(configureApp, configureServicesAction);
var httpClient = server.CreateClient();
return httpClient;
}
Startup class is just the simplest setup for MVC:
public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Add MVC services to the services container.
services.AddMvc();
}
// Configure is called after ConfigureServices is called.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
// Add MVC to the request pipeline.
app.UseMvc(routes =>
{
routes.MapRoute("default", "{controller=Home}/{action=Index}/{id?}");
});
}
}
I'm getting Response status code does not indicate success: 500 (Internal Server Error) and internally it's not able to locate Index.cshtml view. All paths
below are following Unit Tests library path or dnx path:
var applicationBasePath = _appEnvironment.ApplicationBasePath;
var webRootPath = _env.WebRootPath;
var baseDirectory = AppDomain.CurrentDomain.BaseDirectory;
What is the way to setup view engine and environment to work from UnitTests using TestServer?

Your idea of defining a different environment is going to the right direction.
I have seen a quite elegant solution for this by using extension methods:
https://github.com/bartmax/TestServerMvcHelper
It is even on NuGet but I can't get it working from there. Propably you can incorporate the two classes MvcTestApplicationEnvironment.cs and WebHostBuilderExtensions.cs into your solution.
Then you can setup the TestServer by using this:
var builder = TestServer.CreateBuilder();
builder.UseStartup<Startup>()
.UseEnvironment("Testing")
.UseApplicationPath("YourMvcApplication");
var server = new TestServer(builder);