diff --git a/.vscode/settings.json b/.vscode/settings.json
index 15ccc1f7f066e0dd9eb461d5f3f27d9cda808d6a..8c162fe07e6691d09950dc3e20896ae4f63ed171 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,12 +1,28 @@
{
"cSpell.words": [
+ "Antiforgery",
+ "ASPNETCORE",
"configurationstore",
+ "Consts",
"Dapr",
+ "Dtos",
+ "gstatic",
"Healthchecks",
+ "Hsts",
+ "iamshen",
+ "identitydata",
+ "identityserverdata",
"Idsrv",
"Linq",
+ "Middlerware",
+ "migrateonly",
+ "Oidc",
+ "Pkce",
"Pluggable",
+ "Proto",
"secretstore",
- "statestore"
+ "Serilog",
+ "statestore",
+ "swaggerui"
]
}
\ No newline at end of file
diff --git a/DaprTool.Solution.sln b/DaprTool.Solution.sln
index da4058803824996f8f67ad68bda89bd4c281b974..151b74be572975b817a3ec98a2450711f5185e37 100644
--- a/DaprTool.Solution.sln
+++ b/DaprTool.Solution.sln
@@ -143,6 +143,10 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Idsrv4.Admin.AuditLogging.E
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Idsrv4.Admin.UI", "src\IdentityServer4\src\Idsrv4.Admin.UI\Idsrv4.Admin.UI.csproj", "{07E8E5C4-DA82-44DD-B526-6A4150D5C9FD}"
EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "ProxyServer", "ProxyServer", "{60ABC20F-873F-4DA3-A86B-DAA5B563A2B5}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProxyServer", "src\ProxyServer\ProxyServer.csproj", "{E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60}"
+EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@@ -281,6 +285,10 @@ Global
{07E8E5C4-DA82-44DD-B526-6A4150D5C9FD}.Debug|Any CPU.Build.0 = Debug|Any CPU
{07E8E5C4-DA82-44DD-B526-6A4150D5C9FD}.Release|Any CPU.ActiveCfg = Release|Any CPU
{07E8E5C4-DA82-44DD-B526-6A4150D5C9FD}.Release|Any CPU.Build.0 = Release|Any CPU
+ {E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
@@ -341,6 +349,8 @@ Global
{3A8C58F1-027A-4B82-BEFF-AA82383AE8D7} = {D2F20A9C-E732-43EA-9615-70F9FD46253A}
{36A1CAB5-53B0-46E2-A083-DD3CA9E08BB1} = {D2F20A9C-E732-43EA-9615-70F9FD46253A}
{07E8E5C4-DA82-44DD-B526-6A4150D5C9FD} = {D2F20A9C-E732-43EA-9615-70F9FD46253A}
+ {60ABC20F-873F-4DA3-A86B-DAA5B563A2B5} = {5724FC31-E7B7-4F84-8B04-85E8A7B964DB}
+ {E8CEAD9D-B4BF-4ED1-9DA6-ABC41E797D60} = {60ABC20F-873F-4DA3-A86B-DAA5B563A2B5}
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {CE377903-BDA1-4347-BEC2-62ED2F807EE3}
diff --git a/Directory.Packages.props b/Directory.Packages.props
index bf6d1d9051da65014d3191d678b1deff3a99c6df..0268fe61d715b2c69315cb37f1ec948ae2361887 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -23,6 +23,7 @@
+
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiResourcesController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiResourcesController.cs
index aacbee6b3d1f37a9c338562fa1feecdc84dfb25f..6bcefed9d156a1702a29cf728bf29e1150708f57 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiResourcesController.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiResourcesController.cs
@@ -11,7 +11,7 @@ using Idsrv4.Admin.BusinessLogic.Services.Interfaces;
namespace Idsrv4.Admin.Api.Controllers;
-[Route("api/[controller]")]
+[Route("[controller]")]
[ApiController]
[TypeFilter(typeof(ControllerExceptionFilterAttribute))]
[Produces("application/json", "application/problem+json")]
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiScopesController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiScopesController.cs
index 3bfa5691c07e2554525b5aeb11913abe2bb2adf9..dc291742a0c3d9407f89a23a73bd93c016be4736 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiScopesController.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ApiScopesController.cs
@@ -11,7 +11,7 @@ using Idsrv4.Admin.BusinessLogic.Services.Interfaces;
namespace Idsrv4.Admin.Api.Controllers;
-[Route("api/[controller]")]
+[Route("[controller]")]
[ApiController]
[TypeFilter(typeof(ControllerExceptionFilterAttribute))]
[Produces("application/json", "application/problem+json")]
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ClientsController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ClientsController.cs
index 068bc8c7d76ecb470fa57f905cfc5c3a430712df..b0c40344b9bcf021effa86b4d508cb0386198b5a 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ClientsController.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/ClientsController.cs
@@ -11,7 +11,7 @@ using Idsrv4.Admin.BusinessLogic.Services.Interfaces;
namespace Idsrv4.Admin.Api.Controllers;
-[Route("api/[controller]")]
+[Route("[controller]")]
[ApiController]
[TypeFilter(typeof(ControllerExceptionFilterAttribute))]
[Produces("application/json", "application/problem+json")]
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/IdentityResourcesController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/IdentityResourcesController.cs
index 5a4bb5f90d312578a6520d4ee7ff0d07974bba16..60df84d049bb95b77f69c5d820f39f89fa980706 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/IdentityResourcesController.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/IdentityResourcesController.cs
@@ -11,7 +11,7 @@ using Idsrv4.Admin.BusinessLogic.Services.Interfaces;
namespace Idsrv4.Admin.Api.Controllers;
-[Route("api/[controller]")]
+[Route("[controller]")]
[ApiController]
[TypeFilter(typeof(ControllerExceptionFilterAttribute))]
[Produces("application/json", "application/problem+json")]
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/PersistedGrantsController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/PersistedGrantsController.cs
index 198519aa7fff55bd6ba4fb29e84b814969e317a4..6029918717875ecf675cda13aacaa0560ac2fabb 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/PersistedGrantsController.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/PersistedGrantsController.cs
@@ -10,7 +10,7 @@ using Idsrv4.Admin.BusinessLogic.Identity.Services.Interfaces;
namespace Idsrv4.Admin.Api.Controllers;
-[Route("api/[controller]")]
+[Route("[controller]")]
[ApiController]
[TypeFilter(typeof(ControllerExceptionFilterAttribute))]
[Produces("application/json")]
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/RolesController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/RolesController.cs
index 24e5ec180bbaebd4d332bb63e6018c6f8167c404..ac5271d497ab8c804be27ea517562c1ea5d561fc 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/RolesController.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/RolesController.cs
@@ -15,7 +15,7 @@ using Idsrv4.Admin.BusinessLogic.Identity.Services.Interfaces;
namespace Idsrv4.Admin.Api.Controllers;
-[Route("api/[controller]")]
+[Route("[controller]")]
[ApiController]
[TypeFilter(typeof(ControllerExceptionFilterAttribute))]
[Produces("application/json", "application/problem+json")]
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/UsersController.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/UsersController.cs
index 10c3e5ff46f50da9f523432f55ed1b3e4870acb8..0db8a6765a242d08bef47f01442288a9ac2bc152 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/UsersController.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Controllers/UsersController.cs
@@ -18,7 +18,7 @@ using Idsrv4.Admin.BusinessLogic.Identity.Services.Interfaces;
namespace Idsrv4.Admin.Api.Controllers;
-[Route("api/[controller]")]
+[Route("[controller]")]
[ApiController]
[TypeFilter(typeof(ControllerExceptionFilterAttribute))]
[Produces("application/json", "application/problem+json")]
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Helpers/StartupHelpers.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Helpers/StartupHelpers.cs
index 4d993cb6512bce81b7f337002dac064cb6cd9212..11f2020a30e192b31aa079689c8911873c73e043 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Helpers/StartupHelpers.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Helpers/StartupHelpers.cs
@@ -27,6 +27,7 @@ using Idsrv4.Admin.AuditLogging.EntityFramework.Entities;
using Idsrv4.Admin.AuditLogging.EntityFramework.Extensions;
using Idsrv4.Admin.AuditLogging.EntityFramework.Repositories;
using Idsrv4.Admin.AuditLogging.EntityFramework.Services;
+using Microsoft.AspNetCore.Authorization;
namespace Idsrv4.Admin.Api.Helpers;
@@ -199,6 +200,17 @@ public static class StartupHelpers
options.Authority = adminApiConfiguration.IdentityServerBaseUrl;
options.RequireHttpsMetadata = adminApiConfiguration.RequireHttpsMetadata;
options.Audience = adminApiConfiguration.OidcApiName;
+
+ options.Events = new JwtBearerEvents
+ {
+ // 认证失败事件
+ OnAuthenticationFailed = context =>
+ {
+ Log.Error(context.Exception, "认证失败事件");
+ return System.Threading.Tasks.Task.CompletedTask;
+ },
+
+ };
});
}
@@ -258,6 +270,7 @@ public static class StartupHelpers
policy =>
policy.RequireAssertion(context => context.User.HasClaim(c =>
(c.Type == JwtClaimTypes.Role && c.Value == adminApiConfiguration.AdministrationRole) ||
+ (c.Type == System.Security.Claims.ClaimsIdentity.DefaultRoleClaimType && c.Value == adminApiConfiguration.AdministrationRole) ||
(c.Type == $"client_{JwtClaimTypes.Role}" &&
c.Value == adminApiConfiguration.AdministrationRole)
) && context.User.HasClaim(c
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Idsrv4.Admin.Api.csproj b/src/IdentityServer4/src/Idsrv4.Admin.Api/Idsrv4.Admin.Api.csproj
index 016d5aaa618134074694894bcd8b632ddd0ce52e..01dda19c5d0b874b595b6f56e310eb6d07c3f776 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Idsrv4.Admin.Api.csproj
+++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Idsrv4.Admin.Api.csproj
@@ -38,9 +38,7 @@
-
-
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/Program.cs b/src/IdentityServer4/src/Idsrv4.Admin.Api/Program.cs
index a3a33aa5f5e43350d293ea6070ac565730e56c4f..4a90a008b003eaa106017279159c6d6b87a2e1f4 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.Api/Program.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/Program.cs
@@ -1,4 +1,5 @@
using Idsrv4.Admin.Shared.ModuleInitializer;
+using Microsoft.AspNetCore.Http;
var builder = WebApplication.CreateBuilder();
@@ -118,6 +119,14 @@ try
if (app.Environment.IsDevelopment()) app.UseDeveloperExceptionPage();
+ #region BasePath
+
+ string basePath = builder.Configuration.GetValue("BasePath");
+ if (!string.IsNullOrWhiteSpace(basePath))
+ app.UsePathBase(new PathString(basePath));
+
+ #endregion
+
#region Swagger
app.UseSwagger();
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.Api/appsettings.json b/src/IdentityServer4/src/Idsrv4.Admin.Api/appsettings.json
index ef998a1bf4e495c3f55c80caccbc41c6cffa2867..a6d26fb0a7b107f216fc98a9aa1d0d1faafb87dd 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.Api/appsettings.json
+++ b/src/IdentityServer4/src/Idsrv4.Admin.Api/appsettings.json
@@ -10,8 +10,8 @@
"AdminApiConfiguration": {
"ApiName": "IdentityServer4 Admin Api",
"ApiVersion": "v1",
- "ApiBaseUrl": "https://localhost:44302",
- "IdentityServerBaseUrl": "https://localhost:44310",
+ "ApiBaseUrl": "https://localhost:44444/api/auth",
+ "IdentityServerBaseUrl": "https://localhost:44444/auth",
"OidcSwaggerUIClientId": "identity_admin_api_swaggerui",
"OidcApiName": "identity_admin_api",
"AdministrationRole": "Administrator",
@@ -19,6 +19,7 @@
"CorsAllowAnyOrigin": true,
"CorsAllowOrigins": []
},
+ "BasePath": "/api/auth",
"SmtpConfiguration": {
"Host": "",
"Login": "",
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Helpers/StartupHelpers.cs b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Helpers/StartupHelpers.cs
index 804b70ab3a5dae005459df3b51a35de210b58f95..60eb10c977000c59c783b2f13ab9f44472b6b263 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Helpers/StartupHelpers.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Helpers/StartupHelpers.cs
@@ -95,11 +95,13 @@ public static class StartupHelpers
{
var forwardingOptions = new ForwardedHeadersOptions
{
- ForwardedHeaders = ForwardedHeaders.All
+ ForwardedHeaders = ForwardedHeaders.All,
+ KnownNetworks = {},
+ KnownProxies = {}
};
- forwardingOptions.KnownNetworks.Clear();
- forwardingOptions.KnownProxies.Clear();
+ // forwardingOptions.KnownNetworks.Clear();
+ // forwardingOptions.KnownProxies.Clear();
app.UseForwardedHeaders(forwardingOptions);
@@ -356,7 +358,7 @@ public static class StartupHelpers
where TUserIdentity : class
{
var configurationSection = configuration.GetSection(nameof(IdentityServerOptions));
-
+
var builder = services.AddIdentityServer(options => configurationSection.Bind(options))
.AddConfigurationStore()
.AddOperationalStore()
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Program.cs b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Program.cs
index c4539ce874bb5b2bc5781fc3ad01b3785f353d99..7d028adbf15cb19886453ce49fbc52d5d15b8794 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Program.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Program.cs
@@ -1,4 +1,6 @@
using Idsrv4.Admin.Shared.ModuleInitializer;
+using Microsoft.AspNetCore.Http;
+using Microsoft.IdentityModel.Logging;
var builder = WebApplication.CreateBuilder();
@@ -79,7 +81,18 @@ try
#endregion
var app = builder.Build();
+ IdentityModelEventSource.ShowPII = true;
+ // Add custom security headers
+ app.UseSecurityHeaders(builder.Configuration);
+
+ #region BasePath
+
+ string basePath = builder.Configuration.GetValue("BasePath");
+ if (!string.IsNullOrWhiteSpace(basePath))
+ app.UsePathBase(new PathString(basePath));
+ #endregion
+
app.UseCookiePolicy();
if (app.Environment.IsDevelopment())
@@ -87,13 +100,10 @@ try
else
app.UseHsts();
- app.UsePathBase(builder.Configuration.GetValue("BasePath"));
app.UseStaticFiles();
app.UseIdentityServer();
- // Add custom security headers
- app.UseSecurityHeaders(builder.Configuration);
app.UseMvcLocalizationServices();
@@ -107,8 +117,6 @@ try
ResponseWriter = UIResponseWriter.WriteHealthCheckUIResponse
});
-
- //NpgsqlModuleInitializer.EnableLegacyTimestampBehavior();
await app.RunAsync();
}
catch (Exception ex)
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Properties/launchSettings.json b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Properties/launchSettings.json
index 991406692c2d946a7c40bf537123f3a39b52edd0..aaf27c9f8599c52670076e6d009983025bfa70b9 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Properties/launchSettings.json
+++ b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/Properties/launchSettings.json
@@ -1,20 +1,5 @@
{
- "iisSettings": {
- "windowsAuthentication": false,
- "anonymousAuthentication": true,
- "iisExpress": {
- "applicationUrl": "https://localhost:44310",
- "sslPort": 44310
- }
- },
"profiles": {
- "IIS Express": {
- "commandName": "IISExpress",
- "launchBrowser": true,
- "environmentVariables": {
- "ASPNETCORE_ENVIRONMENT": "Development"
- }
- },
"Reborn.IdentityServer4.AspNetIdentity": {
"commandName": "Project",
"launchBrowser": true,
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/appsettings.json b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/appsettings.json
index dd89f64d8031ae803651862dfd9a381e3b2545d3..d28b48d778cebf9dbabc937600a875398a812f80 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/appsettings.json
+++ b/src/IdentityServer4/src/Idsrv4.Admin.STS.Identity/appsettings.json
@@ -66,7 +66,7 @@
"FaviconUri": "~/favicon.ico",
"Theme": null,
"CustomThemeCss": null,
- "IdentityAdminBaseUrl": "https://localhost:44303",
+ "IdentityAdminBaseUrl": "https://localhost:44303/auth/admin",
"AdministrationRole": "Administrator"
},
"CspTrustedDomains": [
@@ -86,7 +86,7 @@
"RaiseSuccessEvents": true
}
},
- "BasePath": "",
+ "BasePath": "/auth",
"IdentityOptions": {
"Password": {
"RequiredLength": 8
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/DependencyInjection/AdminUIServiceCollectionExtensions.cs b/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/DependencyInjection/AdminUIServiceCollectionExtensions.cs
index 2fccc87b5b8982af3b1254248bc233695a6e7a18..fbadf54cb41ec82bb4aad186ddcb4bc011836103 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/DependencyInjection/AdminUIServiceCollectionExtensions.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/DependencyInjection/AdminUIServiceCollectionExtensions.cs
@@ -78,7 +78,7 @@ public static class AdminUiServiceCollectionExtensions
RoleClaimDto>(services, optionsAction);
///
- /// Adds the Skoruba IdentityServer4 Admin UI with a fully custom entity model and database contexts.
+ /// Adds the IdentityServer4 Admin UI with a fully custom entity model and database contexts.
///
///
///
@@ -201,7 +201,7 @@ public static class AdminUiServiceCollectionExtensions
services.AddSingleton(options.Testing);
services.AddSingleton(options.Security);
services.AddSingleton(options.Http);
- services.AddTransient();
+ // services.AddTransient();
return services;
}
diff --git a/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/StartupHelpers.cs b/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/StartupHelpers.cs
index 811e0745beaaf78dc3acce5e5dc2e890cb9e3378..fd6d9554bb78ea9b5461e7f27426e8ec294b893a 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/StartupHelpers.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin.UI/Helpers/StartupHelpers.cs
@@ -349,6 +349,7 @@ public static class StartupHelpers
options.DefaultForbidScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignOutScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme,
options => { options.Cookie.Name = adminConfiguration.IdentityAdminCookieName; })
diff --git a/src/IdentityServer4/src/Idsrv4.Admin/Program.cs b/src/IdentityServer4/src/Idsrv4.Admin/Program.cs
index 7d8916ba7d749a64136b05f0053a37d5fb5924b9..1624d7a3407d5e98ea0c08fae85b578946f1c428 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin/Program.cs
+++ b/src/IdentityServer4/src/Idsrv4.Admin/Program.cs
@@ -1,4 +1,7 @@
using Idsrv4.Admin.Shared.ModuleInitializer;
+using Idsrv4.Admin.UI.Configuration;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Idsrv4.Admin.UI.Helpers;
const string seedArgs = "/seed";
const string migrateOnlyArgs = "/migrateonly";
@@ -38,6 +41,8 @@ try
// Applies configuration from appsettings.
options.BindConfiguration(builder.Configuration);
+ builder.Services.TryAddSingleton(options.Http);
+
options.Security.UseDeveloperExceptionPage = builder.Environment.IsDevelopment();
options.Security.UseHsts = builder.Environment.IsDevelopment();
@@ -46,6 +51,7 @@ try
MigrationAssemblyConfiguration.GetMigrationAssemblyByProvider(options.DatabaseProvider);
options.DatabaseMigrations.SetMigrationsAssemblies(migrationsAssembly);
+
// Use production DbContexts and auth services.
options.Testing.IsStaging = false;
});
@@ -69,6 +75,32 @@ try
var app = builder.Build();
+ var httpConfiguration = app.Services.GetRequiredService();
+ var securityConfiguration = app.Services.GetRequiredService();
+
+ #region SecurityHeaders
+
+ // Add custom security headers
+ app.UseSecurityHeaders(securityConfiguration.CspTrustedDomains);
+
+ #endregion
+
+ #region BasePath
+
+ if (!string.IsNullOrWhiteSpace(httpConfiguration.BasePath))
+ app.UsePathBase(httpConfiguration.BasePath);
+
+ #endregion
+
+ app.UseCookiePolicy();
+
+ if (securityConfiguration.UseDeveloperExceptionPage)
+ app.UseDeveloperExceptionPage();
+ else
+ app.UseExceptionHandler("/Home/Error");
+
+ if (securityConfiguration.UseHsts) app.UseHsts();
+
#region Migrations
@@ -85,6 +117,12 @@ try
#region Middleware
+
+ app.UseStaticFiles();
+
+ // Use Localization
+ app.ConfigureLocalization();
+
app.UseRouting();
app.UseIdentityServer4AdminUi();
app.MapIdentityServer4AdminUi();
@@ -92,8 +130,6 @@ try
#endregion
- //NpgsqlModuleInitializer.EnableLegacyTimestampBehavior();
-
await app.RunAsync();
}
catch (Exception ex)
diff --git a/src/IdentityServer4/src/Idsrv4.Admin/appsettings.json b/src/IdentityServer4/src/Idsrv4.Admin/appsettings.json
index 2a775c0acb91dd31115e6dbdf8c200f3c0c48ddf..34b91f1d602ba6acb123d81b335d12c1aaa33a62 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin/appsettings.json
+++ b/src/IdentityServer4/src/Idsrv4.Admin/appsettings.json
@@ -8,10 +8,10 @@
"DataProtectionDbConnection": "Server=localhost;Port=5432;Database=idsrv4;User Id=idsrv4;Password=Local@Db;Pooling=true;MaxPoolSize=100;"
},
"SeedConfiguration": {
- "ApplySeed": true
+ "ApplySeed": false
},
"DatabaseMigrationsConfiguration": {
- "ApplyDatabaseMigrations": true
+ "ApplyDatabaseMigrations": false
},
"DatabaseProviderConfiguration": {
"ProviderType": "PostgreSQL"
@@ -19,8 +19,8 @@
"AdminConfiguration": {
"PageTitle": "IdentityServer4 Admin",
"FaviconUri": "~/favicon.ico",
- "IdentityAdminRedirectUri": "https://localhost:44303/signin-oidc",
- "IdentityServerBaseUrl": "https://localhost:44310",
+ "IdentityAdminRedirectUri": "https://localhost:44444/auth/admin/signin-oidc",
+ "IdentityServerBaseUrl": "https://localhost:44444/auth",
"IdentityAdminCookieName": "IdentityServerAdmin",
"IdentityAdminCookieExpiresUtcHours": 12,
"RequireHttpsMetadata": false,
@@ -66,7 +66,7 @@
"DefaultCulture": null
},
"HttpConfiguration": {
- "BasePath": ""
+ "BasePath": "/auth/admin"
},
"IdentityOptions": {
"Password": {
diff --git a/src/IdentityServer4/src/Idsrv4.Admin/identityserverdata.json b/src/IdentityServer4/src/Idsrv4.Admin/identityserverdata.json
index 5fa4edbfa35b5b44abe7abc6e996589711ae11f9..60319d6103cc9082c892b457019c0583ba6c4d4d 100644
--- a/src/IdentityServer4/src/Idsrv4.Admin/identityserverdata.json
+++ b/src/IdentityServer4/src/Idsrv4.Admin/identityserverdata.json
@@ -84,7 +84,7 @@
{
"ClientId": "identity_admin",
"ClientName": "identity_admin",
- "ClientUri": "https://localhost:44303",
+ "ClientUri": "https://localhost:44303/authAdmin",
"AllowedGrantTypes": [
"authorization_code"
],
@@ -95,14 +95,14 @@
}
],
"RedirectUris": [
- "https://localhost:44303/signin-oidc"
+ "https://localhost:44303/authAdmin/signin-oidc"
],
- "FrontChannelLogoutUri": "https://localhost:44303/signout-oidc",
+ "FrontChannelLogoutUri": "https://localhost:44303/authAdmin/signout-oidc",
"PostLogoutRedirectUris": [
- "https://localhost:44303/signout-callback-oidc"
+ "https://localhost:44303/authAdmin/signout-callback-oidc"
],
"AllowedCorsOrigins": [
- "https://localhost:44303"
+ "https://localhost:44303/authAdmin"
],
"AllowedScopes": [
"openid",
diff --git a/src/ProxyServer/Program.cs b/src/ProxyServer/Program.cs
new file mode 100644
index 0000000000000000000000000000000000000000..df37911134e5c872db955edff25e280df1eebb1e
--- /dev/null
+++ b/src/ProxyServer/Program.cs
@@ -0,0 +1,13 @@
+var builder = WebApplication.CreateBuilder(args);
+
+
+// 如果不知道 路由 匹配 match 怎么配置 请参考链接
+// https://learn.microsoft.com/zh-cn/aspnet/core/fundamentals/routing?view=aspnetcore-8.0#route-templates
+builder.Services.AddReverseProxy()
+ .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy"));
+
+var app = builder.Build();
+
+app.MapReverseProxy();
+
+app.Run();
\ No newline at end of file
diff --git a/src/ProxyServer/Properties/launchSettings.json b/src/ProxyServer/Properties/launchSettings.json
new file mode 100644
index 0000000000000000000000000000000000000000..0d382ecb407c501356cc131534460995586d47d5
--- /dev/null
+++ b/src/ProxyServer/Properties/launchSettings.json
@@ -0,0 +1,14 @@
+{
+ "$schema": "http://json.schemastore.org/launchsettings.json",
+ "profiles": {
+ "https": {
+ "commandName": "Project",
+ "dotnetRunMessages": true,
+ "launchBrowser": true,
+ "applicationUrl": "https://localhost:44444",
+ "environmentVariables": {
+ "ASPNETCORE_ENVIRONMENT": "Development"
+ }
+ }
+ }
+}
diff --git a/src/ProxyServer/ProxyServer.csproj b/src/ProxyServer/ProxyServer.csproj
new file mode 100644
index 0000000000000000000000000000000000000000..741151cffc7025b59fb28e770ad445382f2b6d07
--- /dev/null
+++ b/src/ProxyServer/ProxyServer.csproj
@@ -0,0 +1,5 @@
+
+
+
+
+
diff --git a/src/ProxyServer/appsettings.json b/src/ProxyServer/appsettings.json
new file mode 100644
index 0000000000000000000000000000000000000000..d142f32c7cb0fb6eddd22a6dd7a525799d2f5f3b
--- /dev/null
+++ b/src/ProxyServer/appsettings.json
@@ -0,0 +1,128 @@
+{
+ "Logging": {
+ "LogLevel": {
+ "Default": "Information",
+ "Microsoft.AspNetCore": "Warning"
+ }
+ },
+ "AllowedHosts": "*",
+ "ReverseProxy": {
+ "Routes": {
+ "adminRoute": {
+ "ClusterId": "adminCluster",
+ "Order": 100, // 数字越小优先级越高
+ "Match": {
+ "Path": "/admin/{**catch-all}"
+ },
+ "Transforms": [
+ {
+ "RequestHeader": "X-Forwarded-Host",
+ "Set": "{Host}"
+ },
+ {
+ "RequestHeader": "X-Forwarded-Proto",
+ "Set": "https"
+ },
+ {
+ "RequestHeader": "X-Forwarded-Prefix",
+ "Set": "/admin"
+ }
+ ]
+ },
+ "authAdminRoute": {
+ "ClusterId": "authAdminCluster",
+ "Order": 99, // 数字越小优先级越高
+ "Match": {
+ "Path": "/auth/admin/{**catch-all}"
+ },
+ "Transforms": [
+ {
+ "RequestHeader": "X-Forwarded-Host",
+ "Set": "{Host}"
+ },
+ {
+ "RequestHeader": "X-Forwarded-Proto",
+ "Set": "https"
+ },
+ {
+ "RequestHeader": "X-Forwarded-Prefix",
+ "Set": "/auth/admin"
+ }
+ ]
+ },
+ "authApiRoute": {
+ "ClusterId": "authApiCluster",
+ "Order": 100, // 数字越小优先级越高
+ "Match": {
+ "Path": "/api/auth/{**catch-all}"
+ },
+ "Transforms": [
+ // { "PathRemovePrefix": "/api/auth" },
+ {
+ "RequestHeader": "X-Forwarded-Host",
+ "Set": "{Host}"
+ },
+ {
+ "RequestHeader": "X-Forwarded-Proto",
+ "Set": "https"
+ },
+ {
+ "RequestHeader": "X-Forwarded-Prefix",
+ "Set": "/api/auth"
+ }
+ ]
+ },
+ "authRoute": {
+ "ClusterId": "authCluster",
+ "Order": 100, // 数字越小优先级越高
+ "Match": {
+ "Path": "/auth/{**catch-all}"
+ },
+ "Transforms": [
+ {
+ "RequestHeader": "X-Forwarded-Host",
+ "Set": "{Host}"
+ },
+ {
+ "RequestHeader": "X-Forwarded-Proto",
+ "Set": "https"
+ },
+ {
+ "RequestHeader": "X-Forwarded-Prefix",
+ "Set": "/auth"
+ }
+ ]
+ }
+ },
+ "Clusters": {
+ "adminCluster": {
+ "Destinations": {
+ "destination1": {
+ "Address": "https://localhost:7273/"
+ }
+ }
+ },
+ "authCluster": {
+ "Destinations": {
+ "destination1": {
+ "Address": "https://localhost:44310/"
+ }
+ }
+ },
+ "authAdminCluster": {
+ "Destinations": {
+ "destination1": {
+ "Address": "https://localhost:44303/"
+ }
+ }
+ },
+ "authApiCluster": {
+ "Destinations": {
+ "destination1": {
+ "Address": "https://localhost:44302/"
+ }
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/Web/WebAdmin/Components/App.razor b/src/Web/WebAdmin/Components/App.razor
index c825426786b8a4bb396e5fd7c99c65093cb74d8e..5fb12eecca9b6637c9603c8a72d8113a34c0e8d6 100644
--- a/src/Web/WebAdmin/Components/App.razor
+++ b/src/Web/WebAdmin/Components/App.razor
@@ -1,10 +1,12 @@
-
+@inject HttpConfiguration HttpConfiguration
+
+
-
+
diff --git a/src/Web/WebAdmin/Program.cs b/src/Web/WebAdmin/Program.cs
index 7f7b80f6da0099916f70cd6f952c18ac045e0369..c4d8043ef18317fd86d1827c6a380b1aba63dc7f 100644
--- a/src/Web/WebAdmin/Program.cs
+++ b/src/Web/WebAdmin/Program.cs
@@ -1,4 +1,5 @@
using System.Globalization;
+using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.FluentUI.AspNetCore.Components;
using WebAdmin.Components;
using WebAdmin.Shared.Configurations;
@@ -25,6 +26,31 @@ builder.Services.AddFluentUIComponents();
builder.Services.AddControllers();
var app = builder.Build();
+#region BasePath
+
+if (!string.IsNullOrWhiteSpace(adminUiOptions.Http.BasePath))
+ app.UsePathBase(new PathString(adminUiOptions.Http.BasePath));
+
+#endregion
+
+#region ForwardedHeaders
+// forward
+var forwardingOptions = new ForwardedHeadersOptions
+{
+ ForwardedHeaders = ForwardedHeaders.All
+};
+
+forwardingOptions.KnownNetworks.Clear();
+forwardingOptions.KnownProxies.Clear();
+
+app.UseForwardedHeaders(forwardingOptions);
+
+app.UseXXssProtection(options => options.EnabledWithBlockMode());
+app.UseXContentTypeOptions();
+app.UseXfo(options => options.SameOrigin());
+app.UseReferrerPolicy(options => options.NoReferrer());
+#endregion
+
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
@@ -36,7 +62,7 @@ else
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
-
+app.UseRouting();
app.UseHttpsRedirection();
app.MapControllers();
app.UseRequestLocalization(options =>
@@ -46,7 +72,7 @@ app.UseRequestLocalization(options =>
(cultureConfiguration?.Cultures?.Count > 0
? cultureConfiguration.Cultures.Intersect(CultureConfiguration.AvailableCultures)
: CultureConfiguration.AvailableCultures).ToArray();
- if (!supportedCultureCodes.Any())
+ if (!supportedCultureCodes.Any())
supportedCultureCodes = CultureConfiguration.AvailableCultures;
var defaultCultureCode = string.IsNullOrEmpty(cultureConfiguration?.DefaultCulture)
? CultureConfiguration.DefaultRequestCulture
diff --git a/src/Web/WebAdmin/Properties/launchSettings.json b/src/Web/WebAdmin/Properties/launchSettings.json
index 8e35d658144e16adf860744dda883c3dc11804f3..300cfeb429de54350296cb7d2fa20931488f21aa 100644
--- a/src/Web/WebAdmin/Properties/launchSettings.json
+++ b/src/Web/WebAdmin/Properties/launchSettings.json
@@ -1,15 +1,15 @@
{
"$schema": "http://json.schemastore.org/launchsettings.json",
- "profiles": {
- "https": {
- "commandName": "Project",
- "dotnetRunMessages": true,
- "launchBrowser": true,
- "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
- "applicationUrl": "https://localhost:7273;http://localhost:5172",
- "environmentVariables": {
- "ASPNETCORE_ENVIRONMENT": "Development"
- }
+ "profiles": {
+ "https": {
+ "commandName": "Project",
+ "dotnetRunMessages": true,
+ "launchBrowser": true,
+ "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
+ "applicationUrl": "https://localhost:7273",
+ "environmentVariables": {
+ "ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
+}
\ No newline at end of file
diff --git a/src/Web/WebAdmin/WebAdmin.csproj b/src/Web/WebAdmin/WebAdmin.csproj
index 3c46fc8d39ecf6b3251411e7bfb170c33d2eaed3..99da8012f82cd77482e8d06eece9e0121e053780 100644
--- a/src/Web/WebAdmin/WebAdmin.csproj
+++ b/src/Web/WebAdmin/WebAdmin.csproj
@@ -3,6 +3,7 @@
+
diff --git a/src/Web/WebAdmin/appsettings.Development.json b/src/Web/WebAdmin/appsettings.Development.json
index 01daaa3b7154d27cb2a005600a43a291192a53e7..3bc2d7384a2c50ad29e392234e00f9de97cd84f3 100644
--- a/src/Web/WebAdmin/appsettings.Development.json
+++ b/src/Web/WebAdmin/appsettings.Development.json
@@ -44,6 +44,6 @@
},
"HttpConfiguration": {
- "BasePath": ""
+ "BasePath": "/admin/"
}
}