Versions Compared

Version Old Version 3 New Version Current
Changes made by

Former user

Silvan Grüter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Introduction

Die The API wird via .net Dependency-Injection konfiguriert. Abhängig von der OpenId-Client-Konfiguration und dem gewünschten Authentifizierungsverfahren kann die Konfiguration anders aussehen.

...

is configured via .NET dependency injection. Depending on the Openld client configuration and desired authentication method, the configuration can look different.

Basic options

ApiBaseUri

The URL under which the API can be reached, Example: https://localhost:8000/apiv2/latest

ExplodeFlatChainProperties

Default: true

Defines wether property chains are returned as nested objects or simple objects.

Example: /servicedmcore/CoreIdentity/2/?fields=Id,Nachname,CoreIdentityType.Id

ExplodeFlatChainProperties = true

ExplodeFlatChainProperties = false

Code Block
languagejson
{
    "ci_family_name": {
        "was_access_denied": false,
        "value": "Testikus"
    },
    "id": 20,
    "core_identity_type": {
        "id": {
            "was_access_denied": false,
            "value": 1
        }
    }
}
Code Block
languagejson
{
    "ci_family_name": {
        "was_access_denied": false,
        "value": "Testikus"
    },
    "core_identity_type.id": {
        "was_access_denied": false,
        "value": 1
    },
    "id": 20
}

AccessDeniedReplacementString

Defines wether the AccessDeniedHandler objects should be replaced. If the option is used, only the value of the value property is returned instead of the AcessDeniedHandler objects. If there is a denial access, the ReplacementString is returned instead of the value.

This option is not type-safe, since a string is always returned in the event of an access denial, regardless of the original type of the property.

Example: /servicedmcore/CoreIdentity/2/?fields=Id,Nachname,Language

AccessDeniedReplacementString=">Denied<"

Code Block
languagejson
{
    "ci_family_name": {
        "was_access_denied": true,
        "value": null
    },
    "id": 20,
    "core_identity_type": {
        "id": {
            "was_access_denied": false,
            "value": 1
        }
    }
}
Code Block
languagejson
{
    "ci_family_name": ">Denied<",
    "id": 20,
    "core_identity_type": {
        "id": 1
    }
}

.NET Core configuration

Required assemblies

  • iTsense.Moving.Common.NetStandard

  • iTsense.Moving.Common.ApiV2

  • iTsense.Moving.Common.ApiV2.Client

  • iTsense.Moving.Common.ApiV2.Client.NetCore

Optional assemblies

  • iTsense.Moving.Common.ApiV2.Client.NetCore

...

  • DataContracts

    • Standard Datacontracts

Example configuration with authentication via HTTP user context

Code Block
languagec#
public void ConfigureServices(IServiceCollection services)
{
	services.AddApiV2Client<
		ApiV2OpenIdClient<ApiV2OpenIdHttpContextClientOptions>, 
		ApiV2OpenIdHttpContextClientOptions
	>AddApiV2ClientWithHttpContextAuthentication(o =>
	{
		o.ApiBaseUri = new Uri("https://localhost:8000/apiv2/latest");
		//Authorityo.ExplodeFlatChainProperties /= ClientIdfalse;
		/ /o...AccessDeniedReplacementString not required as Token is handled by HttpContext
= ">>AccessDenied<<";
	});
	services.AddOpenIdConnectCookieAuthenticationAddOpenIdConnectCookieAuthentication<IApiV2Client>(options =>
	{
		options.Authority = "https://coslogin.local:5000";
		options.RequireHttpsMetadata = false; // dev only
		options.ClientId = "[OpenID Client Id]";
		options.ClientSecret = "[OpenID Client Secret]";
		options.ResponseType = "code";
		options.ResponseMode = "form_post";
		options.Scope.Add("roles");
		options.Scope.Add("profile");
		options.Scope.Add("offline_access");
		options.SaveTokens = true;
		options.GetClaimsFromUserInfoEndpoint = true;
		options.CallbackPath = "/signin-oidc";
		options.UsePkce = true;
	});
}

...

Example configuration with authentication via static API user

Code Block
languagec#
public void ConfigureServices(IServiceCollection services)
{
	services.AddApiV2Client<
		ApiV2OpenIdClient<ApiV2OpenIdPasswordFlowClientOptions>,
		ApiV2OpenIdPasswordFlowClientOptions
	>.AddApiV2ClientWithOpenIdPasswordFlow(o =>
	{
		o.Authority = new Uri("https://coslogin.local:5000");
		o.ApiBaseUri = new Uri("https://localhost:8000/apiv2/latest");
		o.ClientId = "[OpenID Client Id]";
		o.ClientSecret = "[OpenID Client Secret]";
		o.Username = "[OpenID User Name]";
		o.Password = "[OpenID User Password]";
		//o.ExplodeFlatChainProperties = false;
		//o.AccessDeniedReplacementString = ">>AccessDenied<<";
	});
}

.NET Full Framework configuration (Castle Windsor)

Required Assemblies

  • iTsense.Moving.Common.NetStandard

  • iTsense.Moving.Common.ApiV2

  • iTsense.Moving.Common.ApiV2.Client

  • iTsense.Moving.Common.ApiV2.Client.CastleWindsor

Optional assemblies

  • iTsense.Moving.Common.ApiV2.Client.DataContracts

    • Standard Datacontracts

Example configuration with authentication via static API user

Code Block
languagec#
public void ConfigureContainer(IWindsorContainer container)
{
	container.AddApiV2ClientWithOpenIdPasswordFlow(o =>
	{
		o.Authority = new Uri("https://coslogin.local:5000");
		o.ApiBaseUri = new Uri("https://localhost:8000/apiv2/latest");
		o.ClientId = "[OpenID Client Id]";
		o.ClientSecret = "[OpenID Client Secret]";
		o.Username = "[OpenID User Name]";
		o.Password = "[OpenID User Password]";
	});
}

Multiple clients with different coigurations

Multiple clients with different configuratins can be registered. To do this, one interface must be declared for each configuration. These can then be consumed via dependency injection.

The new interfaces must not contain any additional members!

Example configuration

Code Block
languagec#
public interface IApiV2ClientUserContext : IApiV2Client
{
}
public interface IApiV2ClientAdminContext : IApiV2Client
{
}

public class Startup
{
	public void ConfigureServices(IServiceCollection services)
	{
		services.AddApiV2ClientWithHttpContextAuthentication<IApiV2ClientUserContext>(o =>
		{
			o.ApiBaseUri = new Uri("https://localhost:8000/apiv2/latest");
			//o.ExplodeFlatChainProperties = false;
			//o.AccessDeniedReplacementString = ">>AccessDenied<<";
		});
		services.AddOpenIdConnectCookieAuthentication<IApiV2ClientUserContext>(options =>
		{
			options.Authority = "https://coslogin.local:5000";
			options.RequireHttpsMetadata = false; // dev only
			options.ClientId = "[OpenID Client Id]";
			options.ClientSecret = "[OpenID Client Secret]";
			options.ResponseType = "code";
			options.ResponseMode = "form_post";
			options.Scope.Add("roles");
			options.Scope.Add("profile");
			options.Scope.Add("offline_access");
			options.SaveTokens = true;
			options.GetClaimsFromUserInfoEndpoint = true;
			options.CallbackPath = "/signin-oidc";
			options.UsePkce = true;
		});
		services.AddApiV2ClientWithOpenIdPasswordFlow<IApiV2ClientAdminContext>(o =>
		{
			o.Authority = new Uri("https://coslogin.local:5000");
			o.ApiBaseUri = new Uri("https://localhost:8000/apiv2/latest");
			o.ClientId = "[OpenID Client Id]";
			o.ClientSecret = "[OpenID Client Secret]";
			o.Username = "[OpenID User Name]";
			o.Password = "[OpenID User Password]";
			//o.ExplodeFlatChainProperties = false;
			//o.AccessDeniedReplacementString = ">>AccessDenied<<";
		});
	}
}