Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel3

Einleitung

Die API wird via .net Dependency-Injection konfiguriert. Abhängig von der OpenId-Client-Konfiguration und dem gewünschten Authentifizierungsverfahren kann die Konfiguration anders aussehen.

Basis Optionen

ApiBaseUri

...

Introduction

The API is configured via .NET dependency injection. Depending on the Openld client configuration and desired authentication method, the configuration can look different.

Basic options

ApiBaseUri

The URL under which the API can be reached, Example: https://localhost:8000/apiv2/latest

ExplodeFlatChainProperties

Default: true

Definiert ob Property-Chains als verschachtelte Objekte oder einfache objekte zurückgegeben werden.

BeispielDefines wether property chains are returned as nested objects or simple objects.

Example: /servicedmcore/CoreIdentity/2/?fields=Id,Nachname,CoreIdentityType.Id

ExplodeFlatChainProperties = true

ExplodeFlatChainProperties = false

Code Block
languagejson
{
    "
Id
ci_family_name":
2,
 
"Nachname":
{
        "
WasAccessDenied
was_access_denied": false,
        "
Value
value": "
Burkhard
Testikus"
    },
    "id": 20,
    "
CoreIdentityType
core_identity_type": {
        "
Id
id": {
            "
WasAccessDenied
was_access_denied": false,
            "
Value
value": 1
        }
    }
}
Code Block
languagejson
{
    "
Id
ci_family_name": 
2, "Nachname":
{
        "
WasAccessDenied
was_access_denied": false,
        "
Value
value": "
Burkhard
Testikus"
    },
    "
CoreIdentityType.Id
core_identity_type.id": {
        "
WasAccessDenied
was_access_denied": false,
        "
Value
value": 1
    },
    "id": 20
}

AccessDeniedReplacementString

Definiert ob die AccessDeniedHandler-Objekte ersetzt werden sollen. Wird die Option verwendet wird anstelle der AccessDeniedHandler-Objekte nur der Wert der Value-Property zusück gegeben. Sollte eine Zugriffsverweigerung vorliegen wird anstelle des Wertes der ReplacementString zurückgegeben.

Diese Option ist nicht Typen-sicher, da im Fall einer Zugriffsverweigerung immer ein String zurückgegeben wird, unabhängig vom ursprünglichen Type der Property

BeispielDefines wether the AccessDeniedHandler objects should be replaced. If the option is used, only the value of the value property is returned instead of the AcessDeniedHandler objects. If there is a denial access, the ReplacementString is returned instead of the value.

This option is not type-safe, since a string is always returned in the event of an access denial, regardless of the original type of the property.

Example: /servicedmcore/CoreIdentity/2/?fields=Id,Nachname,VornameLanguage

AccessDeniedReplacementString="

Denied

>Denied<"

Code Block
languagejson
{
    "
Id
ci_family_name": {
   
2,
     "
Nachname
was_access_denied": 
{
true,
        "
WasAccessDenied
value": 
false,
null
    },
    "
Value
id": 
"Burkhard"
20,
    "core_identity_type": {
   
},
     "
Vorname
id": {
         
"WasAccessDenied
   "was_access_denied": 
true
false,
            "
Value
value":
null
 1
        }
    }
}
Code Block
languagejson
{
    "
Id
ci_family_name": 
2
">Denied<",
    "
Nachname
id": 
"Burkhard"
20,
    "
Vorname
core_identity_type": {
        "
Denied"
id": 1
    }
}

.NET Core

...

configuration

...

Required assemblies

  • iTsense.Moving.Common.NetStandard

  • iTsense.Moving.Common.ApiV2

  • iTsense.Moving.Common.ApiV2.Client

  • iTsense.Moving.Common.ApiV2.Client.NetCore

Optional assemblies

  • iTsense.Moving.Common.ApiV2.Client.NetCore

...

  • DataContracts

    • Standard Datacontracts

Example configuration with authentication via HTTP user context

Code Block
languagec#
public void ConfigureServices(IServiceCollection services)
{
	services.AddApiV2ClientWithHttpContextAuthentication(o =>
	{
		o.ApiBaseUri = new Uri("https://localhost:8000/apiv2/latest");
		//o.ExplodeFlatChainProperties = false;
		//o.AccessDeniedReplacementString = ">>AccessDenied<<";
	});
	services.AddOpenIdConnectCookieAuthentication<IApiV2Client>(options =>
	{
		options.Authority = "https://coslogin.local:5000";
		options.RequireHttpsMetadata = false; // dev only
		options.ClientId = "[OpenID Client Id]";
		options.ClientSecret = "[OpenID Client Secret]";
		options.ResponseType = "code";
		options.ResponseMode = "form_post";
		options.Scope.Add("roles");
		options.Scope.Add("profile");
		options.Scope.Add("offline_access");
		options.SaveTokens = true;
		options.GetClaimsFromUserInfoEndpoint = true;
		options.CallbackPath = "/signin-oidc";
		options.UsePkce = true;
	});
}

...

Example configuration with authentication via static API user

Code Block
languagec#
public void ConfigureServices(IServiceCollection services)
{
	services.AddApiV2ClientWithOpenIdPasswordFlow(o =>
	{
		o.Authority = new Uri("https://coslogin.local:5000");
		o.ApiBaseUri = new Uri("https://localhost:8000/apiv2/latest");
		o.ClientId = "[OpenID Client Id]";
		o.ClientSecret = "[OpenID Client Secret]";
		o.Username = "[OpenID User Name]";
		o.Password = "[OpenID User Password]";
		//o.ExplodeFlatChainProperties = false;
		//o.AccessDeniedReplacementString = ">>AccessDenied<<";
	});
}

.NET Full Framework

...

configuration (Castle Windsor)

...

Required Assemblies

  • iTsense.Moving.Common.NetStandard

  • iTsense.Moving.Common.ApiV2

  • iTsense.Moving.Common.ApiV2.Client

  • iTsense.Moving.Common.ApiV2.Client.CastleWindsor

Optional assemblies

  • iTsense.Moving.Common.ApiV2.Client.CastleWindsor

...

  • DataContracts

    • Standard Datacontracts

Example configuration with authentication via static API user

Code Block
languagec#
public void ConfigureContainer(IWindsorContainer container)
{
	container.AddApiV2ClientWithOpenIdPasswordFlow(o =>
	{
		o.Authority = new Uri("https://coslogin.local:5000");
		o.ApiBaseUri = new Uri("https://localhost:8000/apiv2/latest");
		o.ClientId = "[OpenID Client Id]";
		o.ClientSecret = "[OpenID Client Secret]";
		o.Username = "[OpenID User Name]";
		o.Password = "[OpenID User Password]";
	});
}

Mehrere Clients mit unterschiedlicher Konfiguration

Es können mehrere Clients mit unterschiedlichen Konfigurationen registriert werden. Dazu muss pro Konfiguration ein Interface deklariert werden welche anschlissend via DependencyInjection konsumiert werden

...

Multiple clients with different coigurations

Multiple clients with different configuratins can be registered. To do this, one interface must be declared for each configuration. These can then be consumed via dependency injection.

The new interfaces must not contain any additional members!

Example configuration

Code Block
languagec#
public interface IApiV2ClientUserContext : IApiV2Client
{
}
public interface IApiV2ClientAdminContext : IApiV2Client
{
}

public class Startup
{
	public void ConfigureServices(IServiceCollection services)
	{
		services.AddApiV2ClientWithHttpContextAuthentication<IApiV2ClientUserContext>(o =>
		{
			o.ApiBaseUri = new Uri("https://localhost:8000/apiv2/latest");
			//o.ExplodeFlatChainProperties = false;
			//o.AccessDeniedReplacementString = ">>AccessDenied<<";
		});
		services.AddOpenIdConnectCookieAuthentication<IApiV2ClientUserContext>(options =>
		{
			options.Authority = "https://coslogin.local:5000";
			options.RequireHttpsMetadata = false; // dev only
			options.ClientId = "[OpenID Client Id]";
			options.ClientSecret = "[OpenID Client Secret]";
			options.ResponseType = "code";
			options.ResponseMode = "form_post";
			options.Scope.Add("roles");
			options.Scope.Add("profile");
			options.Scope.Add("offline_access");
			options.SaveTokens = true;
			options.GetClaimsFromUserInfoEndpoint = true;
			options.CallbackPath = "/signin-oidc";
			options.UsePkce = true;
		});
		services.AddApiV2ClientWithOpenIdPasswordFlow<IApiV2ClientAdminContext>(o =>
		{
			o.Authority = new Uri("https://coslogin.local:5000");
			o.ApiBaseUri = new Uri("https://localhost:8000/apiv2/latest");
			o.ClientId = "[OpenID Client Id]";
			o.ClientSecret = "[OpenID Client Secret]";
			o.Username = "[OpenID User Name]";
			o.Password = "[OpenID User Password]";
			//o.ExplodeFlatChainProperties = false;
			//o.AccessDeniedReplacementString = ">>AccessDenied<<";
		});
	}
}