CODEWITHSUNDEEP
securityconfigurationidentityserver3
Aleksandr
Aleksandr

Reputation: 528

IdentityServer3 admin UI

I'm working on authorization with IdentityServer3 and I need to adjust its configuration to different environments: dev, staging and so on. So I need configurable redirect URLs, certificate, etc, but I can't find means to achieve that. As far as I get it no admin UI is present in IS3 and there is no plan for it. Do I need to create my own configuration system?

Upvotes: 0

Views: 1398

Answers (2)

AbelMorgan
AbelMorgan

Reputation: 411

I tried to do this by myself, and I got this conclusion. Actually you can only edit the "core" interface, the way to do this is using the property "ViewService" in your pipeline, something like this:

 var factory = new IdentityServerServiceFactory();
            factory.ViewService = new CustomView();
            app.Map("/identity", id => {
                id.UseIdentityServer(new IdentityServerOptions {
                    SiteName = "Demo Identity Server",
                    IssuerUri = (string)ConfigurationManager.AppSettings["options.issuerUri"],

                    Factory = factory,

                    SigningCertificate = LoadCertificate()
                });

            });

CustomView implements the IViewService, here is where you have to implements your custom methods to edit your view.

(Configure is a extended method where I implement my whole pipeline customization, doing SOLID principles and decoupling responsibilities)

   public void Configuration(IAppBuilder app) {
            string connectionString = ConfigurationManager.ConnectionStrings["cnn"].ConnectionString;


            var factory = new IdentityServerServiceFactory();
            factory.ViewService = new CustomView();
            app.Map("/identity", id => {
                id.UseIdentityServer(new IdentityServerOptions {
                    SiteName = "Demo Identity Server",
                    IssuerUri = (string)ConfigurationManager.AppSettings["options.issuerUri"],

                    Factory = factory,

                    SigningCertificate = LoadCertificate()
                });

            });

            app.Map("/admin", adminApp => {
                adminApp.UseIdentityManager(new IdentityManagerOptions() {
                    Factory = new IdentityManagerServiceFactory().Configure(connectionString)
                });
            });


        }

        X509Certificate2 LoadCertificate() {

            //Test certificate sourced from https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/Certificates
            return new X509Certificate2(
                string.Format(@"{0}\bin\{1}", AppDomain.CurrentDomain.BaseDirectory, ConfigurationManager.AppSettings["signing-certificate.name"]),
                (string)ConfigurationManager.AppSettings["signing-certificate.password"]);
        }
    }

Configure extended method code:

  public static class IdentityServerServiceFactoryExtensions {

        public static IdentityServerServiceFactory Configure(this IdentityServerServiceFactory factory, string connectionString) {

            var serviceOptions = new EntityFrameworkServiceOptions { ConnectionString = connectionString };
            factory.RegisterOperationalServices(serviceOptions);
            factory.RegisterConfigurationServices(serviceOptions);
            //factory.RegisterClientStore(serviceOptions);

            factory.Register(new Registration<Context>(resolver => new Context(connectionString)));
            factory.Register(new Registration<UserStore>());
            factory.Register(new Registration<UserManager>());
            factory.UserService = new Registration<IUserService, IdentityUserService>();

            return factory;

        }
    }

But when I tried to do the same for the "/admin" end point I not found any help or way to customize this. I asked in the github project issues about this but I didn't get any feedback yet.

Hope this help

Upvotes: 0

Aleksandr
Aleksandr

Reputation: 528

Didn't find any adequate solution. Ended up in creating custom config.json and read the settings from there.

I leave some code here. Just in case...

public class AuthConfiguration
{
    private static readonly Lazy<AuthConfiguration> _instance = new Lazy<AuthConfiguration>(LoadConfig);

    public static AuthConfiguration Instance
    {
        get { return _instance.Value; }
    }

    private AuthConfiguration()
    {
    }

    private static AuthConfiguration LoadConfig()
    {
        string jsonString;
        using (var r = new StreamReader(HttpRuntime.BinDirectory + "auth.config.json"))
        {
            jsonString = r.ReadToEnd();
        }

        return JsonConvert.DeserializeObject<AuthConfiguration>(jsonString);
    }

    public string AuthServerUrl { get; set; }
    public AuthCertificate Certificate { get; set; }
    public string[] CorsAllowedOrigins { get; set; }
    public Dictionary<string, AuthClient> Clients { get; set; }

    #region Helper classes

    public class AuthCertificate
    {
        public string File { get; set; }
        public string Password { get; set; }
    }

    public class AuthClient
    {
        public List<string> RedirectUris { get; set; }
        public List<string> PostLogoutRedirectUris { get; set; }
        public string[] Secrets { get; set; }
    }

    #endregion Helper classes
}

Upvotes: 2

Related Questions