diff --git a/src/Api/Api.csproj b/src/Api/Api.csproj
index 83b17960be..366c3ef095 100644
--- a/src/Api/Api.csproj
+++ b/src/Api/Api.csproj
@@ -16,7 +16,6 @@
-
diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs
index 7a760a310c..46784a52d8 100644
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@@ -1,6 +1,4 @@
-using System;
-using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
@@ -15,9 +13,7 @@ using Serilog.Events;
using Stripe;
using Bit.Core.Utilities;
using IdentityModel;
-using IdentityServer4.AccessTokenValidation;
using jsreport.AspNetCore;
-using Bit.Core.IdentityServer;
using Microsoft.AspNetCore.HttpOverrides;
namespace Bit.Api
@@ -73,20 +69,7 @@ namespace Bit.Api
// Identity
services.AddCustomIdentityServices(globalSettings);
-
- services
- .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
- .AddIdentityServerAuthentication(options =>
- {
- options.Authority = globalSettings.BaseServiceUri.InternalIdentity;
- options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
- globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
- options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString();
- options.NameClaimType = ClaimTypes.Email;
- options.SupportedTokens = SupportedTokens.Jwt;
- });
-
- services.AddAuthorization(config =>
+ services.AddIdentityAuthenticationServices(globalSettings, Environment, config =>
{
config.AddPolicy("Application", policy =>
{
@@ -159,7 +142,7 @@ namespace Bit.Api
}
if(e.Level == LogEventLevel.Information &&
- (context.Contains(typeof(IpRateLimitMiddleware).FullName) ||
+ (context.Contains(typeof(IpRateLimitMiddleware).FullName) ||
context.StartsWith("\"Bit.Api.Jobs") || context.StartsWith("\"Bit.Core.Jobs")))
{
return true;
diff --git a/src/Core/Core.csproj b/src/Core/Core.csproj
index ebc2f09980..7973e4099c 100644
--- a/src/Core/Core.csproj
+++ b/src/Core/Core.csproj
@@ -13,6 +13,7 @@
+
diff --git a/src/Core/Utilities/ServiceCollectionExtensions.cs b/src/Core/Utilities/ServiceCollectionExtensions.cs
index d4ba1adb9b..fced9d85bf 100644
--- a/src/Core/Utilities/ServiceCollectionExtensions.cs
+++ b/src/Core/Utilities/ServiceCollectionExtensions.cs
@@ -22,6 +22,9 @@ using SqlServerRepos = Bit.Core.Repositories.SqlServer;
using System.Threading.Tasks;
using TableStorageRepos = Bit.Core.Repositories.TableStorage;
using Microsoft.Extensions.DependencyInjection.Extensions;
+using IdentityServer4.AccessTokenValidation;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authorization;
namespace Bit.Core.Utilities
{
@@ -229,6 +232,39 @@ namespace Bit.Core.Utilities
return identityBuilder;
}
+ public static void AddIdentityAuthenticationServices(
+ this IServiceCollection services, GlobalSettings globalSettings, IHostingEnvironment environment,
+ Action addAuthorization = null)
+ {
+ services
+ .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
+ .AddIdentityServerAuthentication(options =>
+ {
+ options.Authority = globalSettings.BaseServiceUri.InternalIdentity;
+ options.RequireHttpsMetadata = !environment.IsDevelopment() &&
+ globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
+ options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString();
+ options.NameClaimType = ClaimTypes.Email;
+ options.SupportedTokens = SupportedTokens.Jwt;
+ });
+
+ services.AddAuthorization(config =>
+ {
+ if(addAuthorization != null)
+ {
+ addAuthorization?.Invoke(config);
+ }
+ else
+ {
+ config.AddPolicy("Application", policy =>
+ {
+ policy.RequireAuthenticatedUser();
+ policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
+ });
+ }
+ });
+ }
+
public static IIdentityServerBuilder AddCustomIdentityServerServices(
this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings)
{
diff --git a/src/Events/Events.csproj b/src/Events/Events.csproj
index c0bdc6269d..2737a2bb04 100644
--- a/src/Events/Events.csproj
+++ b/src/Events/Events.csproj
@@ -9,7 +9,6 @@
-
diff --git a/src/Events/Startup.cs b/src/Events/Startup.cs
index 7743434e31..669554e75d 100644
--- a/src/Events/Startup.cs
+++ b/src/Events/Startup.cs
@@ -1,9 +1,6 @@
-using System.Security.Claims;
-using Bit.Core;
+using Bit.Core;
using Bit.Core.Services;
using Bit.Core.Utilities;
-using IdentityModel;
-using IdentityServer4.AccessTokenValidation;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
@@ -39,25 +36,7 @@ namespace Bit.Events
services.AddScoped();
// Identity
- services
- .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
- .AddIdentityServerAuthentication(options =>
- {
- options.Authority = globalSettings.BaseServiceUri.InternalIdentity;
- options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
- globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
- options.NameClaimType = ClaimTypes.Email;
- options.SupportedTokens = SupportedTokens.Jwt;
- });
-
- services.AddAuthorization(config =>
- {
- config.AddPolicy("Application", policy =>
- {
- policy.RequireAuthenticatedUser();
- policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
- });
- });
+ services.AddIdentityAuthenticationServices(globalSettings, Environment);
// Services
services.AddScoped();
diff --git a/src/Hub/Hub.csproj b/src/Hub/Hub.csproj
index 329278142b..07b015e397 100644
--- a/src/Hub/Hub.csproj
+++ b/src/Hub/Hub.csproj
@@ -8,7 +8,6 @@
-
diff --git a/src/Hub/Startup.cs b/src/Hub/Startup.cs
index 243f1bd479..9b7305808e 100644
--- a/src/Hub/Startup.cs
+++ b/src/Hub/Startup.cs
@@ -1,9 +1,5 @@
-using System.Security.Claims;
-using Bit.Core;
-using Bit.Core.IdentityServer;
+using Bit.Core;
using Bit.Core.Utilities;
-using IdentityModel;
-using IdentityServer4.AccessTokenValidation;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.SignalR;
@@ -41,26 +37,7 @@ namespace Bit.Hub
services.AddScoped();
// Identity
- services
- .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
- .AddIdentityServerAuthentication(options =>
- {
- options.Authority = globalSettings.BaseServiceUri.InternalIdentity;
- options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
- globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
- options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString();
- options.NameClaimType = ClaimTypes.Email;
- options.SupportedTokens = SupportedTokens.Jwt;
- });
-
- services.AddAuthorization(config =>
- {
- config.AddPolicy("Application", policy =>
- {
- policy.RequireAuthenticatedUser();
- policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
- });
- });
+ services.AddIdentityAuthenticationServices(globalSettings, Environment);
// SignalR
services.AddSignalR();