Improvements in identity, securice basket api, login-logout from mvc application and consume securiced basket.

Author: Carlos Cañizares Estévez

docker-compose.yml

@@ -14,7 +14,6 @@ services:
     ports:
       - "5100:80"
     depends_on:
-      - catalog.api
       - identity.service
       - basket.api
 
@@ -31,14 +30,13 @@ services:
     ports:
       - "5104:80"
     depends_on:
-      - catalog.api
       - basket.api
       - identity.service
 
   catalog.api:
     image: eshop/catalog.api
     environment:
-      - ConnectionString=Server=catalog.data;Initial Catalog=CatalogData;User Id=sa;Password=Pass@word
+      - ConnectionString=Server=catalog.data;Database=CatalogDB;User Id=sa;Password=Pass@word
     expose:
       - "80"
     ports:
@@ -77,6 +75,7 @@ services:
     image: eshop/identity
     environment:
       - Spa:http://webspa
+      - ConnectionString=Server=identity.data;Database=aspnet-Microsoft.eShopOnContainers.WebMVC;User Id=sa;Password=Pass@word
     expose:
       - "80"
     ports:

src/Services/Basket/Basket.API/Controllers/BasketController.cs

@@ -4,6 +4,7 @@
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.eShopOnContainers.Services.Basket.API.Model;
+using Microsoft.AspNetCore.Authorization;
 
 namespace Microsoft.eShopOnContainers.Services.Basket.API.Controllers
 {
@@ -12,6 +13,7 @@ namespace Microsoft.eShopOnContainers.Services.Basket.API.Controllers
     //If this is the case we should also investigate changing the serialization format used for Redis,
     //using a HashSet instead of a simple string.
     [Route("/")]
+    [Authorize]
     public class BasketController : Controller
     {
         private IBasketRepository _repository;

src/Services/Basket/Basket.API/Program.cs

@@ -17,6 +17,7 @@ public static void Main(string[] args)
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>()
+                .UseUrls("http://localhost:5008")
                 .Build();
 
             host.Run();

src/Services/Basket/Basket.API/Startup.cs

@@ -47,6 +47,15 @@ public void ConfigureServices(IServiceCollection services)
                 return ConnectionMultiplexer.Connect(ips.First().ToString());
             });
 
+            services.AddCors(options =>
+            {
+                options.AddPolicy("CorsPolicy",
+                    builder => builder.AllowAnyOrigin()
+                    .AllowAnyMethod()
+                    .AllowAnyHeader()
+                    .AllowCredentials());
+            });
+
             services.AddTransient<IBasketRepository, RedisBasketRepository>();
         }
 
@@ -56,9 +65,12 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerF
             loggerFactory.AddConsole(Configuration.GetSection("Logging"));
             loggerFactory.AddDebug();
 
+            // Use frameworks
+            app.UseCors("CorsPolicy");
+
             app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
             {
-                Authority = Configuration.GetValue("IdentityUrl", "http://localhost:5000"),
+                Authority = "http://localhost:5000",
                 ScopeName = "basket",
                 RequireHttpsMetadata = false
             });

src/Services/Basket/Basket.API/appsettings.json

@@ -7,6 +7,6 @@
       "Microsoft": "Information"
     }
   },
-  "identityUrl":  "http://localhost:5105",
+  "identityUrl":  "http://localhost:5000",
   "ConnectionString": "127.0.0.1"
 }

src/Services/Identity/eShopOnContainers.Identity/Configuration/Config.cs

@@ -49,11 +49,9 @@ public static IEnumerable<Client> GetClients()
                     ClientName = "eShop SPA OpenId Client",
                     AllowedGrantTypes = GrantTypes.Implicit,
                     AllowAccessTokensViaBrowser = true,
-
                     RedirectUris =           { "http://localhost:5003/callback.html" },
                     PostLogoutRedirectUris = { "http://localhost:5003/index.html" },
                     AllowedCorsOrigins =     { "http://localhost:5003" },
-
                     AllowedScopes =
                     {
                         StandardScopes.OpenId.Name,
@@ -68,11 +66,9 @@ public static IEnumerable<Client> GetClients()
                     ClientName = "eShop Xamarin OpenId Client",
                     AllowedGrantTypes = GrantTypes.Implicit,
                     AllowAccessTokensViaBrowser = true,
-
                     RedirectUris =           { "http://localhost:5003/callback.html" },
                     PostLogoutRedirectUris = { "http://localhost:5003/index.html" },
                     AllowedCorsOrigins =     { "http://localhost:5003" },
-
                     AllowedScopes =
                     {
                         StandardScopes.OpenId.Name,
@@ -90,9 +86,7 @@ public static IEnumerable<Client> GetClients()
                         new Secret("secret".Sha256())
                     },
                     ClientUri = "http://localhost:2114",
-
                     AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
-                    
                     RedirectUris = new List<string>
                     {
                         "http://localhost:2114/signin-oidc"

src/Services/Identity/eShopOnContainers.Identity/Controllers/AccountController.cs

@@ -19,6 +19,10 @@
 using eShopOnContainers.Identity.Services;
 using eShopOnContainers.Identity.Models;
 using Microsoft.Extensions.Logging;
+using Microsoft.AspNetCore.Authorization;
+using eShopOnContainers.Identity.Models.AccountViewModels;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Authentication;
 
 namespace IdentityServer4.Quickstart.UI.Controllers
 {
@@ -34,19 +38,22 @@ public class AccountController : Controller
         private readonly IIdentityServerInteractionService _interaction;
         private readonly IClientStore _clientStore;
         private readonly ILogger _logger;
+        private readonly UserManager<ApplicationUser> _userManager;
 
         public AccountController(
 
             //InMemoryUserLoginService loginService,
             ILoginService<ApplicationUser> loginService,
             IIdentityServerInteractionService interaction,
             IClientStore clientStore,
-            ILoggerFactory loggerFactory)
+            ILoggerFactory loggerFactory, 
+            UserManager<ApplicationUser> userManager)
         {
             _loginService = loginService;
             _interaction = interaction;
             _clientStore = clientStore;
             _logger = loggerFactory.CreateLogger<AccountController>();
+            _userManager = userManager;
         }
 
         /// <summary>
@@ -64,12 +71,6 @@ public async Task<IActionResult> Login(string returnUrl)
 
             var vm = await BuildLoginViewModelAsync(returnUrl, context);
 
-            if (vm.EnableLocalLogin == false && vm.ExternalProviders.Count() == 1)
-            {
-                // only one option for logging in
-                return ExternalLogin(vm.ExternalProviders.First().AuthenticationScheme, returnUrl);
-            }
-
             return View(vm);
         }
 
@@ -78,11 +79,11 @@ public async Task<IActionResult> Login(string returnUrl)
         /// </summary>
         [HttpPost]
         [ValidateAntiForgeryToken]
-        public async Task<IActionResult> Login(LoginInputModel model)
+        public async Task<IActionResult> Login(LoginViewModel model)
         {
             if (ModelState.IsValid)
             {
-                var user = await _loginService.FindByUsername(model.Username);
+                var user = await _loginService.FindByUsername(model.Email);
                 // validate username/password against in-memory store
                 if (await _loginService.ValidateCredentials(user, model.Password))
                 {
@@ -92,7 +93,7 @@ public async Task<IActionResult> Login(LoginInputModel model)
                     AuthenticationProperties props = null;
                     // only set explicit expiration here if persistent. 
                     // otherwise we reply upon expiration configured in cookie middleware.
-                    if (model.RememberLogin)
+                    if (model.RememberMe)
                     {
                         props = new AuthenticationProperties
                         {
@@ -101,7 +102,6 @@ public async Task<IActionResult> Login(LoginInputModel model)
                         };
                     };
 
-                    //await HttpContext.Authentication.SignInAsync(, user.UserName, props);
                     await _loginService.SignIn(user);
 
                     // make sure the returnUrl is still valid, and if yes - redirect back to authorize endpoint
@@ -123,44 +123,29 @@ public async Task<IActionResult> Login(LoginInputModel model)
 
         async Task<LoginViewModel> BuildLoginViewModelAsync(string returnUrl, AuthorizationRequest context)
         {
-            var providers = HttpContext.Authentication.GetAuthenticationSchemes()
-                .Where(x => x.DisplayName != null)
-                .Select(x => new ExternalProvider
-                {
-                    DisplayName = x.DisplayName,
-                    AuthenticationScheme = x.AuthenticationScheme
-                });
-
             var allowLocal = true;
             if (context?.ClientId != null)
             {
                 var client = await _clientStore.FindEnabledClientByIdAsync(context.ClientId);
                 if (client != null)
                 {
                     allowLocal = client.EnableLocalLogin;
-
-                    if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any())
-                    {
-                        providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme));
-                    }
                 }
             }
 
             return new LoginViewModel
             {
-                EnableLocalLogin = allowLocal,
                 ReturnUrl = returnUrl,
-                Username = context?.LoginHint,
-                ExternalProviders = providers.ToArray()
+                Email = context?.LoginHint,
             };
         }
 
-        async Task<LoginViewModel> BuildLoginViewModelAsync(LoginInputModel model)
+        async Task<LoginViewModel> BuildLoginViewModelAsync(LoginViewModel model)
         {
             var context = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl);
             var vm = await BuildLoginViewModelAsync(model.ReturnUrl, context);
-            vm.Username = model.Username;
-            vm.RememberLogin = model.RememberLogin;
+            vm.Email = model.Email;
+            vm.RememberMe = model.RememberMe;
             return vm;
         }
 
@@ -329,5 +314,62 @@ public async Task<IActionResult> ExternalLoginCallback(string returnUrl)
 
             return Redirect("~/");
         }
+
+        // GET: /Account/Register
+        [HttpGet]
+        [AllowAnonymous]
+        public IActionResult Register(string returnUrl = null)
+        {
+            ViewData["ReturnUrl"] = returnUrl;
+            return View();
+        }
+
+        //
+        // POST: /Account/Register
+        [HttpPost]
+        [AllowAnonymous]
+        [ValidateAntiForgeryToken]
+        public async Task<IActionResult> Register(RegisterViewModel model, string returnUrl = null)
+        {
+            ViewData["ReturnUrl"] = returnUrl;
+            if (ModelState.IsValid)
+            {
+                var user = new ApplicationUser
+                {
+                    UserName = model.Email,
+                    Email = model.Email,
+                    CardHolderName = model.User.CardHolderName,
+                    CardNumber = model.User.CardNumber,
+                    CardType = model.User.CardType,
+                    City = model.User.City,
+                    Country = model.User.Country,
+                    Expiration = model.User.Expiration,
+                    LastName = model.User.LastName,
+                    Name = model.User.Name,
+                    Street = model.User.Street,
+                    State = model.User.State,
+                    ZipCode = model.User.ZipCode,
+                    PhoneNumber = model.User.PhoneNumber,
+                    SecurityNumber = model.User.SecurityNumber
+                };
+                var result = await _userManager.CreateAsync(user, model.Password);
+                if (result.Errors.Count() > 0)
+                {
+                    AddErrors(result);
+                    // If we got this far, something failed, redisplay form
+                    return View(model);
+                }
+            }
+
+            return RedirectToAction("index", "home");
+        }
+
+        private void AddErrors(IdentityResult result)
+        {
+            foreach (var error in result.Errors)
+            {
+                ModelState.AddModelError(string.Empty, error.Description);
+            }
+        }
     }
 }

src/Services/Identity/eShopOnContainers.Identity/Controllers/ConsentController.cs

@@ -10,6 +10,7 @@
 using IdentityServer4.Models;
 using IdentityServer4.Stores;
 using IdentityServer4.Quickstart.UI.Models;
+using eShopOnContainers.Identity.Models.AccountViewModels;
 
 namespace IdentityServer4.Quickstart.UI.Controllers
 {

…ers.Identity/Models/ConsentInputModel.cs …s/AccountViewModels/ConsentInputModel.cssrc/Services/Identity/eShopOnContainers.Identity/Models/ConsentInputModel.cs renamed to src/Services/Identity/eShopOnContainers.Identity/Models/AccountViewModels/ConsentInputModel.cs src/Services/Identity/eShopOnContainers.Identity/Models/ConsentInputModel.cs renamed to src/Services/Identity/eShopOnContainers.Identity/Models/AccountViewModels/ConsentInputModel.cs

@@ -4,7 +4,7 @@
 
 using System.Collections.Generic;
 
-namespace IdentityServer4.Quickstart.UI.Models
+namespace eShopOnContainers.Identity.Models.AccountViewModels
 {
     public class ConsentInputModel
     {

…ners.Identity/Models/ConsentViewModel.cs …ls/AccountViewModels/ConsentViewModel.cssrc/Services/Identity/eShopOnContainers.Identity/Models/ConsentViewModel.cs renamed to src/Services/Identity/eShopOnContainers.Identity/Models/AccountViewModels/ConsentViewModel.cs src/Services/Identity/eShopOnContainers.Identity/Models/ConsentViewModel.cs renamed to src/Services/Identity/eShopOnContainers.Identity/Models/AccountViewModels/ConsentViewModel.cs

@@ -6,7 +6,7 @@
 using System.Linq;
 using IdentityServer4.Models;
 
-namespace IdentityServer4.Quickstart.UI.Models
+namespace eShopOnContainers.Identity.Models.AccountViewModels
 {
     public class ConsentViewModel : ConsentInputModel
     {