39 lines
1.4 KiB
C#
39 lines
1.4 KiB
C#
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
|
|
namespace ScadaLink.Security;
|
|
|
|
public static class ServiceCollectionExtensions
|
|
{
|
|
public static IServiceCollection AddSecurity(this IServiceCollection services)
|
|
{
|
|
services.AddScoped<LdapAuthService>();
|
|
services.AddScoped<JwtTokenService>();
|
|
services.AddScoped<RoleMapper>();
|
|
|
|
// Register ASP.NET Core authentication with cookie scheme
|
|
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
|
.AddCookie(options =>
|
|
{
|
|
options.LoginPath = "/login";
|
|
options.LogoutPath = "/auth/logout";
|
|
options.Cookie.Name = "ScadaLink.Auth";
|
|
options.Cookie.HttpOnly = true;
|
|
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
|
|
// The cookie carries the embedded JWT (a bearer credential); never
|
|
// transmit it over plain HTTP. Design: "HttpOnly and Secure (requires HTTPS)".
|
|
options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
|
|
});
|
|
|
|
services.AddScadaLinkAuthorization();
|
|
|
|
return services;
|
|
}
|
|
|
|
public static IServiceCollection AddSecurityActors(this IServiceCollection services)
|
|
{
|
|
// Phase 0: placeholder for Akka actor registration
|
|
return services;
|
|
}
|
|
}
|