Authentication
OpenID Connect
OIDC settings for the API
Install the JwtBearer package using .NET CLI or Package Manager
dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer
Install-Package Microsoft.AspNetCore.Authentication.JwtBearer
Program.cs
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddCors(options =>
{
options.AddPolicy("RGF.Client", b =>
{
var allowedOrigins = builder.Configuration
.GetSection("CorsSettings:AllowedOrigins")
.Get<string[]>();
if (allowedOrigins != null)
{
b.WithOrigins(allowedOrigins)
.AllowAnyHeader()
.AllowAnyMethod();
}
});
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => builder.Configuration.Bind("JwtBearerOptions", options));
// Add services to the container.
builder.Services.AddControllersWithViews();
builder.AddRGF();
builder.AddBaseDbContext();
var app = builder.Build();
// Configure the HTTP request pipeline.
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseCors("RGF.Client");
app.UseAuthentication();
app.UseAuthorization();
app.UseRGF<BaseDbContext, BaseDbContextPool, BaseDbContextPool>();
app.MapControllers();
app.Run();
Configuration examples for Duende (Identity Szerver) és Microsoft Entra ID (Azure Active Directory)
appsettings.json
"Recrovit": {
"RecroGrid": {
"DefaultMenuScope": ";identity;"
},
"RecroSec": {
"Enabled": true, //If it is true, every object must be parameterized; otherwise, parameters can be configured in the entity's RGO_RecroSec
"SingleUserMode": true, //After configuring the administrator, it should be set to false.
"OidcAuthentication": true,
"AutoCreateUser": true,
"AdministratorRoleName": "RGF.Administrators",
"DefaultRoleName": "RGF.Users"
}
}
SingleUserMode
should be set to false
.
"JwtBearerOptions": { //Duende
"Authority": "{DUENDE}", //e.g. https://localhost:11900
"Audience": "{API-RESOURCE}", //e.g. api://RgfDemo.Api
"TokenValidationParameters": {
"ValidTypes": [ "at+jwt" ]
}
}
"JwtBearerOptions": { //AzureAD
"Authority": "https://login.microsoftonline.com/{TENANT ID}/v2.0",
"Audience": "{Application (CLIENT) ID}", //API Application ID
"TokenValidationParameters": {
"ValidTypes": [ "JWT" ]
}
}
OIDC settings for Blazor WebAssembly
If the Individual Accounts authentication type was not set during the creation of the application, you need to add the Microsoft.AspNetCore.Components.WebAssembly.Authentication NuGet package to the project and perform all related configurations.
Program.cs
builder.Services.AddOidcAuthentication(options =>
{
builder.Configuration.Bind("Oidc:ProviderOptions", options.ProviderOptions);
builder.Configuration.Bind("Oidc:UserOptions", options.UserOptions);
});
Configuration examples for Duende (Identity Szerver) és Microsoft Entra ID (Azure Active Directory)
appsettings.json
"Recrovit": {
"RecroGridFramework": {
"API": {
"BaseAddress": "https://{API-DOMAIN}", //e.g. "https://localhost:11913" or "http://api.example.com",
"DefaultScopes": [ "openid", "profile", "{API-SCOPE}" ] //e.g. API-SCOPE = api://RgfDemo.Api/API.Access
}
}
}
"Oidc": { //Duende
"ProviderOptions": {
"Authority": "{DUENDE}", //e.g. https://localhost:11900
"ClientId": "{CLIENT-ID}", //e.g. RgfDemo.Client
"RedirectUri": "{CLIENT-LOGIN-CALLBACK}", //e.g. https://localhost:11920/authentication/login-callback
"PostLogoutRedirectUri": "{CLIENT-LOGOUT-CALLBACK}", //e.g. https://localhost:11920/authentication/logout-callback
"ResponseType": "code",
"DefaultScopes": [ "openid", "profile", "role" ]
},
"UserOptions": {
"RoleClaim": "role"
}
}
"Oidc": { //AzureAD
"ProviderOptions": {
"Authority": "https://login.microsoftonline.com/{TENANT ID}/v2.0",
"ClientId": "{Application (client) ID}", //Client Application ID
"RedirectUri": "{CLIENT-LOGIN-CALLBACK}", //e.g. https://localhost:11920/authentication/login-callback
"PostLogoutRedirectUri": "{CLIENT-LOGOUT-CALLBACK}", //e.g. https://localhost:11920/authentication/logout-callback
"ResponseType": "code",
"DefaultScopes": [ "openid", "profile" ]
},
"UserOptions": {
"RoleClaim": "roles"
}
}