RecroGrid Framework
This page is currently under construction yet.
Contact

Authentication

OpenID Connect

The following description outlines the necessary configurations for the OIDC-enabled RecroGrid Framework Core API and Blazor client operation.
OIDC settings for the API

Install the JwtBearer package using .NET CLI or Package Manager 

dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer
Install-Package Microsoft.AspNetCore.Authentication.JwtBearer

Program.cs 

        var builder = WebApplication.CreateBuilder(args);

        builder.Services.AddCors(options =>
        {
            options.AddPolicy("RGF.Client", b =>
            {
                var allowedOrigins = builder.Configuration
                    .GetSection("CorsSettings:AllowedOrigins")
                    .Get<string[]>();
                if (allowedOrigins != null)
                {
                    b.WithOrigins(allowedOrigins)
                           .AllowAnyHeader()
                           .AllowAnyMethod();
                }
            });
        });

        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
        builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
              .AddJwtBearer(options => builder.Configuration.Bind("JwtBearerOptions", options));

        // Add services to the container.
        builder.Services.AddControllersWithViews();

        builder.AddRGF();
        builder.AddBaseDbContext();

        var app = builder.Build();

        // Configure the HTTP request pipeline.
        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseRouting();

        app.UseCors("RGF.Client");
        app.UseAuthentication();
        app.UseAuthorization();

        app.UseRGF<BaseDbContext, BaseDbContextPool, BaseDbContextPool>();

        app.MapControllers();

        app.Run();

Configuration examples for Microsoft Entra ID (Azure Active Directory) and Duende (Identity Server)

appsettings.json

      "JwtBearerOptions": { //Microsoft Entra ID
        "Authority": "https://login.microsoftonline.com/{TENANT ID}/v2.0",
        "Audience": "{Application (CLIENT) ID}", //API Application ID
        "TokenValidationParameters": {
          "ValidTypes": [ "JWT" ]
        }
      }
      "JwtBearerOptions": { //Duende
        "Authority": "{DUENDE}", //e.g. https://localhost:11900
        "Audience": "{API-RESOURCE}", //e.g. api://RgfDemo.Api
        "TokenValidationParameters": {
          "ValidTypes": [ "at+jwt" ]
        }
      }
    "Recrovit": {
      "RecroGridFramework": {
        "DefaultMenuScope": ";identity;"
      },
      "RecroSec": {
        "Enabled": true, //If it is true, every object must be parameterized; otherwise, parameters can be configured in the entity's RGO_RecroSec
        "SingleUserMode": true, //After configuring the administrator, it should be set to false.
        "AutoCreateUser": true,
        "AdministratorRoleName": "RGF.Administrators",
        "DefaultRoleName": "RGF.Users"
      }
    }
After configuring the administrator, the SingleUserMode should be set to false.
OIDC settings for Blazor WebAssembly

If the Individual Accounts authentication type was not set during the creation of the application, you need to add the Microsoft.AspNetCore.Components.WebAssembly.Authentication NuGet package to the project and perform all related configurations.

Program.cs 

builder.Services.AddOidcAuthentication(options =>
{
    builder.Configuration.Bind("Oidc:ProviderOptions", options.ProviderOptions);
    builder.Configuration.Bind("Oidc:UserOptions", options.UserOptions);
});

Configuration examples for Microsoft Entra ID (Azure Active Directory) and Duende (Identity Server)

appsettings.json

      "Oidc": { //Microsoft Entra ID
        "ProviderOptions": {
          "Authority": "https://login.microsoftonline.com/{TENANT ID}/v2.0",
          "ClientId": "{Application (client) ID}", //Client Application ID
          //"RedirectUri": "{CLIENT-LOGIN-CALLBACK}", //e.g. https://localhost:11920/authentication/login-callback
          //"PostLogoutRedirectUri": "{CLIENT-LOGOUT-CALLBACK}",
          "ResponseType": "code",
          "DefaultScopes": [ "openid", "profile" ]
        },
        "UserOptions": {
          "RoleClaim": "roles"
        }
      }
      "Oidc": { //Duende
        "ProviderOptions": {
          "Authority": "{DUENDE}", //e.g. https://localhost:11900
          "ClientId": "{CLIENT-ID}", //e.g. RgfDemo.Client
          "RedirectUri": "{CLIENT-LOGIN-CALLBACK}", //e.g. https://localhost:11920/authentication/login-callback
          //"PostLogoutRedirectUri": "{CLIENT-LOGOUT-CALLBACK}",
          "ResponseType": "code",
          "DefaultScopes": [ "openid", "profile", "role" ]
        },
        "UserOptions": {
          "RoleClaim": "role"
        }
      }
    "Recrovit": {
      "RecroGridFramework": {
        "API": {
          "BaseAddress": "https://{API-DOMAIN}", //e.g. "https://localhost:11913" or "http://api.example.com",
          "DefaultScopes": [ "openid", "profile", "{API-SCOPE}" ] //e.g. API-SCOPE = api://RgfDemo.Api/API.Access 
        }
      }
    }

See Also