LeptonXLiteTheme and auth issues fixed

Author: dolunay

demos/MainDemo/host/Syrna.QuartzAdmin.MainDemo.AuthServer/appsettings.json

@@ -1,8 +1,8 @@
 {
   "App": {
     "SelfUrl": "https://localhost:44301/",
-    "CorsOrigins": "https://*.quartzadmin.com,http://localhost:4200,http://localhost:44307,https://localhost:44307,https://localhost:44300,https://localhost:44305/",
-    "RedirectAllowedUrls": "https://quartzadmin.com,http://localhost:4200,http://localhost:44307,https://localhost:44307,https://localhost:44300,https://localhost:44305/"
+    "CorsOrigins": "https://*.quartzadmin.com,http://localhost:4200,http://localhost:44307,https://localhost:44307,https://localhost:44300,https://localhost:44301,https://localhost:44305/",
+    "RedirectAllowedUrls": "https://quartzadmin.com,http://localhost:4200,http://localhost:44307,https://localhost:44307,https://localhost:44300,https://localhost:44301,https://localhost:44305/"
   },
   "AppSelfUrl": "https://localhost:44301/",
   "ConnectionStrings": {

demos/MainDemo/host/Syrna.QuartzAdmin.MainDemo.Blazor.Host.Client/Components/CustomBranding.razor

@@ -0,0 +1,12 @@
+@using Volo.Abp.AspNetCore.Components.Web.LeptonXLiteTheme.Themes.LeptonXLite;
+@using Volo.Abp.DependencyInjection
+
+@inherits Branding
+@attribute [ExposeServices(typeof(Branding))]
+@attribute [Dependency(ReplaceServices = true)]
+
+@Name
+
+@code {
+    string Name = "Quartz Admin";
+}

demos/MainDemo/host/Syrna.QuartzAdmin.MainDemo.Blazor.Host.Client/Components/CustomUserMenu.razor

@@ -0,0 +1,42 @@
+@using Microsoft.Extensions.Localization
+@using Volo.Abp.AspNetCore.Components.WebAssembly.LeptonXLiteTheme.Themes.LeptonXLite.Toolbar
+@using Volo.Abp.DependencyInjection
+
+@inherits UserMenuComponent
+@attribute [ExposeServices(typeof(UserMenuComponent))]
+@attribute [Dependency(ReplaceServices = true)]
+
+<AuthorizeView>
+    <Authorized>
+        <Dropdown>
+            <DropdownToggle Color="Color.Default" aria-label="@CurrentUser.Name">
+                @if (CurrentTenant.Name != null)
+                {
+                    <span><i>@CurrentTenant.Name</i>\@CurrentUser.UserName</span>
+                }
+                else
+                {
+                    <span>@CurrentUser.UserName</span>
+                }
+            </DropdownToggle>
+            <DropdownMenu>
+                @if (Menu != null)
+                {
+                    @foreach (var menuItem in Menu.Items)
+                    {
+                        <DropdownItem Disabled="@menuItem.IsDisabled" Clicked="@(() => NavigateToAsync(menuItem.Url, menuItem.Target))">
+                            <Icon Name="@menuItem.Icon" aria-label="@menuItem.DisplayName"
+                                  IconSize="IconSize.Default" />@menuItem.DisplayName
+                        </DropdownItem>
+                    }
+                }
+                <DropdownItem Clicked="@BeginSignOut">
+                    @L["Logout"]
+                </DropdownItem>
+            </DropdownMenu>
+        </Dropdown>
+    </Authorized>
+    <NotAuthorized>
+        <Button Color="Color.Link" Clicked="@(() => NavigateToAsync(AuthenticationOptions.Value.LoginUrl))">@L["Login"]</Button>
+    </NotAuthorized>
+</AuthorizeView>

demos/MainDemo/host/Syrna.QuartzAdmin.MainDemo.Blazor.Host.Client/Components/CustomUserMenu.razor.cs

@@ -0,0 +1,32 @@
+using Microsoft.AspNetCore.Components;
+using Microsoft.Extensions.Options;
+using System.Threading.Tasks;
+using Volo.Abp.AspNetCore.Components.Web.Security;
+using Volo.Abp.AspNetCore.Components.WebAssembly.LeptonXLiteTheme;
+using Volo.Abp.UI.Navigation;
+
+namespace Syrna.QuartzAdmin.MainDemo.Blazor.Host.Client.Components
+{
+    public partial class CustomUserMenu
+    {
+        [Inject]
+        protected IOptions<AuthenticationOptions> AuthenticationOptions { get; set; }
+
+        protected ApplicationMenu Menu { get; set; }
+
+        protected override async Task OnInitializedAsync()
+        {
+            Menu = await MenuManager.GetAsync(StandardMenus.User);
+
+            Navigation.LocationChanged += OnLocationChanged;
+
+            ApplicationConfigurationChangedService.Changed += ApplicationConfigurationChanged;
+        }
+
+        private async void ApplicationConfigurationChanged()
+        {
+            Menu = await MenuManager.GetAsync(StandardMenus.User);
+            await InvokeAsync(StateHasChanged);
+        }
+    }
+}

demos/MainDemo/host/Syrna.QuartzAdmin.MainDemo.Blazor.Host.Client/MainDemoBlazorHostClientModule.cs

@@ -1,9 +1,10 @@
-using Autofac.Core;
-using Blazorise.Bootstrap5;
+using Blazorise.Bootstrap5;
 using Blazorise.Icons.FontAwesome;
+using IdentityModel;
 using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using OpenIddict.Abstractions;
 using Syrna.QuartzAdmin.Blazor.Components;
 using Syrna.QuartzAdmin.Blazor.Services;
 using Syrna.QuartzAdmin.MainDemo.Blazor.Host.Client.Menus;
@@ -13,7 +14,6 @@
 using Volo.Abp.Account;
 using Volo.Abp.AspNetCore.Components.Web.Theming.Routing;
 using Volo.Abp.AspNetCore.Components.WebAssembly.LeptonXLiteTheme;
-using Volo.Abp.AspNetCore.Components.WebAssembly.LeptonXLiteTheme.Bundling;
 using Volo.Abp.Autofac.WebAssembly;
 using Volo.Abp.AutoMapper;
 using Volo.Abp.Identity.Blazor.WebAssembly;
@@ -31,8 +31,8 @@ namespace Syrna.QuartzAdmin.MainDemo.Blazor.Host.Client;
 [DependsOn(typeof(AbpIdentityBlazorWebAssemblyModule))]
 [DependsOn(typeof(AbpTenantManagementBlazorWebAssemblyModule))]
 [DependsOn(typeof(AbpSettingManagementBlazorWebAssemblyModule))]
-[DependsOn(typeof(MainDemoBlazorWebAssemblyModule)
-)]
+//
+[DependsOn(typeof(MainDemoBlazorWebAssemblyModule))]
 public class MainDemoBlazorHostClientModule : AbpModule
 {
     public override void ConfigureServices(ServiceConfigurationContext context)
@@ -83,6 +83,13 @@ private static void ConfigureAuthentication(WebAssemblyHostBuilder builder)
         builder.Services.AddOidcAuthentication(options =>
         {
             builder.Configuration.Bind("AuthServer", options.ProviderOptions);
+            options.UserOptions.RoleClaim = JwtClaimTypes.Role;
+            //options.ProviderOptions.DefaultScopes.Add(OpenIddictConstants.Scopes.OfflineAccess);
+            options.ProviderOptions.DefaultScopes.Add(OpenIddictConstants.Scopes.OpenId);
+            options.ProviderOptions.DefaultScopes.Add(OpenIddictConstants.Scopes.Profile);
+            options.ProviderOptions.DefaultScopes.Add(OpenIddictConstants.Scopes.Roles);
+            options.ProviderOptions.DefaultScopes.Add(OpenIddictConstants.Scopes.Email);
+            options.ProviderOptions.DefaultScopes.Add(OpenIddictConstants.Scopes.Phone);
             options.ProviderOptions.DefaultScopes.Add("QuartzAdmin");
         });
     }

demos/MainDemo/host/Syrna.QuartzAdmin.MainDemo.Blazor.Host.Client/Menus/MainDemoBlazorHostClientMenuContributor.cs

@@ -50,7 +50,7 @@ private Task ConfigureUserMenuAsync(MenuConfigurationContext context)
             "Account.Manage",
             accountStringLocalizer["MyAccount"]??"My Account",
             $"{identityServerUrl.EnsureEndsWith('/')}Account/Manage?returnUrl={configuration["App:SelfUrl"]}",
-            icon: "fa-cog",
+            icon: "fa fa-cog",
             order: 1000,
             null).RequireAuthenticated());
 

demos/MainDemo/host/Syrna.QuartzAdmin.MainDemo.Blazor.Host.Client/Syrna.QuartzAdmin.MainDemo.Blazor.Host.Client.csproj

@@ -10,10 +10,15 @@
 	</PropertyGroup>
 
 	<ItemGroup>
+	  <Compile Remove="Components\CustomUserMenu.razor.cs" />
 	  <Compile Remove="RemoteExternalLocalizationStore.cs" />
 	  <Compile Remove="UserExceptionInformer.cs" />
 	</ItemGroup>
 
+	<ItemGroup>
+	  <Content Remove="Components\CustomUserMenu.razor" />
+	</ItemGroup>
+
 	<ItemGroup>
 		<PackageReference Include="Blazorise.Bootstrap5" />
 		<PackageReference Include="Blazorise.Icons.FontAwesome" />

demos/MainDemo/host/Syrna.QuartzAdmin.MainDemo.Blazor.Host.Client/wwwroot/appsettings.json

@@ -3,7 +3,7 @@
     "SelfUrl": "https://localhost:44307"
   },
   "AuthServer": {
-    "Authority": "https://localhost:44301",
+    "Authority": "https://localhost:44358",
     "ClientId": "QuartzAdmin_Blazor",
     "ResponseType": "code"
   },

demos/MainDemo/host/Syrna.QuartzAdmin.MainDemo.HttpApi.Host/MainDemoHttpApiHostModule.cs

@@ -81,15 +81,30 @@ public override void PreConfigureServices(ServiceConfigurationContext context)
         {
             builder.AddValidation(options =>
             {
-                //options.SetIssuer("https://syrnaids.syrna.net/");
-                options.SetIssuer(configuration["AuthServer:Authority"]);
-                options.AddAudiences("QuartzAdmin");
+                //options.SetIssuer("https://csbsids.saglik.gov.tr/");
+                options.SetIssuer(configuration["AuthServer:Authority"]!);
+                options.AddAudiences("QuartzAdmin", "QuartzAdmin API");
                 //options.UseLocalServer();
                 options.UseAspNetCore();
                 options.UseSystemNetHttp();
             });
         });
 
+        PreConfigure<OpenIddictServerBuilder>(x =>
+        {
+            //scope: 'offline_access openid profile role email phone QuartzAdmin',
+            x.RegisterScopes(
+                OpenIddictConstants.Scopes.OfflineAccess,
+                OpenIddictConstants.Scopes.OpenId,
+                OpenIddictConstants.Scopes.Profile,
+                OpenIddictConstants.Scopes.Roles,
+                OpenIddictConstants.Scopes.Email,
+                OpenIddictConstants.Scopes.Phone,
+                "QuartzAdmin"
+            );
+            x.AllowAuthorizationCodeFlow().AllowRefreshTokenFlow().AllowPasswordFlow();
+        });
+
         if (!hostingEnvironment.IsDevelopment())
         {
             PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
@@ -99,20 +114,11 @@ public override void PreConfigureServices(ServiceConfigurationContext context)
 
             PreConfigure<OpenIddictServerBuilder>(x =>
             {
-                x.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration));
-                x.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration));
-
-                //scope: 'offline_access openid profile role email phone QuartzAdmin',
-                x.RegisterScopes(
-                    OpenIddictConstants.Scopes.OfflineAccess,
-                    OpenIddictConstants.Scopes.OpenId,
-                    OpenIddictConstants.Scopes.Profile,
-                    OpenIddictConstants.Scopes.Roles,
-                    OpenIddictConstants.Scopes.Email,
-                    OpenIddictConstants.Scopes.Phone,
-                    "QuartzAdmin"
-                    );
-                x.AllowAuthorizationCodeFlow().AllowRefreshTokenFlow();
+                //var pfxFile = Path.Combine(hostingEnvironment.ContentRootPath, "openiddict.pfx");
+                //x.AddProductionEncryptionAndSigningCertificate($"{pfxFile}", "266657b3-2d03-4888-b9ee-b3f0939e9e24");
+                x.AddSigningCertificate(GetSigningCertificate(hostingEnvironment));
+                x.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment));
+                //x.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "266657b3-2d03-4888-b9ee-b3f0939e9e24");
             });
         }
 
@@ -179,10 +185,10 @@ private static void AutoLocalizationResourceContributors(IServiceCollection serv
         });
     }
 
-    private static X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostingEnv, IConfiguration configuration)
+    private static X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostingEnv)
     {
-        var fileName = "openiddict.pfx";
-        var passPhrase = "ceae6457-5634-4e9f-8ea2-0be3ad54001a";
+        const string fileName = "openiddict.pfx";
+        const string passPhrase = "ceae6457-5634-4e9f-8ea2-0be3ad54001a";
         var file = Path.Combine(hostingEnv.ContentRootPath, fileName);
 
         if (!File.Exists(file))
@@ -192,7 +198,7 @@ private static X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostin
 
         try
         {
-            var c = new X509Certificate2(file, passPhrase, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
+            var c = new X509Certificate2(file, passPhrase);
             return c;
         }
         catch (Exception e)
@@ -219,7 +225,7 @@ public override void ConfigureServices(ServiceConfigurationContext context)
         });
 
         ConfigureAuthentication(context);
-        //ConfigureAuthentication(context, configuration);
+        ConfigureAuthentication(context, configuration);
         //ConfigureBundles();
         ConfigureUrls(configuration);
         ConfigureConventionalControllers();
@@ -249,6 +255,7 @@ public override void ConfigureServices(ServiceConfigurationContext context)
     private void ConfigureAuthentication(ServiceConfigurationContext context)
     {
         context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);
+        //context.Services.AddAuthentication(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);
         context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options =>
         {
             options.IsDynamicClaimsEnabled = true;
@@ -263,17 +270,24 @@ private static void ConfigureAuthentication(ServiceConfigurationContext context,
                 //options.TokenValidationParameters.ValidateIssuer = false;
                 options.TokenValidationParameters = new TokenValidationParameters
                 {
+                    //NameClaimType = "sub",
+                    //RoleClaimType = System.Security.Claims.ClaimTypes.Role,
                     ValidateIssuer = true,
                     ValidateAudience = true,
-                    ValidateIssuerSigningKey = true,
+                    ValidateLifetime = true,
+                    //ValidateIssuerSigningKey = true,
                     ValidAudience = "QuartzAdmin",
-                    ValidIssuer = configuration["AuthServer:Authority"],
-                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["AuthServer:SwaggerClientSecret"]))
+                    ValidAudiences = new[] { "QuartzAdmin", "QuartzAdmin API" },
+                    ValidIssuer = configuration["AuthServer:Authority"]
+                    //ValidTypes = ["at+jwt"],
+                    //ValidAlgorithms = ["RS256"]
+                    //IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["AuthServer:SwaggerClientSecret"]))
                 };
                 options.UseSecurityTokenValidators = true;
                 options.Authority = configuration["AuthServer:Authority"];
                 options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
                 options.Audience = "QuartzAdmin";
+                options.MapInboundClaims = false;
 #if DEBUG
                 options.IncludeErrorDetails = true;
 #endif

demos/MainDemo/host/Syrna.QuartzAdmin.MainDemo.HttpApi.Host/appsettings.json

@@ -12,8 +12,8 @@
     }
   },
   "AuthServer": {
-    "Authority": "https://localhost:44358",
-    "SwaggerAuthority": "https://localhost:44358",
+    "Authority": "https://localhost:44301",
+    "SwaggerAuthority": "https://localhost:44301",
     "RequireHttpsMetadata": "true",
     "SwaggerClientId": "QuartzAdmin_Swagger",
     "SwaggerClientSecret": "1q2w3e*"