From 7bf2d8e7056d1c471a73497ffb1452a9d0fb46fb Mon Sep 17 00:00:00 2001 From: Tim Hess Date: Thu, 5 Jun 2025 16:59:38 -0500 Subject: [PATCH 1/6] first pass on console app for certificate auth --- Security/src/AuthConsole/.cfignore | 33 +++++++++++++ .../CertificateAuthorizationApiClient.cs | 17 +++++++ .../AuthConsole/ApiClients/StringApiClient.cs | 34 ++++++++++++++ .../AuthConsole/CloudFoundryConventions.cs | 10 ++++ .../src/AuthConsole/Directory.Build.props | 8 ++++ .../HttpClientBuilderExtensions.cs | 45 ++++++++++++++++++ .../Models/AuthApiResponseModel.cs | 7 +++ Security/src/AuthConsole/Program.cs | 47 +++++++++++++++++++ Security/src/AuthConsole/README.md | 42 +++++++++++++++++ .../Steeltoe.Samples.AuthConsole.csproj | 16 +++++++ Security/src/AuthConsole/Worker.cs | 23 +++++++++ .../AuthConsole/appsettings.Development.json | 10 ++++ Security/src/AuthConsole/appsettings.json | 14 ++++++ Security/src/AuthConsole/manifest-windows.yml | 13 +++++ Security/src/AuthConsole/manifest.yml | 12 +++++ Security/src/AuthConsole/nuget.config | 7 +++ Security/src/Steeltoe.Samples.Security.sln | 18 ++++++- 17 files changed, 354 insertions(+), 2 deletions(-) create mode 100644 Security/src/AuthConsole/.cfignore create mode 100644 Security/src/AuthConsole/ApiClients/CertificateAuthorizationApiClient.cs create mode 100644 Security/src/AuthConsole/ApiClients/StringApiClient.cs create mode 100644 Security/src/AuthConsole/CloudFoundryConventions.cs create mode 100644 Security/src/AuthConsole/Directory.Build.props create mode 100644 Security/src/AuthConsole/HttpClientBuilderExtensions.cs create mode 100644 Security/src/AuthConsole/Models/AuthApiResponseModel.cs create mode 100644 Security/src/AuthConsole/Program.cs create mode 100644 Security/src/AuthConsole/README.md create mode 100644 Security/src/AuthConsole/Steeltoe.Samples.AuthConsole.csproj create mode 100644 Security/src/AuthConsole/Worker.cs create mode 100644 Security/src/AuthConsole/appsettings.Development.json create mode 100644 Security/src/AuthConsole/appsettings.json create mode 100644 Security/src/AuthConsole/manifest-windows.yml create mode 100644 Security/src/AuthConsole/manifest.yml create mode 100644 Security/src/AuthConsole/nuget.config diff --git a/Security/src/AuthConsole/.cfignore b/Security/src/AuthConsole/.cfignore new file mode 100644 index 000000000..bac3bd964 --- /dev/null +++ b/Security/src/AuthConsole/.cfignore @@ -0,0 +1,33 @@ +# DotNet +bin +obj +publish + +# user-specific state +*.user + +# VS Code +.vscode +*.code-workspace + +# Visual Studio +.vs + +# JetBrains +.idea +*.iws +*.iml +*.ipr + +# Test framework files +scaffold +*.feature + +# Common files that don't need to be pushed +config +*.http +manifest-*.yml +*.md +launchSettings.json + +# files specific this sample diff --git a/Security/src/AuthConsole/ApiClients/CertificateAuthorizationApiClient.cs b/Security/src/AuthConsole/ApiClients/CertificateAuthorizationApiClient.cs new file mode 100644 index 000000000..7d36d723e --- /dev/null +++ b/Security/src/AuthConsole/ApiClients/CertificateAuthorizationApiClient.cs @@ -0,0 +1,17 @@ +using Steeltoe.Samples.AuthConsole.Models; + +namespace Steeltoe.Samples.AuthConsole.ApiClients; + +public sealed class CertificateAuthorizationApiClient(HttpClient httpClient) + : StringApiClient(httpClient) +{ + public async Task GetSameOrgAsync(CancellationToken cancellationToken) + { + return await GetAsync("/api/certificate/SameOrg", cancellationToken); + } + + public async Task GetSameSpaceAsync(CancellationToken cancellationToken) + { + return await GetAsync("/api/certificate/SameSpace", cancellationToken); + } +} diff --git a/Security/src/AuthConsole/ApiClients/StringApiClient.cs b/Security/src/AuthConsole/ApiClients/StringApiClient.cs new file mode 100644 index 000000000..4d2d6c9c9 --- /dev/null +++ b/Security/src/AuthConsole/ApiClients/StringApiClient.cs @@ -0,0 +1,34 @@ +using Steeltoe.Samples.AuthConsole.Models; + +namespace Steeltoe.Samples.AuthConsole.ApiClients; + +public abstract class StringApiClient(HttpClient httpClient) +{ + protected HttpClient HttpClient => httpClient; + + protected async Task GetAsync(string requestUri, CancellationToken cancellationToken) + { + try + { + using HttpResponseMessage response = await httpClient.GetAsync(requestUri, cancellationToken); + string responseBody = await response.Content.ReadAsStringAsync(cancellationToken); + + if (response.IsSuccessStatusCode) + { + return new AuthApiResponseModel + { + Message = responseBody + }; + } + + throw new HttpRequestException($"Request failed with status {(int)response.StatusCode}:{Environment.NewLine}{responseBody}"); + } + catch (Exception exception) + { + return new AuthApiResponseModel + { + Error = exception + }; + } + } +} diff --git a/Security/src/AuthConsole/CloudFoundryConventions.cs b/Security/src/AuthConsole/CloudFoundryConventions.cs new file mode 100644 index 000000000..db67fc4d9 --- /dev/null +++ b/Security/src/AuthConsole/CloudFoundryConventions.cs @@ -0,0 +1,10 @@ +namespace Steeltoe.Samples.AuthConsole; + +internal sealed class CloudFoundryConventions +{ + public const string ConfigurationPrefix = "CloudFoundryConventions"; + + public string ApiUriSegment { get; set; } = ""; + + public string AppsUriSegment { get; set; } = ""; +} diff --git a/Security/src/AuthConsole/Directory.Build.props b/Security/src/AuthConsole/Directory.Build.props new file mode 100644 index 000000000..09be6a6d5 --- /dev/null +++ b/Security/src/AuthConsole/Directory.Build.props @@ -0,0 +1,8 @@ + + + 4.0.*-* + + + 8.0.* + + diff --git a/Security/src/AuthConsole/HttpClientBuilderExtensions.cs b/Security/src/AuthConsole/HttpClientBuilderExtensions.cs new file mode 100644 index 000000000..36145d5a5 --- /dev/null +++ b/Security/src/AuthConsole/HttpClientBuilderExtensions.cs @@ -0,0 +1,45 @@ +using Microsoft.Extensions.DependencyInjection.Extensions; +using Microsoft.Extensions.Http.Logging; + +namespace Steeltoe.Samples.AuthConsole; + +/// +/// Provides simplified logging of outgoing HTTP requests. +/// +/// +/// Based on https://josef.codes/customize-the-httpclient-logging-dotnet-core/. +/// +public static class HttpClientBuilderExtensions +{ + public static IHttpClientBuilder ConfigureLogging(this IHttpClientBuilder builder) + { + builder.Services.TryAddScoped(); + return builder.RemoveAllLoggers().AddLogger(true); + } + + private sealed class HttpLogger(ILogger logger) : IHttpClientLogger + { + private readonly ILogger _logger = logger; + + public object? LogRequestStart(HttpRequestMessage request) + { + _logger.LogInformation("Sending '{Request.Method}' to '{Request.Host}{Request.Path}'", request.Method, + request.RequestUri?.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped), request.RequestUri?.PathAndQuery); + + return null; + } + + public void LogRequestStop(object? context, HttpRequestMessage request, HttpResponseMessage response, TimeSpan elapsed) + { + _logger.LogInformation("Received '{Response.StatusCodeInt} {Response.StatusCodeString}' after {Response.ElapsedMilliseconds}ms", + (int)response.StatusCode, response.StatusCode, elapsed.TotalMilliseconds.ToString("F1")); + } + + public void LogRequestFailed(object? context, HttpRequestMessage request, HttpResponseMessage? response, Exception exception, TimeSpan elapsed) + { + _logger.LogError(exception, "Request towards '{Request.Host}{Request.Path}' failed after {Response.ElapsedMilliseconds}ms", + request.RequestUri?.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped), request.RequestUri!.PathAndQuery, + elapsed.TotalMilliseconds.ToString("F1")); + } + } +} diff --git a/Security/src/AuthConsole/Models/AuthApiResponseModel.cs b/Security/src/AuthConsole/Models/AuthApiResponseModel.cs new file mode 100644 index 000000000..ec1276bd5 --- /dev/null +++ b/Security/src/AuthConsole/Models/AuthApiResponseModel.cs @@ -0,0 +1,7 @@ +namespace Steeltoe.Samples.AuthConsole.Models; + +public sealed class AuthApiResponseModel +{ + public string? Message { get; set; } + public Exception? Error { get; set; } +} diff --git a/Security/src/AuthConsole/Program.cs b/Security/src/AuthConsole/Program.cs new file mode 100644 index 000000000..69c7e0ff6 --- /dev/null +++ b/Security/src/AuthConsole/Program.cs @@ -0,0 +1,47 @@ +using Microsoft.Extensions.Options; +using Steeltoe.Common; +using Steeltoe.Common.Certificates; +using Steeltoe.Configuration.CloudFoundry; +using Steeltoe.Samples.AuthConsole; +using Steeltoe.Samples.AuthConsole.ApiClients; +using Steeltoe.Security.Authorization.Certificate; + +const string orgId = "a8fef16f-94c0-49e3-aa0b-ced7c3da6229"; +const string spaceId = "122b942a-d7b9-4839-b26e-836654b9785f"; + +HostApplicationBuilder builder = Host.CreateApplicationBuilder(args); +builder.Services.AddOptions().Bind(builder.Configuration.GetSection(CloudFoundryConventions.ConfigurationPrefix)); +builder.Services.AddHostedService(); + +// Steeltoe: Add Cloud Foundry application info and instance identity certificate to configuration. +builder.AddCloudFoundryConfiguration(); +builder.Configuration.AddAppInstanceIdentityCertificate(new Guid(orgId), new Guid(spaceId)); + +builder.Services.AddHttpClient(SetBaseAddress).AddAppInstanceIdentityCertificate().ConfigureLogging(); + +IHost host = builder.Build(); +host.Run(); + +return; + +// This code is used to limit complexity in the sample. A real application should use Service Discovery. +// To learn more about service discovery, review the documentation at: https://docs.steeltoe.io/api/v4/discovery/ +static void SetBaseAddress(IServiceProvider serviceProvider, HttpClient client) +{ + var instanceInfo = serviceProvider.GetRequiredService(); + + if (instanceInfo is CloudFoundryApplicationOptions { Api: not null } options) + { + var conventions = serviceProvider.GetRequiredService>(); + + string? address = options.Api; + ArgumentException.ThrowIfNullOrEmpty(options.Api); + + string baseAddress = address!.Replace(conventions.Value.ApiUriSegment, $"auth-server-sample.{conventions.Value.AppsUriSegment}"); + client.BaseAddress = new Uri($"{baseAddress}"); + } + else + { + client.BaseAddress = new Uri("https://localhost:7184"); + } +} diff --git a/Security/src/AuthConsole/README.md b/Security/src/AuthConsole/README.md new file mode 100644 index 000000000..7bb9e3402 --- /dev/null +++ b/Security/src/AuthConsole/README.md @@ -0,0 +1,42 @@ +# Steeltoe Application Security Worker/Console Client-side Authentication and Authorization + +This application shows how to use the Steeltoe [security library](https://docs.steeltoe.io/api/v4/security/) for authentication and authorization with client certificates provided by Cloud Foundry or Steeltoe (when running locally). + +## General pre-requisites + +1. Installed .NET 8 SDK +1. Optional: [Tanzu Platform for Cloud Foundry](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-platform-for-cloud-foundry/10-0/tpcf/concepts-overview.html) + (optionally with [Windows support](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-platform-for-cloud-foundry/10-0/tpcf/toc-tasw-install-index.html)) + and [Cloud Foundry CLI](https://github.com/cloudfoundry/cli) + +## Running locally + +1. `dotnet run` both AuthApi and AuthConsole + +## Running on Tanzu Platform for Cloud Foundry + +1. Refer to the [AuthWeb README](../AuthWeb/README.md) for instructions on deploying AuthApi + * If you are only interested in certificate authentication, skip everything related to Single Sign-On (SSO) and comment out or delete the `sampleSSOService` service reference from manifest(-windows).yml before `cf push` + +1. Push AuthConsole to Cloud Foundry + 1. `cf target -o your-org -s your-space` + 1. `cd samples/Security/src/AuthConsole` + 1. `cf push` + * When deploying to Windows, binaries must be built locally before push. Use the following commands instead: + + ```shell + dotnet publish -r win-x64 --self-contained + cf push -f manifest-windows.yml -p bin/Release/net8.0/win-x64/publish + ``` + +> [!NOTE] +> The provided manifests will create apps named `auth-client-console-sample` and `auth-server-sample` +> and attempt to bind AuthApi to the SSO service `sampleSSOService`. + +## What to expect + +At this point the app is up and running. Since there is user interface for this worker, you can access the logs this command: `cf logs auth-client-console-sample` + +--- + +See the Official [Steeltoe Security Documentation](https://docs.steeltoe.io/api/v4/security/) for more detailed information. diff --git a/Security/src/AuthConsole/Steeltoe.Samples.AuthConsole.csproj b/Security/src/AuthConsole/Steeltoe.Samples.AuthConsole.csproj new file mode 100644 index 000000000..2f61743a5 --- /dev/null +++ b/Security/src/AuthConsole/Steeltoe.Samples.AuthConsole.csproj @@ -0,0 +1,16 @@ + + + + Exe + net8.0 + enable + enable + + + + + + + + + diff --git a/Security/src/AuthConsole/Worker.cs b/Security/src/AuthConsole/Worker.cs new file mode 100644 index 000000000..1356726cc --- /dev/null +++ b/Security/src/AuthConsole/Worker.cs @@ -0,0 +1,23 @@ +using Steeltoe.Samples.AuthConsole.ApiClients; +using Steeltoe.Samples.AuthConsole.Models; + +namespace Steeltoe.Samples.AuthConsole; + +public sealed class Worker(CertificateAuthorizationApiClient certificateAuthorizationApiClient, ILogger logger) : BackgroundService +{ + protected override async Task ExecuteAsync(CancellationToken cancellationToken) + { + while (!cancellationToken.IsCancellationRequested) + { + Console.WriteLine($"Background service starting at: {DateTimeOffset.Now} (press Ctrl+C to close)."); + + AuthApiResponseModel model = await certificateAuthorizationApiClient.GetSameOrgAsync(cancellationToken); + logger.LogInformation("GetSameOrg response: {ApiResponse}", model.Message != null ? model.Message : model.Error); + + model = await certificateAuthorizationApiClient.GetSameSpaceAsync(cancellationToken); + logger.LogInformation("GetSameOrg response: {ApiResponse}", model.Message != null ? model.Message : model.Error); + + await Task.Delay(10_000, cancellationToken); + } + } +} diff --git a/Security/src/AuthConsole/appsettings.Development.json b/Security/src/AuthConsole/appsettings.Development.json new file mode 100644 index 000000000..84c24627a --- /dev/null +++ b/Security/src/AuthConsole/appsettings.Development.json @@ -0,0 +1,10 @@ +{ + // Steeltoe: Add schema to get auto-completion. + "$schema": "https://steeltoe.io/schema/v4/schema.json", + "Logging": { + "LogLevel": { + "Default": "Warning", + "Microsoft.Hosting.Lifetime": "Information" + } + } +} diff --git a/Security/src/AuthConsole/appsettings.json b/Security/src/AuthConsole/appsettings.json new file mode 100644 index 000000000..e801190bf --- /dev/null +++ b/Security/src/AuthConsole/appsettings.json @@ -0,0 +1,14 @@ +{ + // Steeltoe: Add schema to get auto-completion. + "$schema": "https://steeltoe.io/schema/v4/schema.json", + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.Hosting.Lifetime": "Information" + } + }, + "CloudFoundryConventions": { + "ApiUriSegment": "api.sys", + "AppsUriSegment": "apps" + } +} diff --git a/Security/src/AuthConsole/manifest-windows.yml b/Security/src/AuthConsole/manifest-windows.yml new file mode 100644 index 000000000..ba7c7d0fa --- /dev/null +++ b/Security/src/AuthConsole/manifest-windows.yml @@ -0,0 +1,13 @@ +--- +applications: +- name: auth-client-console-sample + buildpacks: + - binary_buildpack + command: cmd /c .\Steeltoe.Samples.AuthConsole + health-check-type: process + memory: 128M + no-route: true + stack: windows + env: + DOTNET_CLI_TELEMETRY_OPTOUT: "true" + DOTNET_NOLOGO: "true" diff --git a/Security/src/AuthConsole/manifest.yml b/Security/src/AuthConsole/manifest.yml new file mode 100644 index 000000000..8a2eee6fa --- /dev/null +++ b/Security/src/AuthConsole/manifest.yml @@ -0,0 +1,12 @@ +--- +applications: +- name: auth-client-console-sample + buildpacks: + - dotnet_core_buildpack + health-check-type: process + memory: 128M + no-route: true + stack: cflinuxfs4 + env: + DOTNET_CLI_TELEMETRY_OPTOUT: "true" + DOTNET_NOLOGO: "true" diff --git a/Security/src/AuthConsole/nuget.config b/Security/src/AuthConsole/nuget.config new file mode 100644 index 000000000..7a8af6c7c --- /dev/null +++ b/Security/src/AuthConsole/nuget.config @@ -0,0 +1,7 @@ + + + + + + + diff --git a/Security/src/Steeltoe.Samples.Security.sln b/Security/src/Steeltoe.Samples.Security.sln index 91d653869..3a1eb59fb 100644 --- a/Security/src/Steeltoe.Samples.Security.sln +++ b/Security/src/Steeltoe.Samples.Security.sln @@ -8,10 +8,12 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution ..\README.md = ..\README.md EndProjectSection EndProject -Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Steeltoe.Samples.AuthWeb", "AuthWeb\Steeltoe.Samples.AuthWeb.csproj", "{CBBCE83B-8AF2-40BB-A7E0-11AA4CA61FD2}" -EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Steeltoe.Samples.AuthApi", "AuthApi\Steeltoe.Samples.AuthApi.csproj", "{D3CBBDCC-2BF2-4917-9A56-AEED28FBC6E1}" EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Steeltoe.Samples.AuthConsole", "AuthConsole\Steeltoe.Samples.AuthConsole.csproj", "{F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Steeltoe.Samples.AuthWeb", "AuthWeb\Steeltoe.Samples.AuthWeb.csproj", "{CBBCE83B-8AF2-40BB-A7E0-11AA4CA61FD2}" +EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Steeltoe.Samples.RedisDataProtection", "RedisDataProtection\Steeltoe.Samples.RedisDataProtection.csproj", "{A0EDA633-4FF3-40A5-BA7D-2516F6AD2C8C}" EndProject Global @@ -60,6 +62,18 @@ Global {A0EDA633-4FF3-40A5-BA7D-2516F6AD2C8C}.Release|x64.Build.0 = Release|Any CPU {A0EDA633-4FF3-40A5-BA7D-2516F6AD2C8C}.Release|x86.ActiveCfg = Release|Any CPU {A0EDA633-4FF3-40A5-BA7D-2516F6AD2C8C}.Release|x86.Build.0 = Release|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Debug|Any CPU.Build.0 = Debug|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Debug|x64.ActiveCfg = Debug|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Debug|x64.Build.0 = Debug|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Debug|x86.ActiveCfg = Debug|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Debug|x86.Build.0 = Debug|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Release|Any CPU.ActiveCfg = Release|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Release|Any CPU.Build.0 = Release|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Release|x64.ActiveCfg = Release|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Release|x64.Build.0 = Release|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Release|x86.ActiveCfg = Release|Any CPU + {F9143A4B-4D52-4C65-BFD3-CE967BE4AA01}.Release|x86.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE From 65d5d792ca160bb5372a4eed185ebeb8a5636bde Mon Sep 17 00:00:00 2001 From: Tim Hess Date: Fri, 13 Jun 2025 16:09:09 -0500 Subject: [PATCH 2/6] bump mem for auth apps on cf, adjust for runtime reverse proxy changes also update console app .cfignore to match others --- Security/src/AuthApi/Program.cs | 3 +-- Security/src/AuthApi/manifest-windows.yml | 4 ++-- Security/src/AuthApi/manifest.yml | 4 ++-- Security/src/AuthConsole/.cfignore | 18 +++++++++--------- Security/src/AuthWeb/Program.cs | 12 ++++++------ Security/src/AuthWeb/manifest-windows.yml | 4 ++-- Security/src/AuthWeb/manifest.yml | 4 ++-- 7 files changed, 24 insertions(+), 25 deletions(-) diff --git a/Security/src/AuthApi/Program.cs b/Security/src/AuthApi/Program.cs index ccc3c9c7a..3617b0f72 100644 --- a/Security/src/AuthApi/Program.cs +++ b/Security/src/AuthApi/Program.cs @@ -1,4 +1,3 @@ -using Microsoft.AspNetCore.Authentication.JwtBearer; using Steeltoe.Common.Certificates; using Steeltoe.Configuration.CloudFoundry; using Steeltoe.Configuration.CloudFoundry.ServiceBindings; @@ -27,7 +26,7 @@ builder.Configuration.AddAppInstanceIdentityCertificate(new Guid(orgId), new Guid(spaceId)); // Steeltoe: Register Microsoft's JWT Bearer and Certificate libraries for authentication, configure JWT to work with UAA/Cloud Foundry. -builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer().ConfigureJwtBearerForCloudFoundry().AddCertificate(); +builder.Services.AddAuthentication().AddJwtBearer().ConfigureJwtBearerForCloudFoundry().AddCertificate(); // Steeltoe: Register Microsoft authorization services. builder.Services.AddAuthorizationBuilder() diff --git a/Security/src/AuthApi/manifest-windows.yml b/Security/src/AuthApi/manifest-windows.yml index bbade4271..cf75d8b83 100644 --- a/Security/src/AuthApi/manifest-windows.yml +++ b/Security/src/AuthApi/manifest-windows.yml @@ -1,10 +1,10 @@ ---- +--- applications: - name: auth-server-sample buildpacks: - binary_buildpack command: cmd /c .\Steeltoe.Samples.AuthApi --urls=http://0.0.0.0:%PORT% - memory: 128M + memory: 256M stack: windows env: DOTNET_CLI_TELEMETRY_OPTOUT: "true" diff --git a/Security/src/AuthApi/manifest.yml b/Security/src/AuthApi/manifest.yml index 0dc0fb0e3..bcd118937 100644 --- a/Security/src/AuthApi/manifest.yml +++ b/Security/src/AuthApi/manifest.yml @@ -1,9 +1,9 @@ ---- +--- applications: - name: auth-server-sample buildpacks: - dotnet_core_buildpack - memory: 128M + memory: 256M stack: cflinuxfs4 env: DOTNET_CLI_TELEMETRY_OPTOUT: "true" diff --git a/Security/src/AuthConsole/.cfignore b/Security/src/AuthConsole/.cfignore index bac3bd964..6705f0928 100644 --- a/Security/src/AuthConsole/.cfignore +++ b/Security/src/AuthConsole/.cfignore @@ -1,32 +1,32 @@ # DotNet -bin -obj -publish +bin/ +obj/ +publish/ # user-specific state *.user # VS Code -.vscode +.vscode/ *.code-workspace # Visual Studio -.vs +.vs/ # JetBrains -.idea +.idea/ *.iws *.iml *.ipr # Test framework files -scaffold +scaffold/ *.feature # Common files that don't need to be pushed -config +config/ *.http -manifest-*.yml +manifest*.yml *.md launchSettings.json diff --git a/Security/src/AuthWeb/Program.cs b/Security/src/AuthWeb/Program.cs index a1e1a2dac..ab09937a9 100644 --- a/Security/src/AuthWeb/Program.cs +++ b/Security/src/AuthWeb/Program.cs @@ -5,11 +5,11 @@ using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Http; -using Microsoft.AspNetCore.HttpOverrides; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Steeltoe.Common; using Steeltoe.Common.Certificates; +using Steeltoe.Common.Hosting; using Steeltoe.Configuration.CloudFoundry; using Steeltoe.Configuration.CloudFoundry.ServiceBindings; using Steeltoe.Management.Endpoint.Actuators.All; @@ -55,13 +55,13 @@ // Steeltoe: Add actuator endpoints. builder.Services.AddAllActuators(); +// Steeltoe: Configure ASP.NET Core options to use forwarded header information in order to generate links correctly when behind a reverse-proxy (eg: when in Cloud Foundry). +builder.Services.ConfigureForwardedHeadersOptionsForCloudFoundry(); + WebApplication app = builder.Build(); -// Steeltoe: Direct ASP.NET Core to use forwarded header information in order to generate links correctly when behind a reverse-proxy (eg: when in Cloud Foundry). -app.UseForwardedHeaders(new ForwardedHeadersOptions -{ - ForwardedHeaders = ForwardedHeaders.XForwardedHost | ForwardedHeaders.XForwardedProto -}); +// Steeltoe: Configure ASP.NET Core to use the ForwardedHeadersOptions configured above. +app.UseForwardedHeaders(); // Configure the HTTP request pipeline. if (!app.Environment.IsDevelopment()) diff --git a/Security/src/AuthWeb/manifest-windows.yml b/Security/src/AuthWeb/manifest-windows.yml index 62a6cc596..846fd47ad 100644 --- a/Security/src/AuthWeb/manifest-windows.yml +++ b/Security/src/AuthWeb/manifest-windows.yml @@ -1,10 +1,10 @@ ---- +--- applications: - name: auth-client-sample buildpacks: - binary_buildpack command: cmd /c .\Steeltoe.Samples.AuthWeb --urls=http://0.0.0.0:%PORT% - memory: 128M + memory: 256M stack: windows env: DOTNET_CLI_TELEMETRY_OPTOUT: "true" diff --git a/Security/src/AuthWeb/manifest.yml b/Security/src/AuthWeb/manifest.yml index a7083c4f4..1687dee01 100644 --- a/Security/src/AuthWeb/manifest.yml +++ b/Security/src/AuthWeb/manifest.yml @@ -1,9 +1,9 @@ ---- +--- applications: - name: auth-client-sample buildpacks: - dotnet_core_buildpack - memory: 128M + memory: 256M stack: cflinuxfs4 env: DOTNET_CLI_TELEMETRY_OPTOUT: "true" From 6a1866ef17eb32de79d6ed076204d98cc70b2e99 Mon Sep 17 00:00:00 2001 From: Tim Hess Date: Wed, 2 Jul 2025 10:53:54 -0500 Subject: [PATCH 3/6] updates for reverse proxy changes, report full URI used on API requests --- .../ApiClients/CertificateAuthorizationApiClient.cs | 4 ++-- Security/src/AuthConsole/ApiClients/StringApiClient.cs | 4 ++++ Security/src/AuthConsole/Models/AuthApiResponseModel.cs | 1 + Security/src/AuthConsole/Worker.cs | 2 ++ .../ApiClients/CertificateAuthorizationApiClient.cs | 6 +++--- .../src/AuthWeb/ApiClients/JwtAuthorizationApiClient.cs | 4 ++-- Security/src/AuthWeb/ApiClients/StringApiClient.cs | 5 ++++- Security/src/AuthWeb/Models/AuthApiResponseModel.cs | 3 ++- Security/src/AuthWeb/Program.cs | 7 ------- Security/src/AuthWeb/Views/Home/InvokeService.cshtml | 4 +++- 10 files changed, 23 insertions(+), 17 deletions(-) diff --git a/Security/src/AuthConsole/ApiClients/CertificateAuthorizationApiClient.cs b/Security/src/AuthConsole/ApiClients/CertificateAuthorizationApiClient.cs index 7d36d723e..a550fcee4 100644 --- a/Security/src/AuthConsole/ApiClients/CertificateAuthorizationApiClient.cs +++ b/Security/src/AuthConsole/ApiClients/CertificateAuthorizationApiClient.cs @@ -7,11 +7,11 @@ public sealed class CertificateAuthorizationApiClient(HttpClient httpClient) { public async Task GetSameOrgAsync(CancellationToken cancellationToken) { - return await GetAsync("/api/certificate/SameOrg", cancellationToken); + return await GetAsync("api/certificate/SameOrg", cancellationToken); } public async Task GetSameSpaceAsync(CancellationToken cancellationToken) { - return await GetAsync("/api/certificate/SameSpace", cancellationToken); + return await GetAsync("api/certificate/SameSpace", cancellationToken); } } diff --git a/Security/src/AuthConsole/ApiClients/StringApiClient.cs b/Security/src/AuthConsole/ApiClients/StringApiClient.cs index 4d2d6c9c9..f12fc5055 100644 --- a/Security/src/AuthConsole/ApiClients/StringApiClient.cs +++ b/Security/src/AuthConsole/ApiClients/StringApiClient.cs @@ -8,6 +8,8 @@ public abstract class StringApiClient(HttpClient httpClient) protected async Task GetAsync(string requestUri, CancellationToken cancellationToken) { + string fullRequestUri = httpClient.BaseAddress + requestUri; + try { using HttpResponseMessage response = await httpClient.GetAsync(requestUri, cancellationToken); @@ -17,6 +19,7 @@ protected async Task GetAsync(string requestUri, Cancellat { return new AuthApiResponseModel { + RequestUri = fullRequestUri, Message = responseBody }; } @@ -27,6 +30,7 @@ protected async Task GetAsync(string requestUri, Cancellat { return new AuthApiResponseModel { + RequestUri = fullRequestUri, Error = exception }; } diff --git a/Security/src/AuthConsole/Models/AuthApiResponseModel.cs b/Security/src/AuthConsole/Models/AuthApiResponseModel.cs index ec1276bd5..a9683f60a 100644 --- a/Security/src/AuthConsole/Models/AuthApiResponseModel.cs +++ b/Security/src/AuthConsole/Models/AuthApiResponseModel.cs @@ -2,6 +2,7 @@ namespace Steeltoe.Samples.AuthConsole.Models; public sealed class AuthApiResponseModel { + public string? RequestUri { get; set; } public string? Message { get; set; } public Exception? Error { get; set; } } diff --git a/Security/src/AuthConsole/Worker.cs b/Security/src/AuthConsole/Worker.cs index 1356726cc..dbd9ad646 100644 --- a/Security/src/AuthConsole/Worker.cs +++ b/Security/src/AuthConsole/Worker.cs @@ -12,9 +12,11 @@ protected override async Task ExecuteAsync(CancellationToken cancellationToken) Console.WriteLine($"Background service starting at: {DateTimeOffset.Now} (press Ctrl+C to close)."); AuthApiResponseModel model = await certificateAuthorizationApiClient.GetSameOrgAsync(cancellationToken); + logger.LogInformation("Request Uri: {requestUri}", model.RequestUri); logger.LogInformation("GetSameOrg response: {ApiResponse}", model.Message != null ? model.Message : model.Error); model = await certificateAuthorizationApiClient.GetSameSpaceAsync(cancellationToken); + logger.LogInformation("Request Uri: {requestUri}", model.RequestUri); logger.LogInformation("GetSameOrg response: {ApiResponse}", model.Message != null ? model.Message : model.Error); await Task.Delay(10_000, cancellationToken); diff --git a/Security/src/AuthWeb/ApiClients/CertificateAuthorizationApiClient.cs b/Security/src/AuthWeb/ApiClients/CertificateAuthorizationApiClient.cs index 9bdaa5a1f..a31b9096d 100644 --- a/Security/src/AuthWeb/ApiClients/CertificateAuthorizationApiClient.cs +++ b/Security/src/AuthWeb/ApiClients/CertificateAuthorizationApiClient.cs @@ -1,4 +1,4 @@ -using System.Net.Http; +using System.Net.Http; using System.Threading; using System.Threading.Tasks; using Steeltoe.Samples.AuthWeb.Models; @@ -10,11 +10,11 @@ public sealed class CertificateAuthorizationApiClient(HttpClient httpClient) { public async Task GetSameOrgAsync(CancellationToken cancellationToken) { - return await GetAsync("/api/certificate/SameOrg", cancellationToken); + return await GetAsync("api/certificate/SameOrg", cancellationToken); } public async Task GetSameSpaceAsync(CancellationToken cancellationToken) { - return await GetAsync("/api/certificate/SameSpace", cancellationToken); + return await GetAsync("api/certificate/SameSpace", cancellationToken); } } diff --git a/Security/src/AuthWeb/ApiClients/JwtAuthorizationApiClient.cs b/Security/src/AuthWeb/ApiClients/JwtAuthorizationApiClient.cs index 7efe1f6ea..8d606342f 100644 --- a/Security/src/AuthWeb/ApiClients/JwtAuthorizationApiClient.cs +++ b/Security/src/AuthWeb/ApiClients/JwtAuthorizationApiClient.cs @@ -1,4 +1,4 @@ -using System; +using System; using System.Net.Http; using System.Net.Http.Headers; using System.Threading; @@ -22,6 +22,6 @@ public async Task GetAuthorizationAsync(string? accessToke } HttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); - return await GetAsync("/api/JwtAuthorization", cancellationToken); + return await GetAsync("api/JwtAuthorization", cancellationToken); } } diff --git a/Security/src/AuthWeb/ApiClients/StringApiClient.cs b/Security/src/AuthWeb/ApiClients/StringApiClient.cs index 9dbb9ef02..5b68f9bd7 100644 --- a/Security/src/AuthWeb/ApiClients/StringApiClient.cs +++ b/Security/src/AuthWeb/ApiClients/StringApiClient.cs @@ -1,4 +1,4 @@ -using System; +using System; using System.Net.Http; using System.Threading; using System.Threading.Tasks; @@ -12,6 +12,7 @@ public abstract class StringApiClient(HttpClient httpClient) protected async Task GetAsync(string requestUri, CancellationToken cancellationToken) { + string fullRequestUri = httpClient.BaseAddress + requestUri; try { using HttpResponseMessage response = await httpClient.GetAsync(requestUri, cancellationToken); @@ -21,6 +22,7 @@ protected async Task GetAsync(string requestUri, Cancellat { return new AuthApiResponseModel { + RequestUri = fullRequestUri, Message = responseBody }; } @@ -31,6 +33,7 @@ protected async Task GetAsync(string requestUri, Cancellat { return new AuthApiResponseModel { + RequestUri = fullRequestUri, Error = exception }; } diff --git a/Security/src/AuthWeb/Models/AuthApiResponseModel.cs b/Security/src/AuthWeb/Models/AuthApiResponseModel.cs index 012d51f29..54d969827 100644 --- a/Security/src/AuthWeb/Models/AuthApiResponseModel.cs +++ b/Security/src/AuthWeb/Models/AuthApiResponseModel.cs @@ -1,9 +1,10 @@ -using System; +using System; namespace Steeltoe.Samples.AuthWeb.Models; public sealed class AuthApiResponseModel { + public string? RequestUri { get; set; } public string? Message { get; set; } public Exception? Error { get; set; } } diff --git a/Security/src/AuthWeb/Program.cs b/Security/src/AuthWeb/Program.cs index ab09937a9..31e11cc3f 100644 --- a/Security/src/AuthWeb/Program.cs +++ b/Security/src/AuthWeb/Program.cs @@ -9,7 +9,6 @@ using Microsoft.Extensions.Hosting; using Steeltoe.Common; using Steeltoe.Common.Certificates; -using Steeltoe.Common.Hosting; using Steeltoe.Configuration.CloudFoundry; using Steeltoe.Configuration.CloudFoundry.ServiceBindings; using Steeltoe.Management.Endpoint.Actuators.All; @@ -55,14 +54,8 @@ // Steeltoe: Add actuator endpoints. builder.Services.AddAllActuators(); -// Steeltoe: Configure ASP.NET Core options to use forwarded header information in order to generate links correctly when behind a reverse-proxy (eg: when in Cloud Foundry). -builder.Services.ConfigureForwardedHeadersOptionsForCloudFoundry(); - WebApplication app = builder.Build(); -// Steeltoe: Configure ASP.NET Core to use the ForwardedHeadersOptions configured above. -app.UseForwardedHeaders(); - // Configure the HTTP request pipeline. if (!app.Environment.IsDevelopment()) { diff --git a/Security/src/AuthWeb/Views/Home/InvokeService.cshtml b/Security/src/AuthWeb/Views/Home/InvokeService.cshtml index 928eaa153..da2ed4e04 100644 --- a/Security/src/AuthWeb/Views/Home/InvokeService.cshtml +++ b/Security/src/AuthWeb/Views/Home/InvokeService.cshtml @@ -1,4 +1,4 @@ -@model Steeltoe.Samples.AuthWeb.Models.AuthApiResponseModel +@model Steeltoe.Samples.AuthWeb.Models.AuthApiResponseModel @{ ViewData["Title"] = "Invoke a backend service"; } @@ -19,3 +19,5 @@ else @Model.Message } + +

Request URI: @Model.RequestUri

From 28ee18df541560617306d2aeef54286266f70851 Mon Sep 17 00:00:00 2001 From: Tim Hess Date: Mon, 7 Jul 2025 09:40:04 -0500 Subject: [PATCH 4/6] PR feedback --- .../src/AuthApi/Steeltoe.Samples.AuthApi.csproj | 2 +- Security/src/AuthConsole/Program.cs | 13 ++++++------- Security/src/AuthConsole/Worker.cs | 3 +-- Security/src/AuthConsole/appsettings.json | 1 + .../ApiClients/CertificateAuthorizationApiClient.cs | 3 --- .../AuthWeb/ApiClients/JwtAuthorizationApiClient.cs | 4 ---- Security/src/AuthWeb/ApiClients/StringApiClient.cs | 5 +---- Security/src/AuthWeb/Controllers/HomeController.cs | 2 -- Security/src/AuthWeb/HttpClientBuilderExtensions.cs | 6 +----- Security/src/AuthWeb/Models/AuthApiResponseModel.cs | 2 -- Security/src/AuthWeb/Program.cs | 7 ------- .../src/AuthWeb/Steeltoe.Samples.AuthWeb.csproj | 1 + .../Steeltoe.Samples.RedisDataProtection.csproj | 2 +- 13 files changed, 13 insertions(+), 38 deletions(-) diff --git a/Security/src/AuthApi/Steeltoe.Samples.AuthApi.csproj b/Security/src/AuthApi/Steeltoe.Samples.AuthApi.csproj index 5cab4fdf5..c6ff1da5c 100644 --- a/Security/src/AuthApi/Steeltoe.Samples.AuthApi.csproj +++ b/Security/src/AuthApi/Steeltoe.Samples.AuthApi.csproj @@ -2,8 +2,8 @@ net8.0 - enable enable + enable diff --git a/Security/src/AuthConsole/Program.cs b/Security/src/AuthConsole/Program.cs index 69c7e0ff6..209fbc88f 100644 --- a/Security/src/AuthConsole/Program.cs +++ b/Security/src/AuthConsole/Program.cs @@ -10,13 +10,16 @@ const string spaceId = "122b942a-d7b9-4839-b26e-836654b9785f"; HostApplicationBuilder builder = Host.CreateApplicationBuilder(args); -builder.Services.AddOptions().Bind(builder.Configuration.GetSection(CloudFoundryConventions.ConfigurationPrefix)); builder.Services.AddHostedService(); +// Steeltoe: Register IOptions that enable calculating the backend app's Uri based on the location of the Cloud Foundry API. +builder.Services.AddOptions().BindConfiguration(CloudFoundryConventions.ConfigurationPrefix); + // Steeltoe: Add Cloud Foundry application info and instance identity certificate to configuration. builder.AddCloudFoundryConfiguration(); builder.Configuration.AddAppInstanceIdentityCertificate(new Guid(orgId), new Guid(spaceId)); +// Steeltoe: register a typed HttpClient that includes the application instance identity certificate. builder.Services.AddHttpClient(SetBaseAddress).AddAppInstanceIdentityCertificate().ConfigureLogging(); IHost host = builder.Build(); @@ -32,12 +35,8 @@ static void SetBaseAddress(IServiceProvider serviceProvider, HttpClient client) if (instanceInfo is CloudFoundryApplicationOptions { Api: not null } options) { - var conventions = serviceProvider.GetRequiredService>(); - - string? address = options.Api; - ArgumentException.ThrowIfNullOrEmpty(options.Api); - - string baseAddress = address!.Replace(conventions.Value.ApiUriSegment, $"auth-server-sample.{conventions.Value.AppsUriSegment}"); + CloudFoundryConventions conventions = serviceProvider.GetRequiredService>().Value; + string baseAddress = options.Api.Replace(conventions.ApiUriSegment, $"auth-server-sample.{conventions.AppsUriSegment}"); client.BaseAddress = new Uri($"{baseAddress}"); } else diff --git a/Security/src/AuthConsole/Worker.cs b/Security/src/AuthConsole/Worker.cs index dbd9ad646..bea0a2946 100644 --- a/Security/src/AuthConsole/Worker.cs +++ b/Security/src/AuthConsole/Worker.cs @@ -9,8 +9,6 @@ protected override async Task ExecuteAsync(CancellationToken cancellationToken) { while (!cancellationToken.IsCancellationRequested) { - Console.WriteLine($"Background service starting at: {DateTimeOffset.Now} (press Ctrl+C to close)."); - AuthApiResponseModel model = await certificateAuthorizationApiClient.GetSameOrgAsync(cancellationToken); logger.LogInformation("Request Uri: {requestUri}", model.RequestUri); logger.LogInformation("GetSameOrg response: {ApiResponse}", model.Message != null ? model.Message : model.Error); @@ -19,6 +17,7 @@ protected override async Task ExecuteAsync(CancellationToken cancellationToken) logger.LogInformation("Request Uri: {requestUri}", model.RequestUri); logger.LogInformation("GetSameOrg response: {ApiResponse}", model.Message != null ? model.Message : model.Error); + Console.WriteLine("Sleeping for 10 seconds (press Ctrl+C to close)."); await Task.Delay(10_000, cancellationToken); } } diff --git a/Security/src/AuthConsole/appsettings.json b/Security/src/AuthConsole/appsettings.json index e801190bf..7b008e4c8 100644 --- a/Security/src/AuthConsole/appsettings.json +++ b/Security/src/AuthConsole/appsettings.json @@ -7,6 +7,7 @@ "Microsoft.Hosting.Lifetime": "Information" } }, + // Steeltoe: Identify the subdomains used in different areas of Cloud Foundry. "CloudFoundryConventions": { "ApiUriSegment": "api.sys", "AppsUriSegment": "apps" diff --git a/Security/src/AuthWeb/ApiClients/CertificateAuthorizationApiClient.cs b/Security/src/AuthWeb/ApiClients/CertificateAuthorizationApiClient.cs index a31b9096d..9649a0595 100644 --- a/Security/src/AuthWeb/ApiClients/CertificateAuthorizationApiClient.cs +++ b/Security/src/AuthWeb/ApiClients/CertificateAuthorizationApiClient.cs @@ -1,6 +1,3 @@ -using System.Net.Http; -using System.Threading; -using System.Threading.Tasks; using Steeltoe.Samples.AuthWeb.Models; namespace Steeltoe.Samples.AuthWeb.ApiClients; diff --git a/Security/src/AuthWeb/ApiClients/JwtAuthorizationApiClient.cs b/Security/src/AuthWeb/ApiClients/JwtAuthorizationApiClient.cs index 8d606342f..6431c3c06 100644 --- a/Security/src/AuthWeb/ApiClients/JwtAuthorizationApiClient.cs +++ b/Security/src/AuthWeb/ApiClients/JwtAuthorizationApiClient.cs @@ -1,8 +1,4 @@ -using System; -using System.Net.Http; using System.Net.Http.Headers; -using System.Threading; -using System.Threading.Tasks; using Steeltoe.Samples.AuthWeb.Models; namespace Steeltoe.Samples.AuthWeb.ApiClients; diff --git a/Security/src/AuthWeb/ApiClients/StringApiClient.cs b/Security/src/AuthWeb/ApiClients/StringApiClient.cs index 5b68f9bd7..5f190848a 100644 --- a/Security/src/AuthWeb/ApiClients/StringApiClient.cs +++ b/Security/src/AuthWeb/ApiClients/StringApiClient.cs @@ -1,7 +1,3 @@ -using System; -using System.Net.Http; -using System.Threading; -using System.Threading.Tasks; using Steeltoe.Samples.AuthWeb.Models; namespace Steeltoe.Samples.AuthWeb.ApiClients; @@ -13,6 +9,7 @@ public abstract class StringApiClient(HttpClient httpClient) protected async Task GetAsync(string requestUri, CancellationToken cancellationToken) { string fullRequestUri = httpClient.BaseAddress + requestUri; + try { using HttpResponseMessage response = await httpClient.GetAsync(requestUri, cancellationToken); diff --git a/Security/src/AuthWeb/Controllers/HomeController.cs b/Security/src/AuthWeb/Controllers/HomeController.cs index 6ec1546b2..657c73d19 100644 --- a/Security/src/AuthWeb/Controllers/HomeController.cs +++ b/Security/src/AuthWeb/Controllers/HomeController.cs @@ -1,6 +1,4 @@ using System.Diagnostics; -using System.Threading; -using System.Threading.Tasks; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; diff --git a/Security/src/AuthWeb/HttpClientBuilderExtensions.cs b/Security/src/AuthWeb/HttpClientBuilderExtensions.cs index e9233c381..c3a4f617e 100644 --- a/Security/src/AuthWeb/HttpClientBuilderExtensions.cs +++ b/Security/src/AuthWeb/HttpClientBuilderExtensions.cs @@ -1,9 +1,5 @@ -using System; -using System.Net.Http; -using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.DependencyInjection.Extensions; +using Microsoft.Extensions.DependencyInjection.Extensions; using Microsoft.Extensions.Http.Logging; -using Microsoft.Extensions.Logging; namespace Steeltoe.Samples.AuthWeb; diff --git a/Security/src/AuthWeb/Models/AuthApiResponseModel.cs b/Security/src/AuthWeb/Models/AuthApiResponseModel.cs index 54d969827..359a75260 100644 --- a/Security/src/AuthWeb/Models/AuthApiResponseModel.cs +++ b/Security/src/AuthWeb/Models/AuthApiResponseModel.cs @@ -1,5 +1,3 @@ -using System; - namespace Steeltoe.Samples.AuthWeb.Models; public sealed class AuthApiResponseModel diff --git a/Security/src/AuthWeb/Program.cs b/Security/src/AuthWeb/Program.cs index 31e11cc3f..b9ee287ff 100644 --- a/Security/src/AuthWeb/Program.cs +++ b/Security/src/AuthWeb/Program.cs @@ -1,12 +1,5 @@ -using System; -using System.Linq; -using System.Net.Http; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.OpenIdConnect; -using Microsoft.AspNetCore.Builder; -using Microsoft.AspNetCore.Http; -using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Hosting; using Steeltoe.Common; using Steeltoe.Common.Certificates; using Steeltoe.Configuration.CloudFoundry; diff --git a/Security/src/AuthWeb/Steeltoe.Samples.AuthWeb.csproj b/Security/src/AuthWeb/Steeltoe.Samples.AuthWeb.csproj index d6c3d65ab..792657f4f 100644 --- a/Security/src/AuthWeb/Steeltoe.Samples.AuthWeb.csproj +++ b/Security/src/AuthWeb/Steeltoe.Samples.AuthWeb.csproj @@ -2,6 +2,7 @@ net8.0 + enable enable diff --git a/Security/src/RedisDataProtection/Steeltoe.Samples.RedisDataProtection.csproj b/Security/src/RedisDataProtection/Steeltoe.Samples.RedisDataProtection.csproj index 0b86e319d..67057d31d 100644 --- a/Security/src/RedisDataProtection/Steeltoe.Samples.RedisDataProtection.csproj +++ b/Security/src/RedisDataProtection/Steeltoe.Samples.RedisDataProtection.csproj @@ -2,8 +2,8 @@ net8.0 - enable enable + enable From 62d94922b0fbd19aaa18ea77fbb1daea36a58c9e Mon Sep 17 00:00:00 2001 From: Tim Hess Date: Tue, 8 Jul 2025 10:10:13 -0500 Subject: [PATCH 5/6] address more feedback --- Security/src/AuthConsole/.cfignore | 1 + Security/src/AuthConsole/README.md | 2 +- Security/src/AuthConsole/Worker.cs | 2 +- Security/src/AuthWeb/.cfignore | 1 - Security/src/AuthWeb/Program.cs | 2 +- Security/src/AuthWeb/README.md | 6 +++--- Security/src/AuthWeb/manifest-windows.yml | 2 +- Security/src/AuthWeb/manifest.yml | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Security/src/AuthConsole/.cfignore b/Security/src/AuthConsole/.cfignore index 6705f0928..a7bd40ed2 100644 --- a/Security/src/AuthConsole/.cfignore +++ b/Security/src/AuthConsole/.cfignore @@ -31,3 +31,4 @@ manifest*.yml launchSettings.json # files specific this sample +GeneratedCertificates diff --git a/Security/src/AuthConsole/README.md b/Security/src/AuthConsole/README.md index 7bb9e3402..89f2cf287 100644 --- a/Security/src/AuthConsole/README.md +++ b/Security/src/AuthConsole/README.md @@ -35,7 +35,7 @@ This application shows how to use the Steeltoe [security library](https://docs.s ## What to expect -At this point the app is up and running. Since there is user interface for this worker, you can access the logs this command: `cf logs auth-client-console-sample` +At this point, the app is up and running. Since there is no user interface for this worker, you can access the logs with this command: `cf logs auth-client-console-sample` --- diff --git a/Security/src/AuthConsole/Worker.cs b/Security/src/AuthConsole/Worker.cs index bea0a2946..cf57a9d26 100644 --- a/Security/src/AuthConsole/Worker.cs +++ b/Security/src/AuthConsole/Worker.cs @@ -15,7 +15,7 @@ protected override async Task ExecuteAsync(CancellationToken cancellationToken) model = await certificateAuthorizationApiClient.GetSameSpaceAsync(cancellationToken); logger.LogInformation("Request Uri: {requestUri}", model.RequestUri); - logger.LogInformation("GetSameOrg response: {ApiResponse}", model.Message != null ? model.Message : model.Error); + logger.LogInformation("GetSameSpace response: {ApiResponse}", model.Message != null ? model.Message : model.Error); Console.WriteLine("Sleeping for 10 seconds (press Ctrl+C to close)."); await Task.Delay(10_000, cancellationToken); diff --git a/Security/src/AuthWeb/.cfignore b/Security/src/AuthWeb/.cfignore index 490d80281..1e68ca2fe 100644 --- a/Security/src/AuthWeb/.cfignore +++ b/Security/src/AuthWeb/.cfignore @@ -37,6 +37,5 @@ manifest*.yml *.md launchSettings.json - # files specific this sample GeneratedCertificates diff --git a/Security/src/AuthWeb/Program.cs b/Security/src/AuthWeb/Program.cs index b9ee287ff..a068f341a 100644 --- a/Security/src/AuthWeb/Program.cs +++ b/Security/src/AuthWeb/Program.cs @@ -79,7 +79,7 @@ static void SetBaseAddress(IServiceProvider serviceProvider, HttpClient client) if (instanceInfo is CloudFoundryApplicationOptions { Uris.Count: > 0 } options) { string address = options.Uris.First(); - string baseAddress = address.Replace("auth-client-sample", "auth-server-sample"); + string baseAddress = address.Replace("auth-client-web-sample", "auth-server-sample"); client.BaseAddress = new Uri($"https://{baseAddress}"); } else diff --git a/Security/src/AuthWeb/README.md b/Security/src/AuthWeb/README.md index 67b7b2291..4a9443d7a 100644 --- a/Security/src/AuthWeb/README.md +++ b/Security/src/AuthWeb/README.md @@ -52,7 +52,7 @@ This application shows how to use the Steeltoe [security libraries](https://docs ``` > [!NOTE] -> The provided manifests will create apps named `auth-client-sample` and `auth-server-sample` +> The provided manifests will create apps named `auth-client-web-sample` and `auth-server-sample` > and attempt to bind both to the SSO service `sampleSSOService`. ### RedirectUri and Scope access @@ -80,10 +80,10 @@ dashboard url: https://p-identity.sys.cf-app.com/developer/identity-zones/15aa ## What to expect -At this point the app is up and running. You can access it at or . +At this point the app is up and running. You can access it at or . > [!NOTE] -> To see the logs on Cloud Foundry as the app runs, execute this command: `cf logs auth-client-sample` +> To see the logs on Cloud Foundry as the app runs, execute this command: `cf logs auth-client-web-sample` From the website's menu, click on the `Log in` menu item and you should be redirected to the UAA server's login page. Enter `testuser` and `password`, and you should be authenticated and redirected back to the auth client home page. diff --git a/Security/src/AuthWeb/manifest-windows.yml b/Security/src/AuthWeb/manifest-windows.yml index 846fd47ad..9a0bcb111 100644 --- a/Security/src/AuthWeb/manifest-windows.yml +++ b/Security/src/AuthWeb/manifest-windows.yml @@ -1,6 +1,6 @@ --- applications: -- name: auth-client-sample +- name: auth-client-web-sample buildpacks: - binary_buildpack command: cmd /c .\Steeltoe.Samples.AuthWeb --urls=http://0.0.0.0:%PORT% diff --git a/Security/src/AuthWeb/manifest.yml b/Security/src/AuthWeb/manifest.yml index 1687dee01..3f6244217 100644 --- a/Security/src/AuthWeb/manifest.yml +++ b/Security/src/AuthWeb/manifest.yml @@ -1,6 +1,6 @@ --- applications: -- name: auth-client-sample +- name: auth-client-web-sample buildpacks: - dotnet_core_buildpack memory: 256M From 7d5f992e28295f88babf12976ea3f46fde85ad7a Mon Sep 17 00:00:00 2001 From: Tim Hess Date: Tue, 8 Jul 2025 10:47:17 -0500 Subject: [PATCH 6/6] remove extra whitespace --- Security/src/AuthWeb/.cfignore | 7 ------- 1 file changed, 7 deletions(-) diff --git a/Security/src/AuthWeb/.cfignore b/Security/src/AuthWeb/.cfignore index 1e68ca2fe..a7bd40ed2 100644 --- a/Security/src/AuthWeb/.cfignore +++ b/Security/src/AuthWeb/.cfignore @@ -1,36 +1,29 @@ # DotNet - bin/ obj/ publish/ # user-specific state - *.user # VS Code - .vscode/ *.code-workspace # Visual Studio - .vs/ # JetBrains - .idea/ *.iws *.iml *.ipr # Test framework files - scaffold/ *.feature # Common files that don't need to be pushed - config/ *.http manifest*.yml