Add both use OpenId and Custom authorization sample code for dashboard.

Author: yang-xiaodong

samples/Sample.Dashboard.Auth/MyDashboardAuthenticationHandler.cs

@@ -3,6 +3,7 @@
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
@@ -23,22 +24,25 @@ public class MyDashboardAuthenticationHandler : AuthenticationHandler<MyDashboar
         public MyDashboardAuthenticationHandler(IOptionsMonitor<MyDashboardAuthenticationSchemeOptions> options,
             ILoggerFactory logger, UrlEncoder encoder) : base(options, logger, encoder)
         {
-            options.CurrentValue.ForwardChallenge = "";
+           // options.CurrentValue.ForwardChallenge = "";
         }
 
         protected override Task<AuthenticateResult> HandleAuthenticateAsync()
         {
             var testAuthHeaderPresent = Request.Headers["X-Base-Token"].Contains("xxx");
 
             var authResult = testAuthHeaderPresent ? CreateAuthenticatonTicket() : AuthenticateResult.NoResult();
-
+            
             return Task.FromResult(authResult);
         }
 
         protected override Task HandleChallengeAsync(AuthenticationProperties properties)
         {
-            Response.Headers["WWW-Authenticate"] = MyDashboardAuthenticationSchemeDefaults.Scheme;
-            return base.HandleChallengeAsync(properties);
+            //Response.Headers["WWW-Authenticate"] = MyDashboardAuthenticationSchemeDefaults.Scheme;
+            //return base.HandleChallengeAsync(properties);
+
+            // Challenge use OpenId for AddCapWithOpenIdAndCustomAuthorization
+            return Context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, properties);
         }
 
         private AuthenticateResult CreateAuthenticatonTicket()

samples/Sample.Dashboard.Auth/Properties/launchSettings.json

@@ -19,10 +19,11 @@
     "Sample.Dashboard.Auth": {
       "commandName": "Project",
       "launchBrowser": true,
+      "launchUrl": "cap",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       },
-      "applicationUrl": "https://localhost:5001"
+      "applicationUrl": "https://localhost:5001/"
     }
   }
 }

samples/Sample.Dashboard.Auth/Startup.cs

@@ -10,10 +10,11 @@ public class Startup
 {
     public void ConfigureServices(IServiceCollection services)
     {
-        AddCapWithOpenIdAuthorization(services);
+        // AddCapWithOpenIdAuthorization(services);
         // AddCapWithAnonymousAccess(services);
         // AddCapWithCustomAuthorization(services);
-            
+        AddCapWithOpenIdAndCustomAuthorization(services);
+
         services.AddCors(x =>
         {
             x.AddDefaultPolicy(p =>
@@ -41,10 +42,10 @@ public void Configure(IApplicationBuilder app)
     private IServiceCollection AddCapWithOpenIdAuthorization(IServiceCollection services)
     {
         const string DashboardAuthorizationPolicy = "DashboardAuthorizationPolicy";
-        
+
         services
             .AddAuthorization(options =>
-            { 
+            {
                 options.AddPolicy(DashboardAuthorizationPolicy, policy => policy
                     .AddAuthenticationSchemes(OpenIdConnectDefaults.AuthenticationScheme)
                     .RequireAuthenticatedUser());
@@ -64,11 +65,12 @@ private IServiceCollection AddCapWithOpenIdAuthorization(IServiceCollection serv
                 options.Scope.Add("openid");
                 options.Scope.Add("profile");
             });
-        
+
         services.AddCap(cap =>
         {
             cap.UseDashboard(d =>
             {
+                d.AllowAnonymousExplicit = false;
                 d.AuthorizationPolicy = DashboardAuthorizationPolicy;
             });
             cap.UseInMemoryStorage();
@@ -77,21 +79,21 @@ private IServiceCollection AddCapWithOpenIdAuthorization(IServiceCollection serv
 
         return services;
     }
-    
+
     private IServiceCollection AddCapWithCustomAuthorization(IServiceCollection services)
     {
         const string MyDashboardAuthenticationPolicy = "MyDashboardAuthenticationPolicy";
-        
+
         services
             .AddAuthorization(options =>
-            { 
+            {
                 options.AddPolicy(MyDashboardAuthenticationPolicy, policy => policy
                     .AddAuthenticationSchemes(MyDashboardAuthenticationSchemeDefaults.Scheme)
                     .RequireAuthenticatedUser());
             })
             .AddAuthentication()
-            .AddScheme<MyDashboardAuthenticationSchemeOptions, MyDashboardAuthenticationHandler>(MyDashboardAuthenticationSchemeDefaults.Scheme,null);
-        
+            .AddScheme<MyDashboardAuthenticationSchemeOptions, MyDashboardAuthenticationHandler>(MyDashboardAuthenticationSchemeDefaults.Scheme, null);
+
         services.AddCap(cap =>
         {
             cap.UseDashboard(d =>
@@ -104,7 +106,49 @@ private IServiceCollection AddCapWithCustomAuthorization(IServiceCollection serv
 
         return services;
     }
-    
+
+    private IServiceCollection AddCapWithOpenIdAndCustomAuthorization(IServiceCollection services)
+    {
+        const string DashboardAuthorizationPolicy = "DashboardAuthorizationPolicy";
+
+        services
+            .AddAuthorization(options =>
+            {
+                options.AddPolicy(DashboardAuthorizationPolicy, policy => policy
+                    .AddAuthenticationSchemes(OpenIdConnectDefaults.AuthenticationScheme, MyDashboardAuthenticationSchemeDefaults.Scheme)
+                    .RequireAuthenticatedUser());
+            })
+            .AddAuthentication(opt => opt.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme)
+            .AddScheme<MyDashboardAuthenticationSchemeOptions, MyDashboardAuthenticationHandler>(MyDashboardAuthenticationSchemeDefaults.Scheme, null)
+            .AddCookie()
+            .AddOpenIdConnect(options =>
+            {
+                options.RequireHttpsMetadata = false;
+                options.Authority = "https://demo.duendesoftware.com/";
+                options.ClientId = "interactive.confidential";
+                options.ClientSecret = "secret";
+                options.ResponseType = "code";
+                options.UsePkce = true;
+
+                options.Scope.Clear();
+                options.Scope.Add("openid");
+                options.Scope.Add("profile");
+            });
+
+        services.AddCap(cap =>
+        {
+            cap.UseDashboard(d =>
+            {
+                d.AllowAnonymousExplicit = false;
+                d.AuthorizationPolicy = DashboardAuthorizationPolicy;
+            });
+            cap.UseInMemoryStorage();
+            cap.UseInMemoryMessageQueue();
+        });
+
+        return services;
+    }
+
     private IServiceCollection AddCapWithAnonymousAccess(IServiceCollection services)
     {
         services.AddCap(cap =>