Bump IdentityModel, add Aspire host, remove Serilog. (#314)

* Bump IdentityModel, add Aspire host, remove Serilog.

* Add IS metrics and tracing config

* Move ServiceDefaults project to v7 root and update references

* Add missing using statement

* Add using statement

* Add missing using statement

---------

Co-authored-by: Roland Guijt <roland.guijt@duendesoftware.com>

Author: RolandGuijt

IdentityServer/v7/Apire.ServiceDefaults/Aspire.ServiceDefaults.csproj

@@ -0,0 +1,22 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <TargetFramework>net10.0</TargetFramework>
+        <ImplicitUsings>enable</ImplicitUsings>
+        <Nullable>enable</Nullable>
+        <IsAspireSharedProject>true</IsAspireSharedProject>
+    </PropertyGroup>
+
+    <ItemGroup>
+        <FrameworkReference Include="Microsoft.AspNetCore.App"/>
+
+        <PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="10.1.0"/>
+        <PackageReference Include="Microsoft.Extensions.ServiceDiscovery" Version="10.1.0"/>
+        <PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.14.0"/>
+        <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.14.0"/>
+        <PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.14.0"/>
+        <PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.14.0"/>
+        <PackageReference Include="OpenTelemetry.Instrumentation.Runtime" Version="1.14.0"/>
+    </ItemGroup>
+
+</Project>

IdentityServer/v7/Apire.ServiceDefaults/Extensions.cs

@@ -0,0 +1,129 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Diagnostics.HealthChecks;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Diagnostics.HealthChecks;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.ServiceDiscovery;
+using OpenTelemetry;
+using OpenTelemetry.Metrics;
+using OpenTelemetry.Trace;
+
+namespace Microsoft.Extensions.Hosting;
+
+// Adds common Aspire services: service discovery, resilience, health checks, and OpenTelemetry.
+// This project should be referenced by each service project in your solution.
+// To learn more about using this project, see https://aka.ms/dotnet/aspire/service-defaults
+public static class Extensions
+{
+    private const string HealthEndpointPath = "/health";
+    private const string AlivenessEndpointPath = "/alive";
+
+    public static TBuilder AddServiceDefaults<TBuilder>(this TBuilder builder) where TBuilder : IHostApplicationBuilder
+    {
+        builder.ConfigureOpenTelemetry();
+
+        builder.AddDefaultHealthChecks();
+
+        builder.Services.AddServiceDiscovery();
+
+        builder.Services.ConfigureHttpClientDefaults(http =>
+        {
+            // Turn on resilience by default
+            http.AddStandardResilienceHandler();
+
+            // Turn on service discovery by default
+            http.AddServiceDiscovery();
+        });
+
+        // Uncomment the following to restrict the allowed schemes for service discovery.
+        // builder.Services.Configure<ServiceDiscoveryOptions>(options =>
+        // {
+        //     options.AllowedSchemes = ["https"];
+        // });
+
+        return builder;
+    }
+
+    public static TBuilder ConfigureOpenTelemetry<TBuilder>(this TBuilder builder) where TBuilder : IHostApplicationBuilder
+    {
+        builder.Logging.AddOpenTelemetry(logging =>
+        {
+            logging.IncludeFormattedMessage = true;
+            logging.IncludeScopes = true;
+        });
+
+        builder.Services.AddOpenTelemetry()
+            .WithMetrics(metrics =>
+            {
+                metrics.AddAspNetCoreInstrumentation()
+                    .AddHttpClientInstrumentation()
+                    .AddRuntimeInstrumentation()
+                    .AddMeter("Duende.IdentityServer", "Duende.IdentityServer.Expirimental", "IdentityServer");
+            })
+            .WithTracing(tracing =>
+            {
+                tracing.AddSource(builder.Environment.ApplicationName)
+                    .AddAspNetCoreInstrumentation(tracing =>
+                        // Exclude health check requests from tracing
+                        tracing.Filter = context =>
+                            !context.Request.Path.StartsWithSegments(HealthEndpointPath)
+                            && !context.Request.Path.StartsWithSegments(AlivenessEndpointPath)
+                    )
+                    // Uncomment the following line to enable gRPC instrumentation (requires the OpenTelemetry.Instrumentation.GrpcNetClient package)
+                    //.AddGrpcClientInstrumentation()
+                    .AddHttpClientInstrumentation()
+                    .AddSource("Duende.IdentityServer");
+            });
+
+        builder.AddOpenTelemetryExporters();
+
+        return builder;
+    }
+
+    private static TBuilder AddOpenTelemetryExporters<TBuilder>(this TBuilder builder) where TBuilder : IHostApplicationBuilder
+    {
+        var useOtlpExporter = !string.IsNullOrWhiteSpace(builder.Configuration["OTEL_EXPORTER_OTLP_ENDPOINT"]);
+
+        if (useOtlpExporter)
+        {
+            builder.Services.AddOpenTelemetry().UseOtlpExporter();
+        }
+
+        // Uncomment the following lines to enable the Azure Monitor exporter (requires the Azure.Monitor.OpenTelemetry.AspNetCore package)
+        //if (!string.IsNullOrEmpty(builder.Configuration["APPLICATIONINSIGHTS_CONNECTION_STRING"]))
+        //{
+        //    builder.Services.AddOpenTelemetry()
+        //       .UseAzureMonitor();
+        //}
+
+        return builder;
+    }
+
+    public static TBuilder AddDefaultHealthChecks<TBuilder>(this TBuilder builder) where TBuilder : IHostApplicationBuilder
+    {
+        builder.Services.AddHealthChecks()
+            // Add a default liveness check to ensure app is responsive
+            .AddCheck("self", () => HealthCheckResult.Healthy(), ["live"]);
+
+        return builder;
+    }
+
+    public static WebApplication MapDefaultEndpoints(this WebApplication app)
+    {
+        // Adding health checks endpoints to applications in non-development environments has security implications.
+        // See https://aka.ms/dotnet/aspire/healthchecks for details before enabling these endpoints in non-development environments.
+        if (app.Environment.IsDevelopment())
+        {
+            // All health checks must pass for app to be considered ready to accept traffic after starting
+            app.MapHealthChecks(HealthEndpointPath);
+
+            // Only health checks tagged with the "live" tag must pass for app to be considered alive
+            app.MapHealthChecks(AlivenessEndpointPath, new HealthCheckOptions
+            {
+                Predicate = r => r.Tags.Contains("live")
+            });
+        }
+
+        return app;
+    }
+}

IdentityServer/v7/Quickstarts/6_JS_without_backend/src/IdentityServer/HostingExtensions.cs

@@ -3,6 +3,7 @@
 
 using Duende.IdentityServer;
 using Google.Apis.Auth.AspNetCore3;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.IdentityModel.Tokens;
 using Serilog;
 
@@ -27,12 +28,12 @@ public static WebApplication ConfigureServices(this WebApplicationBuilder builde
             options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
             options.SignOutScheme = IdentityServerConstants.SignoutScheme;
             options.SaveTokens = true;
-        
+
             options.Authority = "https://demo.duendesoftware.com";
             options.ClientId = "interactive.confidential";
             options.ClientSecret = "secret";
             options.ResponseType = "code";
-        
+
             options.TokenValidationParameters = new TokenValidationParameters
             {
                 NameClaimType = "name",
@@ -51,10 +52,10 @@ public static WebApplication ConfigureServices(this WebApplicationBuilder builde
                     configureOptions: options =>
                     {
                         options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
-  
+
                         options.ClientId = googleClientId;
                         options.ClientSecret = googleClientSecret;
-          
+
                         options.CallbackPath = "/signin-google";
                     });
         }

IdentityServer/v7/SessionManagement/Api/Api.csproj

@@ -7,7 +7,12 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.5" />
-    <PackageReference Include="Serilog.AspNetCore" Version="9.0.0" />
+    <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\Apire.ServiceDefaults\Aspire.ServiceDefaults.csproj" />
+    <ProjectReference Include="..\SessionManagement.ServiceDefaults\SessionManagement.ServiceDefaults.csproj" />
   </ItemGroup>
 
 </Project>

IdentityServer/v7/SessionManagement/Api/Program.cs

@@ -13,6 +13,8 @@
             .CreateLogger();
 
 var builder = WebApplication.CreateBuilder(args);
+
+builder.AddServiceDefaults();
 builder.Services.AddSerilog();
 
 builder.Services.AddControllers();
@@ -30,6 +32,8 @@
 
 var app = builder.Build();
 
+app.MapDefaultEndpoints();
+
 app.UseRouting();
 app.UseAuthentication();
 app.UseAuthorization();

IdentityServer/v7/SessionManagement/Client/Client.csproj

@@ -7,9 +7,15 @@
 
 
   <ItemGroup>
-    <PackageReference Include="Duende.IdentityModel" Version="7.1.0" />
+    <PackageReference Include="Duende.IdentityModel" Version="8.1.0" />
 
     <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.5" />
   </ItemGroup>
 
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\Apire.ServiceDefaults\Aspire.ServiceDefaults.csproj" />
+    <ProjectReference Include="..\SessionManagement.ServiceDefaults\SessionManagement.ServiceDefaults.csproj" />
+  </ItemGroup>
+
 </Project>

IdentityServer/v7/SessionManagement/Client/Program.cs

@@ -10,6 +10,8 @@
 
 var builder = WebApplication.CreateBuilder(args);
 
+builder.AddServiceDefaults();
+
 builder.Services.AddControllersWithViews();
 builder.Services.AddHttpClient();
 
@@ -62,6 +64,8 @@
 
 var app = builder.Build();
 
+app.MapDefaultEndpoints();
+
 app.UseDeveloperExceptionPage();
 app.UseStaticFiles();
 

IdentityServer/v7/SessionManagement/IdentityServerHost/IdentityServerHost.csproj

@@ -7,7 +7,11 @@
 
   <ItemGroup>
     <PackageReference Include="Duende.IdentityServer" Version="7.4.7" />
-    <PackageReference Include="Serilog.AspNetCore" Version="9.0.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\Apire.ServiceDefaults\Aspire.ServiceDefaults.csproj" />
+    <ProjectReference Include="..\SessionManagement.ServiceDefaults\SessionManagement.ServiceDefaults.csproj" />
   </ItemGroup>
 
 </Project>

IdentityServer/v7/SessionManagement/IdentityServerHost/Program.cs

@@ -5,29 +5,17 @@
 using Duende.IdentityServer;
 using IdentityServerHost;
 using Microsoft.AspNetCore.DataProtection;
-using Serilog;
-using Serilog.Sinks.SystemConsole.Themes;
 
 Console.Title = "IdentityServer";
 
-Log.Logger = new LoggerConfiguration()
-    .MinimumLevel.Information()
-    .Enrich.FromLogContext()
-    .WriteTo.Console(outputTemplate: "[{Timestamp:HH:mm:ss} {Level}] {SourceContext}{NewLine}{Message:lj}{NewLine}{Exception}{NewLine}", theme: AnsiConsoleTheme.Code)
-    .CreateLogger();
-
 var builder = WebApplication.CreateBuilder(args);
-builder.Services.AddSerilog();
+
+builder.AddServiceDefaults();
 
 builder.Services.AddRazorPages();
 
 var idsvrBuilder = builder.Services.AddIdentityServer(options =>
 {
-    options.Events.RaiseErrorEvents = true;
-    options.Events.RaiseInformationEvents = true;
-    options.Events.RaiseFailureEvents = true;
-    options.Events.RaiseSuccessEvents = true;
-
     // see https://docs.duendesoftware.com/identityserver/fundamentals/resources/
     options.EmitStaticAudienceClaim = true;
 
@@ -68,6 +56,8 @@
 
 var app = builder.Build();
 
+app.MapDefaultEndpoints();
+
 if (app.Environment.IsDevelopment())
 {
     app.UseDeveloperExceptionPage();

IdentityServer/v7/SessionManagement/README.md

@@ -1,12 +1,11 @@
-# Session Management Sample
-
-This sample requires all three projects to be run at once.
-
-Things of note:
-* In the *IdentityServer* project in *Startup.cs*, server-side sessions are enabled with a call to *AddServerSideSessions*. This only uses in-memory server-side sessions by default, so restarting the host will lose session data.
-*  Also in *Startup.cs* with the call to *AddIdentityServer* various settings are configured on the *ServerSideSessions* options object to control the behavior.
-* The client application configured in *Clients.cs* has *CoordinateLifetimeWithUserSession* enabled, which causes its refresh token to slide the server-side session for the user.
-* When launching the *IdentityServer* project, you should visit the *~/serversidesessions* page to see the active sessions. Note that there is no authorization on this page (so consider adding it based on your requirements).
-* Once you login, you should see a user's session in the list.
-* As the client app refreshes its access token, you should see the user's session expiration being extended.
-* When you revoke the user's session, the user should be logged out of the client app.
+**Session Management Sample**  
+This sample requires all three projects to be run at once. That can easily be done by running the included Aspire AppHost. The Aspire dashboard will show the status of all running applications and show you the links to the running applications. Aspire will also collect the Open Telemetry data (logs, metrics, traces) and make it available on the dashboard.  
+ Please note that Aspire’s service discovery isn’t used here so that projects can still run without Aspire, but it can easily be [added](https://aspire.dev/fundamentals/service-discovery/ "https://aspire.dev/fundamentals/service-discovery/") if needed.  
+Things of note:  
+- In the *IdentityServer* project in  *Startup.cs*, server-side sessions are enabled with a call to  *AddServerSideSessions*. This only uses in-memory server-side sessions by default, so restarting the host will lose session data.  
+- Also in *Startup.cs* with the call to  *AddIdentityServer* various settings are configured on the  *ServerSideSessions* options object to control the behavior.  
+- The client application configured in *Clients.cs* has  *CoordinateLifetimeWithUserSession* enabled, which causes its refresh token to slide the server-side session for the user.  
+- When launching the *IdentityServer* project, you should visit the  *~/serversidesessions* page to see the active sessions. Note that there is no authorization on this page (so consider adding it based on your requirements).  
+- Once you login, you should see a user's session in the list.  
+- As the client app refreshes its access token, you should see the user's session expiration being extended.  
+- When you revoke the user's session, the user should be logged out of the client app.