Refactorization of route and authorization config to be fully configurable

Author: ChaosEngine

src/IdentityManager2/Api/Controllers/PageController.cs

@@ -8,7 +8,6 @@
 
 namespace IdentityManager2.Api.Controllers
 {
-    [Route("idm")]
     [SecurityHeaders]
     [ResponseCache(NoStore = true, Location = ResponseCacheLocation.None)]
     public class PageController : Controller

src/IdentityManager2/Configuration/DependencyInjection/IdentityManagerServiceCollectionExtensions.cs

@@ -1,8 +1,11 @@
 using System;
+using System.Linq;
 using IdentityManager2;
+using IdentityManager2.Api.Controllers;
 using IdentityManager2.Configuration;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ApplicationModels;
 using Microsoft.AspNetCore.Mvc.Infrastructure;
 using Microsoft.AspNetCore.Mvc.Routing;
 using Microsoft.Extensions.DependencyInjection.Extensions;
@@ -25,7 +28,15 @@ public static IIdentityManagerBuilder AddIdentityManager(this IServiceCollection
 
             var builder = services.AddIdentityManagerBuilder();
 
-            builder.Services.AddMvc();
+            if (string.IsNullOrEmpty(identityManagerOptions.SecurityConfiguration.PageRouteAttribute))
+                builder.Services.AddMvc();
+            else
+            {
+                builder.Services.AddMvc(opt =>
+                {
+                    opt.UseCentralRoutePrefix(new RouteAttribute(identityManagerOptions.SecurityConfiguration.PageRouteAttribute));
+                });
+            }
             builder.Services.AddOptions();
             builder.Services.AddSingleton(identityManagerOptions);
 
@@ -45,20 +56,25 @@ public static IIdentityManagerBuilder AddIdentityManager(this IServiceCollection
                 options.AddPolicy(IdentityManagerConstants.IdMgrAuthPolicy, config =>
                 {
                     config.RequireClaim(identityManagerOptions.SecurityConfiguration.RoleClaimType, identityManagerOptions.SecurityConfiguration.AdminRoleName);
-                    // config.AddAuthenticationSchemes(IdentityManagerConstants.LocalApiScheme);
+
+                    if (!string.IsNullOrEmpty(identityManagerOptions.SecurityConfiguration.AuthenticationScheme))
+                        config.AddAuthenticationSchemes(identityManagerOptions.SecurityConfiguration.AuthenticationScheme);
                 });
             });
 
-            // services.AddAuthentication()
-            //     .AddCookie(IdentityManagerConstants.LocalApiScheme, options =>
-            //     {
-            //         options.Cookie.SameSite = SameSiteMode.Strict;
-            //         options.Cookie.HttpOnly = true;
-            //         options.Cookie.IsEssential = true;
-            //         options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+            if (!string.IsNullOrEmpty(identityManagerOptions.SecurityConfiguration.AuthenticationScheme))
+            {
+                services.AddAuthentication()
+                    .AddCookie(identityManagerOptions.SecurityConfiguration.AuthenticationScheme, options =>
+                    {
+                        options.Cookie.SameSite = SameSiteMode.Strict;
+                        options.Cookie.HttpOnly = true;
+                        options.Cookie.IsEssential = true;
+                        options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
 
-            //         options.LoginPath = "/api/login";
-            //     });
+                        options.LoginPath = "/api/login";
+                    });
+            }
 
             identityManagerOptions.SecurityConfiguration.Configure(services);
 
@@ -77,4 +93,36 @@ public static IIdentityManagerBuilder AddIdentityManagerBuilder(this IServiceCol
             return new IdentityManagerBuilder(services);
         }
     }
+
+    class RouteConvention : IApplicationModelConvention
+    {
+        private readonly IRouteTemplateProvider _routeTemplateProvider;
+
+        public RouteConvention(IRouteTemplateProvider routeTemplateProvider)
+        {
+            _routeTemplateProvider = routeTemplateProvider;
+        }
+
+        public void Apply(ApplicationModel application)
+        {
+            var matchedSelectors = application.Controllers.FirstOrDefault(c => c.ControllerType == typeof(PageController))?.Selectors;
+            if (matchedSelectors != null && matchedSelectors.Any())
+            {
+                var centralPrefix = new AttributeRouteModel(_routeTemplateProvider);
+                foreach (var selectorModel in matchedSelectors)
+                {
+                    selectorModel.AttributeRouteModel = AttributeRouteModel.CombineAttributeRouteModel(centralPrefix,
+                        selectorModel.AttributeRouteModel);
+                }
+            }
+        }
+    }
+
+    static class MvcOptionsExtensions
+    {
+        public static void UseCentralRoutePrefix(this MvcOptions opts, IRouteTemplateProvider routeAttribute)
+        {
+            opts.Conventions.Insert(0, new RouteConvention(routeAttribute));
+        }
+    }
 }

src/IdentityManager2/Configuration/SecurityConfiguration.cs

@@ -10,7 +10,9 @@ public class SecurityConfiguration
     {
         public string HostAuthenticationType { get; set; }
         public string HostChallengeType { get; set; }
+        public string AuthenticationScheme { get; set; }
         public string AdditionalSignOutType { get; set; }
+        public string PageRouteAttribute { get; set; }
 
         public string NameClaimType { get; set; }
         public string RoleClaimType { get; set; }
@@ -23,6 +25,8 @@ public SecurityConfiguration()
             NameClaimType = IdentityManagerConstants.ClaimTypes.Name;
             RoleClaimType = IdentityManagerConstants.ClaimTypes.Role;
             AdminRoleName = IdentityManagerConstants.AdminRoleName;
+            AuthenticationScheme = IdentityManagerConstants.LocalApiScheme;
+            PageRouteAttribute = null;
 
             ShowLoginButton = true;
         }