Improve start up logic

.gitignore

@@ -17,3 +17,4 @@
 /WebCodeFlowPkceClient/WebCodeFlowPkceClient.csproj.user
 /PkceClientApp.txt
 /WebHybridClient.txt
+/_logs-**

AspNetCoreHybridFlow.sln

@@ -11,7 +11,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WebHybridFlowClient", "WebH
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{038CF360-14D7-4AF0-8BA9-5FF422D3CC7E}"
 	ProjectSection(SolutionItems) = preProject
-		.github\workflows\dotnet.yml = .github\workflows\dotnet.yml
 		README.md = README.md
 	EndProjectSection
 EndProject
@@ -25,7 +24,7 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "IdentityStandaloneMfa", "Id
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "IdentityStandaloneUserCheck", "IdentityStandaloneUserCheck\IdentityStandaloneUserCheck.csproj", "{E513EF8E-424C-4E95-945C-29073C242A8C}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WebExtraClaimsCached", "WebExtraClaimsCached\WebExtraClaimsCached.csproj", "{DBC546B7-C2FD-4844-9595-DA8E1FA4FA64}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WebExtraClaimsCached", "WebExtraClaimsCached\WebExtraClaimsCached.csproj", "{DBC546B7-C2FD-4844-9595-DA8E1FA4FA64}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution

AspNetCoreRequireMfaOidc/Program.cs

@@ -1,16 +1,77 @@
-namespace AspNetCoreRequireMfaOidc;
+using AspNetCoreRequireMfaOidc;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Authorization;
+using System.IdentityModel.Tokens.Jwt;
 
-public class Program
+var builder = WebApplication.CreateBuilder(args);
+
+builder.Services.ConfigureApplicationCookie(options =>
+{
+    options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always;
+});
+
+builder.Services.AddSingleton<IAuthorizationHandler, RequireMfaHandler>();
+
+builder.Services.AddAuthentication(options =>
+{
+    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
+})
+.AddCookie()
+.AddOpenIdConnect(options =>
 {
-    public static void Main(string[] args)
+    options.SignInScheme = "Cookies";
+    options.Authority = "https://localhost:44352";
+    options.RequireHttpsMetadata = true;
+    options.ClientId = "AspNetCoreRequireMfaOidc";
+    options.ClientSecret = "AspNetCoreRequireMfaOidcSecret";
+    options.ResponseType = "code id_token";
+    options.Scope.Add("profile");
+    options.Scope.Add("offline_access");
+    options.SaveTokens = true;
+    options.Events = new OpenIdConnectEvents
     {
-        CreateHostBuilder(args).Build().Run();
-    }
-
-    public static IHostBuilder CreateHostBuilder(string[] args) =>
-        Host.CreateDefaultBuilder(args)
-            .ConfigureWebHostDefaults(webBuilder =>
-            {
-                webBuilder.UseStartup<Startup>();
-            });
+        OnRedirectToIdentityProvider = context =>
+        {
+            context.ProtocolMessage.SetParameter("acr_values", Amr.Mfa);
+
+            return Task.FromResult(0);
+        }
+    };
+});
+
+builder.Services.AddAuthorization(options =>
+{
+    options.AddPolicy("RequireMfa", policyIsAdminRequirement =>
+    {
+        policyIsAdminRequirement.Requirements.Add(new RequireMfa());
+    });
+});
+
+builder.Services.AddRazorPages();
+
+var app = builder.Build();
+
+app.UseCookiePolicy();
+
+//IdentityModelEventSource.ShowPII = true;
+JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
+
+if (!app.Environment.IsDevelopment())
+{
+    app.UseExceptionHandler("/Error");
+    app.UseHsts();
 }
+
+app.UseHttpsRedirection();
+app.UseStaticFiles();
+
+app.UseRouting();
+
+app.UseAuthentication();
+app.UseAuthorization();
+
+app.MapRazorPages();
+
+app.Run();

AspNetCoreRequireMfaOidc/Properties/launchSettings.json

@@ -1,27 +1,12 @@
 {
-  "iisSettings": {
-    "windowsAuthentication": false,
-    "anonymousAuthentication": true,
-    "iisExpress": {
-      "applicationUrl": "https://localhost:44389",
-      "sslPort": 44389
-    }
-  },
   "profiles": {
-    "IIS Express": {
-      "commandName": "IISExpress",
-      "launchBrowser": true,
-      "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
-      }
-    },
     "AspNetCoreRequireMfaOidc": {
       "commandName": "Project",
       "launchBrowser": true,
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       },
-      "applicationUrl": "https://localhost:5001;http://localhost:5000"
+      "applicationUrl": "https://localhost:44389"
     }
   }
 }

DeviceFlowWeb/Program.cs

@@ -1,16 +1,68 @@
-namespace DeviceFlowWeb;
+using DeviceFlowWeb;
+using Microsoft.AspNetCore.Authentication.Cookies;
 
-public class Program
+var builder = WebApplication.CreateBuilder(args);
+
+var services = builder.Services;
+var configuration = builder.Configuration;
+var env = builder.Environment;
+
+services.AddScoped<DeviceFlowService>();
+services.AddHttpClient();
+services.Configure<AuthConfigurations>(configuration.GetSection("AuthConfigurations"));
+
+services.AddSession(options =>
+{
+    // Set a short timeout for easy testing.
+    options.IdleTimeout = TimeSpan.FromSeconds(60);
+    options.Cookie.HttpOnly = true;
+});
+
+services.Configure<CookiePolicyOptions>(options =>
+{
+    options.CheckConsentNeeded = context => true;
+    options.MinimumSameSitePolicy = SameSiteMode.None;
+});
+
+var authConfigurations = configuration.GetSection("AuthConfigurations");
+var stsServer = authConfigurations["StsServer"];
+
+services.AddAuthentication(options =>
+{
+    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+})
+.AddCookie();
+
+services.AddAuthorization();
+services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
+
+services.AddRazorPages();
+
+var app = builder.Build();
+
+app.UseSecurityHeaders(SecurityHeadersDefinitions
+    .GetHeaderPolicyCollection(env.IsDevelopment()));
+
+if (env.IsDevelopment())
 {
-    public static void Main(string[] args)
-    {
-        CreateHostBuilder(args).Build().Run();
-    }
-
-    public static IHostBuilder CreateHostBuilder(string[] args) =>
-        Host.CreateDefaultBuilder(args)
-            .ConfigureWebHostDefaults(webBuilder =>
-            {
-                webBuilder.UseStartup<Startup>();
-            });
+    app.UseDeveloperExceptionPage();
 }
+else
+{
+    app.UseExceptionHandler("/Error");
+}
+
+app.UseStaticFiles();
+app.UseCookiePolicy();
+app.UseSession();
+
+app.UseStaticFiles();
+
+app.UseRouting();
+
+app.UseAuthentication();
+app.UseAuthorization();
+
+app.MapRazorPages();
+
+app.Run();

DeviceFlowWeb/Properties/launchSettings.json

@@ -1,24 +1,9 @@
 {
-  "iisSettings": {
-    "windowsAuthentication": false, 
-    "anonymousAuthentication": true, 
-    "iisExpress": {
-      "applicationUrl": "http://localhost:60024",
-      "sslPort": 44369
-    }
-  },
   "profiles": {
-    "IIS Express": {
-      "commandName": "IISExpress",
-      "launchBrowser": true,
-      "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
-      }
-    },
     "DeviceFlowWeb": {
       "commandName": "Project",
       "launchBrowser": true,
-      "applicationUrl": "https://localhost:5001;http://localhost:5000",
+      "applicationUrl": "https://localhost:44369",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }