Merge branch 'master' into lr-update-self-hosted-to-aspnetcore-2.2

Author: laura-rodriguez

Diff for: resource-server/README.md

@@ -21,22 +21,50 @@ A typical resource-server requires a frontend and a backend application, so you
 
 ## Running This Example
 
-**backend:**
+### Backend
 
-Clone this repo and replace the okta configuration placeholders in the `appsettings.json` with your configuration values from the Okta Developer Console. 
-You can see all the available configuration options in the [okta-aspnet GitHub](https://github.com/okta/okta-aspnet/blob/master/README.md).
-For step-by-step instructions, visit the Okta [ASP.NET Web API quickstart].
+Run the example with your preferred tool and write down the port of your Web API application to configure Okta afterwards.
 
-> **NOTE:** The above command starts the resource server on port 8000. You can browse to `http://localhost:8000/api/messages` to ensure it has started. If you get a 401 HTTP error, it indicates that the resource server is up. You will need to pass an access token to access the resource, which will be done by the front-end below.
+> **NOTE:** This sample is using ASP.NET Core 2.2 which enforces HTTPS. This is a recommended practice for web applications. Check out [Enforce HTTPS in ASP.NET Core] for more details.
 
-**front-end:**
+#### Run the Web API application from Visual Studio
 
-If you want to use one of our front-end samples, open a new terminal window and run the [front-end sample project of your choice](Prerequisites).  Once the front-end sample is running, you can navigate to http://localhost:8080 in your browser and log in to the front-end application.  Once logged in, you can navigate to the "Messages" page to see the interaction with the resource server.
+If you run this project in Visual Studio it will start the resource server on ports 5000 for HTTP and 44314 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+You can browse to `https://localhost:44314/api/messages` to ensure it has started. If you get a 401 HTTP error, it indicates that the resource server is up. You will need to pass an access token to access the resource, which will be done by the front-end below.
+
+#### Run the Web API application from dotnet CLI
+
+If you run this project via the dotnet CLI it will start the resource server on ports 5000 for HTTP and 5001 for HTTPS. You can change this configuration in the `launchSettings.json`. 
+
+Navigate to the folder where the project file is located and type the following:
+
+```dotnet run```
+
+You can browse to `https://localhost:5001/api/messages` to ensure it has started. If you get a 401 HTTP error, it indicates that the resource server is up. You will need to pass an access token to access the resource, which will be done by the front-end below.
+
+#### Trust the local dev certificate if necessary
+
+If you’ve never run an ASP.NET Core 2.x application before, you may notice a strange error page come up warning you that the site is potentially unsafe.
+This is because ASP.NET Core creates an HTTPS development certificate for you as part of the first-run experience, but it still needs to be trusted. You can ignore the warning by clicking on Advanced and telling the browser that it’s okay to visit this site even though there is no certificate for it. Or you can trust the certificate to get rid of this warning, check out [Configuring HTTPS in ASP.NET Core across different platforms] for more details.
+
+### Add your Okta configuration to the sample's appsettings
+
+Replace the okta configuration placeholders in the `appsettings.json` with your configuration values from the [Okta Developer Console]. 
+You can see all the available configuration options in the [okta-aspnet GitHub](https://github.com/okta/okta-aspnet/blob/master/docs/aspnetcore-webapi.md#configuration-reference).
+For step-by-step instructions, visit the Okta [Protect your API endpoints guide]. The guide will walk you through adding Okta authentication to your API endpoints.
+
+### Front-end
+
+If you want to use one of our front-end samples, open a new terminal window and run the [front-end sample project of your choice](Prerequisites).  
+Make sure to update the resource server URI configuration to use your configured resource-server port (for example `https://localhost:5001`). 
+Once the front-end sample is running, you can navigate to `http://localhost:8080` in your browser and sign in to the front-end application.  Once signed in, you can navigate to the "Messages" page to see the interaction with the resource server.
 
 
 [Implicit Flow]: https://developer.okta.com/authentication-guide/implementing-authentication/implicit
 [Okta Angular Sample Apps]: https://github.com/okta/samples-js-angular
 [Okta Vue Sample Apps]: https://github.com/okta/samples-js-vue
 [Okta React Sample Apps]: https://github.com/okta/samples-js-react
 [OIDC SPA Setup Instructions]: https://developer.okta.com/authentication-guide/implementing-authentication/implicit#1-setting-up-your-application
-[ASP.NET Core Web API quickstart]: https://developer.okta.com/quickstart/#/widget/dotnet/aspnetcore
+[Enforce HTTPS in ASP.NET Core]: https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.2&tabs=visual-studio
+[Configuring HTTPS in ASP.NET Core across different platforms]:https://devblogs.microsoft.com/aspnet/configuring-https-in-asp-net-core-across-different-platforms/
+[Protect your API endpoints guide]: https://developer.okta.com/guides/protect-your-api/aspnetcore/before-you-begin/

Diff for: resource-server/okta-aspnetcore-webapi-example.sln

@@ -1,25 +1,25 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.27130.2036
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.28729.10
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "okta-aspnetcore-webapi-example", "okta-aspnetcore-webapi-example\okta-aspnetcore-webapi-example.csproj", "{E664F22F-C256-401F-8E48-8680877C7873}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "okta-aspnetcore-webapi-example", "okta-aspnetcore-webapi-example\okta-aspnetcore-webapi-example.csproj", "{778066D7-71AE-4640-A442-9B6B4AE8CF2C}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
 		Release|Any CPU = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{E664F22F-C256-401F-8E48-8680877C7873}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{E664F22F-C256-401F-8E48-8680877C7873}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{E664F22F-C256-401F-8E48-8680877C7873}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{E664F22F-C256-401F-8E48-8680877C7873}.Release|Any CPU.Build.0 = Release|Any CPU
+		{778066D7-71AE-4640-A442-9B6B4AE8CF2C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{778066D7-71AE-4640-A442-9B6B4AE8CF2C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{778066D7-71AE-4640-A442-9B6B4AE8CF2C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{778066D7-71AE-4640-A442-9B6B4AE8CF2C}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {012C08C2-C1EE-4614-B78A-4D2AC7568485}
+		SolutionGuid = {A675EC44-E718-4243-913F-05C5CFA72B47}
 	EndGlobalSection
 EndGlobal

Diff for: resource-server/okta-aspnetcore-webapi-example/Controllers/MessagesController.cs renamed to resource-server/okta-aspnetcore-webapi-example/Controllers/MessageController.cs

@@ -9,10 +9,11 @@
 namespace okta_aspnetcore_webapi_example.Controllers
 #pragma warning restore SA1300 // Element should begin with upper-case letter
 {
-    [Produces("application/json")]
-    [Authorize]
-    public class MessagesController : Controller
+    [Route("api/[controller]")]
+    [ApiController]
+    public class MessageController : ControllerBase
     {
+        [Authorize]
         [HttpGet]
         [Route("~/api/messages")]
         [EnableCors("AllowAll")]
@@ -24,12 +25,12 @@ public JsonResult Get()
                 .SingleOrDefault(c => c.Type == ClaimTypes.NameIdentifier)
                 ?.Value;
 
-            return Json(new
+            return new JsonResult(new
             {
                 messages = new dynamic[]
                 {
-                    new { Date = DateTime.Now, Text = "I am a Robot." },
-                    new { Date = DateTime.Now, Text = "Hello, world!" },
+                new { Date = DateTime.Now, Text = "I am a Robot." },
+                new { Date = DateTime.Now, Text = "Hello, world!" },
                 },
             });
         }

Diff for: resource-server/okta-aspnetcore-webapi-example/Controllers/ValuesController.cs

@@ -0,0 +1,44 @@
+using System.Collections.Generic;
+using Microsoft.AspNetCore.Mvc;
+
+#pragma warning disable SA1300 // Element should begin with upper-case letter
+namespace okta_aspnetcore_webapi_example.Controllers
+#pragma warning restore SA1300 // Element should begin with upper-case letter
+{
+    [Route("api/[controller]")]
+    [ApiController]
+    public class ValuesController : ControllerBase
+    {
+        // GET api/values
+        [HttpGet]
+        public ActionResult<IEnumerable<string>> Get()
+        {
+            return new string[] { "value1", "value2" };
+        }
+
+        // GET api/values/5
+        [HttpGet("{id}")]
+        public ActionResult<string> Get(int id)
+        {
+            return "value";
+        }
+
+        // POST api/values
+        [HttpPost]
+        public void Post([FromBody] string value)
+        {
+        }
+
+        // PUT api/values/5
+        [HttpPut("{id}")]
+        public void Put(int id, [FromBody] string value)
+        {
+        }
+
+        // DELETE api/values/5
+        [HttpDelete("{id}")]
+        public void Delete(int id)
+        {
+        }
+    }
+}

Diff for: resource-server/okta-aspnetcore-webapi-example/Program.cs

@@ -1,5 +1,12 @@
-using Microsoft.AspNetCore;
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
 
 #pragma warning disable SA1300 // Element should begin with upper-case letter
 namespace okta_aspnetcore_webapi_example
@@ -9,12 +16,11 @@ public class Program
     {
         public static void Main(string[] args)
         {
-            BuildWebHost(args).Run();
+            CreateWebHostBuilder(args).Build().Run();
         }
 
-        public static IWebHost BuildWebHost(string[] args) =>
+        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
             WebHost.CreateDefaultBuilder(args)
-                .UseStartup<Startup>()
-                .Build();
+                .UseStartup<Startup>();
     }
 }

Diff for: resource-server/okta-aspnetcore-webapi-example/Properties/launchSettings.json

@@ -3,10 +3,11 @@
     "windowsAuthentication": false,
     "anonymousAuthentication": true,
     "iisExpress": {
-      "applicationUrl": "http://localhost:8000/",
-      "sslPort": 0
+      "applicationUrl": "http://localhost:5000",
+      "sslPort": 44314
     }
   },
+  "$schema": "http://json.schemastore.org/launchsettings.json",
   "profiles": {
     "IIS Express": {
       "commandName": "IISExpress",
@@ -23,7 +24,7 @@
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       },
-      "applicationUrl": "http://localhost:62707/"
+      "applicationUrl": "https://localhost:5001;http://localhost:5000"
     }
   }
 }

Diff for: resource-server/okta-aspnetcore-webapi-example/Startup.cs

@@ -1,8 +1,15 @@
-using Microsoft.AspNetCore.Authentication.JwtBearer;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.HttpsPolicy;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Okta.AspNetCore;
 
 #pragma warning disable SA1300 // Element should begin with upper-case letter
@@ -38,10 +45,9 @@ public void ConfigureServices(IServiceCollection services)
             })
             .AddOktaWebApi(new OktaWebApiOptions()
             {
-              OktaDomain = Configuration["Okta:OktaDomain"],
+                OktaDomain = Configuration["Okta:OktaDomain"],
             });
-
-            services.AddMvc();
+            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@@ -51,9 +57,13 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env)
             {
                 app.UseDeveloperExceptionPage();
             }
+            else
+            {
+                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
+                app.UseHsts();
+            }
 
-            app.UseDefaultFiles();
-            app.UseStaticFiles();
+            app.UseHttpsRedirection();
             app.UseAuthentication();
             app.UseMvc();
         }

Diff for: resource-server/okta-aspnetcore-webapi-example/appsettings.Development.json

@@ -1,6 +1,5 @@
-{
+{
   "Logging": {
-    "IncludeScopes": false,
     "LogLevel": {
       "Default": "Debug",
       "System": "Information",

Diff for: resource-server/okta-aspnetcore-webapi-example/appsettings.json

@@ -1,17 +1,10 @@
-{
+{
   "Logging": {
-    "IncludeScopes": false,
-    "Debug": {
-      "LogLevel": {
-        "Default": "Warning"
-      }
-    },
-    "Console": {
-      "LogLevel": {
-        "Default": "Warning"
-      }
+    "LogLevel": {
+      "Default": "Warning"
     }
   },
+  "AllowedHosts": "*",
   "Okta": {
     "OktaDomain": "https://{yourOktaDomain}"
   }

Diff for: resource-server/okta-aspnetcore-webapi-example/okta-aspnetcore-webapi-example.csproj

@@ -1,30 +1,24 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <TargetFramework>netcoreapp2.2</TargetFramework>
+    <AspNetCoreHostingModel>InProcess</AspNetCoreHostingModel>
+    <RootNamespace>okta_aspnetcore_webapi_example</RootNamespace>
   </PropertyGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.All" Version="2.0.8" />
-    <PackageReference Include="Microsoft.AspNetCore.Cors" Version="2.2.0" />
-    <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="2.0.2" />
-    <PackageReference Include="Okta.AspNetCore" Version="1.1.4" />
-    <PackageReference Include="StyleCop.Analyzers" Version="1.1.1-rc.114">
-      <PrivateAssets>all</PrivateAssets>
-      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
-    </PackageReference>
-    <AdditionalFiles Include="..\stylecop.json" />
-  </ItemGroup>
-
   <PropertyGroup>
     <CodeAnalysisRuleSet>..\OktaMvcSamples.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <ItemGroup>
-    <DotNetCliToolReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Tools" Version="2.0.4" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <Folder Include="wwwroot\" />
+    <PackageReference Include="Microsoft.AspNetCore.App" />
+    <PackageReference Include="Microsoft.AspNetCore.Razor.Design" Version="2.2.0" PrivateAssets="All" />
+    <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="2.2.3" />
+    <PackageReference Include="Newtonsoft.Json" Version="12.0.2" />
+    <PackageReference Include="Okta.AspNetCore" Version="1.1.5" />
+    <PackageReference Include="StyleCop.Analyzers" Version="1.1.118">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+    </PackageReference>
+    <AdditionalFiles Include="..\stylecop.json" />
   </ItemGroup>
 
 </Project>