TheIdServer Admin Application
This project is the Blazor Web Assembly application to manage a TheIdServer instance.
Installation
From Docker
The application is embedded in the server's Linux image.
If you prefer, you can install the standalone application'sLinux image.
This image uses an nginx server to host the application.
From Github Release
The application is embedded in the server's Github release.
You can choose to install the standalone application by selecting Aguacongas.TheIdServer.BlazorApp{version}.zip in the list of releases.
Unzip in the destination of your choice, and use the server of your choice.
Read Host and deploy ASP.NET Core Blazor WebAssembly for more information.
From NuGet packages
NuGet packages composing the application are available on nuget.org:
- Aguacongas.TheIdServer.BlazorApp.Infrastructure contains application models, services, validators and extensions
- Aguacongas.TheIdServer.BlazorApp.Components contains application components
- Aguacongas.TheIdServer.BlazorApp.Pages.* contains application pages
Configuration
The application obtains its configuration from appsettings.json and the environment-specific settings from appsettings.{environment}.json.
appsettings.json
{
"administratorEmail": "aguacongas@gmail.com",
"apiBaseUrl": "https://localhost:5443/api",
"authenticationPaths": {
"remoteRegisterPath": "/identity/account/register",
"remoteProfilePath": "/identity/account/manage"
},
"loggingOptions": {
"minimum": "Debug",
"filters": [
{
"category": "System",
"level": "Warning"
},
{
"category": "Microsoft",
"level": "Information"
}
]
},
"userOptions": {
"roleClaim": "role"
},
"providerOptions": {
"authority": "https://localhost:5443/",
"clientId": "theidserveradmin",
"defaultScopes": [
"openid",
"profile",
"theidserveradminapi"
],
"postLogoutRedirectUri": "https://localhost:5443/authentication/logout-callback",
"redirectUri": "https://localhost:5443/authentication/login-callback",
"responseType": "code"
},
"settingsOptions": {
"typeName": "Aguacongas.TheIdServer.BlazorApp.Models.ServerConfig, Aguacongas.TheIdServer.BlazorApp.Infrastructure",
"apiUrl": "https://localhost:5443/api/configuration"
},
"menuOptions": {
"showSettings": true
},
"welcomeContenUrl": "https://localhost:5443/welcome-fragment.html",
"serverSideSessionEnabled": false,
"cibaEnabled": false
}
For more details, read ASP.NET Core Blazor hosting model configuration / Blazor WebAssembly / Configuration.
apiBaseUrl
Defines the URL to the API.
administratorEmail
Defines the administrator eMail address.
authenticationPaths
The section authenticationPaths is binded to the class Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationApplicationPathsOptions
.
The application doesn't contain pages to register a new user or manage the current user, so we set the authenticationPaths:remoteRegisterPath and authenticationPaths:remoteProfilePath with their corresponding URL on the identity server.
For more information, read ASP.NET Core Blazor WebAssembly additional security scenarios / Customize app routes.
loggingOptions
Defines logging options.
minimum
Defines the log minimum level.
filters
Each item in this array adds a log filter by category and LogLevel.
userOptions
The section userOptions is bound to the class Microsoft.AspNetCore.Components.WebAssembly.Authentication.RemoteAuthenticationUserOptions
.
This configuration defines how users are authorized. The application and the API share the same authorization policy.
- Is4-Writer authorizes users in this role to write data.
- Is4-Reader permits users in this role to read data.
userOptions:roleClaim define the role claims type.
providerOptions
The section providerOptions is binded to the class Microsoft.AspNetCore.Components.WebAssembly.Authentication.OidcProviderOptions
.
This configuration section defines the application authentication.
For more details, read Secure an ASP.NET Core Blazor WebAssembly standalone app with the Authentication library / Authentication service support.
welcomeContenUrl
Defines the URL to the welcome page content.
Welcome page customization
Except for its title, the home page displays contents read from welcomeContenUrl
endpoint.
This endpoint should return an HTML fragment.
<p>
This application manage your <a href="https://github.com/Aguafrommars/TheIdServer#readme/">TheIdServer</a>.
</p>
<p>
Visit the <a href="https://github.com/aguacongas/TheIdServer#readme">github site</a> for doc, source code and issue tracking.
</p>
<p>
If you have trouble with login, disable Chromium cookies-without-same-site-must-be-secure flag.<br />
<code>
chrome://flags/#cookies-without-same-site-must-be-secure
</code><br/>
This site is running under a <a href="https://devcenter.heroku.com/articles/dyno-types">free heroku dyno</a> without end-to-end https.
</p>
<p>
You can sign-in with <b>alice</b> to have reader/writer access, or <b>bob</b> for a read-only access.<br />
The password is <i>Pass123$</i>.
</p>
UI Options
Hide settings menu
To hide the settings menu, unset menuOptions:showSettings.
Hide CIBA grant type
If CIBA is not enabled you can hide the CIBA grant type by unsetting cibaEnabled options.
Hide coordinate lifetime with user session checkbox
If server side sessions are not enable you can hide the coordinate lifetime with user session checkbox in client tokens section by unsetting serverSideSessionEnabled options.
Additional resources
- ASP.NET Core Blazor hosting model configuration
- ASP.NET Core Blazor WebAssembly additional security scenarios
- Secure an ASP.NET Core Blazor WebAssembly standalone app with the Authentication library
- LogLevel Enum