Passage du projet Server en mode Docker avec gestion du paramétrage e…

…t ajout de la sécurité sur le serveur RabbitMQ

TestOIDCBlazorWASM.Work/PersonnesControllerBase.cs

@@ -24,20 +24,24 @@ public abstract class PersonnesControllerBase : Controller
         private IMongoCollection<DbPersonne> Collection;
         private string NomServeurMOM { get; init; }
         private string NomQueueMessages { get; init; }
+        private string NomUtilisateurMOM { get; init; }
+        private string MotDePasseMOM { get; init; }
         private string ModeleEnteteHTTPLocation { get; init; }
 
         public PersonnesControllerBase(IConfiguration config)
         {
             // Paramétrage base NoSQL
-            string conn = config.GetSection("PersistanceNoSQL").GetValue<string>("PersonnesConnectionString");
-            string NomBaseDeDonneesPersonnes = config.GetSection("PersistanceNoSQL").GetValue<string>("PersonnesDatabaseName");
+            string conn = config["PersistanceNoSQL__PersonnesConnectionString"];
+            string NomBaseDeDonneesPersonnes = config["PersistanceNoSQL__PersonnesDatabaseName"];
             Database = new MongoClient(conn).GetDatabase(NomBaseDeDonneesPersonnes);
-            NomCollectionPersonnes = config.GetSection("PersistanceNoSQL").GetValue<string>("PersonnesCollectionName");
+            NomCollectionPersonnes = config["PersistanceNoSQL__PersonnesCollectionName"];
             Collection = Database.GetCollection<DbPersonne>("personnes");
 
             // Paramétrage MOM
-            NomServeurMOM = config.GetSection("RabbitMQ")["HoteServeur"];
-            NomQueueMessages = config.GetSection("RabbitMQ")["NomQueueMessagesCreationPersonnes"];
+            NomServeurMOM = config["RabbitMQ__HoteServeur"];
+            NomQueueMessages = config["RabbitMQ__NomQueueMessagesCreationPersonnes"];
+            NomUtilisateurMOM = config["RabbitMQ__Utilisateur"] ?? "guest";
+            MotDePasseMOM = config["RabbitMQ__MotDePasse"] ?? "guest";
 
             // Paramétrage API
             ModeleEnteteHTTPLocation = config["ModeleEnteteHTTPLocation"];
@@ -95,7 +99,7 @@ public virtual IActionResult CreationPersonne([FromBody] DbPersonne personne)
                 personne.ObjectId = Guid.NewGuid().ToString("N");
             Collection.InsertOneAsync(personne);
 
-            var factory = new ConnectionFactory() { HostName = this.NomServeurMOM };
+            var factory = new ConnectionFactory() { HostName = this.NomServeurMOM, UserName = this.NomUtilisateurMOM, Password = this.MotDePasseMOM };
             using (var connection = factory.CreateConnection())
             using (var channel = connection.CreateModel())
             {

TestOIDCBlazorWASM/Server/ClaimsTransformer.cs

@@ -1,4 +1,4 @@
-    using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication;
 using Newtonsoft.Json;
 using System.Security.Claims;
 using System.Text.Json;
@@ -20,7 +20,7 @@ public ClaimsTransformer(IConfiguration config)
             string ModelePourRoleClaim = config.GetSection("OIDC")["ModelePourRoleClaim"];
             PrefixeRoleClaim = ModelePourRoleClaim.Substring(0, ModelePourRoleClaim.IndexOf("."));
             SuffixeRoleClaim = ModelePourRoleClaim.Substring(ModelePourRoleClaim.LastIndexOf(".") + 1);
-            OIDCClientId = config.GetSection("OIDC")["ClientId"];
+            OIDCClientId = config["OIDC__ClientId"];
             TargetUserRolesClaimName = config.GetSection("OIDC").GetValue<string>("TargetUserRolesClaimName");
         }
 

TestOIDCBlazorWASM/Server/Dockerfile

@@ -0,0 +1,29 @@
+#See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.
+
+FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
+WORKDIR /app
+EXPOSE 80
+EXPOSE 443
+
+FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
+WORKDIR /src
+COPY ["TestOIDCBlazorWASM/Server/TestOIDCBlazorWASM.Server.csproj", "TestOIDCBlazorWASM/Server/"]
+COPY ["TestOIDCBlazorWASM.Work/TestOIDCBlazorWASM.Work.csproj", "TestOIDCBlazorWASM.Work/"]
+COPY ["TestOIDCBlazorWASM/Shared/TestOIDCBlazorWASM.Shared.csproj", "TestOIDCBlazorWASM/Shared/"]
+COPY ["TestOIDCBlazorWASM/Client/TestOIDCBlazorWASM.Client.csproj", "TestOIDCBlazorWASM/Client/"]
+RUN dotnet restore "TestOIDCBlazorWASM/Server/TestOIDCBlazorWASM.Server.csproj"
+COPY . .
+WORKDIR "/src/TestOIDCBlazorWASM/Server"
+RUN dotnet build "TestOIDCBlazorWASM.Server.csproj" -c Release -o /app/build
+
+FROM build AS publish
+RUN dotnet publish "TestOIDCBlazorWASM.Server.csproj" -c Release -o /app/publish
+
+FROM base AS final
+WORKDIR /app
+COPY --from=publish /app/publish .
+ENV OIDC__TargetUserRolesClaimName=user_roles
+ENV OIDC__Audience=account
+ENV OIDC__NameClaimType=preferred_username
+ENV OIDC__ModelePourRoleClaim=resource_access.${client_id}.roles
+ENTRYPOINT ["dotnet", "TestOIDCBlazorWASM.Server.dll"]

TestOIDCBlazorWASM/Server/Program.cs

@@ -23,7 +23,7 @@
 {
     // On doit pouvoir faire mieux avec un binder de configuration
     IConfigurationSection ConfigOIDC = builder.Configuration.GetSection("OIDC");
-    o.Authority = ConfigOIDC["Authority"];
+    o.Authority = builder.Configuration["OIDC__Authority"];
     o.Audience = ConfigOIDC["Audience"];
     // Les deux options à suivre ne sont à faire qu'en mode DEVELOPMENT, mais depuis que l'app doit être buildée
     // avant qu'on puisse avoir accès à app.Environment.IsDevelopment(), on ne peut plus utiliser ces codes
@@ -34,7 +34,7 @@
     o.RequireHttpsMetadata = false;
     //o.TokenValidationParameters.RoleClaimType = "user_roles";
 
-    o.TokenValidationParameters.RoleClaimType = ConfigOIDC["ModelePourRoleClaim"].Replace("${client_id}", ConfigOIDC["ClientId"]);
+    o.TokenValidationParameters.RoleClaimType = ConfigOIDC["ModelePourRoleClaim"].Replace("${client_id}", builder.Configuration["OIDC__ClientId"]);
     o.TokenValidationParameters.NameClaimType = ConfigOIDC["NameClaimType"]; // Fait sens ici car côté serveur, on utiliserait le nom pour la traçabilité
     o.TokenValidationParameters.ValidateIssuer = true;
     //o.SaveToken = true; // A voir dans la doc pour l'utilisation précise

TestOIDCBlazorWASM/Server/Properties/launchSettings.json

@@ -1,30 +1,39 @@
 {
-    "iisSettings": {
-      "windowsAuthentication": false,
-      "anonymousAuthentication": true,
-      "iisExpress": {
-        "applicationUrl": "http://localhost:16082",
-        "sslPort": 44323
-      }
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:16082",
+      "sslPort": 44323
+    }
+  },
+  "profiles": {
+    "TestOIDCBlazorWASM.Server": {
+      "commandName": "Project",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      },
+      "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
+      "applicationUrl": "https://localhost:7070;http://localhost:5070",
+      "dotnetRunMessages": true
     },
-    "profiles": {
-      "TestOIDCBlazorWASM.Server": {
-        "commandName": "Project",
-        "dotnetRunMessages": true,
-        "launchBrowser": true,
-        "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
-        "applicationUrl": "https://localhost:7070;http://localhost:5070",
-        "environmentVariables": {
-          "ASPNETCORE_ENVIRONMENT": "Development"
-        }
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
       },
-      "IIS Express": {
-        "commandName": "IISExpress",
-        "launchBrowser": true,
-        "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
-        "environmentVariables": {
-          "ASPNETCORE_ENVIRONMENT": "Development"
-        }
-      }
+      "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}"
+    },
+    "Docker": {
+      "commandName": "Docker",
+      "commandLineArgs": "--RabbitMQ__HoteServeur my-rabbit --RabbitMQ__NomQueueMessagesCreationPersonnes personnes --RabbitMQ__Utilisateur rapido --RabbitMQ__MotDePasse k5rXH6wmBhE2bukfXFsz --PersistanceNoSQL__PersonnesConnectionString mongodb://db:27017 --PersistanceNoSQL__PersonnesDatabaseName personnes --PersistanceNoSQL__PersonnesCollectionName personnes --OIDC__Authority http://localhost:8080/realms/LivreENI/ --OIDC__ClientId appli-eni",
+      "launchBrowser": true,
+      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
+      "DockerfileRunArguments": "-p 7070:443 --network exerciceeni",
+      "publishAllPorts": true,
+      "useSSL": true
     }
   }
+}

TestOIDCBlazorWASM/Server/TestOIDCBlazorWASM.Server.csproj

@@ -4,13 +4,17 @@
     <TargetFramework>net6.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
+    <UserSecretsId>b07f3fe9-33a1-4452-bf38-32eaf1af3a63</UserSecretsId>
+    <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
+    <DockerfileContext>..\..</DockerfileContext>
   </PropertyGroup>
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.7" />
     <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="6.0.1" />
     <PackageReference Include="Microsoft.AspNetCore.JsonPatch" Version="6.0.6" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="6.0.6" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.15.1" />
   </ItemGroup>
 
   <ItemGroup>

TestOIDCBlazorWASM/Server/appsettings.json

@@ -11,14 +11,12 @@
     "NomQueueMessagesCreationPersonnes": "personnes"
   },
   "PersistanceNoSQL": {
-    "PersonnesConnectionString": "mongodb://dbnosql:27017",
+    "PersonnesConnectionString": "mongodb://db:27017",
     "PersonnesDatabaseName": "personnes",
     "PersonnesCollectionName": "personnes"
   },
   "OIDC": {
     "TargetUserRolesClaimName": "user_roles",
-    "Authority": "http://localhost:8080/realms/LivreENI/",
-    "ClientId": "appli-eni",
     "Audience": "account",
     "NameClaimType": "preferred_username",
     "ModelePourRoleClaim": "resource_access.${client_id}.roles"