Login über SSO

Components/Pages/Home.razor

@@ -1,7 +1,40 @@
 @page "/"
+@using Microsoft.AspNetCore.Components.Authorization
+@inject AuthenticationStateProvider AuthStateProvider
 
-<PageTitle>Home</PageTitle>
+<MudText Typo="Typo.h3" Class="mb-4">Zahlen-Analyse</MudText>
 
-<h1>Hello, world!</h1>
+<AuthorizeView>
+    <Authorized>
+        <MudText Typo="Typo.body1">Willkommen zurück, @context.User.Identity?.Name!</MudText>
+        <MudText Typo="Typo.body2" Color="Color.Secondary">Deine Pocket-ID (Sub): @_userId</MudText>
         
-Welcome to your new app.
+        <MudButton Link="/logout" Variant="Variant.Filled" Color="Color.Error" Class="mt-2">
+            Abmelden
+        </MudButton>
+    </Authorized>
+    <NotAuthorized>
+        <MudText Typo="Typo.body1" Class="mb-2">Bitte melde dich an, um deine Workspaces zu verwalten.</MudText>
+        <MudButton Link="/login" Variant="Variant.Filled" Color="Color.Primary">
+            Mit Pocket-ID anmelden
+        </MudButton>
+    </NotAuthorized>
+</AuthorizeView>
+
+@code {
+    private string _userId = string.Empty;
+
+    protected override async Task OnInitializedAsync()
+    {
+        var authState = await AuthStateProvider.GetAuthenticationStateAsync();
+        var user = authState.User;
+
+        if (user.Identity?.IsAuthenticated == true)
+        {
+            // Das ist der "sub"-Claim (Subject), den wir als OwnerId in RavenDB nutzen
+            _userId = user.FindFirst(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")?.Value 
+                      ?? user.FindFirst("sub")?.Value 
+                      ?? string.Empty;
+        }
+    }
+}

Program.cs

@@ -1,6 +1,13 @@
 using ZahlenAnalyse.Web.Components;
 using MudBlazor.Services;
 using Raven.Client.Documents;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
+using DotNetEnv;
+
+Env.Load();
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -11,12 +18,43 @@ builder.Services.AddMudServices();
 
 var store = new DocumentStore
 {
-    Urls = new[] { "http://localhost:8080" },
+    Urls = new[] { builder.Configuration["RavenDb:Urls"] },
-    Database = "ZahlenAnalyse"
+    Database = builder.Configuration["RavenDb:Database"]
 };
 store.Initialize();
 builder.Services.AddSingleton<IDocumentStore>(store);
 
+builder.Services.AddCascadingAuthenticationState();
+
+builder.Services.AddAuthentication(options =>
+    {
+        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
+    })
+    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
+    .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
+    {
+        var pocketIdConfig = builder.Configuration.GetSection("PocketId");
+        
+        options.Authority = pocketIdConfig["Authority"];
+        options.ClientId = pocketIdConfig["ClientId"];
+        options.ClientSecret = pocketIdConfig["ClientSecret"];
+        
+        options.ResponseType = "code";
+        options.SaveTokens = true;
+        
+        // Wichtig für lokale Dev-Umgebungen ohne HTTPS-Zertifikatsprüfung (falls nötig)
+        // options.RequireHttpsMetadata = false; 
+
+        options.TokenValidationParameters = new TokenValidationParameters
+        {
+            NameClaimType = "name",
+            RoleClaimType = "roles"
+        };
+    });
+
+builder.Services.AddAuthorization();
+
 
 var app = builder.Build();
 
@@ -33,7 +71,29 @@ app.UseHttpsRedirection();
 app.UseAntiforgery();
 
 app.MapStaticAssets();
+
+app.UseAuthentication();
+app.UseAuthorization();
+
 app.MapRazorComponents<App>()
     .AddInteractiveServerRenderMode();
 
+
+app.MapGet("/login", async (HttpContext context) =>
+{
+    await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
+    {
+        RedirectUri = "/"
+    });
+});
+
+app.MapGet("/logout", async (HttpContext context) =>
+{
+    await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+    await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
+    {
+        RedirectUri = "/"
+    });
+});
+
 app.Run();

ZahlenAnalyse.Web.csproj

@@ -8,6 +8,8 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="DotNetEnv" Version="3.2.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.8" />
     <PackageReference Include="MudBlazor" Version="9.5.0" />
     <PackageReference Include="RavenDB.Client" Version="7.2.2" />
   </ItemGroup>