upgraded to .NET Core 2.0.

- updated anti-forgery configuration
- updated authorization token and cookie configuration
- minor configuration file changes
- removed 'out of the box' support for https
- updated client code (api endpoints dynamically resolved relative to current url)

.vscode/launch.json

@@ -21,18 +21,15 @@
             "type": "coreclr",
             "request": "launch",
             "preLaunchTask": "dev build",
-            "program": "${workspaceRoot}/src/server/bin/Debug/netcoreapp1.1/Toucan.UI.dll",
+            "program": "${workspaceRoot}/src/server/bin/Debug/netcoreapp2.0/Toucan.UI.dll",
             "args": [],
+            "env": {
+                "ASPNETCORE_ENVIRONMENT": "development"
+            },
             "cwd": "${workspaceRoot}/src/server",
             "externalConsole": false,
             "stopAtEntry": false,
             "internalConsoleOptions": "openOnSessionStart"
-        },
-        {
-            "name": ".NET Core Attach",
-            "type": "coreclr",
-            "request": "attach",
-            "processId": "${command.pickProcess}"
         }
     ]
 }

README.md

@@ -1,6 +1,6 @@
 # Toucan
 
-This is an opinionated multi-project solution template, combining .NET Core and VueJs.
+This is an opinionated multi-project solution template, combining .NET Core and Vue.js.
 
 The main objective is to provide scaffolding for an SPA web application, that incorporates SOLID design principles.
 
@@ -22,7 +22,7 @@ These instructions will get a copy of the project up and running on your local m
 
 ### Prerequisites
 
-* [.NET Core SDK 1.0.1](https://www.microsoft.com/net/core/#windowscmd)
+* [.NET Core SDK 2.0.0](https://www.microsoft.com/net/core/#windowscmd)
 * [Visual Studio Code](https://code.visualstudio.com/download/) (or a similar text-based editor like Sublime)
 * [TypeScript](https://www.typescriptlang.org/)
 * [Node.js](https://nodejs.org/en/)
@@ -51,7 +51,7 @@ See the readme files for each project
 * [service](src/service/README.md)
 * [server](src/server/README.md)
 
-### VueJs & Webpack
+### Vue.js & Webpack
 See the readme file below
 * [ui](src/ui/README.md)
 
@@ -72,8 +72,8 @@ This is performed using a variation on the [implicit workflow](https://tools.iet
 
 * browser obtains a one-use nonce from local server (which must be redeemed/used before it expires)
 * the browser is redirected to external provider, and authenticated
-* external provider issues a redirect, and returns the nonce and access token details via uri (ie. _http://localhost:5142/#state=XYZ&access_token=4/P7q7W91&token_type=Bearer&expires_in=3600_)
-* the vuejs application is bootstrapped, and checks the uri hash for nonce and access_token
+* external provider issues a redirect, and returns the nonce and access token details via uri (ie. _http://localhost:5000/#state=XYZ&access_token=4/P7q7W91&token_type=Bearer&expires_in=3600_)
+* the Vue.js application is bootstrapped, and checks the uri hash for nonce and access_token
 * if present, these are passed to the local server
 * the local server validates the nonce and access token, and if satisfied, issues the client with a local token (the external access token is also revoked)
 
@@ -99,8 +99,6 @@ Client-side routes are protected via [navigation guards](http://router.vuejs.org
 
 ### Security
 
-TLS is provided by using a self-signed X509 certificate (see _./src/server/resources_ )
-
 Support for [CSRF](https://en.wikipedia.org/wiki/Cross-site_request_forgery) has been provided.
 
 > The site sets CSRF session cookies whenever an access token is issued

SETUP.md

@@ -2,7 +2,7 @@
 
 ## Prerequisites
 
-* [.NET Core SDK 1.0.1](https://www.microsoft.com/net/core/#windowscmd)
+* [.NET Core SDK 2.0.0](https://www.microsoft.com/net/core/#windowscmd)
 * [Visual Studio Code](https://code.visualstudio.com/download/) (or a similar text-based editor like Sublime)
 * [TypeScript](https://www.typescriptlang.org/)
 * [Node.js](https://nodejs.org/en/)
@@ -25,7 +25,6 @@ The alternative is to Git clone the project to a local folder and then follow st
 Update and build the .NET Core projects by switching to to ./src/server and running
 
 ```DOS
-dotnet restore
 dotnet build
 ```
 
@@ -36,7 +35,7 @@ npm install
 npm install webpack -g
 npm install typings -g
 typings install
-webpack -p --config webpack/development.js
+webpack -p --config webpack.config.js
 ```
 
 ### Configuration
@@ -69,6 +68,8 @@ The system by default enables users to create a local login account using a sign
 
 It also enables users to login via an external authentication provider, using the [OAuth 2.0 Implicit](https://tools.ietf.org/html/rfc6749#section-1.3.2) grant workflow.
 
+Most external providers will required https support. This is covered off fairly well by [Setting up HTTPS for development in ASP.NET Core](https://docs.microsoft.com/en-us/aspnet/core/security/https)
+
 The project currently provides support for
 
 - [X] [Google](https://developers.google.com/identity/protocols/OAuth2UserAgent)
@@ -87,4 +88,4 @@ Run the project by switching to ./src/server and running
 ```DOS
 dotnet run -p server.csproj -c Development
 ```
-You should now be able to load the site at [https://localhost:5000/](https://localhost:5000/) 
+You should now be able to load the site at [http://localhost:5000/](http://localhost:5000/) 

build/production.ps1

@@ -1,5 +1,5 @@
 Push-Location ../server
-dotnet publish server.csproj -f netcoreapp1.1 -o ../../dist --configuration Release
+dotnet publish server.csproj -f netcoreapp2.0 -o ../../dist --configuration Release
 Pop-Location
 Push-Location ../ui
 webpack -p --config webpack.production.js

src/common/common.csproj

@@ -1,20 +1,20 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <TargetFramework>netstandard1.6</TargetFramework>
-    <DebugType>portable</DebugType>
-    <AssemblyName>Toucan.Common</AssemblyName>
-    <PackageId>common</PackageId>
-    <NetStandardImplicitPackageVersion>1.6.1</NetStandardImplicitPackageVersion>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <ProjectReference Include="..\contract\contract.csproj" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Cryptography.KeyDerivation" Version="1.1.1" />
-    <PackageReference Include="StructureMap.Microsoft.DependencyInjection" Version="1.2.0" />
-  </ItemGroup>
-
-</Project>
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>netstandard2.0</TargetFramework>
+    <DebugType>portable</DebugType>
+    <AssemblyName>Toucan.Common</AssemblyName>
+    <PackageId>common</PackageId>
+    <NetStandardImplicitPackageVersion>2.0.0</NetStandardImplicitPackageVersion>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\contract\contract.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Cryptography.KeyDerivation" Version="2.0.0" />
+    <PackageReference Include="StructureMap.Microsoft.DependencyInjection" Version="1.3.1" />
+  </ItemGroup>
+
+</Project>

src/contract/contract.csproj

@@ -1,15 +1,15 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <TargetFramework>netstandard1.6</TargetFramework>
-    <DebugType>portable</DebugType>
-    <AssemblyName>Toucan.Contract</AssemblyName>
-    <PackageId>contract</PackageId>
-    <NetStandardImplicitPackageVersion>1.6.1</NetStandardImplicitPackageVersion>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <PackageReference Include="System.Security.Claims" Version="4.3.0" />
-  </ItemGroup>
-
-</Project>
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>netstandard2.0</TargetFramework>
+    <DebugType>portable</DebugType>
+    <AssemblyName>Toucan.Contract</AssemblyName>
+    <PackageId>contract</PackageId>
+    <NetStandardImplicitPackageVersion>2.0.0</NetStandardImplicitPackageVersion>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="System.Security.Claims" Version="4.3.0" />
+  </ItemGroup>
+
+</Project>