diff --git a/src/bundles/Elsa.WorkflowServer.Web/Elsa.WorkflowServer.Web.csproj b/src/bundles/Elsa.WorkflowServer.Web/Elsa.WorkflowServer.Web.csproj
index ba1b05d8d9..2b4b3653de 100644
--- a/src/bundles/Elsa.WorkflowServer.Web/Elsa.WorkflowServer.Web.csproj
+++ b/src/bundles/Elsa.WorkflowServer.Web/Elsa.WorkflowServer.Web.csproj
@@ -15,7 +15,6 @@
-
diff --git a/src/bundles/Elsa.WorkflowServer.Web/Program.cs b/src/bundles/Elsa.WorkflowServer.Web/Program.cs
index c8b47feb1a..bddd2ed196 100644
--- a/src/bundles/Elsa.WorkflowServer.Web/Program.cs
+++ b/src/bundles/Elsa.WorkflowServer.Web/Program.cs
@@ -1,3 +1,7 @@
+using System.Globalization;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using Elsa;
using Elsa.ActivityDefinitions.EntityFrameworkCore.Extensions;
using Elsa.ActivityDefinitions.EntityFrameworkCore.Sqlite;
using Elsa.Extensions;
@@ -26,10 +30,14 @@
using Elsa.Workflows.Runtime.Extensions;
using Elsa.WorkflowServer.Web.Jobs;
using FastEndpoints;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.IdentityModel.Tokens;
var builder = WebApplication.CreateBuilder(args);
var services = builder.Services;
+EndpointSecurityOptions.DisableSecurity();
+
// Add Elsa services.
services
.AddElsa(elsa => elsa
@@ -64,7 +72,32 @@
services.AddHealthChecks();
services.AddCors(cors => cors.AddDefaultPolicy(policy => policy.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin()));
-// Authorization policies.
+// Authentication & Authorization.
+services
+ .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+ .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
+ {
+ var claims =
+
+ options.TokenValidationParameters = new TokenValidationParameters
+ {
+ IssuerSigningKeyValidator = (key, token, parameters) => true,
+ ValidateIssuerSigningKey = false,
+ ValidateAudience = false,
+ ValidateIssuer = false,
+ ValidateTokenReplay = false,
+ ValidateActor = false,
+ RoleClaimType = ClaimTypes.Role,
+ TokenReplayValidator = (time, token, parameters) => true,
+ SignatureValidator = (token, parameters) =>
+ {
+ return new JwtSecurityToken(token);
+ },
+ };
+ options.SecurityTokenValidators.Clear();
+ options.SecurityTokenValidators.Add(new CustomValidator());
+ });
+
services.AddAuthorization(options => options.AddPolicy("WorkflowManagerPolicy", policy => policy.RequireAuthenticatedUser()));
// Configure middleware pipeline.
@@ -101,11 +134,35 @@
app.UseAuthentication();
app.UseAuthorization();
-
// Register Elsa middleware.
app.UseElsaFastEndpoints();
app.UseJsonSerializationErrorHandler();
app.UseHttpActivities();
// Run.
-app.Run();
\ No newline at end of file
+app.Run();
+
+public class CustomValidator : ISecurityTokenValidator
+{
+ private readonly JwtSecurityTokenHandler _tokenHandler;
+
+ public CustomValidator()
+ {
+ _tokenHandler = new JwtSecurityTokenHandler();
+ }
+
+ public bool CanReadToken(string securityToken)
+ {
+ return true;
+ }
+
+ public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
+ {
+ var principal = _tokenHandler.ValidateToken(securityToken, validationParameters, out validatedToken);
+
+ return principal;
+ }
+
+ public bool CanValidateToken => true;
+ public int MaximumTokenSizeInBytes { get; set; } = TokenValidationParameters.DefaultMaximumTokenSizeInBytes;
+}
\ No newline at end of file
diff --git a/src/bundles/Elsa.WorkflowServer.Web/appsettings.json b/src/bundles/Elsa.WorkflowServer.Web/appsettings.json
index 0061928067..579829e789 100644
--- a/src/bundles/Elsa.WorkflowServer.Web/appsettings.json
+++ b/src/bundles/Elsa.WorkflowServer.Web/appsettings.json
@@ -1,9 +1,9 @@
{
"Logging": {
"LogLevel": {
- "Default": "Information",
+ "Default": "Debug",
"Microsoft.EntityFrameworkCore": "Warning",
- "Microsoft.AspNetCore": "Warning"
+ "Microsoft.AspNetCore": "Debug"
}
},
"AllowedHosts": "*"
diff --git a/src/common/Elsa.Api.Common/EndpointSecurityOptions.cs b/src/common/Elsa.Api.Common/EndpointSecurityOptions.cs
new file mode 100644
index 0000000000..817bba9bbf
--- /dev/null
+++ b/src/common/Elsa.Api.Common/EndpointSecurityOptions.cs
@@ -0,0 +1,13 @@
+using FastEndpoints;
+
+namespace Elsa;
+
+public static class EndpointSecurityOptions
+{
+ public static string AdminRoleName = "Admin";
+ public static string ReaderRoleName = "Reader";
+ public static string WriteRoleName = "Writer";
+ public static bool SecurityIsEnabled = true;
+
+ public static void DisableSecurity() => SecurityIsEnabled = false;
+}
\ No newline at end of file
diff --git a/src/common/Elsa.Persistence.EntityFrameworkCore.Common/Elsa.Persistence.EntityFrameworkCore.Common.csproj b/src/common/Elsa.Persistence.EntityFrameworkCore.Common/Elsa.Persistence.EntityFrameworkCore.Common.csproj
index d7bab8d5a1..5ae97465a4 100644
--- a/src/common/Elsa.Persistence.EntityFrameworkCore.Common/Elsa.Persistence.EntityFrameworkCore.Common.csproj
+++ b/src/common/Elsa.Persistence.EntityFrameworkCore.Common/Elsa.Persistence.EntityFrameworkCore.Common.csproj
@@ -14,15 +14,15 @@
-
-
+
+
-
-
+
+
all
runtime; build; native; contentfiles; analyzers; buildtransitive
-
+
diff --git a/src/modules/Elsa.Labels.EntityFrameworkCore.Sqlite/Elsa.Labels.EntityFrameworkCore.Sqlite.csproj b/src/modules/Elsa.Labels.EntityFrameworkCore.Sqlite/Elsa.Labels.EntityFrameworkCore.Sqlite.csproj
index 1eb22000d6..42cc67c6da 100644
--- a/src/modules/Elsa.Labels.EntityFrameworkCore.Sqlite/Elsa.Labels.EntityFrameworkCore.Sqlite.csproj
+++ b/src/modules/Elsa.Labels.EntityFrameworkCore.Sqlite/Elsa.Labels.EntityFrameworkCore.Sqlite.csproj
@@ -7,7 +7,7 @@
-
+
all
runtime; build; native; contentfiles; analyzers; buildtransitive
diff --git a/src/modules/Elsa.Labels.EntityFrameworkCore/Elsa.Labels.EntityFrameworkCore.csproj b/src/modules/Elsa.Labels.EntityFrameworkCore/Elsa.Labels.EntityFrameworkCore.csproj
index 7f5856d3ff..42f8b430f1 100644
--- a/src/modules/Elsa.Labels.EntityFrameworkCore/Elsa.Labels.EntityFrameworkCore.csproj
+++ b/src/modules/Elsa.Labels.EntityFrameworkCore/Elsa.Labels.EntityFrameworkCore.csproj
@@ -7,7 +7,7 @@
-
+
all
runtime; build; native; contentfiles; analyzers; buildtransitive
diff --git a/src/modules/Elsa.Workflows.Api/Endpoints/ActivityDescriptors/List/Endpoint.cs b/src/modules/Elsa.Workflows.Api/Endpoints/ActivityDescriptors/List/Endpoint.cs
index 991ed20713..17da7a3530 100644
--- a/src/modules/Elsa.Workflows.Api/Endpoints/ActivityDescriptors/List/Endpoint.cs
+++ b/src/modules/Elsa.Workflows.Api/Endpoints/ActivityDescriptors/List/Endpoint.cs
@@ -18,9 +18,17 @@ public List(IActivityRegistry registry, IWellKnownTypeRegistry wellKnownTypeRegi
public override void Configure()
{
- Policies(Constants.PolicyName);
- Roles("Admin");
- Permissions("all", "list:activity-descriptors");
+ Get("/descriptors/activities");
+
+ if (!EndpointSecurityOptions.SecurityIsEnabled)
+ {
+ AllowAnonymous();
+ }
+ else
+ {
+ Roles("Admin", "Reader");
+ Permissions("*", "list:activity-descriptors");
+ }
}
public override Task ExecuteAsync(CancellationToken cancellationToken)
diff --git a/src/modules/Elsa.Workflows.Api/Endpoints/StorageDrivers/List/Endpoint.cs b/src/modules/Elsa.Workflows.Api/Endpoints/StorageDrivers/List/Endpoint.cs
index 5ef6333a02..9c2b614b9e 100644
--- a/src/modules/Elsa.Workflows.Api/Endpoints/StorageDrivers/List/Endpoint.cs
+++ b/src/modules/Elsa.Workflows.Api/Endpoints/StorageDrivers/List/Endpoint.cs
@@ -17,7 +17,7 @@ public List(IStorageDriverManager registry)
public override void Configure()
{
- Get("/descriptors/activities");
+ Get("/descriptors/storage-drivers");
Policies(Constants.PolicyName);
Permissions("all", "read:storage-drivers");
}
diff --git a/src/modules/Elsa.Workflows.Persistence.EntityFrameworkCore.Sqlite/Elsa.Workflows.Persistence.EntityFrameworkCore.Sqlite.csproj b/src/modules/Elsa.Workflows.Persistence.EntityFrameworkCore.Sqlite/Elsa.Workflows.Persistence.EntityFrameworkCore.Sqlite.csproj
index 982a481c42..12907a537a 100644
--- a/src/modules/Elsa.Workflows.Persistence.EntityFrameworkCore.Sqlite/Elsa.Workflows.Persistence.EntityFrameworkCore.Sqlite.csproj
+++ b/src/modules/Elsa.Workflows.Persistence.EntityFrameworkCore.Sqlite/Elsa.Workflows.Persistence.EntityFrameworkCore.Sqlite.csproj
@@ -7,7 +7,7 @@
-
+
all
runtime; build; native; contentfiles; analyzers; buildtransitive