first round of updates for .NET 8 and IdentityServer 7.0

Author: brockallen

global.json

@@ -1,6 +1,6 @@
 {
   "sdk": {
-    "version": "6.0.100",
+    "version": "8.0.100",
     "rollForward": "latestMajor",
     "allowPrerelease": false
   }

src/BffLocalApi/BffLocalApi.csproj

@@ -1,15 +1,15 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
 	<PropertyGroup>
-		<TargetFramework>net6.0</TargetFramework>
+		<TargetFramework>net8.0</TargetFramework>
 		<ImplicitUsings>enable</ImplicitUsings>
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Duende.BFF.Yarp" Version="2.1.0" />
-		<PackageReference Include="Serilog.AspNetCore" Version="6.0.0" />
+		<PackageReference Include="Duende.BFF.Yarp" Version="2.2.0" />
+		<PackageReference Include="Serilog.AspNetCore" Version="8.0.0" />
 
-		<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="6.0.0" />
+		<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.0" />
 	</ItemGroup>
 
 </Project>

src/BffRemoteApi/BffRemoteApi.csproj

@@ -1,13 +1,13 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
     <PropertyGroup>
-        <TargetFramework>net6.0</TargetFramework>
+        <TargetFramework>net8.0</TargetFramework>
         <Nullable>enable</Nullable>
         <ImplicitUsings>enable</ImplicitUsings>
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Duende.BFF.Yarp" Version="2.1.0" />
+        <PackageReference Include="Duende.BFF.Yarp" Version="2.2.0" />
     </ItemGroup>
 
 

src/IdentityServerAspNetIdentity/IdentityServerAspNetIdentity.csproj

@@ -1,20 +1,21 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
 
 	<PropertyGroup>
-		<TargetFramework>net6.0</TargetFramework>
+		<TargetFramework>net8.0</TargetFramework>
 		<ImplicitUsings>enable</ImplicitUsings>
+		<Nullable>enable</Nullable>
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Duende.IdentityServer.AspNetIdentity" Version="6.3.2" />
+		<PackageReference Include="Duende.IdentityServer.AspNetIdentity" Version="7.0.0-rc.2" />
 
-		<PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="6.0.0" />
-		<PackageReference Include="Serilog.AspNetCore" Version="6.0.0" />
+		<PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="8.0.0" />
+		<PackageReference Include="Serilog.AspNetCore" Version="8.0.0" />
 
-		<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="6.0.0" />
-		<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.0" />
-		<PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="6.0.0" />
-		<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="6.0.0" />
-		<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="6.0.0" />
+		<PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="8.0.0" />
+		<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.0" />
+		<PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="8.0.0" />
+		<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="8.0.0" />
+		<PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="8.0.0" />
 	</ItemGroup>
 </Project>

src/IdentityServerAspNetIdentity/Pages/Account/AccessDenied.cshtml.cs

@@ -1,3 +1,6 @@
+// Copyright (c) Duende Software. All rights reserved.
+// See LICENSE in the project root for license information.
+
 using Microsoft.AspNetCore.Mvc.RazorPages;
 
 namespace IdentityServerHost.Pages.Account;
@@ -7,4 +10,4 @@ public class AccessDeniedModel : PageModel
     public void OnGet()
     {
     }
-}
+}

src/IdentityServerAspNetIdentity/Pages/Account/Login/Index.cshtml.cs

@@ -1,3 +1,7 @@
+// Copyright (c) Duende Software. All rights reserved.
+// See LICENSE in the project root for license information.
+
+using Duende.IdentityServer;
 using Duende.IdentityServer.Events;
 using Duende.IdentityServer.Models;
 using Duende.IdentityServer.Services;
@@ -22,10 +26,10 @@ public class Index : PageModel
     private readonly IAuthenticationSchemeProvider _schemeProvider;
     private readonly IIdentityProviderStore _identityProviderStore;
 
-    public ViewModel View { get; set; }
+    public ViewModel View { get; set; } = default!;
 
     [BindProperty]
-    public InputModel Input { get; set; }
+    public InputModel Input { get; set; } = default!;
 
     public Index(
         IIdentityServerInteractionService interaction,
@@ -42,8 +46,8 @@ public Index(
         _identityProviderStore = identityProviderStore;
         _events = events;
     }
-        
-    public async Task<IActionResult> OnGet(string returnUrl)
+
+    public async Task<IActionResult> OnGet(string? returnUrl)
     {
         await BuildModelAsync(returnUrl);
 
@@ -66,6 +70,9 @@ public async Task<IActionResult> OnPost()
         {
             if (context != null)
             {
+                // This "can't happen", because if the ReturnUrl was null, then the context would be null
+                ArgumentNullException.ThrowIfNull(Input.ReturnUrl, nameof(Input.ReturnUrl));
+
                 // if the user cancels, send a result back into IdentityServer as if they 
                 // denied the consent (even if this client does not require consent).
                 // this will send back an access denied OIDC error response to the client.
@@ -79,7 +86,7 @@ public async Task<IActionResult> OnPost()
                     return this.LoadingPage(Input.ReturnUrl);
                 }
 
-                return Redirect(Input.ReturnUrl);
+                return Redirect(Input.ReturnUrl ?? "~/");
             }
             else
             {
@@ -90,14 +97,18 @@ public async Task<IActionResult> OnPost()
 
         if (ModelState.IsValid)
         {
-            var result = await _signInManager.PasswordSignInAsync(Input.Username, Input.Password, Input.RememberLogin, lockoutOnFailure: true);
+            var result = await _signInManager.PasswordSignInAsync(Input.Username!, Input.Password!, Input.RememberLogin, lockoutOnFailure: true);
             if (result.Succeeded)
             {
-                var user = await _userManager.FindByNameAsync(Input.Username);
-                await _events.RaiseAsync(new UserLoginSuccessEvent(user.UserName, user.Id, user.UserName, clientId: context?.Client.ClientId));
+                var user = await _userManager.FindByNameAsync(Input.Username!);
+                await _events.RaiseAsync(new UserLoginSuccessEvent(user!.UserName, user.Id, user.UserName, clientId: context?.Client.ClientId));
+                Telemetry.Metrics.UserLogin(context?.Client.ClientId, IdentityServerConstants.LocalIdentityProvider);
 
                 if (context != null)
                 {
+                    // This "can't happen", because if the ReturnUrl was null, then the context would be null
+                    ArgumentNullException.ThrowIfNull(Input.ReturnUrl, nameof(Input.ReturnUrl));
+
                     if (context.IsNativeClient())
                     {
                         // The client is native, so this change in how to
@@ -106,7 +117,7 @@ public async Task<IActionResult> OnPost()
                     }
 
                     // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null
-                    return Redirect(Input.ReturnUrl);
+                    return Redirect(Input.ReturnUrl ?? "~/");
                 }
 
                 // request for a local page
@@ -121,20 +132,22 @@ public async Task<IActionResult> OnPost()
                 else
                 {
                     // user might have clicked on a malicious link - should be logged
-                    throw new Exception("invalid return URL");
+                    throw new ArgumentException("invalid return URL");
                 }
             }
 
-            await _events.RaiseAsync(new UserLoginFailureEvent(Input.Username, "invalid credentials", clientId:context?.Client.ClientId));
+            const string error = "invalid credentials";
+            await _events.RaiseAsync(new UserLoginFailureEvent(Input.Username, error, clientId:context?.Client.ClientId));
+            Telemetry.Metrics.UserLoginFailure(context?.Client.ClientId, IdentityServerConstants.LocalIdentityProvider, error);
             ModelState.AddModelError(string.Empty, LoginOptions.InvalidCredentialsErrorMessage);
         }
 
         // something went wrong, show form with error
         await BuildModelAsync(Input.ReturnUrl);
         return Page();
     }
-        
-    private async Task BuildModelAsync(string returnUrl)
+
+    private async Task BuildModelAsync(string? returnUrl)
     {
         Input = new InputModel
         {
@@ -152,11 +165,11 @@ private async Task BuildModelAsync(string returnUrl)
                 EnableLocalLogin = local,
             };
 
-            Input.Username = context?.LoginHint;
+            Input.Username = context.LoginHint;
 
             if (!local)
             {
-                View.ExternalProviders = new[] { new ViewModel.ExternalProvider { AuthenticationScheme = context.IdP } };
+                View.ExternalProviders = new[] { new ViewModel.ExternalProvider ( authenticationScheme: context.IdP ) };
             }
 
             return;
@@ -167,27 +180,27 @@ private async Task BuildModelAsync(string returnUrl)
         var providers = schemes
             .Where(x => x.DisplayName != null)
             .Select(x => new ViewModel.ExternalProvider
-            {
-                DisplayName = x.DisplayName ?? x.Name,
-                AuthenticationScheme = x.Name
-            }).ToList();
+            (
+                authenticationScheme: x.Name,
+                displayName: x.DisplayName ?? x.Name
+            )).ToList();
 
-        var dyanmicSchemes = (await _identityProviderStore.GetAllSchemeNamesAsync())
+        var dynamicSchemes = (await _identityProviderStore.GetAllSchemeNamesAsync())
             .Where(x => x.Enabled)
             .Select(x => new ViewModel.ExternalProvider
-            {
-                AuthenticationScheme = x.Scheme,
-                DisplayName = x.DisplayName
-            });
-        providers.AddRange(dyanmicSchemes);
+            (
+                authenticationScheme: x.Scheme,
+                displayName: x.DisplayName ?? x.Scheme
+            ));
+        providers.AddRange(dynamicSchemes);
 
 
         var allowLocal = true;
         var client = context?.Client;
         if (client != null)
         {
             allowLocal = client.EnableLocalLogin;
-            if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any())
+            if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Count != 0)
             {
                 providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList();
             }
@@ -200,4 +213,4 @@ private async Task BuildModelAsync(string returnUrl)
             ExternalProviders = providers.ToArray()
         };
     }
-}
+}

src/IdentityServerAspNetIdentity/Pages/Account/Login/InputModel.cs

@@ -1,22 +1,17 @@
 // Copyright (c) Duende Software. All rights reserved.
 // See LICENSE in the project root for license information.
 
-
 using System.ComponentModel.DataAnnotations;
 
 namespace IdentityServerHost.Pages.Login;
 
 public class InputModel
 {
     [Required]
-    public string Username { get; set; }
-        
+    public string? Username { get; set; }
     [Required]
-    public string Password { get; set; }
-        
+    public string? Password { get; set; }
     public bool RememberLogin { get; set; }
-        
-    public string ReturnUrl { get; set; }
-
-    public string Button { get; set; }
+    public string? ReturnUrl { get; set; }
+    public string? Button { get; set; }
 }

src/IdentityServerAspNetIdentity/Pages/Account/Login/LoginOptions.cs

@@ -1,9 +1,12 @@
+// Copyright (c) Duende Software. All rights reserved.
+// See LICENSE in the project root for license information.
+
 namespace IdentityServerHost.Pages.Login;
 
-public class LoginOptions
+public static class LoginOptions
 {
-    public static bool AllowLocalLogin = true;
-    public static bool AllowRememberLogin = true;
-    public static TimeSpan RememberMeLoginDuration = TimeSpan.FromDays(30);
-    public static string InvalidCredentialsErrorMessage = "Invalid username or password";
+    public static readonly bool AllowLocalLogin = true;
+    public static readonly bool AllowRememberLogin = true;
+    public static readonly TimeSpan RememberMeLoginDuration = TimeSpan.FromDays(30);
+    public static readonly string InvalidCredentialsErrorMessage = "Invalid username or password";
 }

src/IdentityServerAspNetIdentity/Pages/Account/Login/ViewModel.cs

@@ -12,11 +12,17 @@ public class ViewModel
     public IEnumerable<ViewModel.ExternalProvider> VisibleExternalProviders => ExternalProviders.Where(x => !String.IsNullOrWhiteSpace(x.DisplayName));
 
     public bool IsExternalLoginOnly => EnableLocalLogin == false && ExternalProviders?.Count() == 1;
-    public string ExternalLoginScheme => IsExternalLoginOnly ? ExternalProviders?.SingleOrDefault()?.AuthenticationScheme : null;
+    public string? ExternalLoginScheme => IsExternalLoginOnly ? ExternalProviders?.SingleOrDefault()?.AuthenticationScheme : null;
 
     public class ExternalProvider
     {
-        public string DisplayName { get; set; }
+        public ExternalProvider(string authenticationScheme, string? displayName = null)
+        {
+            AuthenticationScheme = authenticationScheme;
+            DisplayName = displayName;
+        }
+
+        public string? DisplayName { get; set; }
         public string AuthenticationScheme { get; set; }
     }
 }