first commit

.gitignore

@@ -0,0 +1,5 @@
+bin
+obj
+sassobj
+node_modules
+wwwroot

Controllers/AccountController.cs

@@ -0,0 +1,52 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Mvc;
+
+namespace govukblank.Controllers
+{
+    [Route("[controller]/[action]")]
+    public class AccountController : Controller
+    {
+        [HttpGet]
+        public IActionResult SignIn()
+        {
+            var redirectUrl = Url.Action(nameof(HomeController.Index), "Home");
+            return Challenge(
+                new AuthenticationProperties { RedirectUri = redirectUrl },
+                OpenIdConnectDefaults.AuthenticationScheme);
+        }
+
+        [HttpGet]
+        public IActionResult SignOut()
+        {
+            var callbackUrl = Url.Action(nameof(SignedOut), "Account", values: null, protocol: Request.Scheme);
+            return SignOut(
+                new AuthenticationProperties { RedirectUri = callbackUrl },
+                CookieAuthenticationDefaults.AuthenticationScheme,
+                OpenIdConnectDefaults.AuthenticationScheme);
+        }
+
+        [HttpGet]
+        public IActionResult SignedOut()
+        {
+            if (User.Identity.IsAuthenticated)
+            {
+                // Redirect to home page if the user is authenticated.
+                return RedirectToAction(nameof(HomeController.Index), "Home");
+            }
+
+            return View();
+        }
+
+        [HttpGet]
+        public IActionResult AccessDenied()
+        {
+            return View();
+        }
+    }
+}

Controllers/HomeController.cs

@@ -0,0 +1,40 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using govukblank.Models;
+
+namespace govukblank.Controllers
+{
+    //[Authorize]
+    public class HomeController : Controller
+    {
+        public IActionResult Index()
+        {
+            return View();
+        }
+
+        public IActionResult About()
+        {
+            ViewData["Message"] = "Your application description page.";
+
+            return View();
+        }
+
+        public IActionResult Contact()
+        {
+            ViewData["Message"] = "Your contact page.";
+
+            return View();
+        }
+
+        [AllowAnonymous]
+        public IActionResult Error()
+        {
+            return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
+        }
+    }
+}

Dockerfile

@@ -0,0 +1,16 @@
+FROM microsoft/aspnetcore-build:2.0 AS build-env
+WORKDIR /app
+
+# Copy csproj and restore as distinct layers
+COPY *.csproj ./
+RUN dotnet restore
+
+# Copy everything else and build
+COPY . ./
+RUN dotnet publish -c Release -o out
+
+# Build runtime image
+FROM microsoft/aspnetcore:2.0
+WORKDIR /app
+COPY --from=build-env /app/out .
+ENTRYPOINT ["dotnet", "govukblank.dll"]

Extensions/AzureAdAuthenticationBuilderExtensions.cs

@@ -0,0 +1,81 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public static class AzureAdAuthenticationBuilderExtensions
+    {        
+        public static AuthenticationBuilder AddAzureAd(this AuthenticationBuilder builder)
+            => builder.AddAzureAd(_ => { });
+
+        public static AuthenticationBuilder AddAzureAd(this AuthenticationBuilder builder, Action<AzureAdOptions> configureOptions)
+        {
+            builder.Services.Configure(configureOptions);
+            builder.Services.AddSingleton<IConfigureOptions<OpenIdConnectOptions>, ConfigureAzureOptions>();
+            builder.AddOpenIdConnect();
+            return builder;
+        }
+
+        private class ConfigureAzureOptions: IConfigureNamedOptions<OpenIdConnectOptions>
+        {
+            private readonly AzureAdOptions _azureOptions;
+
+            public ConfigureAzureOptions(IOptions<AzureAdOptions> azureOptions)
+            {
+                _azureOptions = azureOptions.Value;
+            }
+
+            public void Configure(string name, OpenIdConnectOptions options)
+            {
+                options.ClientId = _azureOptions.ClientId;
+                options.Authority = $"{_azureOptions.Instance}{_azureOptions.TenantId}";
+                options.UseTokenLifetime = true;
+                options.CallbackPath = _azureOptions.CallbackPath;
+                options.RequireHttpsMetadata = false;
+
+                options.TokenValidationParameters = new TokenValidationParameters
+                {
+                    // Instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
+                    // we inject our own multitenant validation logic
+                    ValidateIssuer = false,
+
+                    // If the app is meant to be accessed by entire organizations, add your issuer validation logic here.
+                    //IssuerValidator = (issuer, securityToken, validationParameters) => {
+                    //    if (myIssuerValidationLogic(issuer)) return issuer;
+                    //}
+                };
+
+                options.Events = new OpenIdConnectEvents
+                {
+                    OnTicketReceived = context =>
+                    {
+                        // If your authentication logic is based on users then add your logic here
+                        return Task.CompletedTask;
+                    },
+                    OnAuthenticationFailed = context =>
+                    {
+                        context.Response.Redirect("/Home/Error");
+                        context.HandleResponse(); // Suppress the exception
+                        return Task.CompletedTask;
+                    },
+                    // If your application needs to do authenticate single users, add your user validation below.
+                    //OnTokenValidated = context =>
+                    //{
+                    //    return myUserValidationLogic(context.Ticket.Principal);
+                    //}
+                };
+            }
+
+            public void Configure(OpenIdConnectOptions options)
+            {
+                Configure(Options.DefaultName, options);
+            }
+        }
+    }
+}

Extensions/AzureAdOptions.cs

@@ -0,0 +1,17 @@
+namespace Microsoft.AspNetCore.Authentication
+{
+    public class AzureAdOptions
+    {
+        public string ClientId { get; set; }
+
+        public string ClientSecret { get; set; }
+
+        public string Instance { get; set; }
+
+        public string Domain { get; set; }
+
+        public string TenantId { get; set; }
+
+        public string CallbackPath { get; set; }
+    }
+}

Gulpfile.js

@@ -0,0 +1,70 @@
+var gulp = require("gulp"),
+clean = require('gulp-clean'),
+sass = require("gulp-sass");
+
+gulp.task("clean", function() {
+    return gulp.src(
+        ["sassobj", "wwwroot"], {read: false})
+     .pipe(clean());
+});
+
+gulp.task("sass-elements", ["clean"], function() {
+    return gulp.src([
+        'node_modules/govuk-elements-sass/public/sass/**/*',
+        'node_modules/govuk_frontend_toolkit/stylesheets/**/*',
+        'node_modules/govuk_template_mustache/assets/stylesheets/**/*',
+        'Styles/**/*'])
+        .pipe(gulp.dest('sassobj'))
+});
+
+gulp.task("sass-frontend-images", ["clean"], function() {
+    return gulp.src([
+
+    ])
+})
+
+gulp.task("sass-compile", ["clean", "sass-elements"], function () {
+    return gulp.src('sassobj/*.scss')
+      .pipe(sass())
+      .pipe(gulp.dest('wwwroot/css'));
+});
+
+gulp.task("css-copy", ["clean", "sass-elements"], function() {
+    return gulp.src('sassobj/*.css')
+      .pipe(gulp.dest('wwwroot/css'));
+})
+
+gulp.task("css-image-copy", ["clean", "sass-elements"], function() {
+    return gulp.src('sassobj/images/**/*')
+      .pipe(gulp.dest('wwwroot/css/images'));
+})
+
+gulp.task("css-font-copy", ["clean", "sass-elements"], function() {
+    return gulp.src('sassobj/fonts/**/*')
+      .pipe(gulp.dest('wwwroot/css/fonts'));
+})
+
+gulp.task("images-copy", ["clean"], function() {
+    return gulp.src([
+        'node_modules/govuk_template_mustache/assets/images/**/*',
+        'node_modules/govuk_frontend_toolkit/images/**/*'
+    ]).pipe(gulp.dest("wwwroot/images"))
+    .pipe(gulp.dest("wwwroot/css/images")) //todo is this really necessary?!
+})
+
+gulp.task("javascripts-copy", ["clean"], function() {
+    return gulp.src([
+        "node_modules/govuk_template_mustache/assets/javascripts/**/*",
+        "node_modules/govuk_frontend_toolkit/javascripts/**/*"
+    ]).pipe(gulp.dest("wwwroot/javascripts"))
+})
+
+
+gulp.task("favicon-copy", ["clean"], function() {
+    return gulp.src([
+        "node_modules/govuk_template_mustache/assets/images/favicon.ico"
+    ]).pipe(gulp.dest("wwwroot"))
+})
+
+
+gulp.task("default", ["sass-compile", "css-copy", "css-image-copy", "css-font-copy", "images-copy", "javascripts-copy", "favicon-copy"])