Beispiel #1
0
        public void Configuration(IAppBuilder app)
        {
            JwtSecurityTokenHandler.InboundClaimTypeMap
                = new Dictionary <string, string>();

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
            });

            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId                   = "socialnetwork_code",
                Authority                  = "http://localhost:22710",
                RedirectUri                = "http://localhost:28037/",
                ResponseType               = "code id_token",
                Scope                      = "openid profile offline_access",
                PostLogoutRedirectUri      = "http://localhost:28037",
                SignInAsAuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,

                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    AuthorizationCodeReceived = async notification =>
                    {
                        var requestResponse = await OidcClient.CallTokenEndpointAsync(
                            new Uri("http://localhost:22710/connect/token"),
                            new Uri("http://localhost:28037/"),
                            notification.Code,
                            "socialnetwork_code",
                            "secret");

                        var identity = notification.AuthenticationTicket.Identity;

                        identity.AddClaim(new Claim("access_token", requestResponse.AccessToken));
                        identity.AddClaim(new Claim("id_token", requestResponse.IdentityToken));
                        identity.AddClaim(new Claim("refresh_token", requestResponse.RefreshToken));

                        notification.AuthenticationTicket = new AuthenticationTicket(
                            identity, notification.AuthenticationTicket.Properties);
                    },
                    RedirectToIdentityProvider = notification =>
                    {
                        if (notification.ProtocolMessage.RequestType !=
                            OpenIdConnectRequestType.LogoutRequest)
                        {
                            return(Task.FromResult(0));
                        }

                        notification.ProtocolMessage.IdTokenHint =
                            notification.OwinContext.Authentication.User.FindFirst("id_token").Value;

                        return(Task.FromResult(0));
                    }
                }
            });
        }
Beispiel #2
0
        public void Configuration(IAppBuilder app)
        {
            ConfigureAuth(app);
            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap = new Dictionary <string, string>();

            //ResourceOwner password flow
            app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions()
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                //LoginPath = new PathString("/Home/Login")
            });

            //ImplicitFlow
            //app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
            //{
            //    ClientId = "socialnetwork_implicit",
            //    Authority = "http://localhost:58457/",
            //    RedirectUri = "http://localhost:41109",
            //    ResponseType = "token id_token",
            //    Scope = "openid profile Read",
            //    SignInAsAuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            //    RequireHttpsMetadata = false,
            //    PostLogoutRedirectUri = "http://localhost:41109",
            //    Notifications = new OpenIdConnectAuthenticationNotifications()
            //    {
            //        SecurityTokenValidated = notification =>
            //          {
            //              var identity = notification.AuthenticationTicket.Identity;
            //              identity.AddClaim(new System.Security.Claims.Claim("id_token", notification.ProtocolMessage.IdToken));
            //              identity.AddClaim(new System.Security.Claims.Claim("access_token", notification.ProtocolMessage.AccessToken));
            //              notification.AuthenticationTicket = new Microsoft.Owin.Security.AuthenticationTicket(identity, notification.AuthenticationTicket.Properties);
            //              return Task.FromResult(0);
            //          },
            //        RedirectToIdentityProvider = notification =>
            //        {
            //            if (notification.ProtocolMessage.RequestType != Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectRequestType.Logout)
            //                return Task.FromResult(0);

            //            notification.ProtocolMessage.IdTokenHint = notification.OwinContext.Authentication.User.FindFirst("id_token").Value;
            //            return Task.FromResult(0);
            //        }
            //    }

            //});

            //Authorization code flow
            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
            {
                ClientId     = "scoialnetwork_code",
                Authority    = "http://localhost:58457/",
                RedirectUri  = "http://localhost:41109/",
                ResponseType = "code id_token",
                Scope        = "openid profile Read offline_access Role",
                SignInAsAuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                RequireHttpsMetadata       = false,
                PostLogoutRedirectUri      = "http://localhost:41109",
                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    AuthorizationCodeReceived = async notification =>
                    {
                        var requestResponse = await OidcClient.CallTokenEndpointAsync(
                            new Uri("http://localhost:58457/connect/token"),
                            new Uri("http://localhost:41109/"),
                            notification.Code,
                            "scoialnetwork_code",
                            "secret"
                            );

                        var identity = notification.AuthenticationTicket.Identity;

                        identity.AddClaim(new System.Security.Claims.Claim("id_token", requestResponse.IdentityToken));
                        identity.AddClaim(new System.Security.Claims.Claim("access_token", requestResponse.AccessToken));
                        identity.AddClaim(new System.Security.Claims.Claim("refresh_token", requestResponse.RefreshToken ?? string.Empty));

                        notification.AuthenticationTicket = new Microsoft.Owin.Security.AuthenticationTicket(identity,
                                                                                                             notification.AuthenticationTicket.Properties);
                    },
                    RedirectToIdentityProvider = notification =>
                    {
                        if (notification.ProtocolMessage.RequestType != Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectRequestType.Logout)
                        {
                            return(Task.FromResult(0));
                        }

                        notification.ProtocolMessage.IdTokenHint = notification.OwinContext.Authentication.User.FindFirst("id_token").Value;
                        return(Task.FromResult(0));
                    }
                },
                TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
                {
                    //NameClaimType = "name",
                    RoleClaimType = "Role"
                }
            });
        }
        public void Configuration(IAppBuilder app)
        {
            // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
            var config = GlobalConfiguration.Configuration;

            //Below example can be used if the issuing authority does not use IdentityServer3

            //var certificate = new X509Certificate2(Convert.FromBase64String("MIIDhDCCAmygAwIBAgIJAN2fE4SEh8gPMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMMB2lkcGNlcnQwHhcNMTcwOTA0MTg1NzIwWhcNMTgwOTA0MTg1NzIwWjBXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRAwDgYDVQQDDAdpZHBjZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGAc8i2b4X2RZG7QToBgzV4WdTUxnjuzADqPqeVZ8aqgczYYJnSTqriMt+n/GGnUiSwiRWvOGdf61eHEOEQjGJrbQr746ymKzVlIWX0NwRXWvX3wpJJUJ8nC4aXoRao77RKotLGVw790ffTksEIaprLSIwjswXnU4db79HK/AxB8avcgXVcljCIH9Awpg6eXYYqlQcK6TNpY5USqiwCmTGlo9kkzeZ1+9hAU/1Bypqxazi2qXgLpA/+iWSOIVn7qjrOSB16ksdMcUEiGFJAkHNWJcfUWlIlW+0xgGBKEOrqTiPLhzhu0EaDvmBIYzVd1at+uqgi6KyBrAZX6+axvLQIDAQABo1MwUTAdBgNVHQ4EFgQUuWmSSya/fcHvDB4rCphl0ALOOEUwHwYDVR0jBBgwFoAUuWmSSya/fcHvDB4rCphl0ALOOEUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAGy+WezPaxOmWpKDRhCP3OiTb3HahzEFFJ+NQmn7d3zZ+hH3zwDEjkaQsnnqaKrqQmkIIVyTt3i0k7LMEMS7Dz22fq/X/LL96p3jTjZXlNldwM5fBW6Y6irdOE7WqvH7h8CbQ4YKfabxgVLpS+1Z7xBlm01kN15z1gtnlPWOwhcDHSIXzkLtUxK0NlpRubKdvoT1QWwB9rLaZhuuuG5erBK0Xa7kB9ujXDSxnxKDP+boW0enF9O3RAICNluzZb7b+cDQK3CHgj7uOCyllSUlv31B2+tcrd9jANAGh6j8hvwQh/QnmZpe68RrTqdlfQo3ErOco+Jj8T4afsyuXLE62kQ=="));

            //app.UseJwtBearerAuthentication(new Microsoft.Owin.Security.Jwt.JwtBearerAuthenticationOptions
            //{
            //    AllowedAudiences = new[] { "http://localhost:49936" },
            //    TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
            //    {
            //        ValidAudience = "http://localhost:49936",
            //        ValidIssuer = "http://localhost:49936",
            //        IssuerSigningKey = new X509SecurityKey(certificate)
            //    }
            //});

            //app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
            //{
            //    Authority = ConfigurationManager.AppSettings["Authority"]
            //});

            JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>();


            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                ExpireTimeSpan     = TimeSpan.FromSeconds(15)
            });

            try
            {
                app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
                {
                    ClientId                   = "idp_code",
                    Authority                  = ConfigurationManager.AppSettings["Authority"],
                    RedirectUri                = "http://localhost:57300/",
                    ResponseType               = "code id_token",
                    Scope                      = "openid profile offline_access",
                    PostLogoutRedirectUri      = "http://localhost:57300",
                    SignInAsAuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,

                    Notifications = new OpenIdConnectAuthenticationNotifications
                    {
                        AuthorizationCodeReceived = async notification =>
                        {
                            var requestResponse = await OidcClient.CallTokenEndpointAsync(
                                new Uri("http://localhost:49936/connect/token"),
                                new Uri("http://localhost:57300/"),
                                notification.Code,
                                "idp_code",
                                "secret");

                            var identity = notification.AuthenticationTicket.Identity;

                            identity.AddClaim(new Claim("access_token", requestResponse.AccessToken));
                            identity.AddClaim(new Claim("id_token", requestResponse.IdentityToken));
                            identity.AddClaim(new Claim("refresh_token", requestResponse.RefreshToken));

                            notification.AuthenticationTicket = new AuthenticationTicket(identity, notification.AuthenticationTicket.Properties);
                        }
                    }
                });
            }catch (Exception ex)
            {
            }

            app.UseWebApi(config);
        }