public void ConfigureServices(IServiceCollection services) { IdentityOptions identityOptions = Configuration.GetSection("Identity").Get <IdentityOptions>(); services.Configure <IdentityOptions>(Configuration.GetSection("Identity")); X509Certificate2 cert = new EmbeddedCertificateProvider() .GetCertificateAsync().GetAwaiter().GetResult(); services.AddIdentityServer(options => { options.Endpoints.EnableAuthorizeEndpoint = false; options.Endpoints.EnableDeviceAuthorizationEndpoint = false; options.Events.RaiseErrorEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseInformationEvents = true; options.Events.RaiseSuccessEvents = true; options.MutualTls.Enabled = true; options.MutualTls.ClientCertificateAuthenticationScheme = "x509"; options.IssuerUri = identityOptions.Token.IssuerUri; }) .AddClientStore <ClientStore>() .AddResourceStore <ResourceStore>() // TODO: replace with an implementation similar to https://github.com/damienbod/IdentityServer4AspNetCoreIdentityTemplate/issues/30 to enable azure key vault support .AddSigningCredential(cert) .AddValidationKey(cert) .AddResourceOwnerValidator <ResourceOwnerPasswordValidator>() .AddMutualTlsSecretValidators(); services.AddHttpContextAccessor(); //services.AddTransient<ClaimsPrincipal>(c => ClaimsPrincipal.Current); services.AddAuthentication() .AddCertificate("x509", options => { options.RevocationMode = X509RevocationMode.NoCheck; options.AllowedCertificateTypes = CertificateTypes.All; options.Events = new CertificateAuthenticationEvents { OnAuthenticationFailed = context => { context.Fail("Certificate authentication failed."); return(Task.CompletedTask); }, OnValidateCertificate = context => { context.Principal = Principal.CreateFromCertificate(context.ClientCertificate, includeAllClaims: true); context.Success(); return(Task.CompletedTask); } }; }); services.AddApplicationInsightsTelemetry(); }
public void ConfigureServices(IServiceCollection services) { services .AddMvcCore() .AddJsonFormatters() .AddAuthorization(); services.AddCors(); services.AddDistributedMemoryCache(); services.AddAuthentication("token") .AddIdentityServerAuthentication("token", options => { options.Authority = Constants.Authority; options.RequireHttpsMetadata = false; options.ApiName = "api1"; options.ApiSecret = "secret"; }) .AddCertificate("x509", options => { options.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck; options.Events = new CertificateAuthenticationEvents { OnValidateCertificate = context => { context.Principal = Principal.CreateFromCertificate(context.ClientCertificate, includeAllClaims: true); context.Success(); return(Task.CompletedTask); } }; }); }
public void ConfigureServices(IServiceCollection services) { services.AddControllers(); services.AddCors(); services.AddDistributedMemoryCache(); services.AddAuthentication("token") .AddIdentityServerAuthentication("token", options => { options.ApiName = "resource1"; options.ApiSecret = "secret"; options.Authority = IdentityServerHost.IisAuthority; options.RequireHttpsMetadata = false; }) .AddCertificate("x509", options => { options.RevocationMode = X509RevocationMode.NoCheck; options.Events = new CertificateAuthenticationEvents { OnCertificateValidated = context => { context.Principal = Principal.CreateFromCertificate(context.ClientCertificate, includeAllClaims: true); context.Success(); return(Task.CompletedTask); } }; }); }
public IServiceProvider ConfigureServices(IServiceCollection services) { services.AddMvc() .SetCompatibilityVersion(Microsoft.AspNetCore.Mvc.CompatibilityVersion.Version_2_1); services.Configure <IISOptions>(iis => { iis.AuthenticationDisplayName = "Windows"; iis.AutomaticAuthentication = false; }); services.AddIdentityServer(options => { options.Events.RaiseSuccessEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseErrorEvents = true; options.Events.RaiseInformationEvents = true; options.MutualTls.Enabled = true; options.MutualTls.ClientCertificateAuthenticationScheme = "x509"; }) .AddInMemoryClients(Clients.Get()) //.AddInMemoryClients(_config.GetSection("Clients")) .AddInMemoryIdentityResources(Resources.GetIdentityResources()) .AddInMemoryApiResources(Resources.GetApiResources()) .AddDeveloperSigningCredential() .AddExtensionGrantValidator <Extensions.ExtensionGrantValidator>() .AddExtensionGrantValidator <Extensions.NoSubjectExtensionGrantValidator>() .AddJwtBearerClientAuthentication() .AddAppAuthRedirectUriValidator() .AddTestUsers(TestUsers.Users) .AddMutualTlsSecretValidators(); services.AddExternalIdentityProviders(); services.AddLocalApiAuthentication(); services.AddAuthentication() .AddCertificate("x509", options => { options.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck; options.Events = new CertificateAuthenticationEvents { OnValidateCertificate = context => { context.Principal = Principal.CreateFromCertificate(context.ClientCertificate, includeAllClaims: true); context.Success(); return(Task.CompletedTask); } }; }); return(services.BuildServiceProvider(validateScopes: true)); }
public IServiceProvider ConfigureServices(IServiceCollection services) { services.AddMvc() .SetCompatibilityVersion(Microsoft.AspNetCore.Mvc.CompatibilityVersion.Version_2_1); services.Configure <IISOptions>(iis => { iis.AuthenticationDisplayName = "Windows"; iis.AutomaticAuthentication = false; }); var builder = services.AddIdentityServer(options => { options.Events.RaiseSuccessEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseErrorEvents = true; options.Events.RaiseInformationEvents = true; options.MutualTls.Enabled = true; options.MutualTls.ClientCertificateAuthenticationScheme = "x509"; }) .AddInMemoryClients(Clients.Get()) //.AddInMemoryClients(_config.GetSection("Clients")) .AddInMemoryIdentityResources(Resources.GetIdentityResources()) .AddInMemoryApiResources(Resources.GetApiResources()) .AddDeveloperSigningCredential() .AddExtensionGrantValidator <Extensions.ExtensionGrantValidator>() .AddExtensionGrantValidator <Extensions.NoSubjectExtensionGrantValidator>() .AddJwtBearerClientAuthentication() .AddAppAuthRedirectUriValidator() .AddTestUsers(TestUsers.Users) .AddMutualTlsSecretValidators(); //builder.AddJwtRequestUriHttpClient(client => //{ // client.Timeout = TimeSpan.FromSeconds(30); //}); builder.AddBackChannelLogoutHttpClient(client => { client.Timeout = TimeSpan.FromSeconds(30); }) .AddTransientHttpErrorPolicy(policy => policy.WaitAndRetryAsync(new[] { TimeSpan.FromSeconds(1), TimeSpan.FromSeconds(2), TimeSpan.FromSeconds(3) })); builder.AddJwtRequestUriHttpClient(client => { client.Timeout = TimeSpan.FromSeconds(30); }) .AddTransientHttpErrorPolicy(policy => policy.WaitAndRetryAsync(new[] { TimeSpan.FromSeconds(1), TimeSpan.FromSeconds(2), TimeSpan.FromSeconds(3) })); services.AddExternalIdentityProviders(); services.AddLocalApiAuthentication(principal => { principal.Identities.First().AddClaim(new Claim("additional_claim", "additional_value")); return(Task.FromResult(principal)); }); services.AddAuthentication() .AddCertificate("x509", options => { options.RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck; options.Events = new CertificateAuthenticationEvents { OnValidateCertificate = context => { context.Principal = Principal.CreateFromCertificate(context.ClientCertificate, includeAllClaims: true); context.Success(); return(Task.CompletedTask); } }; }); return(services.BuildServiceProvider(validateScopes: false)); }