public RemoteSignOutContext( HttpContext context, OpenIdConnectOptions options, OpenIdConnectMessage message) : base(context, options) { ProtocolMessage = message; }
public BaseOpenIdConnectContext(HttpContext context, OpenIdConnectOptions options) : base(context) { if (options == null) { throw new ArgumentNullException(nameof(options)); } Options = options; }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseBrowserLink(); } else { app.UseExceptionHandler("/Home/Error"); } app.UseStaticFiles(); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookies", AutomaticAuthenticate = true }); var oidcOptions = new OpenIdConnectOptions { AuthenticationScheme = "oidc", SignInScheme = "Cookies", Authority = "http://localhost:47627", RequireHttpsMetadata = false, PostLogoutRedirectUri = "http://localhost:47834/", ClientId = "gabmileagemvc", ClientSecret = "diVeTryCOner", ResponseType = "code id_token", GetClaimsFromUserInfoEndpoint = true, SaveTokens = true }; oidcOptions.Scope.Clear(); oidcOptions.Scope.Add("openid"); oidcOptions.Scope.Add("profile"); oidcOptions.Scope.Add("gabMileageApi"); app.UseOpenIdConnectAuthentication(oidcOptions); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); }
/// <summary> /// Adds the <see cref="OpenIdConnectMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OpenID Connect authentication capabilities. /// </summary> /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param> /// <param name="options">A <see cref="OpenIdConnectOptions"/> that specifies options for the middleware.</param> /// <returns>A reference to this instance after the operation has completed.</returns> public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, OpenIdConnectOptions options) { if (app == null) { throw new ArgumentNullException(nameof(app)); } if (options == null) { throw new ArgumentNullException(nameof(options)); } return app.UseMiddleware<OpenIdConnectMiddleware>(Options.Create(options)); }
public static IApplicationBuilder UseWingTipOpenIdConnectAuthentication( this IApplicationBuilder applicationBuilder, OpenIdConnectOptions options) { if (applicationBuilder == null) { throw new ArgumentNullException(nameof(applicationBuilder)); } if (options == null) { throw new ArgumentNullException(nameof(options)); } return(applicationBuilder.UseMiddleware <WingTipOpenIdConnectMiddleware>(Options.Create(options))); }
/// <summary> /// Creates a <see cref="AuthorizationCodeReceivedContext"/> /// </summary> public AuthorizationCodeReceivedContext(HttpContext context, OpenIdConnectOptions options) : base(context, options) { }
public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(minLevel: LogLevel.Warning); app.UseStatusCodePagesWithRedirects("~/Home/StatusCodePage"); // Display custom error page in production when error occurs // During development use the ErrorPage middleware to display error information in the browser app.UseDeveloperExceptionPage(); app.UseDatabaseErrorPage(); // Add the runtime information page that can be used by developers // to see what packages are used by the application // default path is: /runtimeinfo app.UseRuntimeInfoPage(); // Configure Session. app.UseSession(); // Add static files to the request pipeline app.UseStaticFiles(); // Add cookie-based authentication to the request pipeline app.UseIdentity(); // Create an Azure Active directory application and copy paste the following var options = new OpenIdConnectOptions { Authority = "https://login.windows.net/[tenantName].onmicrosoft.com", ClientId = "c99497aa-3ee2-4707-b8a8-c33f51323fef", BackchannelHttpHandler = new OpenIdConnectBackChannelHttpHandler(), StringDataFormat = new CustomStringDataFormat(), StateDataFormat = new CustomStateDataFormat(), UseTokenLifetime = false, Events = new OpenIdConnectEvents { OnMessageReceived = TestOpenIdConnectEvents.MessageReceived, OnAuthorizationCodeReceived = TestOpenIdConnectEvents.AuthorizationCodeReceived, OnRedirectToIdentityProvider = TestOpenIdConnectEvents.RedirectToIdentityProvider, OnTokenValidated = TestOpenIdConnectEvents.TokenValidated, } }; options.TokenValidationParameters.ValidateLifetime = false; options.ProtocolValidator.RequireNonce = true; options.ProtocolValidator.NonceLifetime = TimeSpan.FromDays(36500); app.UseOpenIdConnectAuthentication(options); // Add MVC to the request pipeline app.UseMvc(routes => { routes.MapRoute( name: "areaRoute", template: "{area:exists}/{controller}/{action}", defaults: new { action = "Index" }); routes.MapRoute( name: "default", template: "{controller}/{action}/{id?}", defaults: new { controller = "Home", action = "Index" }); routes.MapRoute( name: "api", template: "{controller}/{id?}"); }); //Populates the MusicStore sample data SampleData.InitializeMusicStoreDatabaseAsync(app.ApplicationServices).Wait(); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IOptions<FranceConnectConfiguration> opts) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); if (env.IsDevelopment()) { app.UseBrowserLink(); app.UseDeveloperExceptionPage(); app.UseDatabaseErrorPage(); } else { app.UseExceptionHandler("/Home/Error"); } app.UseRequestLocalization(new RequestLocalizationOptions { DefaultRequestCulture = new RequestCulture("fr-FR") }); app.UseStaticFiles(); app.UseIdentity(); // To configure external authentication please see http://go.microsoft.com/fwlink/?LinkID=532715 var franceConnectOptions = new OpenIdConnectOptions(); franceConnectOptions.AuthenticationScheme = Scheme.FranceConnect; franceConnectOptions.DisplayName = "FranceConnect"; franceConnectOptions.ClientId = opts.Value.ClientId; franceConnectOptions.ClientSecret = opts.Value.ClientSecret; franceConnectOptions.Authority = opts.Value.Issuer; franceConnectOptions.ResponseType = OpenIdConnectResponseType.Code; franceConnectOptions.Scope.Clear(); franceConnectOptions.Scope.Add("openid"); franceConnectOptions.Scope.Add("profile"); franceConnectOptions.Scope.Add("birth"); franceConnectOptions.Scope.Add("email"); franceConnectOptions.GetClaimsFromUserInfoEndpoint = true; franceConnectOptions.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(opts.Value.ClientSecret)); franceConnectOptions.Configuration = new OpenIdConnectConfiguration { Issuer = opts.Value.Issuer, AuthorizationEndpoint = opts.Value.AuthorizationEndpoint + "?acr_values=" + opts.Value.EIdas, TokenEndpoint = opts.Value.TokenEndpoint, UserInfoEndpoint = opts.Value.UserInfoEndpoint, EndSessionEndpoint = opts.Value.EndSessionEndpoint }; app.UseOpenIdConnectAuthentication(franceConnectOptions); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); }
public UserInformationReceivedContext(HttpContext context, OpenIdConnectOptions options) : base(context, options) { }
/// <summary> /// Creates a <see cref="TokenResponseReceivedContext"/> /// </summary> public TokenResponseReceivedContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties) : base(context, options) { Properties = properties; }
private static void DefaultChallengeOptions(OpenIdConnectOptions options) { options.AuthenticationScheme = "OpenIdConnectHandlerTest"; options.AutomaticChallenge = true; options.ClientId = Guid.NewGuid().ToString(); options.ConfigurationManager = TestUtilities.DefaultOpenIdConnectConfigurationManager; options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue(); }
public MessageReceivedContext(HttpContext context, OpenIdConnectOptions options) : base(context, options) { }
/// <summary> /// Creates a <see cref="TokenValidatedContext"/> /// </summary> public TokenValidatedContext(HttpContext context, OpenIdConnectOptions options) : base(context, options) { }
private static void GenerateCorrelationId(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties) { if (properties == null) { throw new ArgumentNullException(nameof(properties)); } var bytes = new byte[32]; CryptoRandom.GetBytes(bytes); var correlationId = Base64UrlTextEncoder.Encode(bytes); var cookieOptions = new CookieOptions { HttpOnly = true, Secure = context.Request.IsHttps, Expires = DateTimeOffset.UtcNow + options.ProtocolValidator.NonceLifetime }; properties.Items[CorrelationProperty] = correlationId; var cookieName = CookieStatePrefix + OpenIdConnectDefaults.AuthenticationScheme + "." + correlationId; context.Response.Cookies.Append(cookieName, NonceProperty, cookieOptions); }
private static OpenIdConnectOptions GetProtocolMessageOptions() { var options = new OpenIdConnectOptions(); var fakeOpenIdRequestMessage = new FakeOpenIdConnectMessage(ExpectedAuthorizeRequest, ExpectedLogoutRequest); options.AutomaticChallenge = true; options.Events = new OpenIdConnectEvents() { OnRedirectToIdentityProvider = (context) => { context.ProtocolMessage = fakeOpenIdRequestMessage; return Task.FromResult(0); }, OnRedirectToIdentityProviderForSignOut = (context) => { context.ProtocolMessage = fakeOpenIdRequestMessage; return Task.FromResult(0); } }; options.ClientId = "Test Id"; options.Configuration = TestUtilities.DefaultOpenIdConnectConfiguration; return options; }
private OpenIdConnectOptions GetOptions(List<string> parameters, ExpectedQueryValues queryValues, ISecureDataFormat<AuthenticationProperties> secureDataFormat = null) { var options = new OpenIdConnectOptions(); foreach (var param in parameters) { if (param.Equals(OpenIdConnectParameterNames.ClientId)) options.ClientId = queryValues.ClientId; else if (param.Equals(OpenIdConnectParameterNames.Resource)) options.Resource = queryValues.Resource; else if (param.Equals(OpenIdConnectParameterNames.Scope)) { options.Scope.Clear(); foreach (var scope in queryValues.Scope.Split(' ')) { options.Scope.Add(scope); } } } options.Authority = queryValues.Authority; options.Configuration = queryValues.Configuration; options.StateDataFormat = secureDataFormat ?? new AuthenticationPropertiesFormaterKeyValue(); return options; }
public static IApplicationBuilder UseSocialAuth( this IApplicationBuilder app, SiteContext site, CookieAuthenticationOptions externalCookieOptions, bool shouldUseFolder, bool sslIsAvailable = true ) { // TODO: will this require a restart if the options are updated in the ui? // no just need to clear the tenant cache after updating the settings if (!string.IsNullOrWhiteSpace(site.GoogleClientId)) { var googleOptions = new GoogleOptions(); googleOptions.AuthenticationScheme = "Google"; googleOptions.SignInScheme = externalCookieOptions.AuthenticationScheme; googleOptions.ClientId = site.GoogleClientId; googleOptions.ClientSecret = site.GoogleClientSecret; if (shouldUseFolder) { googleOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-google"; } app.UseGoogleAuthentication(googleOptions); } if (!string.IsNullOrWhiteSpace(site.FacebookAppId)) { var facebookOptions = new FacebookOptions(); facebookOptions.AuthenticationScheme = "Facebook"; facebookOptions.SignInScheme = externalCookieOptions.AuthenticationScheme; facebookOptions.AppId = site.FacebookAppId; facebookOptions.AppSecret = site.FacebookAppSecret; if (shouldUseFolder) { facebookOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-facebook"; } app.UseFacebookAuthentication(facebookOptions); } if (!string.IsNullOrWhiteSpace(site.MicrosoftClientId)) { var microsoftOptions = new MicrosoftAccountOptions(); microsoftOptions.SignInScheme = externalCookieOptions.AuthenticationScheme; microsoftOptions.ClientId = site.MicrosoftClientId; microsoftOptions.ClientSecret = site.MicrosoftClientSecret; if (shouldUseFolder) { microsoftOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-microsoft"; } app.UseMicrosoftAccountAuthentication(microsoftOptions); } if (!string.IsNullOrWhiteSpace(site.TwitterConsumerKey)) { var twitterOptions = new TwitterOptions(); twitterOptions.SignInScheme = externalCookieOptions.AuthenticationScheme; twitterOptions.ConsumerKey = site.TwitterConsumerKey; twitterOptions.ConsumerSecret = site.TwitterConsumerSecret; if (shouldUseFolder) { twitterOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-twitter"; } app.UseTwitterAuthentication(twitterOptions); } if (!string.IsNullOrWhiteSpace(site.OidConnectAuthority) && !string.IsNullOrWhiteSpace(site.OidConnectAppId) // && !string.IsNullOrWhiteSpace(site.OidConnectAppSecret) ) { var displayName = "ExternalOIDC"; if (!string.IsNullOrWhiteSpace(site.OidConnectDisplayName)) { displayName = site.OidConnectDisplayName; } var oidOptions = new OpenIdConnectOptions(); oidOptions.AuthenticationScheme = "ExternalOIDC"; oidOptions.SignInScheme = externalCookieOptions.AuthenticationScheme; oidOptions.Authority = site.OidConnectAuthority; oidOptions.ClientId = site.OidConnectAppId; oidOptions.ClientSecret = site.OidConnectAppSecret; oidOptions.GetClaimsFromUserInfoEndpoint = true; oidOptions.ResponseType = OpenIdConnectResponseType.CodeIdToken; oidOptions.RequireHttpsMetadata = sslIsAvailable; oidOptions.SaveTokens = true; oidOptions.DisplayName = displayName; if (shouldUseFolder) { oidOptions.CallbackPath = "/" + site.SiteFolderName + "/signin-oidc"; oidOptions.SignedOutCallbackPath = "/" + site.SiteFolderName + "/signout-callback-oidc"; oidOptions.RemoteSignOutPath = "/" + site.SiteFolderName + "/signout-oidc"; } //oidOptions.Events = new OpenIdConnectEvents() //{ // OnAuthenticationFailed = c => // { // c.HandleResponse(); // c.Response.StatusCode = 500; // c.Response.ContentType = "text/plain"; // return c.Response.WriteAsync("An error occurred processing your authentication."); // } //}; app.UseOpenIdConnectAuthentication(oidOptions); } return(app); }
private static TestServer CreateServer(OpenIdConnectOptions options, Func<HttpContext, Task> handler = null, AuthenticationProperties properties = null) { var builder = new WebHostBuilder() .Configure(app => { app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = CookieAuthenticationDefaults.AuthenticationScheme }); app.UseOpenIdConnectAuthentication(options); app.Use(async (context, next) => { var req = context.Request; var res = context.Response; if (req.Path == new PathString(Challenge)) { await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme); } else if (req.Path == new PathString(ChallengeWithProperties)) { await context.Authentication.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, properties); } else if (req.Path == new PathString(ChallengeWithOutContext)) { res.StatusCode = 401; } else if (req.Path == new PathString(Signin)) { // REVIEW: this used to just be res.SignIn() await context.Authentication.SignInAsync(OpenIdConnectDefaults.AuthenticationScheme, new ClaimsPrincipal()); } else if (req.Path == new PathString(Signout)) { await context.Authentication.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme); } else if (req.Path == new PathString("/signout_with_specific_redirect_uri")) { await context.Authentication.SignOutAsync( OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties() { RedirectUri = "http://www.example.com/specific_redirect_uri" }); } else if (handler != null) { await handler(context); } else { await next(); } }); }) .ConfigureServices(services => { services.AddAuthentication(); services.Configure<SharedAuthenticationOptions>(authOptions => { authOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; }); }); return new TestServer(builder); }
public RedirectContext(HttpContext context, OpenIdConnectOptions options, AuthenticationProperties properties) : base(context, options) { Properties = properties; }
public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, OpenIdConnectOptions options) { throw new NotSupportedException("This method is no longer supported, see https://go.microsoft.com/fwlink/?linkid=845470"); }
public AuthenticationFailedContext(HttpContext context, OpenIdConnectOptions options) : base(context, options) { }