private static CookieAuthenticationOptions GetCookieOptions(CloudFoundryOptions options)
{
var cookieOptions = new CookieAuthenticationOptions()
{
AuthenticationScheme = CloudFoundryOptions.AUTHENTICATION_SCHEME,
AutomaticAuthenticate = true,
AutomaticChallenge = false,
CookieName = CloudFoundryOptions.AUTHENTICATION_SCHEME
};
if (options.AccessDeniedPath != null)
{
cookieOptions.AccessDeniedPath = options.AccessDeniedPath;
}
if (options.TokenValidator != null)
{
cookieOptions.Events = new CookieAuthenticationEvents()
{
OnValidatePrincipal = options.TokenValidator.ValidateCookieAsync
};
}
return(cookieOptions);
}
public CloudFoundryTokenValidator(CloudFoundryOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
Options = options;
}
public CloudFoundryTokenKeyResolver(CloudFoundryOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
Options = options;
Resolved = new Dictionary <string, SecurityKey>();
}
public static IApplicationBuilder UseCloudFoundryAuthentication(this IApplicationBuilder builder)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
CloudFoundryOptions options = UpdateCloudFoundryOptions(builder, new CloudFoundryOptions());
options.TokenValidationParameters = GetTokenValidationParameters(options);
var cookieOptions = GetCookieOptions(options);
builder.UseCookieAuthentication(cookieOptions);
return(builder.UseMiddleware <CloudFoundryMiddleware>(Options.Create(options)));
}
private static JwtBearerOptions GetJwtBearerOptions(CloudFoundryOptions options)
{
if (options.JwtBearerOptions != null)
{
return(options.JwtBearerOptions);
}
var tokenParameters = GetTokenValidationParameters(options);
tokenParameters.ValidateAudience = false;
tokenParameters.AudienceValidator = null;
var bearerOpts = new JwtBearerOptions()
{
ClaimsIssuer = options.ClaimsIssuer,
TokenValidationParameters = tokenParameters,
Events = new CloudFoundryJwtBearerEvents()
};
return(bearerOpts);
}
private static TokenValidationParameters GetTokenValidationParameters(CloudFoundryOptions options)
{
if (options.TokenValidationParameters != null)
{
return(options.TokenValidationParameters);
}
var parameters = new TokenValidationParameters();
options.TokenKeyResolver = new CloudFoundryTokenKeyResolver(options);
options.TokenValidator = new CloudFoundryTokenValidator(options);
parameters.ValidateAudience = true;
parameters.ValidateIssuer = true;
parameters.ValidateLifetime = true;
parameters.IssuerSigningKeyResolver = options.TokenKeyResolver.ResolveSigningKey;
parameters.IssuerValidator = options.TokenValidator.ValidateIssuer;
parameters.AudienceValidator = options.TokenValidator.ValidateAudience;
return(parameters);
}
public static IApplicationBuilder UseCloudFoundryJwtAuthentication(this IApplicationBuilder builder, CloudFoundryOptions options)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
options = UpdateCloudFoundryOptions(builder, options);
var bearerOpts = GetJwtBearerOptions(options);
return(builder.UseJwtBearerAuthentication(bearerOpts));
}
private static CloudFoundryOptions UpdateCloudFoundryOptions(IApplicationBuilder builder, CloudFoundryOptions cloudOpts)
{
var iopts = builder.ApplicationServices.GetService(typeof(IOptions <OAuthServiceOptions>)) as IOptions <OAuthServiceOptions>;
var signonOpts = iopts?.Value;
cloudOpts.UpdateOptions(signonOpts);
cloudOpts.BackchannelHttpHandler = cloudOpts.GetBackChannelHandler();
return(cloudOpts);
}