/// <summary>
/// Extension method for adding the windows authentication service to the pipeline
/// </summary>
/// <param name="app">The app builder.</param>
/// <param name="options">The options class.</param>
/// <returns></returns>
public static IAppBuilder UseWindowsAuthenticationService(this IAppBuilder app, WindowsAuthenticationOptions options)
{
Logger.Info("Starting configuration.");
app.ConfigureBaseUrl(options.PublicOrigin);
if (options.EnableWsFederationEndpoint)
{
Logger.Info("Adding WS-Federation endpoint");
var webApiConfig = new HttpConfiguration();
webApiConfig.MapHttpAttributeRoutes();
webApiConfig.Services.Add(typeof(IExceptionLogger), new LogProviderExceptionLogger());
webApiConfig.Services.Replace(typeof(IHttpControllerTypeResolver), new ControllerResolver());
var builder = new ContainerBuilder();
builder.RegisterInstance(options);
builder.RegisterApiControllers(typeof(AuthenticationController).Assembly);
webApiConfig.DependencyResolver = new AutofacWebApiDependencyResolver(builder.Build());
app.UseWebApi(webApiConfig);
}
if (options.EnableOAuth2Endpoint)
{
Logger.Info("Adding OAuth2 endpoint");
app.Use(async (context, next) =>
{
if (context.Request.Uri.AbsolutePath.EndsWith("/token", StringComparison.OrdinalIgnoreCase))
{
if (context.Authentication.User == null ||
!context.Authentication.User.Identity.IsAuthenticated)
{
context.Response.StatusCode = 401;
return;
}
}
await next();
});
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
Provider = new WindowsAuthenticationTokenProvider(options),
AccessTokenFormat = new JwtFormat(options),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(options.TokenLifeTime)
});
}
SignatureConversions.AddConversions(app);
Logger.Info("Configuration done.");
return app;
}
public static ClaimsIdentity Create(WindowsPrincipal principal, WindowsAuthenticationOptions options)
{
var claims = new List<Claim>();
string sub = null;
if (options.SubjectType == SubjectType.WindowsAccountName)
{
Logger.Debug("Using WindowsAccountName as subject");
sub = principal.Identity.Name;
}
else if (options.SubjectType == SubjectType.Sid)
{
Logger.Debug("Using primary SID as subject");
sub = principal.FindFirst(ClaimTypes.PrimarySid).Value;
}
claims.Add(new Claim("sub", sub));
if (options.EmitWindowsAccountNameAsName)
{
Logger.Debug("Emitting WindowsAccountName as name claim");
claims.Add(new Claim("name", principal.Identity.Name));
}
if (options.EmitGroups)
{
Logger.Debug("Using Windows groups as role claims");
claims.AddRange(CreateGroupClaims(principal));
}
claims.Add(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Windows));
claims.Add(AuthenticationInstantClaim.Now);
return new ClaimsIdentity(claims, "Windows");
}
public AuthenticationController(WindowsAuthenticationOptions options)
{
_options = options;
}
public WindowsAuthenticationTokenProvider(WindowsAuthenticationOptions options)
{
_options = options;
}
public MetadataResponseGenerator(WindowsAuthenticationOptions options)
{
_options = options;
}
public WindowsAuthenticationTokenProvider(WindowsAuthenticationOptions options)
{
_options = options;
}
public JwtFormat(WindowsAuthenticationOptions options)
{
_options = options;
}
public SignInResponseGenerator(WindowsAuthenticationOptions options)
{
_options = options;
}
