/// <summary>
 /// Initializes a new instance of the <see cref="AuthenticationOptions"/> class.
 /// </summary>
 public AuthenticationOptions()
 {
     EnableLocalLogin = true;
     EnableLoginHint = true;
     EnableSignOutPrompt = true;
     EnablePostSignOutAutoRedirect = false;
     PostSignOutAutoRedirectDelay = 0;
     RequireAuthenticatedUserForSignOutMessage = false;
     CookieOptions = new CookieOptions();
     SignInMessageThreshold = Constants.SignInMessageThreshold;
 }
        public static IAppBuilder ConfigureCookieAuthentication(this IAppBuilder app, CookieOptions options, IDataProtector dataProtector)
        {
            if (options == null) throw new ArgumentNullException("options");
            if (dataProtector == null) throw new ArgumentNullException("dataProtector");

            if (options.Prefix.IsPresent())
            {
                options.Prefix += ".";
            }

            var primary = new CookieAuthenticationOptions
            {
                AuthenticationType = Constants.PrimaryAuthenticationType,
                CookieName = options.Prefix + Constants.PrimaryAuthenticationType,
                ExpireTimeSpan = options.ExpireTimeSpan,
                SlidingExpiration = options.SlidingExpiration,
                CookieSecure = GetCookieSecure(options.SecureMode),
                TicketDataFormat = new TicketDataFormat(new DataProtectorAdapter(dataProtector, options.Prefix + Constants.PrimaryAuthenticationType)),
                SessionStore = GetSessionStore(options.SessionStoreProvider),
                Provider = new CookieAuthenticationProvider
                {
                    OnValidateIdentity = async cookieCtx =>
                    {
                        var validator = cookieCtx.OwinContext.Environment.ResolveDependency<IAuthenticationSessionValidator>();
                        var isValid = await validator.IsAuthenticationSessionValidAsync(new ClaimsPrincipal(cookieCtx.Identity));
                        if (isValid == false)
                        {
                            cookieCtx.RejectIdentity();
                        }
                    }
                }
            };
            app.UseCookieAuthentication(primary);

            var external = new CookieAuthenticationOptions
            {
                AuthenticationType = Constants.ExternalAuthenticationType,
                CookieName = options.Prefix + Constants.ExternalAuthenticationType,
                AuthenticationMode = AuthenticationMode.Passive,
                ExpireTimeSpan = Constants.ExternalCookieTimeSpan,
                SlidingExpiration = false,
                CookieSecure = GetCookieSecure(options.SecureMode),
                TicketDataFormat = new TicketDataFormat(new DataProtectorAdapter(dataProtector, options.Prefix + Constants.ExternalAuthenticationType))
            };
            app.UseCookieAuthentication(external);

            var partial = new CookieAuthenticationOptions
            {
                AuthenticationType = Constants.PartialSignInAuthenticationType,
                CookieName = options.Prefix + Constants.PartialSignInAuthenticationType,
                AuthenticationMode = AuthenticationMode.Passive,
                ExpireTimeSpan = options.ExpireTimeSpan,
                SlidingExpiration = options.SlidingExpiration,
                CookieSecure = GetCookieSecure(options.SecureMode),
                TicketDataFormat = new TicketDataFormat(new DataProtectorAdapter(dataProtector, options.Prefix + Constants.PartialSignInAuthenticationType))
            };
            app.UseCookieAuthentication(partial);

            Action<string> setCookiePath = path =>
            {
                if (!String.IsNullOrWhiteSpace(path))
                {
                    primary.CookiePath = external.CookiePath = path;
                    partial.CookiePath = path;
                }
            };
            
            if (String.IsNullOrWhiteSpace(options.Path))
            {
                app.Use(async (ctx, next) =>
                {
                    // we only want this to run once, so assign to null once called 
                    // (and yes, it's possible that many callers hit this at same time, 
                    // but the set is idempotent)
                    if (setCookiePath != null)
                    {
                        setCookiePath(ctx.Request.PathBase.Value);
                        setCookiePath = null;
                    }
                    await next();
                });
            }
            else
            {
                setCookiePath(options.Path);
            }

            return app;
        }
        public static IAppBuilder ConfigureCookieAuthentication(this IAppBuilder app, CookieOptions options, IDataProtector dataProtector)
        {
            if (options == null)
            {
                throw new ArgumentNullException("options");
            }
            if (dataProtector == null)
            {
                throw new ArgumentNullException("dataProtector");
            }

            if (options.Prefix.IsPresent())
            {
                options.Prefix += ".";
            }

            var primary = new CookieAuthenticationOptions
            {
                AuthenticationType = Constants.PrimaryAuthenticationType,
                CookieName         = options.Prefix + Constants.PrimaryAuthenticationType,
                ExpireTimeSpan     = options.ExpireTimeSpan,
                SlidingExpiration  = options.SlidingExpiration,
                CookieSecure       = GetCookieSecure(options.SecureMode),
                CookieSameSite     = GetCookieSameSite(options.SameSiteMode),
                TicketDataFormat   = new TicketDataFormat(new DataProtectorAdapter(dataProtector, options.Prefix + Constants.PrimaryAuthenticationType)),
                SessionStore       = GetSessionStore(options.SessionStoreProvider),
                Provider           = new CookieAuthenticationProvider
                {
                    OnValidateIdentity = async cookieCtx =>
                    {
                        var validator = cookieCtx.OwinContext.Environment.ResolveDependency <IAuthenticationSessionValidator>();
                        var isValid   = await validator.IsAuthenticationSessionValidAsync(new ClaimsPrincipal(cookieCtx.Identity));

                        if (isValid == false)
                        {
                            cookieCtx.RejectIdentity();
                        }
                    }
                }
            };

            app.UseCookieAuthentication(primary);

            var external = new CookieAuthenticationOptions
            {
                AuthenticationType = Constants.ExternalAuthenticationType,
                CookieName         = options.Prefix + Constants.ExternalAuthenticationType,
                AuthenticationMode = AuthenticationMode.Passive,
                ExpireTimeSpan     = Constants.ExternalCookieTimeSpan,
                SlidingExpiration  = false,
                CookieSecure       = GetCookieSecure(options.SecureMode),
                CookieSameSite     = GetCookieSameSite(options.SameSiteMode),
                TicketDataFormat   = new TicketDataFormat(new DataProtectorAdapter(dataProtector, options.Prefix + Constants.ExternalAuthenticationType))
            };

            app.UseCookieAuthentication(external);

            var partial = new CookieAuthenticationOptions
            {
                AuthenticationType = Constants.PartialSignInAuthenticationType,
                CookieName         = options.Prefix + Constants.PartialSignInAuthenticationType,
                AuthenticationMode = AuthenticationMode.Passive,
                ExpireTimeSpan     = options.ExpireTimeSpan,
                SlidingExpiration  = options.SlidingExpiration,
                CookieSecure       = GetCookieSecure(options.SecureMode),
                CookieSameSite     = GetCookieSameSite(options.SameSiteMode),
                TicketDataFormat   = new TicketDataFormat(new DataProtectorAdapter(dataProtector, options.Prefix + Constants.PartialSignInAuthenticationType))
            };

            app.UseCookieAuthentication(partial);

            Action <string> setCookiePath = path =>
            {
                if (!String.IsNullOrWhiteSpace(path))
                {
                    primary.CookiePath = external.CookiePath = path;
                    partial.CookiePath = path;
                }
            };

            if (String.IsNullOrWhiteSpace(options.Path))
            {
                app.Use(async(ctx, next) =>
                {
                    // we only want this to run once, so assign to null once called
                    // (and yes, it's possible that many callers hit this at same time,
                    // but the set is idempotent)
                    if (setCookiePath != null)
                    {
                        setCookiePath(ctx.Request.PathBase.Value);
                        setCookiePath = null;
                    }
                    await next();
                });
            }
            else
            {
                setCookiePath(options.Path);
            }

            return(app);
        }