public static void MapRebarODataRoute(
this HttpConfiguration config,
string routeName,
string routePrefix,
IEdmModel model,
IEnumerable<Func<DelegatingHandler>> handlers,
string serviceIdentifier = null)
{
if (config == null)
{
throw new ArgumentNullException("config");
}
HttpMessageHandler delegatingHandler;
if (handlers != null)
{
delegatingHandler = HttpClientFactory.CreatePipeline(new HttpControllerDispatcher(config), handlers.Select(x => x()));
}
else
{
delegatingHandler = HttpClientFactory.CreatePipeline(new HttpControllerDispatcher(config), null);
}
DelegatingHandler handler;
var uriBuilder = new UriBuilder();
var disableSecurity = ConfigurationManager.AppSettings[DisableSecuritySetting];
var isSecurityDisabled = !string.IsNullOrWhiteSpace(disableSecurity) && bool.Parse(disableSecurity);
if (uriBuilder.Host.Equals("localhost", StringComparison.OrdinalIgnoreCase) && isSecurityDisabled)
{
handler = new EmptyAuthenticationHandler(delegatingHandler);
}
else
{
var identifier = serviceIdentifier ?? ((NameValueCollection)ConfigurationManager.GetSection("accenture.security.eso.service"))["Services:Identifier"];
var authConfig = new AuthenticationConfiguration { RequireSsl = false, SetPrincipalOnRequestInstance = true };
authConfig.AddMsftJsonWebToken(identifier);
handler = new AuthenticationHandler(authConfig, delegatingHandler);
}
// Create the default odata route using regular conventions
config.MapODataServiceRoute(
routeName: routeName,
routePrefix: routePrefix,
model: model,
pathHandler: new DefaultODataPathHandler(),
routingConventions: ODataRoutingConventions.CreateDefaultWithAttributeRouting(config, model),
defaultHandler: handler);
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
var authentication = new AuthenticationConfiguration
{
ClaimsAuthenticationManager = new ClaimsTransformer(),
RequireSsl = false,
EnableSessionToken = true
};
#region Basic Authentication
authentication.AddBasicAuthentication(UserCredentials.Validate);
#endregion
#region IdentityServer JWT
//authentication.AddJsonWebToken(
// issuer: Constants.IdSrv.IssuerUri,
// audience: Constants.Audience,
// signingKey: Constants.IdSrv.SigningKey);
authentication.AddMsftJsonWebToken(
issuer: Constants.IdSrv.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.IdSrv.SigningKey);
#endregion
#region Access Control Service JWT
authentication.AddJsonWebToken(
issuer: Constants.ACS.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.ACS.SigningKey,
scheme: Constants.ACS.Scheme);
#endregion
#region IdentityServer SAML
authentication.AddSaml2(
issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
issuerName: Constants.IdSrv.IssuerUri,
audienceUri: Constants.Realm,
certificateValidator: X509CertificateValidator.None,
options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme),
scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme));
#endregion
#region Client Certificates
authentication.AddClientCertificate(ClientCertificateMode.ChainValidation);
#endregion
return authentication;
}
public static void Register(HttpConfiguration config)
{
var idsvrId = "http://idsrv.local/trust";
var cert = X509.LocalMachine.TrustedPeople.SubjectDistinguishedName.Find("CN=sts", false).Single();
{
var authConfig = new AuthenticationConfiguration();
authConfig.AddMsftJsonWebToken(
idsvrId,
"http://localhost/rp-adfs-webapi1",
cert);
var authHandler = new AuthenticationHandler(authConfig, config);
config.Routes.MapHttpRoute(
name: "test1",
routeTemplate: "api/test1",
defaults: new { controller = "Test1" },
constraints: null,
handler: authHandler
);
}
{
var authConfig = new AuthenticationConfiguration();
authConfig.AddMsftJsonWebToken(
idsvrId,
"http://localhost/rp-adfs-webapi2",
cert);
var authHandler = new AuthenticationHandler(authConfig, config);
config.Routes.MapHttpRoute(
name: "test2",
routeTemplate: "api/test2",
defaults: new { controller="Test2" },
constraints: null,
handler: authHandler
);
}
}
