private static AuthenticationHandler GetDefaultAuthenticationHandler()
        {
            var authConfig = new AuthenticationConfiguration();

            #region Basic Authentication
            authConfig.AddBasicAuthentication((userName, password) => { return userName == password; });
            #endregion

            //#region SWT
            //authConfig.Handler.AddSimpleWebToken(
            //    "SWT", 
            //    Constants.Issuer,
            //    Constants.Realm,
            //    "Dc9Mpi3jbooUpBQpB/4R7XtUsa3D/ALSjTVvK8IUZbg=");
            //#endregion

            #region SAML2 tokens
            var registry = new ConfigurationBasedIssuerNameRegistry();
            registry.AddTrustedIssuer("D263DDCF598E716F0037380796A4A62DF017ADB8", "TEST");

            var saml2Config = new SecurityTokenHandlerConfiguration();
            saml2Config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://test"));
            saml2Config.IssuerNameRegistry = registry;
            saml2Config.CertificateValidator = X509CertificateValidator.None;

            authConfig.AddSaml2(saml2Config, AuthenticationOptions.ForAuthorizationHeader("Saml2"));
            #endregion

            var authHandler = new AuthenticationHandler(authConfig);
            return authHandler;
        }
        public static void AddSaml2(this AuthenticationConfiguration configuration, string issuerThumbprint, string issuerName, string audienceUri, X509CertificateValidator certificateValidator, AuthenticationOptions options, AuthenticationScheme scheme)
        {
            var registry = new ConfigurationBasedIssuerNameRegistry();
            registry.AddTrustedIssuer(issuerThumbprint, issuerName);

            var handlerConfig = new SecurityTokenHandlerConfiguration();
            handlerConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUri));
            handlerConfig.IssuerNameRegistry = registry;
            handlerConfig.CertificateValidator = certificateValidator;

            configuration.AddSaml2(handlerConfig, options, scheme);
        }
        private static AuthenticationConfiguration CreateAuthenticationConfiguration()
        {
            var authentication = new AuthenticationConfiguration 
            {
                ClaimsAuthenticationManager = new ClaimsTransformer(),
                RequireSsl = false,
                EnableSessionToken = true
            };

            #region Basic Authentication
            authentication.AddBasicAuthentication(UserCredentials.Validate);
            #endregion

            #region IdentityServer JWT
            //authentication.AddJsonWebToken(
            //    issuer: Constants.IdSrv.IssuerUri,
            //    audience: Constants.Audience,
            //    signingKey: Constants.IdSrv.SigningKey);

            authentication.AddMsftJsonWebToken(
                issuer: Constants.IdSrv.IssuerUri,
                audience: Constants.Audience,
                signingKey: Constants.IdSrv.SigningKey);
            #endregion

            #region Access Control Service JWT
            authentication.AddJsonWebToken(
                issuer: Constants.ACS.IssuerUri,
                audience: Constants.Audience,
                signingKey: Constants.ACS.SigningKey,
                scheme: Constants.ACS.Scheme);
            #endregion

            #region IdentityServer SAML
            authentication.AddSaml2(
                issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
                issuerName: Constants.IdSrv.IssuerUri,
                audienceUri: Constants.Realm,
                certificateValidator: X509CertificateValidator.None,
                options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme),
                scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme));
            #endregion

            #region Client Certificates
            authentication.AddClientCertificate(ClientCertificateMode.ChainValidation);
            #endregion

            return authentication;
        }
        private static AuthenticationConfiguration CreateAuthenticationConfiguration()
        {
            var authentication = new AuthenticationConfiguration 
            {
                ClaimsAuthenticationManager = new ClaimsTransformer(),
                RequireSsl = false,
                EnableSessionToken = true
            };

            #region Basic Authentication
            authentication.AddBasicAuthentication((username, password) 
                => UserCredentials.Validate(username, password));
            #endregion

            #region IdentityServer JWT
            authentication.AddJsonWebToken(
                Constants.IdSrv.IssuerUri,
                Constants.Audience,
                Constants.IdSrv.SigningKey);
            #endregion

            #region Access Control Service JWT
            authentication.AddJsonWebToken(
                Constants.ACS.IssuerUri,
                Constants.Audience,
                Constants.ACS.SigningKey,
                AuthenticationOptions.ForAuthorizationHeader(Constants.ACS.Scheme));
            #endregion

            #region #IdentityServer SAML
            authentication.AddSaml2(
                issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
                issuerName: Constants.IdSrv.IssuerUri,
                audienceUri: Constants.Realm,
                certificateValidator: X509CertificateValidator.None,
                options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme));
            #endregion

            return authentication;
        }
        public static AuthenticationConfiguration CreateConfiguration()
        {
            var config = new AuthenticationConfiguration
            {
                DefaultAuthenticationScheme = "Basic",
                EnableSessionToken = true
            };

            #region BasicAuthentication
            config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
            #endregion

            #region SimpleWebToken
            config.AddSimpleWebToken(
                issuer: "http://identity.thinktecture.com/trust",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
            #endregion

            #region JsonWebToken
            config.AddJsonWebToken(
                issuer: "http://selfissued.test",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
            #endregion

            #region IdentityServer SAML
            var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
            idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");

            var idsrvConfig = new SecurityTokenHandlerConfiguration();
            idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            idsrvConfig.IssuerNameRegistry = idsrvRegistry;
            idsrvConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
            #endregion

            #region ADFS SAML
            var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
            adfsRegistry.AddTrustedIssuer("8EC7F962CC083FF7C5997D8A4D5ED64B12E4C174", "ADFS");
            adfsRegistry.AddTrustedIssuer("b6 93 46 34 7f 70 a9 c3 72 02 18 ae f1 82 2a 5c 97 b1 8c a5", "PETS ADFS");

            var adfsConfig = new SecurityTokenHandlerConfiguration();
            adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            adfsConfig.IssuerNameRegistry = adfsRegistry;
            adfsConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
            #endregion

            #region ACS SWT
            config.AddSimpleWebToken(
                issuer: "https://" + Constants.ACS + "/",
                audience: Constants.Realm,
                signingKey: Constants.AcsSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
            #endregion

            #region AccessKey
            config.AddAccessKey(token =>
            {
                if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
                {
                    return Principal.Create("Custom",
                        new Claim("customerid", "123"),
                        new Claim("email", "*****@*****.**"));
                }

                return null;
            }, AuthenticationOptions.ForQueryString("key"));
            #endregion

            #region Client Certificate
            config.AddClientCertificate(
                ClientCertificateMode.ChainValidationWithIssuerSubjectName, 
                "CN=PortableCA");
            #endregion

            return config;
        }
        public static AuthenticationConfiguration CreateConfiguration()
        {
            var config = new AuthenticationConfiguration
            {
                DefaultAuthenticationScheme = "Basic",
                EnableSessionToken = true
            };

            #region BasicAuthentication
            config.AddBasicAuthentication((userName, password) => userName == password);
            #endregion

            #region SimpleWebToken
            config.AddSimpleWebToken(
                issuer: Constants.IdSrvIssuerName,
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
            #endregion

            #region JsonWebToken
            config.AddJsonWebToken(
                issuer: "http://selfissued.test",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
            #endregion

            #region IdentityServer SAML
            var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
            idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv");

            var idsrvConfig = new SecurityTokenHandlerConfiguration();
            idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            idsrvConfig.IssuerNameRegistry = idsrvRegistry;
            idsrvConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
            #endregion

            #region ADFS SAML
            var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
            adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS");

            var adfsConfig = new SecurityTokenHandlerConfiguration();
            adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            adfsConfig.IssuerNameRegistry = adfsRegistry;
            adfsConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
            #endregion

            #region ACS SWT
            config.AddSimpleWebToken(
                issuer: "https://" + Constants.ACS + "/",
                audience: Constants.Realm,
                signingKey: Constants.AcsSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
            #endregion

            #region AccessKey
            config.AddAccessKey(token =>
            {
                if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
                {
                    return Principal.Create("Custom",
                        new Claim("customerid", "123"),
                        new Claim("email", "*****@*****.**"));
                }

                return null;
            }, AuthenticationOptions.ForQueryString("key"));
            #endregion

            return config;
        }
Ejemplo n.º 7
0
        public static void AddSaml2(this AuthenticationConfiguration configuration, string issuerThumbprint, string issuerName, string audienceUri, X509CertificateValidator certificateValidator, AuthenticationOptions options, AuthenticationScheme scheme)
        {
            var handlerConfig = CreateSaml2SecurityTokenHandlerConfiguration(issuerThumbprint, issuerName, audienceUri, certificateValidator);

            configuration.AddSaml2(handlerConfig, options, scheme);
        }
Ejemplo n.º 8
0
        public static void Register(HttpConfiguration config)
        {
            var authConfig = new AuthenticationConfiguration
            {
                RequireSsl = false,
                ClaimsAuthenticationManager = new ClaimsTransformer(),
                EnableSessionToken = true,
                //SessionToken = new SessionTokenConfiguration()
                //               {
                //                   EndpointAddress = "apiArea/fuel/token"
                //               }
            };
            var registry = new ConfigurationBasedIssuerNameRegistry();
            registry.AddTrustedIssuer(System.Configuration.ConfigurationManager.AppSettings["SigningThumbPrint"], System.Configuration.ConfigurationManager.AppSettings["IssuerURI"]);
            var handlerConfig = new SecurityTokenHandlerConfiguration();
            handlerConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(System.Configuration.ConfigurationManager.AppSettings["AudianceUri"]));
            handlerConfig.IssuerNameRegistry = registry;
            handlerConfig.CertificateValidator = X509CertificateValidator.None;
            handlerConfig.ServiceTokenResolver = new X509CertificateStoreTokenResolver(StoreName.My, StoreLocation.LocalMachine);
            authConfig.AddSaml2(handlerConfig, AuthenticationOptions.ForAuthorizationHeader("SAML"), AuthenticationScheme.SchemeOnly("SAML"));

            config.MessageHandlers.Add(new AuthenticationHandler(authConfig));

            config.Routes.MapHttpRoute(
               name: "DefaultApi",
               routeTemplate: "api/{controller}/{id}",
               defaults: new
               {
                   id = RouteParameter.Optional
               }
               );

            config.Routes.MapHttpRoute(
                name: "OffhirePricingValueRoute",
                routeTemplate: "apiArea/{area}/OffhirePricingValue/",
                defaults: new
                {
                    controller = "OffhirePricingValue"
                }
            );

            //{startDateTime:datetime:regex(\d{4}\d{2}\d{2} \d{2}\d{2}\d{2})}

            //{startDateTime:datetime:regex(\\d{4}\\d{2}\\d{2}\\d{2}\\d{2}\\d{2})}

            //     [Route("date/{pubdate:datetime:regex(\\d{4}-\\d{2}-\\d{2})}")]
            //[Route("date/{*pubdate:datetime:regex(\\d{4}/\\d{2}/\\d{2})}")]

            config.Routes.MapHttpRoute(
                name: "OffhireManagementSystemPreparedDataRoute",
                routeTemplate: "apiArea/{area}/OffhireManagementSystem/{referenceNumber}/PreparedData/{introducerId}",
                defaults: new
                {
                    controller = "OffhireManagementSystemPreparedData"
                }
            );

            config.Routes.MapHttpRoute(
                name: "OffhireManagementSystemRoute",
                routeTemplate: "apiArea/{area}/OffhireManagementSystem/{referenceNumber}",
                defaults: new
                {
                    controller = "OffhireManagementSystem",
                    referenceNumber = RouteParameter.Optional
                }
            );

            config.Routes.MapHttpRoute(
                name: "OffhireDetailRoute",
                routeTemplate: "apiArea/{area}/Offhire/{id}/Detail/{detailId}",
                defaults: new
                {
                    controller = "OffhireDetail",
                    detailId = RouteParameter.Optional
                }
            );

            config.Routes.MapHttpRoute(
                name: "OffhireRoute",
                routeTemplate: "apiArea/{area}/Offhire/{id}",
                defaults: new
                {
                    controller = "Offhire",
                    vesselId = RouteParameter.Optional
                }
            );

            config.Routes.MapHttpRoute(
                name: "CompanyOwnedVesselRoute",
                routeTemplate: "apiArea/{area}/Company/{id}/OwnedVessel/{vesselId}",
                defaults: new
                {
                    controller = "CompanyOwnedVessel",
                    vesselId = RouteParameter.Optional
                }
            );

            config.Routes.MapHttpRoute(
               name: "ScrapInventoryOperationRoute",
               routeTemplate: "apiArea/{area}/Scrap/{id}/InventoryOperation/{operationId}",
               defaults: new
               {
                   controller = "ScrapInventoryOperation",
                   operationId = RouteParameter.Optional
               }
            );

            config.Routes.MapHttpRoute(
                name: "ScrapDetailRoute",
                routeTemplate: "apiArea/{area}/Scrap/{id}/Detail/{detailId}",
                defaults: new
                {
                    controller = "ScrapDetail",
                    detailId = RouteParameter.Optional
                }
            );

            config.Routes.MapHttpRoute(
                name: "ScrapRoute",
                routeTemplate: "apiArea/{area}/Scrap/{id}",
                defaults: new
                {
                    controller = "Scrap",
                    id = RouteParameter.Optional
                }
            );

            config.Routes.MapHttpRoute(
               name: "VoyageLogRoute",
               routeTemplate: "apiArea/{area}/Voyage/{voyageId}/Log/",
               defaults: new
               {
                   controller = "VoyageLog",
               }
            );

            config.Routes.MapHttpRoute(
               name: "VoyageRoute",
               routeTemplate: "apiArea/{area}/Voyage/{id}",
               defaults: new
               {
                   controller = "Voyage",
                   id = RouteParameter.Optional
               }
            );

            config.Routes.MapHttpRoute(
               name: "FuelReportInventoryResultRoute",
               routeTemplate: "apiArea/{area}/FuelReport/{id}/InventoryResult/",
               defaults: new
               {
                   controller = "FuelReportInventoryResult",
               }
            );

            config.Routes.MapHttpRoute(
               name: "FuelReportDetailInventoryOperationRoute",
               routeTemplate: "apiArea/{area}/FuelReport/{id}/Detail/{detailId}/InventoryOperation/{operationId}",
               defaults: new
               {
                   controller = "FuelReportDetailInventoryOperation",
                   operationId = RouteParameter.Optional
               }
            );

            config.Routes.MapHttpRoute(
                name: "FuelReportDetailRoute",
                routeTemplate: "apiArea/{area}/FuelReport/{id}/Detail/{detailId}",
                defaults: new
                {
                    controller = "FuelReportDetail",
                    detailId = RouteParameter.Optional
                }
            );

            config.Routes.MapHttpRoute(
                name: "OrderItemRoute",
                routeTemplate: "apiArea/{area}/Order/{id}/OrderItem/{orderItemId}",
                defaults: new
                {
                    controller = "OrderItem",
                    orderItemId = RouteParameter.Optional
                }
            );

            config.Routes.MapHttpRoute(
                name: "InvoiceItemRoute",
                routeTemplate: "apiArea/{area}/Invoice/{id}/InvoiceItem/{invoiceItemId}",
                defaults: new
                {
                    controller = "InvoiceItem",
                    invoiceItemId = RouteParameter.Optional
                }
            );

            config.Routes.MapHttpRoute(
                name: "MainUnitValue",
                routeTemplate: "apiArea/{area}/MainUnit/{goodId}/{goodUnitId}/{value}",
                defaults: new
                {
                    controller = "OrderItem",
                });

            config.Routes.MapHttpRoute(
                name: "CharterItemRoute",
                routeTemplate: "apiArea/{area}/Charter/{id}/CharterItem/{charterItemId}",
                defaults: new
                {
                    controller = "CharterItem",
                    charterItemId = RouteParameter.Optional
                }
                );

            config.Routes.MapHttpRoute(
                name: "Default_apiArea",
                routeTemplate: "apiArea/{area}/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional }
            );

            config.Routes.MapHttpRoute(
                      name: "apiAreaWithAction",
                      routeTemplate: "apiArea/{area}/{controller}/{action}/{id}",
                defaults: new { id = RouteParameter.Optional }
                  );

            config.Routes.MapHttpRoute(
                             name: "Default_areaApi",

                routeTemplate: "apiArea/{area}/{controller}/{action}/{id}",
                // "apiArea/Order/{id}/OrderDetail/{DetailId}",
                defaults: new { action = "UpdateOrderItem", id = RouteParameter.Optional }
                         );

            config.Filters.Add(DependencyResolver.Current.GetService<GlobalExceptionHandlingAttribute>());
        }
Ejemplo n.º 9
0
        public static AuthenticationConfiguration CreateConfiguration()
        {
            var config = new AuthenticationConfiguration
            {
                DefaultAuthenticationScheme = "Basic",
            };

            #region Basic Authentication
            config.AddBasicAuthentication((userName, password) => userName == password);
            #endregion

            #region SimpleWebToken
            config.AddSimpleWebToken(
                "http://identity.thinktecture.com/trust",
                Constants.Realm,
                Constants.IdSrvSymmetricSigningKey,
                AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
            #endregion

            #region JsonWebToken
            config.AddJsonWebToken(
                "http://selfissued.test",
                Constants.Realm,
                Constants.IdSrvSymmetricSigningKey,
                AuthenticationOptions.ForAuthorizationHeader("JWT"));
            #endregion

            #region IdentityServer SAML
            var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
            idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");

            var idsrvConfig = new SecurityTokenHandlerConfiguration();
            idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            idsrvConfig.IssuerNameRegistry = idsrvRegistry;
            idsrvConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
            #endregion

            #region ACS SWT
            config.AddSimpleWebToken(
                "https://" + Constants.ACS + "/",
                Constants.Realm,
                Constants.AcsSymmetricSigningKey,
                AuthenticationOptions.ForAuthorizationHeader("ACS"));
            #endregion

            #region AccessKey
            var handler = new SimpleSecurityTokenHandler("my access key", token =>
            {
                if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
                {
                    return new ClaimsIdentity(new Claim[]
                    {
                        new Claim("customerid", "123")
                    }, "Custom");
                }

                return null;
            });

            config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key"));
            #endregion

            return config;
        }
        public static AuthenticationConfiguration CreateConfiguration()
        {
            var config = new AuthenticationConfiguration
            {
                DefaultAuthenticationScheme = "Basic",
                EnableSessionToken = true,
                SetNoRedirectMarker = true
            };

            #region BasicAuthentication
            config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
            #endregion

            #region SimpleWebToken
            config.AddSimpleWebToken(
                issuer: Constants.IdSrvIssuerName,
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
            #endregion

            #region JsonWebToken
            config.AddJsonWebToken(
                issuer: "http://selfissued.test",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
            #endregion

            #region JsonWebToken Windows Store Client
            config.AddJsonWebToken(
                issuer: "http://identityserver45.thinktecture.com/trust/changethis",
                audience: "https://test/rp/",
                signingKey: "3ihK5qGVhp8ptIk9+TDucXQW4Aaengg3d5m6gU8nzc8=",
                options: AuthenticationOptions.ForAuthorizationHeader("Win8"));
            #endregion

            #region IdentityServer SAML
            var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
            idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv");

            var idsrvConfig = new SecurityTokenHandlerConfiguration();
            idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            idsrvConfig.IssuerNameRegistry = idsrvRegistry;
            idsrvConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
            #endregion

            #region ADFS SAML
            var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
            adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS");

            var adfsConfig = new SecurityTokenHandlerConfiguration();
            adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            adfsConfig.IssuerNameRegistry = adfsRegistry;
            adfsConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
            #endregion

            #region ACS SWT
            config.AddSimpleWebToken(
                issuer: "https://" + Constants.ACS + "/",
                audience: Constants.Realm,
                signingKey: Constants.AcsSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
            #endregion

            #region AccessKey
            config.AddAccessKey(token =>
            {
                if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
                {
                    return Principal.Create("Custom",
                        new Claim("customerid", "123"),
                        new Claim("email", "*****@*****.**"));
                }

                return null;
            }, AuthenticationOptions.ForQueryString("key"));
            #endregion

            #region Client Certificate
            config.AddClientCertificate(
                ClientCertificateMode.ChainValidationWithIssuerSubjectName, 
                "CN=PortableCA");
            #endregion

            return config;
        }
        public static AuthenticationConfiguration CreateConfiguration()
        {
            var config = new AuthenticationConfiguration
            {
                DefaultAuthenticationScheme = "Basic",
            };

            #region BasicAuthentication
            config.AddBasicAuthentication((userName, password) => userName == password);
            #endregion

            #region SimpleWebToken
            config.AddSimpleWebToken(
                issuer: "http://localhost/idsrv/trust",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
            #endregion

            #region JsonWebToken
            config.AddJsonWebToken(
                issuer: "http://selfissued.test",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
            #endregion

            #region IdentityServer SAML
            var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
            idsrvRegistry.AddTrustedIssuer("a90d2bc088d949d63321e1152065234c1acda7b1", "Thinktecture IdSrv");

            var idsrvConfig = new SecurityTokenHandlerConfiguration();
            idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            idsrvConfig.IssuerNameRegistry = idsrvRegistry;
            idsrvConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
            #endregion

            #region ACS SWT
            config.AddSimpleWebToken(
                issuer: "https://" + Constants.ACS + "/",
                audience: Constants.Realm,
                signingKey: Constants.AcsSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
            #endregion

            #region AccessKey
            var handler = new SimpleSecurityTokenHandler(token =>
            {
                if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
                {
                    return IdentityFactory.Create("Custom",
                        new Claim("customerid", "123"),
                        new Claim("email", "*****@*****.**"));
                }

                return null;
            });

            config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key"));
            #endregion

            return config;
        }