public static IAppBuilder UseClaimsTransformation(this IAppBuilder appBuilder, Func <ClaimsPrincipal, Task <ClaimsPrincipal> > options)
{
return(appBuilder.UseClaimsTransformation(new ClaimsTransformationOptions()
{
ClaimTransformation = options
}));
}
public static IAppBuilder UseClaimsTransformation(this IAppBuilder app, ClaimsAuthenticationManager manager)
{
return(app.UseClaimsTransformation(new ClaimsTransformationOptions
{
ClaimsAuthenticationManager = manager
}));
}
public void Configuration(IAppBuilder app)
{
// token validation
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = Constants.IdentityServerUri,
RequiredScopes = new[] { "apiAccess" }
});
// add app local claims per request
app.UseClaimsTransformation(incoming =>
{
// either add claims to incoming, or create new principal
var appPrincipal = new ClaimsPrincipal(incoming);
incoming.Identities.First().AddClaim(new Claim("appSpecific", "some_value"));
return Task.FromResult(appPrincipal);
});
app.UseCors(CorsOptions.AllowAll);
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
// web api configuration
app.UseWebApi(config);
}
public void Configuration(IAppBuilder app)
{
// token validation
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://localhost:44319/identity",
RequiredScopes = new[] { "sampleApi" }
});
// add app local claims per request
app.UseClaimsTransformation(incoming =>
{
// either add claims to incoming, or create new principal
var appPrincipal = new ClaimsPrincipal(incoming);
incoming.Identities.First().AddClaim(new Claim("appSpecific", "some_value"));
return(Task.FromResult(appPrincipal));
});
// web api configuration
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
app.UseWebApi(config);
}
public void ConfigureAuth(IAppBuilder app)
{
ApplicationDbContext db = new ApplicationDbContext();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = Authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
// If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;
ClientCredential credential = new ClientCredential(clientId, appKey);
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier).Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
return(Task.FromResult(0));
}
}
});
app.UseClaimsTransformation();
}
public static IAppBuilder UseClaimsTransformation(this IAppBuilder app, Func <ClaimsPrincipal, Task <ClaimsPrincipal> > transformation)
{
return(app.UseClaimsTransformation(new ClaimsTransformationOptions
{
ClaimsTransformation = transformation
}));
}
private static void ConfigureAuth(IAppBuilder app)
{
// validate JWT tokens from AuthorizationServer
app.UseJsonWebToken(
issuer: "AS",
audience: "sparrow",
signingKey: "OYGY0nAkQUZx1YrT6ler8CI6qbJHyn32tWbCDNuLL+M=");
// claims transformation
app.UseClaimsTransformation(new ClaimsTransformer());
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
app.UseClaimsTransformation(new ClaimsTransformer());
}
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
var configurationService = new ConfigurationService();
#if DEBUG
Log.Logger = new LoggerConfiguration()
.WriteTo.Debug()
.CreateLogger();
config.Services.Add(typeof(IExceptionLogger), new DebugExceptionLogger());
#else
Log.Logger = new LoggerConfiguration()
.WriteTo.Elmah()
.CreateLogger();
#endif
// Autofac
var builder = new ContainerBuilder();
builder.Register(c => app.GetDataProtectionProvider()).InstancePerRequest();
builder.Register(c => HttpContext.Current.GetOwinContext().Authentication).InstancePerRequest();
builder.Register(c => Log.Logger).As <ILogger>().SingleInstance();
builder.RegisterType <ElmahSqlLogger>().AsSelf().InstancePerRequest();
var container = AutofacBootstrapper.Initialize(builder, config, configurationService);
// Web API
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute("DefaultApi", "api/{controller}/{id}", new { id = RouteParameter.Optional });
config.Services.Add(typeof(IExceptionLogger), new ElmahExceptionLogger());
config.Filters.AddRange(new FilterConfig(configurationService.CurrentConfiguration).Collection);
config.DependencyResolver = new AutofacWebApiDependencyResolver(container);
config.Formatters.JsonFormatter.SerializerSettings.ContractResolver = new DefaultContractResolver {
IgnoreSerializableAttribute = true
};
app.UseIdentityServer(GetIdentityServerOptions(app, configurationService.CurrentConfiguration));
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = configurationService.CurrentConfiguration.SiteRoot,
RequiredScopes = new[] { "api1", "api3" },
ValidationMode = ValidationMode.ValidationEndpoint
});
app.UseAutofacMiddleware(container);
app.UseAutofacWebApi(config);
app.UseClaimsTransformation(ClaimsTransformationOptionsFactory.Create());
app.UseWebApi(config);
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
}
public static void Configure(IAppBuilder app)
{
// no mapping of incoming claims to Microsoft types
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
// validate JWT tokens from AuthorizationServer
app.UseJsonWebToken(
issuer: Constants.AS.IssuerName,
audience: Constants.Audience,
signingKey: Constants.AS.SigningKey);
// claims transformation
app.UseClaimsTransformation(new ClaimsTransformer());
}
public static void Configure(IAppBuilder app)
{
// no mapping of incoming claims to Microsoft types
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>();
// validate JWT tokens from AuthorizationServer
app.UseJsonWebToken(
issuer: Constants.AS.IssuerName,
audience: Constants.Audience,
signingKey: Constants.AS.SigningKey);
// claims transformation
app.UseClaimsTransformation(new ClaimsTransformer());
}
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
var configurationService = new ConfigurationService();
#if DEBUG
Log.Logger = new LoggerConfiguration()
.WriteTo.Debug()
.CreateLogger();
config.Services.Add(typeof(IExceptionLogger), new DebugExceptionLogger());
#else
Log.Logger = new LoggerConfiguration()
.WriteTo.Elmah()
.CreateLogger();
#endif
// Autofac
var builder = new ContainerBuilder();
builder.Register(c => app.GetDataProtectionProvider()).InstancePerRequest();
builder.Register(c => configurationService).As<ConfigurationService>().SingleInstance();
builder.Register(c => configurationService.CurrentConfiguration).As<AppConfiguration>().SingleInstance();
builder.Register(c => HttpContext.Current.GetOwinContext().Authentication).InstancePerRequest();
builder.Register(c => Log.Logger).As<ILogger>().SingleInstance();
var container = AutofacBootstrapper.Initialize(builder, config);
// Web API
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute("DefaultApi", "api/{controller}/{id}", new { id = RouteParameter.Optional });
config.Services.Add(typeof(IExceptionLogger), new ElmahExceptionLogger());
config.Filters.Add(new ElmahHandleErrorApiAttribute());
config.DependencyResolver = new AutofacWebApiDependencyResolver(container);
config.Formatters.JsonFormatter.SerializerSettings.ContractResolver = new DefaultContractResolver { IgnoreSerializableAttribute = true };
app.UseIdentityServer(GetIdentityServerOptions(app, configurationService.CurrentConfiguration));
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = configurationService.CurrentConfiguration.SiteRoot,
RequiredScopes = new[] { "api1" },
ValidationMode = ValidationMode.ValidationEndpoint
});
app.UseAutofacMiddleware(container);
app.UseAutofacWebApi(config);
app.UseClaimsTransformation(ClaimsTransformationOptionsFactory.Create());
app.UseWebApi(config);
}
public void Configuration(IAppBuilder app)
{
// require SSL and client certificates
app.RequireSsl(requireClientCertificate: true);
// basic authentication
app.UseBasicAuthentication("katanademo", ValidateUser);
// client certificates
app.UseClientCertificateAuthentication(X509RevocationMode.NoCheck);
// transform claims to application identity
app.UseClaimsTransformation(TransformClaims);
app.UseWebApi(WebApiConfig.Register());
}
public void Configuration(IAppBuilder app)
{
// require SSL and client certificates
app.RequireSsl(requireClientCertificate: true);
// basic authentication
app.UseBasicAuthentication("katanademo", ValidateUser);
// client certificates
app.UseClientCertificateAuthentication(X509RevocationMode.NoCheck);
// transform claims to application identity
app.UseClaimsTransformation(TransformClaims);
app.UseWebApi(WebApiConfig.Register());
}
public void Configuration(IAppBuilder app)
{
// authorization manager
ClaimsAuthorization.CustomAuthorizationManager = new AuthorizationManager();
// no mapping of incoming claims to Microsoft types
JwtSecurityTokenHandler.InboundClaimTypeMap = ClaimMappings.None;
// validate JWT tokens from AuthorizationServer
app.UseJsonWebToken(
issuer: Constants.AS.IssuerName,
audience: Constants.Audience,
signingKey: Constants.AS.SigningKey);
// claims transformation
app.UseClaimsTransformation(new ClaimsTransformer().Transform);
app.UseWebApi(WebApiConfig.Configure());
}
public void Configuration(IAppBuilder app)
{
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>();
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "http://localhost:12345",
ValidationMode = ValidationMode.Local,
RequiredScopes = new[] { "api1" }
});
app.UseClaimsTransformation(Transform);
var configuration = new HttpConfiguration();
configuration.MapHttpAttributeRoutes();
configuration.EnableCors();
app.UseWebApi(configuration);
}
public void Configuration(IAppBuilder app)
{
// For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=316888
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://localhost:44399/identity",
RequiredScopes = new [] { "sampleApi" }
});
// add app local claims per request
app.UseClaimsTransformation(incoming =>
{
// either add claims to incoming, or create new principal
var appPrincipal = new ClaimsPrincipal(incoming);
incoming.Identities.First().AddClaim(new Claim("appSpecific", "some_value"));
return(Task.FromResult(appPrincipal));
});
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
app.UseWebApi(config);
}
public void Configuration(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://localhost:44355",
ValidationMode = ValidationMode.ValidationEndpoint,
ClientId = "api",
ClientSecret = "api-secret",
RequiredScopes = new[] { "api" }
});
app.UseClaimsTransformation(async principal =>
{
var newUser = new ClaimsPrincipal(principal);
newUser.Identities.First().AddClaims(new []
{
new Claim("customClaim1", "value1"),
new Claim("customClaim2", "value2")
});
return(await Task.FromResult(newUser));
});
var httpConfiguration = new HttpConfiguration();
// Web API routes
httpConfiguration.MapHttpAttributeRoutes();
// Web API configuration and services
httpConfiguration.Filters.Add(new AuthorizeAttribute());
app.UseWebApi(httpConfiguration);
}
public static void Configure(IAppBuilder app)
{
// no mapping of incoming claims to Microsoft types
JwtSecurityTokenHandler.InboundClaimTypeMap = ClaimMappings.None;
// validate JWT tokens from AuthorizationServer
app.UseJwtBearerToken(
issuer: Constants.AS.IssuerName,
audience: Constants.Audience,
signingKey: Constants.AS.SigningKey);
// claims transformation
app.UseClaimsTransformation(new ClaimsTransformer());
#region Katana
//app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
//{
// AllowedAudiences = new[] { Constants.Audience },
// IssuerSecurityTokenProviders = new[] { new SymmetricKeyIssuerSecurityTokenProvider(
// Constants.AS.IssuerName,
// Constants.AS.SigningKey) }
//});
#endregion
}
public void Configuration(IAppBuilder app)
{
app.UseWindowsAuthentication(); // set to support non-IIS host
app.UseClaimsTransformation(TransformClaimsPrincipal); // set when you want to transform or enrich the claims principal
app.UseWebApi(WebApiConfig.Register());
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
app.UseClaimsTransformation(new SampleClaimsTransformationOptions());
app.UseResourceAuthorization(new SampleAuthorizationPolicies());
}
public void Configuration(IAppBuilder appBuilder)
{
appBuilder.UseWindowsAuthentication();
appBuilder.UseClaimsTransformation(Transformation);
}
public void Configuration(IAppBuilder app)
{
app.UseWindowsAuthentication();
app.UseClaimsTransformation(Transformation);
app.UseWebApi(WebApiConfig.Register());
}
private static void Stash(IAppBuilder app)
{
//app.Map("/api", apiApp => {
// // token validation
// apiApp.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
// {
// Authority = "https://localhost:44319/identity",
// RequiredScopes = new[] { "sampleApi" },
// DelayLoadMetadata = true
// });
// // add app local claims per request
// apiApp.UseClaimsTransformation(incoming =>
// {
// // either add claims to incoming, or create new principal
// var appPrincipal = new ClaimsPrincipal(incoming);
// incoming.Identities.First().AddClaim(new Claim("appSpecific", "some_value"));
// return Task.FromResult(appPrincipal);
// });
// // web api configuration
// var config = new HttpConfiguration();
// config.MapHttpAttributeRoutes();
// apiApp.UseWebApi(config);
//});
// token validation
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://localhost:44319/identity",
RequiredScopes = new[] { "sampleApi" }
//,
//DelayLoadMetadata = true
});
// add app local claims per request
app.UseClaimsTransformation(incoming =>
{
// either add claims to incoming, or create new principal
var appPrincipal = new ClaimsPrincipal(incoming);
incoming.Identities.First().AddClaim(new Claim("appSpecific", "some_value"));
return(Task.FromResult(appPrincipal));
});
// web api configuration
var config2 = new HttpConfiguration();
config2.MapHttpAttributeRoutes();
app.UseWebApi(config2);
//app.UseCookieAuthentication(new CookieAuthenticationOptions
//{
// AuthenticationType = "Cookies"
//});
//app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
//{
// Authority = "https://localhost:44319/identity",
// ClientId = "mvc",
// Scope = "openid profile roles sampleApi",
// ResponseType = "id_token token",
// RedirectUri = "https://localhost:44319/",
// SignInAsAuthenticationType = "Cookies",
// UseTokenLifetime = false,
// Notifications = new OpenIdConnectAuthenticationNotifications
// {
// SecurityTokenValidated = async n =>
// {
// var nid = new ClaimsIdentity(
// n.AuthenticationTicket.Identity.AuthenticationType,
// Constants.ClaimTypes.GivenName,
// Constants.ClaimTypes.Role);
// // get userinfo data
// var userInfoClient = new UserInfoClient(
// new Uri(n.Options.Authority + "/connect/userinfo"),
// n.ProtocolMessage.AccessToken);
// var userInfo = await userInfoClient.GetAsync();
// userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Item1, ui.Item2)));
// // keep the id_token for logout
// nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
// // add access token for sample API
// nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));
// // keep track of access token expiration
// nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString()));
// // add some other app specific claim
// nid.AddClaim(new Claim("app_specific", "some data"));
// n.AuthenticationTicket = new AuthenticationTicket(
// nid,
// n.AuthenticationTicket.Properties);
// },
// RedirectToIdentityProvider = n =>
// {
// if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
// {
// var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
// if (idTokenHint != null)
// {
// n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
// }
// }
// return Task.FromResult(0);
// }
// }
//});
}
