// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
}
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
//// Enables the application to validate the security stamp when the user logs in.
//// This is a security feature which is used when you change a password or add an external login to your account.
//OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
// validateInterval: ConfiguredExpireTimeSpan,
// regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
},
ExpireTimeSpan = ConfiguredExpireTimeSpan
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
}
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = new SPOptions
{
EntityId = new EntityId("https://localhost:44300/identity/AuthServices")
},
SignInAsAuthenticationType = signInAsType,
AuthenticationType = "okta",
Caption = "Okta"
};
authServicesOptions.IdentityProviders.Add(new IdentityProvider(
new EntityId("http://www.okta.com/exk5dcmpavv9xKCZC0h7"), authServicesOptions.SPOptions)
{
LoadMetadata = true,
MetadataUrl = new Uri("https://dev-169318.oktapreview.com/app/exk5dcmpavv9xKCZC0h7/sso/saml/metadata"),
AllowUnsolicitedAuthnResponse = true
});
app.UseKentorAuthServicesAuthentication(authServicesOptions);
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions
{
AuthenticationType = "Google",
Caption = "Sign-in with Google",
SignInAsAuthenticationType = signInAsType,
ClientId = "297503349559-dmgmcoqfpkr7kr93e3kh0kj4gfrigbgf.apps.googleusercontent.com",
ClientSecret = "hllqf-f_5xvozZnG9YRvOfo1"
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = CreateSPOptions()
//SPOptions = new SPOptions
//{
// EntityId = new EntityId(localMetaUri),
// ReturnUrl = returnUrl,
// WantAssertionsSigned = true
//},
//AuthenticationType = adfsType,
//Caption = adfsType,
};
Uri metadataURI = new Uri(metaUri);
var idp = new IdentityProvider(new EntityId(entityId), authServicesOptions.SPOptions)
{
AllowUnsolicitedAuthnResponse = true,
Binding = Saml2BindingType.HttpRedirect,
MetadataLocation = metadataURI.ToString(),
LoadMetadata = true
};
//idp.SigningKeys.AddConfiguredKey(
// new X509Certificate2(
// HostingEnvironment.MapPath(
// "~/App_Data/AzureApp_signing.cer")));
authServicesOptions.IdentityProviders.Add(idp);
app.UseKentorAuthServicesAuthentication(authServicesOptions);
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
}
private void ConfigureSaml2(IAppBuilder app, string signInAsType)
{
var options = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = new SPOptions
{
EntityId = new EntityId("http://localhost:4589/IdSrv3/AuthServices"),
},
SignInAsAuthenticationType = signInAsType,
Caption = "SAML2p"
};
UseIdSrv3LogoutOnFederatedLogout(app, options);
options.SPOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction.AudienceMode
= AudienceUriMode.Never;
options.SPOptions.ServiceCertificates.Add(new X509Certificate2(
AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Kentor.AuthServices.Tests.pfx"));
options.IdentityProviders.Add(new IdentityProvider(
new EntityId("http://localhost:52071/Metadata"),
options.SPOptions)
{
LoadMetadata = true
});
app.UseKentorAuthServicesAuthentication(options);
}
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider()
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
}
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider()
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
}
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider(),
ExpireTimeSpan = ConfiguredExpireTimeSpan
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
}
public void Configuration(IAppBuilder app)
{
var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = new SPOptions
{
EntityId = new EntityId("http://sp.example.com")
},
SignInAsAuthenticationType = "External",
AuthenticationType = "saml2p",
Caption = "SAML2p"
};
authServicesOptions.IdentityProviders.Add(new IdentityProvider(new EntityId("http://stubidp.kentor.se/Metadata"), authServicesOptions.SPOptions)
{
LoadMetadata = true
});
var cors = new InMemoryCorsPolicyService(Clients.Get());
var factory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
.UseInMemoryUsers(Users.Get());
factory.CorsPolicyService = new Registration <ICorsPolicyService>(cors);
var options = new IdentityServerOptions
{
Factory = factory,
AuthenticationOptions = new AuthenticationOptions()
{
IdentityProviders = (appBuilder, signInAsType) =>
{
Kentor.AuthServices.Configuration.Options.GlobalEnableSha256XmlSignatures();
app.UseKentorAuthServicesAuthentication(authServicesOptions);
}
},
LoggingOptions = new LoggingOptions()
{
EnableHttpLogging = true,
EnableKatanaLogging = true,
EnableWebApiDiagnostics = true
}
};
app.UseIdentityServer(options);
}
public void Configuration(IAppBuilder app)
{
var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = new SPOptions
{
EntityId = new EntityId("http://sp.example.com")
},
SignInAsAuthenticationType = "External",
AuthenticationType = "saml2p",
Caption = "SAML2p"
};
authServicesOptions.IdentityProviders.Add(new IdentityProvider(new EntityId("http://stubidp.kentor.se/Metadata"), authServicesOptions.SPOptions)
{
LoadMetadata = true
});
var cors = new InMemoryCorsPolicyService(Clients.Get());
var factory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
.UseInMemoryUsers(Users.Get());
factory.CorsPolicyService = new Registration<ICorsPolicyService>(cors);
var options = new IdentityServerOptions
{
Factory = factory,
AuthenticationOptions = new AuthenticationOptions()
{
IdentityProviders = (appBuilder, signInAsType) =>
{
Kentor.AuthServices.Configuration.Options.GlobalEnableSha256XmlSignatures();
app.UseKentorAuthServicesAuthentication(authServicesOptions);
}
},
LoggingOptions = new LoggingOptions()
{
EnableHttpLogging = true,
EnableKatanaLogging = true,
EnableWebApiDiagnostics = true
}
};
app.UseIdentityServer(options);
}
private void ConfigureSecurity(IAppBuilder app)
{
app.Use(async(context, next) => { await next.Invoke(); });
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.Use(async(context, next) => { await next.Invoke(); });
var authOptions = new KentorAuthServicesAuthenticationOptions(true)
{
SPOptions = { Logger = new SeriLogAdapter(Log.Logger) }
};
var authServiceNotifications = new AuthServiceNotifications(authOptions.SPOptions, true);
authOptions.Notifications.AcsCommandResultCreated += authServiceNotifications.AcsCommandResultCreated;
app.UseKentorAuthServicesAuthentication(authOptions);
app.Use(async(context, next) => { await next.Invoke(); });
Log.Information("ConfigureSecurity: tokenExpiry={TokenExpiryInMinutes}",
AuthenticationHelper.TokenExpiryInMinutes);
var oAuthAuthorizationServerOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(AuthenticationHelper.TokenExpiryInMinutes),
Provider = new AuthorizationServerProvider()
};
app.UseOAuthAuthorizationServer(oAuthAuthorizationServerOptions);
app.Use(async(context, next) => { await next.Invoke(); });
var authNOptions = AuthenticationHelper.WebApiBearerAuthenticationOptions =
new OAuthBearerAuthenticationOptions();
app.UseOAuthBearerAuthentication(authNOptions);
app.Use(async(context, next) => { await next.Invoke(); });
}
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
//OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
// validateInterval: TimeSpan.FromMinutes(30),
// regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
}
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
// Configure Kentor SAML Identity Provider
var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = new SPOptions
{
EntityId = new EntityId(BaseUrl),
ReturnUrl = new Uri(BaseUrl),
AttributeConsumingServices = { GetAttributeService() },
//WantAssertionsSigned = true,
//AuthenticateRequestSigningBehavior = SigningBehavior.IfIdpWantAuthnRequestsSigned // TODO: decide what needs to be here in prod
},
SignInAsAuthenticationType = signInAsType,
AuthenticationType = "saml2p",
Caption = "SAML2p",
};
// Map claims Shibboleth->OIDC using a custom claims manager: https://github.com/KentorIT/authservices/blob/master/doc/ClaimsAuthenticationManager.md
authServicesOptions.SPOptions.SystemIdentityModelIdentityConfiguration.ClaimsAuthenticationManager =
new ShibbolethClaimsMapper();
authServicesOptions.SPOptions.ServiceCertificates.Add(LoadCertificate());
var ucdShibIdp = new IdentityProvider(
new EntityId("urn:mace:incommon:ucdavis.edu"),
authServicesOptions.SPOptions)
{
LoadMetadata = true,
MetadataLocation = "https://shibboleth.ucdavis.edu/idp/shibboleth",
AllowUnsolicitedAuthnResponse = true,
};
ucdShibIdp.SigningKeys.AddConfiguredKey(LoadCertificate());
authServicesOptions.IdentityProviders.Add(ucdShibIdp);
// Federate against the IdP
//new Federation(FederationUrl, true, authServicesOptions);
app.UseKentorAuthServicesAuthentication(authServicesOptions);
}
// Using Kentor.AuthServices
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = "cookie"
});
var spOptions = new SPOptions
{
EntityId = new EntityId("http://localhost:50155/AuthServices"),
AuthenticateRequestSigningBehavior = SigningBehavior.Always
};
spOptions.ServiceCertificates.Add(new ServiceCertificate
{
Certificate = new X509Certificate2(HostingEnvironment.MapPath("~/testclient.pfx"), "test"),
Use = CertificateUse.Signing
});
var options = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = spOptions,
AuthenticationType = "saml2p",
SignInAsAuthenticationType = "cookie"
};
var idp = new IdentityProvider(new EntityId("http://localhost:5000"), options.SPOptions)
{
SingleSignOnServiceUrl = new Uri("http://localhost:5000/saml/sso"),
Binding = Saml2BindingType.HttpRedirect,
SingleLogoutServiceUrl = new Uri("http://localhost:5000/saml/slo"),
SingleLogoutServiceBinding = Saml2BindingType.HttpPost,
WantAuthnRequestsSigned = true
};
idp.SigningKeys.AddConfiguredKey(new X509Certificate2(HostingEnvironment.MapPath("~/idsrv3test.cer")));
options.IdentityProviders.Add(idp);
app.UseKentorAuthServicesAuthentication(options);
}
private void SetUpTelstaFederation(IAppBuilder app, string signInAsType)
{
//The entity Id is the one registered with Telstra. Is the end point that the SAML2 token will be posted back to.
//Had to reduce the minimum signing algorithm since the Telestra Idp does not use the recommended standard
var spOptions = new SPOptions
{
EntityId = new EntityId("https://tsocid.azurewebsites.net/core"),
MinIncomingSigningAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
};
var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = spOptions,
SignInAsAuthenticationType = signInAsType,
AuthenticationType = "Telstra",
Caption = "Telstra",
};
//Set AudiencUriMode to never to again be able to work with the Telstra Idp
authServicesOptions.SPOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction.AudienceMode = AudienceUriMode.Never;
var identityProvider = new IdentityProvider(
new EntityId("signon.bigpond.com"), authServicesOptions.SPOptions)
{
SingleSignOnServiceUrl = new Uri("https://signonit.bigpond.com/federation/saml2?SPID=TSOC"),
SingleLogoutServiceUrl = new Uri("https://signonit.bigpond.com/logout"),
Binding = Saml2BindingType.HttpRedirect,
SingleLogoutServiceBinding = Saml2BindingType.HttpRedirect,
WantAuthnRequestsSigned = false,
AllowUnsolicitedAuthnResponse = true, //Telstra does not return a InResponseTo attribute
LoadMetadata = false //No metadata endpoint provided
};
identityProvider.SigningKeys.AddConfiguredKey(GetTelstraSigningCertificate());
authServicesOptions.IdentityProviders.Add(identityProvider);
app.UseKentorAuthServicesAuthentication(authServicesOptions);
}
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var authServicesOptions = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = new SPOptions
{
EntityId = new EntityId("https://localhost:44300/identity/AuthServices")
},
SignInAsAuthenticationType = signInAsType,
AuthenticationType = "okta",
Caption = "Okta"
};
authServicesOptions.IdentityProviders.Add(new IdentityProvider(
new EntityId("http://www.okta.com/exk5dcmpavv9xKCZC0h7"), authServicesOptions.SPOptions)
{
LoadMetadata = true,
MetadataUrl = new Uri("https://dev-169318.oktapreview.com/app/exk5dcmpavv9xKCZC0h7/sso/saml/metadata"),
AllowUnsolicitedAuthnResponse = true
});
app.UseKentorAuthServicesAuthentication(authServicesOptions);
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions
{
AuthenticationType = "Google",
Caption = "Sign-in with Google",
SignInAsAuthenticationType = signInAsType,
ClientId = "297503349559-dmgmcoqfpkr7kr93e3kh0kj4gfrigbgf.apps.googleusercontent.com",
ClientSecret = "hllqf-f_5xvozZnG9YRvOfo1"
});
}
private void ConfigureSaml2(IAppBuilder app, string signInAsType)
{
var options = new KentorAuthServicesAuthenticationOptions(false)
{
SPOptions = new SPOptions
{
EntityId = new EntityId("http://localhost:4589/IdSrv3/AuthServices"),
},
SignInAsAuthenticationType = signInAsType,
Caption = "SAML2p"
};
UseIdSrv3LogoutOnFederatedLogout(app, options);
options.SPOptions.SystemIdentityModelIdentityConfiguration.AudienceRestriction.AudienceMode
= AudienceUriMode.Never;
options.SPOptions.ServiceCertificates.Add(new X509Certificate2(
AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "/App_Data/Kentor.AuthServices.Tests.pfx"));
options.IdentityProviders.Add(new IdentityProvider(
new EntityId("http://localhost:52071/Metadata"),
options.SPOptions)
{
LoadMetadata = true
});
app.UseKentorAuthServicesAuthentication(options);
}
public void Configuration(IAppBuilder app)
{
Authentication.Configuration(app);
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseKentorAuthServicesAuthentication(CreateAuthServicesOptions());
}
