public override void Configure(IAppBuilder app)
{
if (String.IsNullOrEmpty(FederationSettings.MetadataAddress))
{
throw new ArgumentException("Missing federation declaration in config", "FederationMetadataAddress");
}
if (String.IsNullOrEmpty(FederationSettings.Realm))
{
throw new ArgumentException("Missing federation declaration in config", "FederationRealm");
}
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = FederationSettings.MetadataAddress,
Wtrealm = FederationSettings.Realm,
Notifications = new WsFederationAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
if (context.OwinContext.Response.StatusCode == (int)HttpStatusCode.Unauthorized && context.Request.Headers.ContainsKey("AuthNoRedirect"))
{
context.HandleResponse();
}
return Task.FromResult(0);
}
}
});
}
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider()
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = String.Format("https://{0}/wsfed/{1}/FederationMetadata/2007-06/FederationMetadata.xml",
ConfigurationManager.AppSettings["auth0:Domain"],
ConfigurationManager.AppSettings["auth0:ClientId"]),
Wtrealm = "urn:" + ConfigurationManager.AppSettings["auth0:ApplicationName"],
Notifications = new WsFederationAuthenticationNotifications
{
SecurityTokenValidated = notification =>
{
notification.AuthenticationTicket.Identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "Auth0"));
return Task.FromResult(true);
}
}
});
}
public void ConfigureAuth(IAppBuilder app, IConfigurationProvider configProvider)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
// Primary authentication method for web site to Azure AD via the WsFederation below
app.UseCookieAuthentication(new CookieAuthenticationOptions());
string federationMetadataAddress = configProvider.GetConfigurationSettingValue("ida.FederationMetadataAddress");
string federationRealm = configProvider.GetConfigurationSettingValue("ida.FederationRealm");
if (string.IsNullOrEmpty(federationMetadataAddress) || string.IsNullOrEmpty(federationRealm))
{
throw new ApplicationException("Config issue: Unable to load required federation values from web.config or other configuration source.");
}
// check for default values that will cause app to fail to startup with an unhelpful 404 exception
if (federationMetadataAddress.StartsWith("-- ", StringComparison.Ordinal) ||
federationRealm.StartsWith("-- ", StringComparison.Ordinal))
{
throw new ApplicationException("Config issue: Default federation values from web.config need to be overridden or replaced.");
}
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
MetadataAddress = federationMetadataAddress,
Wtrealm = federationRealm
});
string aadTenant = configProvider.GetConfigurationSettingValue("ida.AADTenant");
string aadAudience = configProvider.GetConfigurationSettingValue("ida.AADAudience");
if (string.IsNullOrEmpty(aadTenant) || string.IsNullOrEmpty(aadAudience))
{
throw new ApplicationException("Config issue: Unable to load required AAD values from web.config or other configuration source.");
}
// check for default values that will cause failure
if (aadTenant.StartsWith("-- ", StringComparison.Ordinal) ||
aadAudience.StartsWith("-- ", StringComparison.Ordinal))
{
throw new ApplicationException("Config issue: Default AAD values from web.config need to be overridden or replaced.");
}
// Fallback authentication method to allow "Authorization: Bearer <token>" in the header for WebAPI calls
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = aadTenant,
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = aadAudience,
RoleClaimType = "http://schemas.microsoft.com/identity/claims/scope" // Used to unwrap token roles and provide them to [Authorize(Roles="")] attributes
}
});
}
public void ConfigureWsFederationAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
AuthenticationType = FedAuth,
Wtrealm = ConfigurationManager.AppSettings["app:URI"],
MetadataAddress = ConfigurationManager.AppSettings["wsFederation:MetadataEndpoint"],
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = realm,
MetadataAddress = adfsMetadata
});
}
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var wsFederation = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "https://localhost:44333/windows",
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(wsFederation);
}
public static void ConfigureAdditionalIdentityProviders(IAppBuilder app, string signInAsType)
{
var windowsAuthentication = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = GlobalConfiguration.WinAdMetadataUri.ToString(),
Wtrealm = "urn:idsrv3",
Wreply = $"{GlobalConfiguration.AuthorityRoute}/callback",
Notifications = GetWsFedAuthNotifications()
};
app.UseWsFederationAuthentication(windowsAuthentication);
}
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
MetadataAddress = "http://localhost:29702/FederationMetadata",
Wtrealm = "urn:SupaDoopaRealm",
Wreply = "http://localhost:16635/"
}
);
}
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = MVC_Owin_WsFederation.Configuration.CFS_METADATA,
Wtrealm = MVC_Owin_WsFederation.Configuration.CFS_RP_REALM,
SignInAsAuthenticationType = "Cookies"
});
}
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = Constants.BaseAddress + "/wsfed/metadata",
Wtrealm = "urn:owinrp",
SignInAsAuthenticationType = "Cookies"
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = UserAccountType.External,
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = UserAccountType.Twitter,
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
});
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active
});
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
MetadataAddress = ConfigurationManager.AppSettings["FederationMetadataAddress"],
Wtrealm = ConfigurationManager.AppSettings["FederationWtrealm"],
SignInAsAuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
});
app.UseTwitterAuthentication(
new TwitterAuthenticationOptions
{
ConsumerKey = ConfigurationManager.AppSettings["TwitterConsumerKey"],
ConsumerSecret = ConfigurationManager.AppSettings["TwitterConsumerSecret"],
Provider = new Microsoft.Owin.Security.Twitter.TwitterAuthenticationProvider
{
OnAuthenticated = async context =>
{
context.Identity.AddClaim(new Claim("urn:twitter:accesstoken", context.AccessToken));
context.Identity.AddClaim(new Claim("urn:twitter:accesstokensecret", context.AccessTokenSecret));
}
},
SignInAsAuthenticationType = UserAccountType.External
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType =
CookieAuthenticationDefaults.AuthenticationType
});
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
MetadataAddress = "https://login.microsoftonline.com/2c2a63d4-465c-464d-b7f5-6ccfd0dce5b8/federationmetadata/2007-06/federationmetadata.xml",
Wtrealm = "https://testService.local/",
});
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
var notifications = new WsFederationAuthenticationNotifications
{
SecurityTokenReceived = (context) =>
{
Debug.WriteLine("SecurityTokenReceived");
return Task.CompletedTask;
},
AuthenticationFailed = (context) =>
{
Debug.WriteLine("AuthenticationFailed");
return Task.CompletedTask;
},
MessageReceived = (context) =>
{
Debug.WriteLine("MessageReceived");
return Task.CompletedTask;
},
RedirectToIdentityProvider = (context) =>
{
Debug.WriteLine("RedirectToIdentityProvider");
return Task.CompletedTask;
},
SecurityTokenValidated = (context) =>
{
Debug.WriteLine("SecurityTokenValidated");
return Task.CompletedTask;
}
};
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Notifications = notifications,
Wtrealm = _realm,
MetadataAddress = _adfsMetadata
});
}
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = IdentityUrl + "/wsfed/metadata",
Wtrealm = ServerUrl,
SignOutWreply = ServerUrl,
SignInAsAuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
UseTokenLifetime = false,
Notifications = new WsFederationAuthenticationNotifications
{
RedirectToIdentityProvider = ctx =>
{
if (ctx.OwinContext.Response.StatusCode == 401 &&
ctx.OwinContext.Authentication.User.Identity.IsAuthenticated)
{
ctx.OwinContext.Response.StatusCode = 403;
ctx.HandleResponse();
}
return Task.FromResult(0);
},
SecurityTokenValidated = ctx =>
{
//ctx.AuthenticationTicket.Properties.IsPersistent = true; //Always False. Will remember when closing browser, but should only happen when user ticks Remember Me
var isPersistent = ctx.AuthenticationTicket.Properties.IsPersistent;//Should vary based on remember me-checkbox?
var redirectUri = new Uri(ctx.AuthenticationTicket.Properties.RedirectUri, UriKind.RelativeOrAbsolute);
if (redirectUri.IsAbsoluteUri)
ctx.AuthenticationTicket.Properties.RedirectUri = redirectUri.PathAndQuery;
return Task.FromResult(0);
}
}
});
app.UseStageMarker(PipelineStage.Authenticate);
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Name;
}
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions {AuthenticationType = "cookies"});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
Wtrealm = "urn:encryptedrealmV2",
MetadataAddress = "https://localhost:44388/wsfed/metadata",
Wreply = "https://localhost:44344/",
SignInAsAuthenticationType = "cookies",
TokenValidationParameters = new TokenValidationParameters
{
AuthenticationType = "cookies",
ClientDecryptionTokens =
new ReadOnlyCollection<SecurityToken>(new List<SecurityToken>
{
new X509SecurityToken(Cert.LoadEncrypting())
})
}
});
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context and user manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
//app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//app.UseCookieAuthentication(new CookieAuthenticationOptions
//{
// AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType,
//});
////app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
////app.UseCookieAuthentication(new CookieAuthenticationOptions { });
//app.UseOpenIdConnectAuthentication(
// new OpenIdConnectAuthenticationOptions
// {
// Client_Id = "TesteWebApi",
// Client_Secret = "P@ssw0rd",
// Authority = "https://pasteur",
// });
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType =
WsFederationAuthenticationDefaults.AuthenticationType
});
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
MetadataAddress = "https://pasteur/FederationMetadata/2007-06/FederationMetadata.xml",
Wtrealm = "urn:mvcjwtrp",
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = realm,
MetadataAddress = metadata,
Notifications = new WsFederationAuthenticationNotifications
{
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("Home/Error?message=" + context.Exception.Message);
return Task.FromResult(0);
}
}
});
}
public void Configuration(IAppBuilder app)
{
// For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=316888
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
//UPDATE Bug has been confirmed that this is not working as intented.
// I will update this demo as more information is avalibe.
//ValidateIssuer = false -> this causes IssuereValidator to not be run.
IssuerValidator = (issuer, token) =>
{
return false; // it still sign in the user even though its false.
// return DatabaseIssuerNameRegistry.ContainsTenant(issuer);
}
},
Wtrealm = "https://cvservice.s-innovations.net",
MetadataAddress = "https://login.windows.net/802626c6-0f5c-4293-a8f5-198ecd481fe3/FederationMetadata/2007-06/FederationMetadata.xml"
});
app.Map("/login", OwinControllers.Login);
app.Map("/logout", OwinControllers.Logout);
app.Map("/signup", OwinControllers.Signup);
app.Map("/signup-callback", OwinControllers.SignupCallback);
app.Map("/api/getAuthorizationUri", OwinControllers.GetAuthorizationUri);
app.Map("/api/getUserInfo", OwinControllers.GetUserInfo);
app.Map("/api/getAccessToken", OwinControllers.GetAccessToken);
app.Map("/api/getStorageAccountInfo", OwinControllers.GetStorageAccountInfo);
app.Map("/api/getStorageAccounts", OwinControllers.GetStorageAccounts);
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie);
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
CookieName = "Dragon.SecurityServer.Demo",
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
AuthenticationMode = AuthenticationMode.Passive,
});
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
MetadataAddress = FederatedAuthentication.WSFederationAuthenticationModule.Issuer + "federationmetadata/2007-06/federationmetadata.xml",
Wtrealm = FederatedAuthentication.WSFederationAuthenticationModule.Realm,
TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = new[] { ConfigurationManager.AppSettings["WtRealm"], ConfigurationManager.AppSettings["WtRealm"].ToLower() },
ValidIssuer = ConfigurationManager.AppSettings["ValidIssuer"],
}
});
}
public static void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var google = new GoogleOAuth2AuthenticationOptions
{
AuthenticationType = "Google",
Caption = "Google",
SignInAsAuthenticationType = signInAsType,
ClientId = "767400843187-8boio83mb57ruogr9af9ut09fkg56b27.apps.googleusercontent.com",
ClientSecret = "5fWcBT0udKY7_b6E3gEiJlze"
};
app.UseGoogleAuthentication(google);
var fb = new FacebookAuthenticationOptions
{
AuthenticationType = "Facebook",
Caption = "Facebook",
SignInAsAuthenticationType = signInAsType,
AppId = "676607329068058",
AppSecret = "9d6ab75f921942e61fb43a9b1fc25c63"
};
app.UseFacebookAuthentication(fb);
var twitter = new TwitterAuthenticationOptions
{
AuthenticationType = "Twitter",
Caption = "Twitter",
SignInAsAuthenticationType = signInAsType,
ConsumerKey = "N8r8w7PIepwtZZwtH066kMlmq",
ConsumerSecret = "df15L2x6kNI50E4PYcHS0ImBQlcGIt6huET8gQN41VFpUCwNjM"
};
app.UseTwitterAuthentication(twitter);
var aad = new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "aad",
Caption = "Azure AD",
SignInAsAuthenticationType = signInAsType,
Authority = "https://login.windows.net/4ca9cb4c-5e5f-4be9-b700-c532992a3705",
ClientId = "65bbbda8-8b85-4c9d-81e9-1502330aacba",
RedirectUri = "https://localhost:44333/core/aadcb"
};
app.UseOpenIdConnectAuthentication(aad);
var adfs = new WsFederationAuthenticationOptions
{
AuthenticationType = "adfs",
Caption = "ADFS",
SignInAsAuthenticationType = signInAsType,
CallbackPath = new PathString("/core/adfs"),
MetadataAddress = "https://adfs.leastprivilege.vm/federationmetadata/2007-06/federationmetadata.xml",
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(adfs);
var was = new WsFederationAuthenticationOptions
{
AuthenticationType = "was",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
CallbackPath = new PathString("/core/was"),
MetadataAddress = "https://localhost:44350",
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(was);
}
public void Configuration(IAppBuilder app)
{
app.UseAbp();
app.RegisterDataProtectionProvider();
app.UseOAuthBearerAuthentication(AccountController.OAuthBearerOptions);
//使应用程序可以使用 Cookie 来存储已登录用户的信息
//UseCookieAuthentication方法告诉ASP.NET Identity如何用Cookie去标识已认证的用户,
// 以及通过CookieAuthenticationOptions类指定的选项在哪儿。
// 这里重要的部分是LoginPath属性,它指定了一个URL,这是未认证客户端请求内容时要重定向的地址。
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
//Use a cookie to temporarily store information about a user logging in with a third party login provider
//使应用程序可以使用cookie方式来存储第三方认证的信息
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
//土牛:You can remove these lines if you don't like to use two factor auth (while it has no problem if you don't remove)
//使应用程序能够临时存储时,他们正在核实在双因素身份验证过程的第二个因素用户信息。
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
//使应用程序能够记住第二次登录验证的因素,如电话或电子邮件。
//一旦选中此选项,在登录过程中验证的第二个步骤将是你从登录的设备记住。
//这是类似的,当你登录了rememberMe选项。
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
if (IsTrue("ExternalAuth.Facebook.IsEnabled"))
{
app.UseFacebookAuthentication(CreateFacebookAuthOptions());
}
if (IsTrue("ExternalAuth.Twitter.IsEnabled"))
{
app.UseTwitterAuthentication(CreateTwitterAuthOptions());
}
if (IsTrue("ExternalAuth.Google.IsEnabled"))
{
app.UseGoogleAuthentication(CreateGoogleAuthOptions());
}
if (IsTrue("ExternalAuth.WsFederation.IsEnabled"))
{
app.UseWsFederationAuthentication(CreateWsFederationAuthOptions());
}
if (IsTrue("ExternalAuth.OpenId.IsEnabled"))
{
app.UseOpenIdConnectAuthentication(CreateOpenIdOptions());
}
app.MapSignalR();
//Enable it to use HangFire dashboard (uncomment only if it's enabled in AbpZeroTemplateWebModule)
//app.UseHangfireDashboard("/hangfire", new DashboardOptions
//{
// Authorization = new[] { new AbpHangfireAuthorizationFilter(AppPermissions.Pages_Administration_HangfireDashboard) }
//});
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app, Container container)
{
DataProtectionProvider = app.GetDataProtectionProvider();
// Configure the db context, user manager and signin manager to use a single instance per request
// app.CreatePerOwinContext(ApplicationDbContext.Create);
// app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
//app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = "Dragon.SecurityServer.PermissionSTS",
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromMinutes(1),
SlidingExpiration = false,
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, AppMember>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
AuthenticationType = "securityserver",
Wreply = ConfigurationManager.AppSettings["SecurityTokenServiceEndpointUrl"],
Wtrealm = ConfigurationManager.AppSettings["WtRealm"],
MetadataAddress = ConfigurationManager.AppSettings["WsFederationEndpointUrl"] + "/FederationMetadata/2007-06/FederationMetadata.xml",
TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = new[] { ConfigurationManager.AppSettings["WtRealm"], ConfigurationManager.AppSettings["WtRealm"].ToLower() },
ValidIssuer = ConfigurationManager.AppSettings["ValidIssuer"]
},
UseTokenLifetime = false, // use cookie expiration time
Notifications = new WsFederationAuthenticationNotifications()
{
RedirectToIdentityProvider = (ctx) =>
{
//To avoid a redirect loop to the federation server send 403 when user is authenticated but does not have access
if (ctx.OwinContext.Response.StatusCode == 401 && ctx.OwinContext.Authentication.User.Identity.IsAuthenticated)
{
ctx.OwinContext.Response.StatusCode = 403;
ctx.HandleResponse();
}
// forward parameters from the client or previous STS'e
var parameterDictionary = new Dictionary<string, string>
{
{"serviceid", ""},
{"appid", ""},
{"userid", ""},
};
var parameters = new List<string> { "action", "data", "serviceid", "appid", "userid" };
foreach (var parameter in parameters)
{
var value = ctx.Request.Query[parameter];
if (value == null) continue;
ctx.ProtocolMessage.SetParameter(parameter, value);
parameterDictionary[parameter] = value;
}
var hmacParameters = HmacHelper.CreateHmacRequestParametersFromConfig(parameterDictionary, Consts.ProfileHmacSettingsPrefix);
foreach (var parameter in hmacParameters)
{
ctx.ProtocolMessage.SetParameter(parameter.Key, parameter.Value);
}
return Task.FromResult(0);
},
SecurityTokenValidated = (ctx) =>
{
var result = ctx.AuthenticationTicket;
if (result != null)
{
ctx.OwinContext.Authentication.SignOut("ExternalCookie");
var claims = result.Identity.Claims.ToList();
claims.Add(new Claim(ClaimTypes.AuthenticationMethod, "External Account"));
var ci = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
ctx.OwinContext.Authentication.SignIn(ci);
}
// var redirectUri = new Uri(ctx.AuthenticationTicket.Properties.RedirectUri, UriKind.RelativeOrAbsolute);
// var queryString = HttpUtility.ParseQueryString(redirectUri.Query);
// ctx.AuthenticationTicket.Properties.RedirectUri = queryString["wreply"];
return Task.FromResult(0);
}
}
}
);
app.UseStageMarker(PipelineStage.Authenticate);
/*
//Remap logout to a federated logout
app.Map(LogoutUrl, map =>
{
map.Run(ctx =>
{
ctx.Authentication.SignOut();
return Task.FromResult(0);
});
});
//Tell antiforgery to use the name claim
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Name;
*/
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
}
public void Configuration(IAppBuilder app)
{
var logger = app.CreateLogger("Katana.Sandbox.WebServer");
logger.WriteInformation("Application Started");
app.Use(async (context, next) =>
{
context.Get<TextWriter>("host.TraceOutput").WriteLine("{0} {1}{2}", context.Request.Method, context.Request.PathBase, context.Request.Path);
await next();
context.Get<TextWriter>("host.TraceOutput").WriteLine("{0} {1}{2}", context.Response.StatusCode, context.Request.PathBase, context.Request.Path);
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Federation",
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive, // or active
CallbackPath = new PathString("/signin-wsfed"), // optional constraint
Wtrealm = "http://Katana.Sandbox.WebServer",
MetadataAddress = "https://login.windows.net/cdc690f9-b6b8-4023-813a-bae7143d1f87/FederationMetadata/2007-06/FederationMetadata.xml",
Notifications = new WsFederationAuthenticationNotifications()
{
RedirectToIdentityProvider = new Func<RedirectToIdentityProviderNotification<WsFederationMessage>, Task>(context =>
{
context.ProtocolMessage.Wctx += "&foo=bar";
return Task.FromResult(0);
}),
},
});
/*
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Application",
AuthenticationMode = AuthenticationMode.Passive,
LoginPath = new PathString("/Login"),
LogoutPath = new PathString("/Logout"),
});
app.SetDefaultSignInAsAuthenticationType("External");
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "External",
AuthenticationMode = AuthenticationMode.Passive,
CookieName = CookieAuthenticationDefaults.CookiePrefix + "External",
ExpireTimeSpan = TimeSpan.FromMinutes(5),
});
app.UseFacebookAuthentication(new FacebookAuthenticationOptions
{
AppId = "615948391767418",
AppSecret = "c9b1fa6b68db835890ce469e0d98157f",
// Scope = "email user_birthday user_website"
});
app.UseGoogleAuthentication(clientId: "41249762691.apps.googleusercontent.com", clientSecret: "oDWPQ6e09MN5brDBDAnS_vd9");
app.UseTwitterAuthentication("6XaCTaLbMqfj6ww3zvZ5g", "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI");
app.UseMicrosoftAccountAuthentication("000000004C0EA787", "QZde5m5HHZPxdieV0lOy7bBVTbVqR9Ju");
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
});
// CORS support
app.Use(async (context, next) =>
{
IOwinRequest req = context.Request;
IOwinResponse res = context.Response;
// for auth2 token requests, and web api requests
if (req.Path.StartsWithSegments(new PathString("/Token")) ||
req.Path.StartsWithSegments(new PathString("/api")))
{
// if there is an origin header
var origin = req.Headers.Get("Origin");
if (!string.IsNullOrEmpty(origin))
{
// allow the cross-site request
res.Headers.Set("Access-Control-Allow-Origin", origin);
}
// if this is pre-flight request
if (req.Method == "OPTIONS")
{
// respond immediately with allowed request methods and headers
res.StatusCode = 200;
res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", "GET", "POST");
res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", "authorization");
// no further processing
return;
}
}
// continue executing pipeline
await next();
});
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AuthorizeEndpointPath = new PathString("/Authorize"),
TokenEndpointPath = new PathString("/Token"),
ApplicationCanDisplayErrors = true,
#if DEBUG
AllowInsecureHttp = true,
#endif
Provider = new OAuthAuthorizationServerProvider
{
OnValidateClientRedirectUri = ValidateClientRedirectUri,
OnValidateClientAuthentication = ValidateClientAuthentication,
OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
},
AuthorizationCodeProvider = new AuthenticationTokenProvider
{
OnCreate = CreateAuthenticationCode,
OnReceive = ReceiveAuthenticationCode,
},
RefreshTokenProvider = new AuthenticationTokenProvider
{
OnCreate = CreateRefreshToken,
OnReceive = ReceiveRefreshToken,
}
});
*/
app.Map("/api", map => map.Run(async context =>
{
var response = context.Response;
var user = context.Authentication.User;
// var result = await context.Authentication.AuthenticateAsync("Federation");
if (user == null || user.Identity == null || !user.Identity.IsAuthenticated)
{
context.Authentication.Challenge("Federation");
return;
}
var identity = user.Identities.First();
// var properties = result.Properties.Dictionary;
response.ContentType = "application/json";
response.Write("{\"Details\":[");
foreach (var claim in identity.Claims)
{
response.Write("{\"Name\":\"");
response.Write(claim.Type);
response.Write("\",\"Value\":\"");
response.Write(claim.Value);
response.Write("\",\"Issuer\":\"");
response.Write(claim.Issuer);
response.Write("\"},"); // TODO: No comma on the last one
}
response.Write("],\"Properties\":[");
/*
foreach (var pair in properties)
{
response.Write("{\"Name\":\"");
response.Write(pair.Key);
response.Write("\",\"Value\":\"");
response.Write(pair.Value);
response.Write("\"},"); // TODO: No comma on the last one
}*/
response.Write("]}");
}));
}
public void WsFederationAuthenticationConfiguration(IAppBuilder app)
{
app.UseStaticFiles();
app.UseAuthSignInCookie();
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
Wtrealm = "http://Automation1",
MetadataAddress = "https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/federationmetadata/2007-06/federationmetadata.xml",
BackchannelHttpHandler = new WaadMetadataDocumentHandler(),
StateDataFormat = new CustomStateDataFormat(),
Notifications = new WsFederationAuthenticationNotifications()
{
MessageReceived = notification =>
{
Assert.True(notification.ProtocolMessage.Wctx.EndsWith("&mystate=customValue"), "wctx is not ending with &mystate=customValue");
notification.ProtocolMessage.Wctx = notification.ProtocolMessage.Wctx.Replace("&mystate=customValue", string.Empty);
notification.OwinContext.Set<bool>("MessageReceived", true);
return Task.FromResult(0);
},
RedirectToIdentityProvider = notification =>
{
if (notification.ProtocolMessage.IsSignInMessage)
{
//Sign in message
notification.ProtocolMessage.Wreply = notification.Request.Uri.AbsoluteUri + "signin-wsfed";
notification.ProtocolMessage.Wctx += "&mystate=customValue";
}
return Task.FromResult(0);
},
SecurityTokenReceived = notification =>
{
notification.OwinContext.Set<bool>("SecurityTokenReceived", true);
return Task.FromResult(0);
},
SecurityTokenValidated = notification =>
{
var context = notification.AuthenticationTicket;
Assert.True(notification.OwinContext.Get<bool>("MessageReceived"), "MessageReceived notification not invoked");
Assert.True(notification.OwinContext.Get<bool>("SecurityTokenReceived"), "SecurityTokenReceived notification not invoked");
if (context.Identity != null)
{
context.Identity.AddClaim(new Claim("ReturnEndpoint", "true"));
context.Identity.AddClaim(new Claim("Authenticated", "true"));
context.Identity.AddClaim(new Claim(context.Identity.RoleClaimType, "Guest", ClaimValueTypes.String));
}
return Task.FromResult(0);
},
AuthenticationFailed = notification =>
{
//Change the request url to something different and skip Wsfed. This new url will handle the request and let us know if this notification was invoked.
notification.OwinContext.Request.Path = new PathString("/AuthenticationFailed");
notification.SkipToNextMiddleware();
return Task.FromResult(0);
}
}
});
app.Map("/Logout", subApp =>
{
subApp.Run(async context =>
{
if (context.Authentication.User.Identity.IsAuthenticated)
{
var authProperties = new AuthenticationProperties() { RedirectUri = context.Request.Uri.AbsoluteUri };
context.Authentication.SignOut(authProperties, WsFederationAuthenticationDefaults.AuthenticationType);
await context.Response.WriteAsync("Signing out...");
}
else
{
await context.Response.WriteAsync("SignedOut");
}
});
});
app.Map("/AuthenticationFailed", subApp =>
{
subApp.Run(async context =>
{
await context.Response.WriteAsync("AuthenticationFailed");
});
});
app.Map("/signout-wsfed", subApp =>
{
subApp.Run(async context =>
{
await context.Response.WriteAsync("signout-wsfed");
});
});
#region Utilities to set the metadata xml.
app.Map("/metadata", subApp =>
{
subApp.Run(async context =>
{
if (context.Request.Method == "POST")
{
var formParameters = await context.Request.ReadFormAsync();
metadataXml = formParameters.GetValues("metadata")[0];
await context.Response.WriteAsync("Received metadata");
}
else
{
context.Response.ContentType = "text/xml";
await context.Response.WriteAsync(metadataXml);
}
});
});
#endregion
app.UseExternalApplication(WsFederationAuthenticationDefaults.AuthenticationType);
}
public void Configuration(IAppBuilder app)
{
// Registers the Kentico.Membership identity implementation
app.CreatePerOwinContext(() => UserManager.Initialize(app, new UserManager(new UserStore(SiteContext.CurrentSiteName))));
app.CreatePerOwinContext <SignInManager>(SignInManager.Create);
// Configures the authentication cookie
UrlHelper urlHelper = new UrlHelper(HttpContext.Current.Request.RequestContext);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
// Fill in the name of your sign-in action and controller
LoginPath = new PathString(urlHelper.Action("SignIn", "Account")),
Provider = new CookieAuthenticationProvider
{
// Sets the return URL for the sign-in page redirect (fill in the name of your sign-in action and controller)
OnApplyRedirect = context => context.Response.Redirect(urlHelper.Action("SignIn", "Account")
+ new Uri(context.RedirectUri).Query)
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Registers a WS-Federation authentication service
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
// Set any properties required by your authentication service
MetadataAddress = "placeholder", // Fill in the address of your service's WS-Federation metadata
Wtrealm = "",
// When using external services, Passive authentication mode may help avoid redirect loops for 401 responses
AuthenticationMode = AuthenticationMode.Passive
});
// Registers an OpenID Connect authentication service
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// Set any properties required by your authentication service
ClientId = "placeholder",
ClientSecret = "placeholder",
Authority = "placeholder",
AuthenticationMode = AuthenticationMode.Passive
});
// Registers the Facebook authentication service
app.UseFacebookAuthentication(
new FacebookAuthenticationOptions
{
// Fill in the application ID and secret of your Facebook authentication application
AppId = "placeholder",
AppSecret = "placeholder"
});
// Registers the Google authentication service
app.UseGoogleAuthentication(
new GoogleOAuth2AuthenticationOptions
{
// Fill in the client ID and secret of your Google authentication application
ClientId = "placeholder",
ClientSecret = "placeholder"
});
}
public void Configuration(IAppBuilder app)
{
var logger = app.CreateLogger("Katana.Sandbox.WebServer");
logger.WriteInformation("Application Started");
app.Use(async (context, next) =>
{
context.Get<TextWriter>("host.TraceOutput").WriteLine("{0} {1}{2}", context.Request.Method, context.Request.PathBase, context.Request.Path);
await next();
context.Get<TextWriter>("host.TraceOutput").WriteLine("{0} {1}{2}", context.Response.StatusCode, context.Request.PathBase, context.Request.Path);
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Application",
// LoginPath = new PathString("/Account/Login"),
});
app.SetDefaultSignInAsAuthenticationType("External");
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "External",
AuthenticationMode = AuthenticationMode.Active,
CookieName = CookieAuthenticationDefaults.CookiePrefix + "External",
ExpireTimeSpan = TimeSpan.FromMinutes(5),
});
app.UseFacebookAuthentication(new FacebookAuthenticationOptions
{
AppId = "454990987951096",
AppSecret = "ca7cbddf944f91f23c1ed776f265478e",
// Scope = "email user_birthday user_website"
});
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
{
ClientId = "1033034290282-6h0n78feiepoltpqkmsrqh1ngmeh4co7.apps.googleusercontent.com",
ClientSecret = "6l7lHh-B0_awzoTrlTGWh7km",
});
app.UseTwitterAuthentication("6XaCTaLbMqfj6ww3zvZ5g", "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI");
app.UseMicrosoftAccountAuthentication("000000004C0EA787", "QZde5m5HHZPxdieV0lOy7bBVTbVqR9Ju");
// app.UseAspNetAuthSession();
/*
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
SessionStore = new InMemoryAuthSessionStore()
});
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
*/
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
Wtrealm = "http://Katana.Sandbox.WebServer",
MetadataAddress = "https://login.windows.net/cdc690f9-b6b8-4023-813a-bae7143d1f87/FederationMetadata/2007-06/FederationMetadata.xml",
});
/*
app.UseOpenIdConnectAuthentication(new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions()
{
// Change vdir to http://localhost:63786/
// User [email protected]
Authority = "https://login.windows-ppe.net/adale2etenant1.ccsctp.net",
ClientId = "a81cf7a1-5a2d-4382-9f4b-0fa91a8992dc",
});
*/
/*
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
});
// CORS support
app.Use(async (context, next) =>
{
IOwinRequest req = context.Request;
IOwinResponse res = context.Response;
// for auth2 token requests, and web api requests
if (req.Path.StartsWithSegments(new PathString("/Token")) ||
req.Path.StartsWithSegments(new PathString("/api")))
{
// if there is an origin header
var origin = req.Headers.Get("Origin");
if (!string.IsNullOrEmpty(origin))
{
// allow the cross-site request
res.Headers.Set("Access-Control-Allow-Origin", origin);
}
// if this is pre-flight request
if (req.Method == "OPTIONS")
{
// respond immediately with allowed request methods and headers
res.StatusCode = 200;
res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", "GET", "POST");
res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", "authorization");
// no further processing
return;
}
}
// continue executing pipeline
await next();
});
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AuthorizeEndpointPath = new PathString("/Authorize"),
TokenEndpointPath = new PathString("/Token"),
ApplicationCanDisplayErrors = true,
#if DEBUG
AllowInsecureHttp = true,
#endif
Provider = new OAuthAuthorizationServerProvider
{
OnValidateClientRedirectUri = ValidateClientRedirectUri,
OnValidateClientAuthentication = ValidateClientAuthentication,
OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
},
AuthorizationCodeProvider = new AuthenticationTokenProvider
{
OnCreate = CreateAuthenticationCode,
OnReceive = ReceiveAuthenticationCode,
},
RefreshTokenProvider = new AuthenticationTokenProvider
{
OnCreate = CreateRefreshToken,
OnReceive = ReceiveRefreshToken,
}
});
/*
app.Map("/Account/Login", map =>
{
map.Run(context =>
{
// context.Authentication.Challenge("Google");
return Task.FromResult(0);
});
});
*/
app.Use((context, next) =>
{
var user = context.Authentication.User;
if (user == null || user.Identity == null || !user.Identity.IsAuthenticated)
{
context.Authentication.Challenge();
return Task.FromResult(0);
}
return next();
});
app.Run(async context =>
{
var response = context.Response;
var user = context.Authentication.User;
var identity = user.Identities.First();
// var properties = result.Properties.Dictionary;
response.ContentType = "application/json";
response.Write("{\"Details\":[");
foreach (var claim in identity.Claims)
{
response.Write("{\"Name\":\"");
response.Write(claim.Type);
response.Write("\",\"Value\":\"");
response.Write(claim.Value);
response.Write("\",\"Issuer\":\"");
response.Write(claim.Issuer);
response.Write("\"},"); // TODO: No comma on the last one
}
response.Write("],\"Properties\":[");
/*
foreach (var pair in properties)
{
response.Write("{\"Name\":\"");
response.Write(pair.Key);
response.Write("\",\"Value\":\"");
response.Write(pair.Value);
response.Write("\"},"); // TODO: No comma on the last one
}*/
response.Write("]}");
});
}
public void Configuration(IAppBuilder app)
{
//Enable cookie authentication, used to store the claims between requests
app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType,
//CookieManager = new SystemWebCookieManager()
});
//Enable federated authentication
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
//Trusted URL to federation server meta data
MetadataAddress = adfsMetadata,
//Value of Wtreal must *exactly* match what is configured in the federation server
Wtrealm = realm,
//CallbackPath = new PathString("/SSO/LoginCallBack.aspx"),
Notifications = new WsFederationAuthenticationNotifications()
{
RedirectToIdentityProvider = (ctx) =>
{
//To avoid a redirect loop to the federation server send 403 when user is authenticated but does not have access
if (ctx.OwinContext.Response.StatusCode == 401 && ctx.OwinContext.Authentication.User.Identity.IsAuthenticated)
{
ctx.OwinContext.Response.StatusCode = 403;
ctx.HandleResponse();
}
return(Task.FromResult(0));
},
SecurityTokenValidated = (ctx) =>
{
//Ignore scheme/host name in redirect Uri to make sure a redirect to HTTPS does not redirect back to HTTP
var redirectUri = new Uri(ctx.AuthenticationTicket.Properties.RedirectUri, UriKind.RelativeOrAbsolute);
var userName = ctx.AuthenticationTicket.Identity.Claims.FirstOrDefault(p => p.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress").Value;
var roles = ctx.AuthenticationTicket.Identity.Claims.Where(p => p.Type == "https://adfs.bisnode.com/customclaims/groups").Select(p => p.Value);
if (redirectUri.IsAbsoluteUri)
{
ctx.AuthenticationTicket.Properties.RedirectUri = redirectUri.PathAndQuery;//"https://bisnodeintranet.local/SSO/LoginCallBack.aspx?userName="******"&roles=" + string.Join(",", roles) + "&ReturnUrl=" + redirectUri.PathAndQuery;// redirectUri.PathAndQuery;
}
AuthenticateUser(userName, roles);
return(Task.FromResult(0));
}
}
});
//Add stage marker to make sure WsFederation runs on Authenticate (before URL Authorization and virtual roles)
app.UseStageMarker(PipelineStage.Authenticate);
//Remap logout to a federated logout
app.Map(LogoutUrl, map =>
{
map.Run(ctx =>
{
ctx.Authentication.SignOut();
return(Task.FromResult(0));
});
});
//Tell antiforgery to use the name claim
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Name;
}
public void Configuration(IAppBuilder app)
{
var logger = app.CreateLogger("Katana.Sandbox.WebServer");
logger.WriteInformation("Application Started");
app.Use(async(context, next) =>
{
context.Get <TextWriter>("host.TraceOutput").WriteLine("{0} {1}{2}", context.Request.Method, context.Request.PathBase, context.Request.Path);
await next();
context.Get <TextWriter>("host.TraceOutput").WriteLine("{0} {1}{2}", context.Response.StatusCode, context.Request.PathBase, context.Request.Path);
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Application",
// LoginPath = new PathString("/Account/Login"),
});
app.SetDefaultSignInAsAuthenticationType("External");
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "External",
AuthenticationMode = AuthenticationMode.Active,
CookieName = CookieAuthenticationDefaults.CookiePrefix + "External",
ExpireTimeSpan = TimeSpan.FromMinutes(5),
});
app.UseFacebookAuthentication(new FacebookAuthenticationOptions
{
AppId = "454990987951096",
AppSecret = "ca7cbddf944f91f23c1ed776f265478e",
// Scope = "email user_birthday user_website"
});
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
{
ClientId = "1033034290282-6h0n78feiepoltpqkmsrqh1ngmeh4co7.apps.googleusercontent.com",
ClientSecret = "6l7lHh-B0_awzoTrlTGWh7km",
});
app.UseTwitterAuthentication("6XaCTaLbMqfj6ww3zvZ5g", "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI");
app.UseMicrosoftAccountAuthentication("000000004C0EA787", "QZde5m5HHZPxdieV0lOy7bBVTbVqR9Ju");
// app.UseAspNetAuthSession();
/*
* app.UseCookieAuthentication(new CookieAuthenticationOptions()
* {
* SessionStore = new InMemoryAuthSessionStore()
* });
* app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
*/
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
Wtrealm = "http://Katana.Sandbox.WebServer",
MetadataAddress = "https://login.windows.net/cdc690f9-b6b8-4023-813a-bae7143d1f87/FederationMetadata/2007-06/FederationMetadata.xml",
});
/*
* app.UseOpenIdConnectAuthentication(new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions()
* {
* // Change vdir to http://localhost:63786/
* // User [email protected]
* Authority = "https://login.windows-ppe.net/adale2etenant1.ccsctp.net",
* ClientId = "a81cf7a1-5a2d-4382-9f4b-0fa91a8992dc",
* });
*/
/*
* app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
* {
* });
*
* // CORS support
* app.Use(async (context, next) =>
* {
* IOwinRequest req = context.Request;
* IOwinResponse res = context.Response;
* // for auth2 token requests, and web api requests
* if (req.Path.StartsWithSegments(new PathString("/Token")) ||
* req.Path.StartsWithSegments(new PathString("/api")))
* {
* // if there is an origin header
* var origin = req.Headers.Get("Origin");
* if (!string.IsNullOrEmpty(origin))
* {
* // allow the cross-site request
* res.Headers.Set("Access-Control-Allow-Origin", origin);
* }
*
* // if this is pre-flight request
* if (req.Method == "OPTIONS")
* {
* // respond immediately with allowed request methods and headers
* res.StatusCode = 200;
* res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", "GET", "POST");
* res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", "authorization");
* // no further processing
* return;
* }
* }
* // continue executing pipeline
* await next();
* });
*
* app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
* {
* AuthorizeEndpointPath = new PathString("/Authorize"),
* TokenEndpointPath = new PathString("/Token"),
* ApplicationCanDisplayErrors = true,
#if DEBUG
* AllowInsecureHttp = true,
#endif
* Provider = new OAuthAuthorizationServerProvider
* {
* OnValidateClientRedirectUri = ValidateClientRedirectUri,
* OnValidateClientAuthentication = ValidateClientAuthentication,
* OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
* },
* AuthorizationCodeProvider = new AuthenticationTokenProvider
* {
* OnCreate = CreateAuthenticationCode,
* OnReceive = ReceiveAuthenticationCode,
* },
* RefreshTokenProvider = new AuthenticationTokenProvider
* {
* OnCreate = CreateRefreshToken,
* OnReceive = ReceiveRefreshToken,
* }
* });
* /*
* app.Map("/Account/Login", map =>
* {
* map.Run(context =>
* {
* // context.Authentication.Challenge("Google");
* return Task.FromResult(0);
* });
* });
*/
app.Use((context, next) =>
{
var user = context.Authentication.User;
if (user == null || user.Identity == null || !user.Identity.IsAuthenticated)
{
context.Authentication.Challenge();
return(Task.FromResult(0));
}
return(next());
});
app.Run(async context =>
{
var response = context.Response;
var user = context.Authentication.User;
var identity = user.Identities.First();
// var properties = result.Properties.Dictionary;
response.ContentType = "application/json";
response.Write("{\"Details\":[");
foreach (var claim in identity.Claims)
{
response.Write("{\"Name\":\"");
response.Write(claim.Type);
response.Write("\",\"Value\":\"");
response.Write(claim.Value);
response.Write("\",\"Issuer\":\"");
response.Write(claim.Issuer);
response.Write("\"},"); // TODO: No comma on the last one
}
response.Write("],\"Properties\":[");
/*
* foreach (var pair in properties)
* {
* response.Write("{\"Name\":\"");
* response.Write(pair.Key);
* response.Write("\",\"Value\":\"");
* response.Write(pair.Value);
* response.Write("\"},"); // TODO: No comma on the last one
* }*/
response.Write("]}");
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = realm,
MetadataAddress = adfsMetadata,
//custom code below to respond to notifications
Notifications = new WsFederationAuthenticationNotifications
{
AuthenticationFailed = context =>
{
return Task.FromResult(0);
},
MessageReceived = context =>
{
return Task.FromResult(0);
},
RedirectToIdentityProvider = context =>
{
return Task.FromResult(0);
},
SecurityTokenReceived = context =>
{
return Task.FromResult(0);
},
SecurityTokenValidated = context =>
{
// Is this the point I can connect this authenticated user to the Identity database (roles) ?
/*
context.AuthenticationTicket.Identity.AddClaim(
new Claim(ClaimTypes.Role, "ModelEditorRole")
);
context.AuthenticationTicket.Identity.AddClaim(
new Claim(ClaimTypes.Role, "SomeOtherRole")
);
*/
string accountName = "";
string accountEmail = "";
foreach (var claim in context.AuthenticationTicket.Identity.Claims)
{
// instead of using "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
// use enum
if (claim.Type == ClaimTypes.Upn)
{
accountName = claim.Value;
//do something? Connect to ASP.NET Identity database?
// Can we "log in" an account in asp.net identity matching the user identity
// e.g. [email protected]?
// or do we add the account into the identity database, and only use to query roles
// from the identity database ?
// mainly, we want the current principal to pass an
// [Authorize roles("roleX")] test
// how about context.AuthenticationTicket.Identity.AddClaim() ?
}
else if (claim.Type == ClaimTypes.Email)
{
accountEmail = claim.Value;
}
else if (claim.Type == ClaimTypes.Role)
{ // these would be roles coming from Active Directory, not the Identity database
string roleName = claim.Value;
}
}
var db = new ApplicationDbContext();
//Add the user if necessary
var user = (from u in db.Users
where u.UserName.ToLower() == accountName.ToLower()
select u).FirstOrDefault();
//get the users roles and add to the claims
if (user == null)
{
var um = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(db));
var adminUser = new ApplicationUser()
{
UserName = accountName,
Email = accountEmail
};
var ir = um.Create(adminUser, "placeholder#123X"); // not sure how I feel about this... does it need a password?
}
var userRoles = (from u in db.Users
from ur in u.Roles
join r in db.Roles on ur.RoleId equals r.Id
where u.UserName.ToLower() == accountName.ToLower()
select new
{
RoleName = r.Name
}).ToList();
foreach (var role in userRoles)
{
context.AuthenticationTicket.Identity.AddClaim(
new Claim(ClaimTypes.Role, role.RoleName));
}
return Task.FromResult(0);
}
}
});
}
public static void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var google = new GoogleOAuth2AuthenticationOptions
{
AuthenticationType = "Google",
Caption = "Google",
SignInAsAuthenticationType = signInAsType,
ClientId = "767400843187-8boio83mb57ruogr9af9ut09fkg56b27.apps.googleusercontent.com",
ClientSecret = "5fWcBT0udKY7_b6E3gEiJlze"
};
app.UseGoogleAuthentication(google);
var fb = new FacebookAuthenticationOptions
{
AuthenticationType = "Facebook",
Caption = "Facebook",
SignInAsAuthenticationType = signInAsType,
AppId = "676607329068058",
AppSecret = "9d6ab75f921942e61fb43a9b1fc25c63"
};
app.UseFacebookAuthentication(fb);
var twitter = new TwitterAuthenticationOptions
{
AuthenticationType = "Twitter",
Caption = "Twitter",
SignInAsAuthenticationType = signInAsType,
ConsumerKey = "N8r8w7PIepwtZZwtH066kMlmq",
ConsumerSecret = "df15L2x6kNI50E4PYcHS0ImBQlcGIt6huET8gQN41VFpUCwNjM"
};
app.UseTwitterAuthentication(twitter);
var adfs = new WsFederationAuthenticationOptions
{
AuthenticationType = "adfs",
Caption = "ADFS",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "https://adfs.leastprivilege.vm/federationmetadata/2007-06/federationmetadata.xml",
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(adfs);
var aad = new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "aad",
Caption = "Azure AD",
SignInAsAuthenticationType = signInAsType,
Authority = "https://login.windows.net/4ca9cb4c-5e5f-4be9-b700-c532992a3705",
ClientId = "65bbbda8-8b85-4c9d-81e9-1502330aacba",
RedirectUri = "https://localhost:44333/core/aadcb"
};
app.UseOpenIdConnectAuthentication(aad);
}
public static void ConfigureAuth(IAppBuilder app)
{
var config = Config;
if (string.IsNullOrWhiteSpace(config.GenericAuthFailureMessage))
{
throw new ConfigurationErrorsException("Web configuration key \'authGenericAuthFailureMessage\' is missing or corrupted.");
}
LocalAuthEnabled = config.EnableLocalAuth;
GenericLoginFailureMessage = config.GenericAuthFailureMessage;
if (config.EnableOpenAuth)
{
if (config.EnableLocalAD)
{
if (string.IsNullOrWhiteSpace(config.LocalADGroup))
{
throw new ConfigurationErrorsException("Web configuration key \'authLocalADGroup\' is missing or corrupted.");
}
if (string.IsNullOrWhiteSpace(config.LocalADEmailDomain))
{
throw new ConfigurationErrorsException("Web configuration key \'authLocalADEmailDomain\' is missing or corrupted.");
}
LocalADGroup = config.LocalADGroup;
LocalADEmailDomain = config.LocalADEmailDomain;
app.UseLocalADAuthentication(new LocalADAuthenticationOptions
{
AuthenticationType = LocalADAuthenticationType,
AuthenticationMode = AuthenticationMode.Passive
});
}
if (config.EnableAzureAD)
{
if (string.IsNullOrWhiteSpace(config.AzureGroupId))
{
throw new ConfigurationErrorsException("Web configuration key \'authAzureGroupId\' is missing or corrupted.");
}
AzureADGroupId = config.AzureGroupId;
// Azure AD cookie
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
AuthenticationType = "Azure AD",
AuthenticationMode = AuthenticationMode.Passive,
MetadataAddress = string.Format(
"https://login.windows.net/{0}/federationmetadata/2007-06/federationmetadata.xml",
config.AzureAppTenant),
Wtrealm = config.WebAppURL
});
// client (JavaScript) token
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Passive,
#pragma warning disable 618
Audience = config.AzureAppClientID,
#pragma warning restore 618
Tenant = config.AzureAppTenant
});
}
if (config.EnableMS)
{
app.UseMicrosoftAccountAuthentication(new MicrosoftAccountAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Passive,
AuthenticationType = "Microsoft",
ClientId = config.MSAppClientID,
ClientSecret = config.MSAppClientSecret,
});
}
if (config.EnableGoogle)
{
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Passive,
AuthenticationType = "Google",
ClientId = config.GoogleAppClientID,
ClientSecret = config.GoogleAppClientSecret,
});
}
//app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
//app.UseWebApi(GlobalConfiguration.Configuration);
}
}
public void Configuration(IAppBuilder app)
{
var logger = app.CreateLogger("Katana.Sandbox.WebServer");
logger.WriteInformation("Application Started");
app.Use(async(context, next) =>
{
context.Get <TextWriter>("host.TraceOutput").WriteLine("{0} {1}{2}", context.Request.Method, context.Request.PathBase, context.Request.Path);
await next();
context.Get <TextWriter>("host.TraceOutput").WriteLine("{0} {1}{2}", context.Response.StatusCode, context.Request.PathBase, context.Request.Path);
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Federation",
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive, // or active
CallbackPath = new PathString("/signin-wsfed"), // optional constraint
Wtrealm = "http://Katana.Sandbox.WebServer",
MetadataAddress = "https://login.windows.net/cdc690f9-b6b8-4023-813a-bae7143d1f87/FederationMetadata/2007-06/FederationMetadata.xml",
Notifications = new WsFederationAuthenticationNotifications()
{
RedirectToIdentityProvider = new Func <RedirectToIdentityProviderNotification <WsFederationMessage>, Task>(context =>
{
context.ProtocolMessage.Wctx += "&foo=bar";
return(Task.FromResult(0));
}),
},
});
/*
* app.UseCookieAuthentication(new CookieAuthenticationOptions
* {
* AuthenticationType = "Application",
* AuthenticationMode = AuthenticationMode.Passive,
* LoginPath = new PathString("/Login"),
* LogoutPath = new PathString("/Logout"),
* });
*
* app.SetDefaultSignInAsAuthenticationType("External");
*
* app.UseCookieAuthentication(new CookieAuthenticationOptions
* {
* AuthenticationType = "External",
* AuthenticationMode = AuthenticationMode.Passive,
* CookieName = CookieAuthenticationDefaults.CookiePrefix + "External",
* ExpireTimeSpan = TimeSpan.FromMinutes(5),
* });
*
* app.UseFacebookAuthentication(new FacebookAuthenticationOptions
* {
* AppId = "615948391767418",
* AppSecret = "c9b1fa6b68db835890ce469e0d98157f",
* // Scope = "email user_birthday user_website"
* });
*
* app.UseGoogleAuthentication(clientId: "41249762691.apps.googleusercontent.com", clientSecret: "oDWPQ6e09MN5brDBDAnS_vd9");
*
* app.UseTwitterAuthentication("6XaCTaLbMqfj6ww3zvZ5g", "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI");
*
* app.UseMicrosoftAccountAuthentication("000000004C0EA787", "QZde5m5HHZPxdieV0lOy7bBVTbVqR9Ju");
*
* app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
* {
* });
*
* // CORS support
* app.Use(async (context, next) =>
* {
* IOwinRequest req = context.Request;
* IOwinResponse res = context.Response;
* // for auth2 token requests, and web api requests
* if (req.Path.StartsWithSegments(new PathString("/Token")) ||
* req.Path.StartsWithSegments(new PathString("/api")))
* {
* // if there is an origin header
* var origin = req.Headers.Get("Origin");
* if (!string.IsNullOrEmpty(origin))
* {
* // allow the cross-site request
* res.Headers.Set("Access-Control-Allow-Origin", origin);
* }
*
* // if this is pre-flight request
* if (req.Method == "OPTIONS")
* {
* // respond immediately with allowed request methods and headers
* res.StatusCode = 200;
* res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", "GET", "POST");
* res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", "authorization");
* // no further processing
* return;
* }
* }
* // continue executing pipeline
* await next();
* });
*
* app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
* {
* AuthorizeEndpointPath = new PathString("/Authorize"),
* TokenEndpointPath = new PathString("/Token"),
* ApplicationCanDisplayErrors = true,
#if DEBUG
* AllowInsecureHttp = true,
#endif
* Provider = new OAuthAuthorizationServerProvider
* {
* OnValidateClientRedirectUri = ValidateClientRedirectUri,
* OnValidateClientAuthentication = ValidateClientAuthentication,
* OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
* },
* AuthorizationCodeProvider = new AuthenticationTokenProvider
* {
* OnCreate = CreateAuthenticationCode,
* OnReceive = ReceiveAuthenticationCode,
* },
* RefreshTokenProvider = new AuthenticationTokenProvider
* {
* OnCreate = CreateRefreshToken,
* OnReceive = ReceiveRefreshToken,
* }
* });
*/
app.Map("/api", map => map.Run(async context =>
{
var response = context.Response;
var user = context.Authentication.User;
// var result = await context.Authentication.AuthenticateAsync("Federation");
if (user == null || user.Identity == null || !user.Identity.IsAuthenticated)
{
context.Authentication.Challenge("Federation");
return;
}
var identity = user.Identities.First();
// var properties = result.Properties.Dictionary;
response.ContentType = "application/json";
response.Write("{\"Details\":[");
foreach (var claim in identity.Claims)
{
response.Write("{\"Name\":\"");
response.Write(claim.Type);
response.Write("\",\"Value\":\"");
response.Write(claim.Value);
response.Write("\",\"Issuer\":\"");
response.Write(claim.Issuer);
response.Write("\"},"); // TODO: No comma on the last one
}
response.Write("],\"Properties\":[");
/*
* foreach (var pair in properties)
* {
* response.Write("{\"Name\":\"");
* response.Write(pair.Key);
* response.Write("\",\"Value\":\"");
* response.Write(pair.Value);
* response.Write("\"},"); // TODO: No comma on the last one
* }*/
response.Write("]}");
}));
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app, Container container)
{
DataProtectionProvider = app.GetDataProtectionProvider();
// Configure the db context, user manager and signin manager to use a single instance per request
// app.CreatePerOwinContext(ApplicationDbContext.Create);
// app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
//app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieName = "Dragon.SecurityServer.PermissionSTS",
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
ExpireTimeSpan = TimeSpan.FromMinutes(1),
SlidingExpiration = false,
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, AppMember>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
AuthenticationType = "securityserver",
Wreply = ConfigurationManager.AppSettings["SecurityTokenServiceEndpointUrl"],
Wtrealm = ConfigurationManager.AppSettings["WtRealm"],
MetadataAddress = ConfigurationManager.AppSettings["WsFederationEndpointUrl"] + "/FederationMetadata/2007-06/FederationMetadata.xml",
TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = new[] { ConfigurationManager.AppSettings["WtRealm"], ConfigurationManager.AppSettings["WtRealm"].ToLower() },
ValidIssuer = ConfigurationManager.AppSettings["ValidIssuer"]
},
UseTokenLifetime = false, // use cookie expiration time
Notifications = new WsFederationAuthenticationNotifications()
{
RedirectToIdentityProvider = (ctx) =>
{
//To avoid a redirect loop to the federation server send 403 when user is authenticated but does not have access
if (ctx.OwinContext.Response.StatusCode == 401 && ctx.OwinContext.Authentication.User.Identity.IsAuthenticated)
{
ctx.OwinContext.Response.StatusCode = 403;
ctx.HandleResponse();
}
// forward parameters from the client or previous STS'e
var parameterDictionary = new Dictionary <string, string>
{
{ "serviceid", "" },
{ "appid", "" },
{ "userid", "" },
};
var parameters = new List <string> {
"action", "data", "serviceid", "appid", "userid"
};
foreach (var parameter in parameters)
{
var value = ctx.Request.Query[parameter];
if (value == null)
{
continue;
}
ctx.ProtocolMessage.SetParameter(parameter, value);
parameterDictionary[parameter] = value;
}
var hmacParameters = HmacHelper.CreateHmacRequestParametersFromConfig(parameterDictionary, Consts.ProfileHmacSettingsPrefix);
foreach (var parameter in hmacParameters)
{
ctx.ProtocolMessage.SetParameter(parameter.Key, parameter.Value);
}
return(Task.FromResult(0));
},
SecurityTokenValidated = (ctx) =>
{
var result = ctx.AuthenticationTicket;
if (result != null)
{
ctx.OwinContext.Authentication.SignOut("ExternalCookie");
var claims = result.Identity.Claims.ToList();
claims.Add(new Claim(ClaimTypes.AuthenticationMethod, "External Account"));
var ci = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
ctx.OwinContext.Authentication.SignIn(ci);
}
// var redirectUri = new Uri(ctx.AuthenticationTicket.Properties.RedirectUri, UriKind.RelativeOrAbsolute);
// var queryString = HttpUtility.ParseQueryString(redirectUri.Query);
// ctx.AuthenticationTicket.Properties.RedirectUri = queryString["wreply"];
return(Task.FromResult(0));
}
}
}
);
app.UseStageMarker(PipelineStage.Authenticate);
/*
* //Remap logout to a federated logout
* app.Map(LogoutUrl, map =>
* {
* map.Run(ctx =>
* {
* ctx.Authentication.SignOut();
* return Task.FromResult(0);
* });
* });
*
* //Tell antiforgery to use the name claim
* AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Name;
*/
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
}
public void Configuration(IAppBuilder app)
{
//// Configure the db context and user manager to use a single instance per request
//app.CreatePerOwinContext(ApplicationDbContext.Create);
//app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
//app.UseCookieAuthentication(new CookieAuthenticationOptions { });
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
//app.UseOAuthImplicitAuthentication(new OAuthImplicitAuthenticationOptions
//{
// AuthorizeEndpoint = new Uri("https://pasteur/issue/oauth2/authorize"),
// ClientId = "testewebapi",
// ClientSecret = "7/Cp5O/kqBfTQT5aW0kMWomlfDm6rXOViH7lI5tYehU=",
// Scope = "https://localhost:44301/",
// RedirectUri = new Uri("https://localhost:44301/"),
// ResponseType = "code",
// Issuer = "https://pasteur",
// AllowedAudience = "https://localhost:44301/",
// SymmetricSigningKey = "c8wfH2hkyI0nJE6p4KjaqCOK4iVWSbNsPwKHnNVlVhw="
//});
app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType =
WsFederationAuthenticationDefaults.AuthenticationType
});
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
MetadataAddress = "https://pasteur/FederationMetadata/2007-06/FederationMetadata.xml",
Wtrealm = "https://localhost:44301/",
BackchannelCertificateValidator = new EmptyCertificateValidator(),
SecurityTokenHandlers = new System.IdentityModel.Tokens.SecurityTokenHandlerCollection{
new SoapJwtSecurityTokenHandler()
},
//TokenValidationParameters = new TokenValidationParameters
//{
// IssuerSigningToken = new BinarySecretSecurityToken(Convert.FromBase64String("c8wfH2hkyI0nJE6p4KjaqCOK4iVWSbNsPwKHnNVlVhw=")),
//},
Wreply = "https://localhost:44301/signin",
Notifications = new WsFederationAuthenticationNotifications
{
AuthenticationFailed = context =>
{
return Task.FromResult<object>(null);
},
MessageReceived = context =>
{
return Task.FromResult<object>(null);
},
RedirectToIdentityProvider = context =>
{
return Task.FromResult<object>(null);
},
SecurityTokenReceived = context =>
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(context.SecurityToken);
context.SecurityToken = doc.InnerText;
context.OwinContext.Request.Headers.Add("Token", new string[] { DecodeUtil.Base64Decode(doc.InnerText) });
return Task.FromResult<object>(null);
},
SecurityTokenValidated = context =>
{
context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim("urn:thinktecture:token", context.OwinContext.Request.Headers["Token"]));
return Task.FromResult<object>(null);
}
}
});
//app.UseOpenIdConnectAuthentication(
// new OpenIdConnectAuthenticationOptions
// {
// Client_Id = "TesteWebApi",
// Authority = "https://pasteur"
//});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Wtrealm = realm,
MetadataAddress = adfsMetadata,
//custom code below to respond to notifications
Notifications = new WsFederationAuthenticationNotifications
{
AuthenticationFailed = context =>
{
return(Task.FromResult(0));
},
MessageReceived = context =>
{
return(Task.FromResult(0));
},
RedirectToIdentityProvider = context =>
{
return(Task.FromResult(0));
},
SecurityTokenReceived = context =>
{
return(Task.FromResult(0));
},
SecurityTokenValidated = context =>
{
// Is this the point I can connect this authenticated user to the Identity database (roles) ?
/*
* context.AuthenticationTicket.Identity.AddClaim(
* new Claim(ClaimTypes.Role, "ModelEditorRole")
* );
* context.AuthenticationTicket.Identity.AddClaim(
* new Claim(ClaimTypes.Role, "SomeOtherRole")
* );
*/
string accountName = "";
string accountEmail = "";
foreach (var claim in context.AuthenticationTicket.Identity.Claims)
{
// instead of using "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"
// use enum
if (claim.Type == ClaimTypes.Upn)
{
accountName = claim.Value;
//do something? Connect to ASP.NET Identity database?
// Can we "log in" an account in asp.net identity matching the user identity
// e.g. [email protected]?
// or do we add the account into the identity database, and only use to query roles
// from the identity database ?
// mainly, we want the current principal to pass an
// [Authorize roles("roleX")] test
// how about context.AuthenticationTicket.Identity.AddClaim() ?
}
else if (claim.Type == ClaimTypes.Email)
{
accountEmail = claim.Value;
}
else if (claim.Type == ClaimTypes.Role)
{ // these would be roles coming from Active Directory, not the Identity database
string roleName = claim.Value;
}
}
var db = new ApplicationDbContext();
//Add the user if necessary
var user = (from u in db.Users
where u.UserName.ToLower() == accountName.ToLower()
select u).FirstOrDefault();
//get the users roles and add to the claims
if (user == null)
{
var um = new UserManager <ApplicationUser>(new UserStore <ApplicationUser>(db));
var adminUser = new ApplicationUser()
{
UserName = accountName,
Email = accountEmail
};
var ir = um.Create(adminUser, "placeholder#123X"); // not sure how I feel about this... does it need a password?
}
var userRoles = (from u in db.Users
from ur in u.Roles
join r in db.Roles on ur.RoleId equals r.Id
where u.UserName.ToLower() == accountName.ToLower()
select new
{
RoleName = r.Name
}).ToList();
foreach (var role in userRoles)
{
context.AuthenticationTicket.Identity.AddClaim(
new Claim(ClaimTypes.Role, role.RoleName));
}
return(Task.FromResult(0));
}
}
});
}
private static void ConfigureWsFederationServer(IAppBuilder app, string signInAsType)
{
var windowsAuthentication = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "https://localhost:44300/",
Wtrealm = "urn:win"
};
app.UseWsFederationAuthentication(windowsAuthentication);
}
public void Configuration(IAppBuilder app)
{
// Registers the Kentico.Membership identity implementation
app.CreatePerOwinContext(() => KenticoUserManager.Initialize(app, new KenticoUserManager(new KenticoUserStore(SiteContext.CurrentSiteName))));
app.CreatePerOwinContext <KenticoSignInManager>(KenticoSignInManager.Create);
// Configures the authentication cookie
UrlHelper urlHelper = new UrlHelper(HttpContext.Current.Request.RequestContext);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
// Fill in the name of your sign-in action and controller
LoginPath = new PathString(urlHelper.Action("SignIn", "Account")),
Provider = new CookieAuthenticationProvider
{
// Sets the return URL for the sign-in page redirect (fill in the name of your sign-in action and controller)
OnApplyRedirect = context => context.Response.Redirect(urlHelper.Action("SignIn", "Account")
+ new Uri(context.RedirectUri).Query)
}
});
// Registers the authentication cookie with the 'Essential' cookie level
// Ensures that the cookie is preserved when changing a visitor's allowed cookie level below 'Visitor'
CookieHelper.RegisterCookie(OWIN_COOKIE_PREFIX + DefaultAuthenticationTypes.ApplicationCookie, CookieLevel.Essential);
// Uses a cookie to temporarily store information about users signing in via external authentication services
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Registers a WS-Federation authentication service
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
// Set any properties required by your authentication service
MetadataAddress = "placeholder", // Fill in the address of your service's WS-Federation metadata
Wtrealm = "",
// When using external services, Passive authentication mode may help avoid redirect loops for 401 responses
AuthenticationMode = AuthenticationMode.Passive
});
// Registers an OpenID Connect authentication service
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
// Set any properties required by your authentication service
ClientId = "placeholder",
ClientSecret = "placeholder",
Authority = "https://placeholder",
AuthenticationMode = AuthenticationMode.Passive
});
// Registers the Facebook authentication service
app.UseFacebookAuthentication(
new FacebookAuthenticationOptions
{
// Fill in the application ID and secret of your Facebook authentication application
AppId = "placeholder",
AppSecret = "placeholder"
});
// Registers the Google authentication service
app.UseGoogleAuthentication(
new GoogleOAuth2AuthenticationOptions
{
// Fill in the client ID and secret of your Google authentication application
ClientId = "placeholder",
ClientSecret = "placeholder"
});
}
internal void WsFederationAuthenticationConfiguration(IAppBuilder app)
{
app.UseStaticFiles();
app.UseAuthSignInCookie();
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
Wtrealm = "http://Automation1",
MetadataAddress = "https://login.windows.net/4afbc689-805b-48cf-a24c-d4aa3248a248/federationmetadata/2007-06/federationmetadata.xml",
BackchannelHttpHandler = new WaadMetadataDocumentHandler(),
StateDataFormat = new CustomStateDataFormat(),
Notifications = new WsFederationAuthenticationNotifications()
{
MessageReceived = notification =>
{
Assert.True(notification.ProtocolMessage.Wctx.EndsWith("&mystate=customValue"), "wctx is not ending with &mystate=customValue");
notification.ProtocolMessage.Wctx = notification.ProtocolMessage.Wctx.Replace("&mystate=customValue", string.Empty);
notification.OwinContext.Set <bool>("MessageReceived", true);
return(Task.FromResult(0));
},
RedirectToIdentityProvider = notification =>
{
if (notification.ProtocolMessage.IsSignInMessage)
{
//Sign in message
notification.ProtocolMessage.Wreply = notification.Request.Uri.AbsoluteUri + "signin-wsfed";
notification.ProtocolMessage.Wctx += "&mystate=customValue";
}
return(Task.FromResult(0));
},
SecurityTokenReceived = notification =>
{
notification.OwinContext.Set <bool>("SecurityTokenReceived", true);
return(Task.FromResult(0));
},
SecurityTokenValidated = notification =>
{
var context = notification.AuthenticationTicket;
Assert.True(notification.OwinContext.Get <bool>("MessageReceived"), "MessageReceived notification not invoked");
Assert.True(notification.OwinContext.Get <bool>("SecurityTokenReceived"), "SecurityTokenReceived notification not invoked");
if (context.Identity != null)
{
context.Identity.AddClaim(new Claim("ReturnEndpoint", "true"));
context.Identity.AddClaim(new Claim("Authenticated", "true"));
context.Identity.AddClaim(new Claim(context.Identity.RoleClaimType, "Guest", ClaimValueTypes.String));
}
return(Task.FromResult(0));
},
AuthenticationFailed = notification =>
{
//Change the request url to something different and skip Wsfed. This new url will handle the request and let us know if this notification was invoked.
notification.OwinContext.Request.Path = new PathString("/AuthenticationFailed");
notification.SkipToNextMiddleware();
return(Task.FromResult(0));
}
}
});
app.Map("/Logout", subApp =>
{
subApp.Run(async context =>
{
if (context.Authentication.User.Identity.IsAuthenticated)
{
var authProperties = new AuthenticationProperties()
{
RedirectUri = context.Request.Uri.AbsoluteUri
};
context.Authentication.SignOut(authProperties, WsFederationAuthenticationDefaults.AuthenticationType);
await context.Response.WriteAsync("Signing out...");
}
else
{
await context.Response.WriteAsync("SignedOut");
}
});
});
app.Map("/AuthenticationFailed", subApp =>
{
subApp.Run(async context =>
{
await context.Response.WriteAsync("AuthenticationFailed");
});
});
app.Map("/signout-wsfed", subApp =>
{
subApp.Run(async context =>
{
await context.Response.WriteAsync("signout-wsfed");
});
});
#region Utilities to set the metadata xml.
app.Map("/metadata", subApp =>
{
subApp.Run(async context =>
{
if (context.Request.Method == "POST")
{
var formParameters = await context.Request.ReadFormAsync();
metadataXml = formParameters.GetValues("metadata")[0];
await context.Response.WriteAsync("Received metadata");
}
else
{
context.Response.ContentType = "text/xml";
await context.Response.WriteAsync(metadataXml);
}
});
});
#endregion
app.UseExternalApplication(WsFederationAuthenticationDefaults.AuthenticationType);
}
/// <summary>
/// Configuration method used by Microsoft.Owin to initialize owin process.
/// </summary>
/// <param name="app">The application.</param>
public void Configuration(IAppBuilder app)
{
//Uncomment the line below if you have are only using the configure IRegistrar for authentication
//app.SetDefaultSignInAsAuthenticationType(_registrar.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = _registrar.AuthenticationType
});
//Comment out the following if you are not using ADFS authenication down to
app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
});
//Enable federated authentication
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
//Trusted URL to federation server meta data
MetadataAddress = "https://devdc.dev.test/federationmetadata/2007-06/federationmetadata.xml",
//Value of Wtreal must *exactly* match what is configured in the federation server
Wtrealm = "https://commercesample:44333/",
Notifications = new WsFederationAuthenticationNotifications()
{
RedirectToIdentityProvider = (ctx) =>
{
//To avoid a redirect loop to the federation server send 403 when user is authenticated but does not have access
if (ctx.OwinContext.Response.StatusCode == 401 && ctx.OwinContext.Authentication.User.Identity.IsAuthenticated)
{
ctx.OwinContext.Response.StatusCode = 403;
ctx.HandleResponse();
}
return Task.FromResult(0);
},
SecurityTokenValidated = (ctx) =>
{
//Ignore scheme/host name in redirect Uri to make sure a redirect to HTTPS does not redirect back to HTTP
var redirectUri = new Uri(ctx.AuthenticationTicket.Properties.RedirectUri, UriKind.RelativeOrAbsolute);
if (redirectUri.IsAbsoluteUri)
{
ctx.AuthenticationTicket.Properties.RedirectUri = redirectUri.PathAndQuery;
}
//Sync user and the roles to EPiServer in the background
ServiceLocator.Current.GetInstance<SynchronizingUserService>().SynchronizeAsync(ctx.AuthenticationTicket.Identity);
return Task.FromResult(0);
},
}
});
//End Comment out AFDS if you are not using
//Always keep the following to properly setup virtual roles for principals, map the logout in backend function and create anti forgery key
app.UseStageMarker(PipelineStage.Authenticate);
app.Map(LogoutUrl, map =>
{
map.Run(ctx =>
{
ctx.Authentication.SignOut();
return Task.FromResult(0);
});
});
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Name;
}
public void Configuration(IAppBuilder app)
{
// For twitter:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var logger = app.CreateLogger("Katana.Sandbox.WebServer");
logger.WriteInformation("Application Started");
app.UseErrorPage(Microsoft.Owin.Diagnostics.ErrorPageOptions.ShowAll);
app.Use(async(context, next) =>
{
context.Get <TextWriter>("host.TraceOutput").WriteLine("{0} {1}{2}", context.Request.Method, context.Request.PathBase, context.Request.Path);
await next();
context.Get <TextWriter>("host.TraceOutput").WriteLine("{0} {1}{2}", context.Response.StatusCode, context.Request.PathBase, context.Request.Path);
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Application",
// LoginPath = new PathString("/Account/Login"),
});
app.SetDefaultSignInAsAuthenticationType("External");
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "External",
AuthenticationMode = AuthenticationMode.Active,
CookieName = CookieAuthenticationDefaults.CookiePrefix + "External",
ExpireTimeSpan = TimeSpan.FromMinutes(5),
// CookieManager = new SystemWebChunkingCookieManager()
CookieManager = new SameSiteCookieManager()
});
// https://developers.facebook.com/apps/
app.UseFacebookAuthentication(new FacebookAuthenticationOptions
{
AppId = Environment.GetEnvironmentVariable("facebook:appid"),
AppSecret = Environment.GetEnvironmentVariable("facebook:appsecret"),
Scope = { "email" },
Fields = { "name", "email" },
// CookieManager = new SystemWebCookieManager()
});
// https://console.developers.google.com/apis/credentials
// https://developers.google.com/identity/protocols/OAuth2WebServer
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
{
ClientId = Environment.GetEnvironmentVariable("google:clientid"),
ClientSecret = Environment.GetEnvironmentVariable("google:clientsecret"),
});
//// Flow to get user identifier in OpenID for migration to OAuth 2.0
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "448955186993-2vmtajdpl41ipktlg809780c0craq88e.apps.googleusercontent.com",
// ClientSecret = "Ngdb_GRmO3X2pC3WVt73Rod0",
// Provider = new GoogleOAuth2AuthenticationProvider()
// {
// OnApplyRedirect = context =>
// {
// // Add openid realm to get openid identifier in token response
// context.Response.Redirect(context.RedirectUri + "&openid.realm=http://localhost:49222/");
// },
// OnAuthenticated = context =>
// {
// var idToken = context.TokenResponse.Value<string>("id_token");
// var jwtIdToken = new JwtSecurityToken(idToken);
// var claims = jwtIdToken.Claims;
// var openid_id = claims.FirstOrDefault(x => x.Type.Equals("openid_id", StringComparison.CurrentCulture));
// return Task.FromResult(0);
// }
// }
//});
// https://apps.twitter.com/
// https://dev.twitter.com/web/sign-in/implementing
app.UseTwitterAuthentication(Environment.GetEnvironmentVariable("twitter:consumerkey"), Environment.GetEnvironmentVariable("twitter:consumersecret"));
// https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-app-registration/
app.UseMicrosoftAccountAuthentication(Environment.GetEnvironmentVariable("microsoftaccount:clientid"), Environment.GetEnvironmentVariable("microsoftaccount:clientsecret"));
// app.UseAspNetAuthSession();
/*
* app.UseCookieAuthentication(new CookieAuthenticationOptions()
* {
* SessionStore = new InMemoryAuthSessionStore()
* });
* app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
*/
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
Wtrealm = "https://tratcheroutlook.onmicrosoft.com/AspNetCoreSample",
MetadataAddress = "https://login.windows.net/cdc690f9-b6b8-4023-813a-bae7143d1f87/FederationMetadata/2007-06/FederationMetadata.xml",
Wreply = "https://localhost:44318/",
});
app.UseOpenIdConnectAuthentication(new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationOptions()
{
// https://github.com/IdentityServer/IdentityServer4.Demo/blob/master/src/IdentityServer4Demo/Config.cs
ClientId = "hybrid",
ClientSecret = "secret", // for code flow
Authority = "https://demo.identityserver.io/",
RedirectUri = "https://localhost:44318/signin-oidc",
/*
* Authority = Environment.GetEnvironmentVariable("oidc:authority"),
* ClientId = Environment.GetEnvironmentVariable("oidc:clientid"),
* ClientSecret = Environment.GetEnvironmentVariable("oidc:clientsecret"),*/
// CookieManager = new SystemWebCookieManager(),
CookieManager = new SameSiteCookieManager(),
//ResponseType = "code",
//ResponseMode = "query",
//SaveTokens = true,
//Scope = "openid profile offline_access",
//RedeemCode = true,
//Notifications = new Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationNotifications
//{
// AuthorizationCodeReceived = async n =>
// {
// var _configuration = await n.Options.ConfigurationManager.GetConfigurationAsync(n.OwinContext.Request.CallCancelled);
// var requestMessage = new System.Net.Http.HttpRequestMessage(System.Net.Http.HttpMethod.Post, _configuration.TokenEndpoint);
// requestMessage.Content = new System.Net.Http.FormUrlEncodedContent(n.TokenEndpointRequest.Parameters);
// var responseMessage = await n.Options.Backchannel.SendAsync(requestMessage);
// responseMessage.EnsureSuccessStatusCode();
// var responseContent = await responseMessage.Content.ReadAsStringAsync();
// Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage message = new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage(responseContent);
// n.HandleCodeRedemption(message);
// }
//}
});
/*
* app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
* {
* });
*
* // CORS support
* app.Use(async (context, next) =>
* {
* IOwinRequest req = context.Request;
* IOwinResponse res = context.Response;
* // for auth2 token requests, and web api requests
* if (req.Path.StartsWithSegments(new PathString("/Token")) ||
* req.Path.StartsWithSegments(new PathString("/api")))
* {
* // if there is an origin header
* var origin = req.Headers.Get("Origin");
* if (!string.IsNullOrEmpty(origin))
* {
* // allow the cross-site request
* res.Headers.Set("Access-Control-Allow-Origin", origin);
* }
*
* // if this is pre-flight request
* if (req.Method == "OPTIONS")
* {
* // respond immediately with allowed request methods and headers
* res.StatusCode = 200;
* res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", "GET", "POST");
* res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", "authorization");
* // no further processing
* return;
* }
* }
* // continue executing pipeline
* await next();
* });
*
* app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
* {
* AuthorizeEndpointPath = new PathString("/Authorize"),
* TokenEndpointPath = new PathString("/Token"),
* ApplicationCanDisplayErrors = true,
#if DEBUG
* AllowInsecureHttp = true,
#endif
* Provider = new OAuthAuthorizationServerProvider
* {
* OnValidateClientRedirectUri = ValidateClientRedirectUri,
* OnValidateClientAuthentication = ValidateClientAuthentication,
* OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
* },
* AuthorizationCodeProvider = new AuthenticationTokenProvider
* {
* OnCreate = CreateAuthenticationCode,
* OnReceive = ReceiveAuthenticationCode,
* },
* RefreshTokenProvider = new AuthenticationTokenProvider
* {
* OnCreate = CreateRefreshToken,
* OnReceive = ReceiveRefreshToken,
* }
* });
*/
app.Map("/signout", map =>
{
map.Run(context =>
{
context.Authentication.SignOut("External");
var response = context.Response;
response.ContentType = "text/html";
response.Write("<body><html>Signed out. <a href=\"/\">Home</a></html></body>");
return(Task.FromResult(0));
});
});
app.Map("/challenge", map =>
{
map.Run(context =>
{
var properties = new AuthenticationProperties();
properties.RedirectUri = "/"; // Go back to the home page after authenticating.
properties.Dictionary["prompt"] = "select_account"; // Google
context.Authentication.Challenge(properties, context.Request.Query["scheme"]);
return(Task.FromResult(0));
});
});
/*
* app.Map("/Account/Login", map =>
* {
* map.Run(context =>
* {
* // context.Authentication.Challenge("Google");
* return Task.FromResult(0);
* });
* });
*/
app.Use((context, next) =>
{
var user = context.Authentication.User;
if (user == null || user.Identity == null || !user.Identity.IsAuthenticated)
{
var response = context.Response;
response.ContentType = "text/html";
response.Write("<html><body>Providers:<br>\r\n");
foreach (var provider in context.Authentication.GetAuthenticationTypes())
{
response.Write("- <a href=\"/challenge?scheme=");
response.Write(provider.AuthenticationType);
response.Write("\">");
response.Write(provider.AuthenticationType);
response.Write("</a><br>\r\n");
}
response.Write("</body></html>\r\n");
return(Task.FromResult(0));
}
return(next());
});
/*
* app.Use((context, next) =>
* {
* var user = context.Authentication.User;
* if (user == null || user.Identity == null || !user.Identity.IsAuthenticated)
* {
* context.Authentication.Challenge();
* // context.Authentication.Challenge("Facebook");
* return Task.FromResult(0);
* }
* return next();
* });
*/
app.Run(async context =>
{
var response = context.Response;
var user = context.Authentication.User;
var identity = user.Identities.First();
response.ContentType = "text/html";
await response.WriteAsync("<html><body>Details:<br>\r\n");
foreach (var claim in identity.Claims)
{
response.Write("- ");
response.Write(claim.Type);
response.Write(": ");
response.Write(claim.Value);
response.Write("<br>\r\n");
}
response.Write("<a href=\"/signout\">Signout</a>\r\n");
response.Write("</body></html>\r\n");
});
}
