public static IdentityConfiguration GetConfig()
{
var configuration = new ConfigurationBuilder()
.AddJsonFile("config.json", reloadOnChange: true, optional: false);
var root = configuration.Build();
var idconfig = new IdentityConfiguration()
{
Uri = root["IdentityCosmosDB:identityConfiguration:uri"],
AuthKey = root["IdentityCosmosDB:identityConfiguration:authKey"],
Database = root["IdentityCosmosDB:identityConfiguration:database"],
IdentityCollection = root["IdentityCosmosDB:identityConfiguration:identityCollection"],
Options = new CosmosClientOptions()
{
ConnectionMode = ConnectionMode.Gateway,
ConsistencyLevel = ConsistencyLevel.Session,
SerializerOptions = new CosmosSerializationOptions()
}
};
idconfig.Options.SerializerOptions.PropertyNamingPolicy = CosmosPropertyNamingPolicy.CamelCase;
return(idconfig);
}
private static ReadOnlyCollection <ClaimsIdentity> ValidateToken(string token)
{
using (var stringReader = new StringReader(token))
{
using (var reader = XmlReader.Create(stringReader))
{
var serviceConfiguration = new IdentityConfiguration(true)
{
CertificateValidator = X509CertificateValidator.None,
SaveBootstrapContext = true
};
foreach (var securityTokenHandler in serviceConfiguration.SecurityTokenHandlers)
{
if (securityTokenHandler.GetType().Name == "Saml11SecurityTokenHandler")
{
var samlToken = securityTokenHandler.ReadToken(reader);
return(securityTokenHandler.ValidateToken(samlToken));
}
}
}
}
throw new Exception("Could not find Saml11SecurityTokenHandler");
}
public static IServiceCollection AddIdentityContext(this IServiceCollection services)
{
var config = new IdentityConfiguration();
services.AddDbContext <IdentityContext>(options =>
{
options.UseSqlServer(config.ConnectionString);
});
services.AddIdentity <User, Role>(configs =>
{
configs.User.RequireUniqueEmail = true;
configs.Password = new PasswordOptions
{
RequireDigit = false,
RequireLowercase = false,
RequireNonAlphanumeric = false,
RequireUppercase = false,
RequiredLength = 5
};
})
.AddEntityFrameworkStores <IdentityContext>()
.AddDefaultTokenProviders();
return(services);
}
private ClaimsPrincipal AuthenticateToken(SecurityToken token, string resourceName)
{
IdentityConfiguration identityConfiguration = _federationConfiguration.IdentityConfiguration;
var incomingPrincipal = new ClaimsPrincipal(identityConfiguration.SecurityTokenHandlers.ValidateToken(token));
return(identityConfiguration.ClaimsAuthenticationManager.Authenticate(resourceName, incomingPrincipal));
}
protected override void ValidateTestCase(string testCase)
{
IdentityConfiguration identityConfig = new IdentityConfiguration(IdentityConfiguration.DefaultServiceName);
JwtSecurityTokenHandler jwtHandler = identityConfig.SecurityTokenHandlers[typeof(JwtSecurityToken)] as JwtSecurityTokenHandler;
jwtHandler.RequireExpirationTime = false;
Assert.IsNotNull(jwtHandler);
SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor()
{
TokenIssuerName = "https://wiftooling.accesscontrol.windows.net",
AppliesToAddress = "http://localhost",
SigningCredentials = KeyingMaterial.X509SigningCreds_2048_RsaSha2_Sha2,
};
try
{
SecurityToken jwtToken = jwtHandler.CreateToken(tokenDescriptor);
string tokenString = jwtHandler.WriteToken(jwtToken);
List <SecurityToken> tokens = new List <SecurityToken>(KeyingMaterial.AsymmetricTokens);
jwtHandler.Configuration.IssuerTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), true);
jwtToken = jwtHandler.ReadToken(tokenString);
jwtHandler.CertificateValidator = X509CertificateValidator.None;
jwtHandler.Configuration.IssuerNameRegistry = new SetNameIssuerNameRegistry("https://wiftooling.accesscontrol.windows.net");
ClaimsPrincipal cp = new ClaimsPrincipal(jwtHandler.ValidateToken(jwtToken));
}
catch (Exception ex)
{
Assert.Fail(ex.Message);
}
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
//services.AddDbContext<ApplicationDbContext>(options =>
// options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
// Add Elcamino Azure Table Identity services.
services.AddIdentity <ApplicationUser, ElCamino.AspNetCore.Identity.AzureTable.Model.IdentityRole>((options) =>
{
options.User.RequireUniqueEmail = true;
})
.AddAzureTableStores <ApplicationDbContext>(new Func <IdentityConfiguration>(() =>
{
IdentityConfiguration idconfig = new IdentityConfiguration();
idconfig.TablePrefix = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:TablePrefix").Value;
idconfig.StorageConnectionString = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:StorageConnectionString").Value;
idconfig.LocationMode = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:LocationMode").Value;
return(idconfig);
}))
.AddDefaultTokenProviders()
.CreateAzureTablesIfNotExists <ApplicationDbContext>(); //can remove after first run;
// Add application services.
services.AddTransient <IEmailSender, EmailSender>();
services.AddMvc();
}
public static void Register(IServiceCollection services)
{
RepositoryServices.Register(services);
MapperServices.Register(services);
ApplicationServices.Register(services);
IdentityConfiguration.Register(services);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
//services.AddDbContext<ApplicationDbContext>(options =>
// options.UseSqlServer(
// Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity <IdentityUser>(options =>
{
options.SignIn.RequireConfirmedAccount = true;
options.User.RequireUniqueEmail = true;
})
//ElCamino configuration
.AddAzureTableStores <ApplicationDbContext>(new Func <IdentityConfiguration>(() =>
{
IdentityConfiguration idconfig = new IdentityConfiguration();
idconfig.TablePrefix = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:TablePrefix").Value;
idconfig.StorageConnectionString = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:StorageConnectionString").Value;
idconfig.LocationMode = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:LocationMode").Value;
idconfig.IndexTableName = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:IndexTableName").Value; // default: AspNetIndex
idconfig.RoleTableName = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:RoleTableName").Value; // default: AspNetRoles
idconfig.UserTableName = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:UserTableName").Value; // default: AspNetUsers
return(idconfig);
}))
.AddDefaultTokenProviders()
.AddDefaultUI()
.CreateAzureTablesIfNotExists <ApplicationDbContext>(); //can remove after first run;
//.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddControllersWithViews();
services.AddRazorPages();
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext <Context>(options =>
options.UseSqlServer(Configuration.GetConnectionString("Connection")));
IdentityConfiguration.AddIdentity(services);
services.AddCors();
services.AddMvc();
services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
services.AddSingleton <UrlResolver>();
IdentityConfiguration.ConfigureIdentity(services);
services.AddSingleton(_ => Configuration as IConfigurationRoot);
services.AddScoped <PasswordHasher <User> >();
services.AddScoped <IUserRepository, UserRepository>();
services.AddScoped <IEventRepository, EventRepository>();
services.AddScoped <IEventService, EventService>();
services.AddScoped <IStatusService, StatusService>();
services.AddScoped <IStatusRepository, StatusRepository>();
services.AddScoped <ICommentRepository, CommentRepository>();
services.AddScoped <ICommentService, CommentService>();
services.AddScoped <IUserService, UserService>();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "CoolMeet API", Version = "v1"
});
});
services.AddAutoMapper();
JwtConfiguration.AddJwtAuthorization(Configuration, services);
}
protected override async Task <HttpResponseMessage> SendAsync(
HttpRequestMessage request,
CancellationToken cancellationToken)
{
// Pretend this claim comes from a token minted by an STS
var claims = new List <Claim>()
{
new Claim(ClaimTypes.Name, "jqhuman")
}; // User Id of John Q Human
var id = new ClaimsIdentity(claims, "dummy");
var principal = new ClaimsPrincipal(new[] { id });
var config = new IdentityConfiguration();
var newPrincipal = config.ClaimsAuthenticationManager
.Authenticate(request.RequestUri.ToString(), principal);
Thread.CurrentPrincipal = newPrincipal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = newPrincipal;
}
return(await base.SendAsync(request, cancellationToken));
}
/// <summary>
///
/// </summary>
/// <param name="options"></param>
/// <param name="context"></param>
/// <returns></returns>
public static ApplicationUserManager Create(IdentityFactoryOptions <ApplicationUserManager> options, IOwinContext context)
{
// See in web.config
IdentityConfiguration identityConfiguration = (IdentityConfiguration)ConfigurationManager.GetSection("identityConfiguration");
var manager = new ApplicationUserManager(new UserStore <User>(context.Get <AppDbContext>()));
// Configure validation logic for usernames
manager.UserValidator = new UserValidator <User>(manager)
{
AllowOnlyAlphanumericUserNames = identityConfiguration?.UserValidator?.AllowOnlyAlphanumericUserNames ?? UserValidatorElement.AllowOnlyAlphanumericUserNamesDefault,
RequireUniqueEmail = identityConfiguration?.UserValidator?.RequireUniqueEmail ?? UserValidatorElement.RequireUniqueEmailDefault
};
// Configure validation logic for passwords
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = identityConfiguration?.PasswordValidator?.RequiredLength ?? PasswordValidatorElement.RequiredLengthDefault,
RequireNonLetterOrDigit = identityConfiguration?.PasswordValidator?.RequireNonLetterOrDigit ?? PasswordValidatorElement.RequireNonLetterOrDigitDefault,
RequireDigit = identityConfiguration?.PasswordValidator?.RequireDigit ?? PasswordValidatorElement.RequireDigitDefault,
RequireLowercase = identityConfiguration?.PasswordValidator?.RequireLowercase ?? PasswordValidatorElement.RequireLowercaseDefault,
RequireUppercase = identityConfiguration?.PasswordValidator?.RequireUppercase ?? PasswordValidatorElement.RequireUppercaseDefault,
};
var dataProtectionProvider = options.DataProtectionProvider;
if (dataProtectionProvider != null)
{
manager.UserTokenProvider = new DataProtectorTokenProvider <User>(dataProtectionProvider.Create("ASP.NET Identity"));
}
return(manager);
}
public static void PreAppStart()
{
FederatedAuthentication.FederationConfigurationCreated += (sender, args) =>
{
// Load config
var audience = ConfigurationManager.AppSettings["Auth.AudienceUrl"];
var realm = ConfigurationManager.AppSettings["Auth.AuthenticationRealm"];
var issuer = ConfigurationManager.AppSettings["Auth.AuthenticationIssuer"];
var thumbprint = ConfigurationManager.AppSettings["Auth.AuthenticationIssuerThumbprint"];
var idconfig = new IdentityConfiguration();
idconfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audience));
var registry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer(thumbprint, issuer);
idconfig.IssuerNameRegistry = registry;
var sessionTransforms = new List <CookieTransform>()
{
new DeflateCookieTransform(),
new MachineKeyTransform()
};
idconfig.SecurityTokenHandlers.AddOrReplace(new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly()));
var wsfedconfig = new WsFederationConfiguration(issuer, realm);
wsfedconfig.PersistentCookiesOnPassiveRedirects = true;
wsfedconfig.PassiveRedirectEnabled = true;
args.FederationConfiguration.IdentityConfiguration = idconfig;
args.FederationConfiguration.WsFederationConfiguration = wsfedconfig;
args.FederationConfiguration.CookieHandler = new ChunkedCookieHandler();
};
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.Configure <IdentitySettings>(Configuration);
var settings = Configuration.Get <IdentitySettings>();
services.AddSingleton(settings);
services.AddIdentityServer
(
options =>
{
options.IssuerUri = settings.IdentityEndPoint;
options.Endpoints.EnableDiscoveryEndpoint = true;
options.Endpoints.EnableTokenEndpoint = true;
options.Endpoints.EnableUserInfoEndpoint = true;
options.Endpoints.EnableAuthorizeEndpoint = false;
options.Endpoints.EnableCheckSessionEndpoint = false;
options.Endpoints.EnableEndSessionEndpoint = false;
options.Endpoints.EnableIntrospectionEndpoint = false;
options.Endpoints.EnableTokenRevocationEndpoint = false;
}
)
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(IdentityConfiguration.GetApiResources(settings))
.AddInMemoryClients(IdentityConfiguration.GetClients(settings));
services.AddMvc();
}
public void Initialize()
{
var config = new HttpSelfHostConfiguration(BaseAddress);
//SecurityConfig.ConfigureGlobal(config);
config.Routes.MapHttpRoute(
"ControllerActionId",
"{controller}/{action}/{id}");
config.Routes.MapHttpRoute(
"ControllerId",
"{controller}/{id}");
config.Routes.MapHttpRoute(
"ControllerOnly",
"{controller}",
new { action = "DefaultAction" });
var ic = new IdentityConfiguration();
var realm = ic.AudienceRestriction.AllowedAudienceUris.FirstOrDefault();
var issuer = ((ValidatingIssuerNameRegistry)ic.IssuerNameRegistry).IssuingAuthorities.FirstOrDefault();
var issuerName = issuer.Name;
var symmetricKey = issuer.SymmetricKeys.FirstOrDefault();
var authenticationHandler = new AuthenticationHandler
{
Realm = realm.ToString(),
IssuerName = issuerName,
SymmetricKey = symmetricKey
};
config.MessageHandlers.Add(authenticationHandler);
Server = new HttpSelfHostServer(config);
}
private void SetupFederatedLogin()
{
FederatedAuthentication.FederationConfigurationCreated += (sender, args) =>
{
var config = Kernel.Get <IConfigurationService>();
var idconfig = new IdentityConfiguration();
idconfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(config.Auth.AudienceUrl));
var registry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer(config.Auth.TokenCertificateThumbprint, config.Auth.AuthenticationIssuer);
idconfig.IssuerNameRegistry = registry;
idconfig.CertificateValidationMode = X509CertificateValidationMode.None;
var sessionTransforms = new List <CookieTransform>()
{
new DeflateCookieTransform(),
new MachineKeyTransform()
};
idconfig.SecurityTokenHandlers.AddOrReplace(new SessionSecurityTokenHandler(sessionTransforms.AsReadOnly()));
var wsfedconfig = new WsFederationConfiguration(config.Auth.AuthenticationIssuer, config.Auth.AuthenticationRealm);
wsfedconfig.PersistentCookiesOnPassiveRedirects = true;
args.FederationConfiguration.IdentityConfiguration = idconfig;
args.FederationConfiguration.WsFederationConfiguration = wsfedconfig;
args.FederationConfiguration.CookieHandler = new ChunkedCookieHandler();
};
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext <ApplicationDbContext>(
options =>
options
.UseLazyLoadingProxies()
.EnableSensitiveDataLogging()
.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddDefaultIdentity <ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddEntityFrameworkStores <ApplicationDbContext>();
services.AddControllersWithViews();
services.AddTransient <IEmailSender, EmailSender>();
services.Configure <MailSettings>(Configuration.GetSection("MailSettings"));
IdentityConfiguration.ConfigureIdentity(services);
services.AddRazorPages();
CustomDIMappings.AddApplicationDIMappings(services);
services.AddControllers(config =>
{
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
}
/// <summary>
/// Construct the options from the given configuration section
/// </summary>
/// <param name="configSection"></param>
public SPOptions(KentorAuthServicesSection configSection)
{
if (configSection == null)
{
throw new ArgumentNullException(nameof(configSection));
}
systemIdentityModelIdentityConfiguration = new IdentityConfiguration(true);
ReturnUrl = configSection.ReturnUrl;
MetadataCacheDuration = configSection.MetadataCacheDuration;
DiscoveryServiceUrl = configSection.DiscoveryServiceUrl;
EntityId = configSection.EntityId;
ModulePath = configSection.ModulePath;
Organization = configSection.Organization;
AuthenticateRequestSigningBehavior = configSection.AuthenticateRequestSigningBehavior;
NameIdPolicy = configSection.NameIdPolicy;
configSection.ServiceCertificates.RegisterServiceCertificates(this);
foreach (var acs in configSection.AttributeConsumingServices)
{
AttributeConsumingServices.Add(acs);
}
foreach (var contact in configSection.Contacts)
{
Contacts.Add(contact);
}
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
//services.AddDbContext<ApplicationDbContext>(options =>
// options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
// Add Elcamino Azure Table Identity services.
services.AddIdentity <ApplicationUser, ElCamino.AspNetCore.Identity.AzureTable.Model.IdentityRole>((options) =>
{
options.User.RequireUniqueEmail = true;
})
//or use .AddAzureTableStores with your ApplicationUser extends IdentityUser if your code depends on the Role, Claim and Token collections on the user object.
//You can safely switch between .AddAzureTableStores and .AddAzureTableStoresV2. Just make sure the Application User extends the correct IdentityUser/IdentityUserV2
.AddAzureTableStoresV2 <ApplicationDbContext>(new Func <IdentityConfiguration>(() =>
{
IdentityConfiguration idconfig = new IdentityConfiguration();
idconfig.TablePrefix = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:TablePrefix").Value;
idconfig.StorageConnectionString = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:StorageConnectionString").Value;
idconfig.LocationMode = Configuration.GetSection("IdentityAzureTable:IdentityConfiguration:LocationMode").Value;
return(idconfig);
}))
.AddDefaultTokenProviders()
.CreateAzureTablesIfNotExists <ApplicationDbContext>(); //can remove after first run;
// Add application services.
services.AddTransient <IEmailSender, EmailSender>();
services.AddMvc();
}
public Configuration()
{
UsingChannelShuffler <DefaultChannelShuffler>();
UsingRouterInterceptor <NullRouterInterceptor>();
UsingBusInterceptor <NullBusInterceptor>();
UsingSagaStorage <NullSagaStorage>();
UsingMessageStorage <NullMessageStorage>();
UsingChannelManager <NullChannelManager>();
UsingPointToPointChannel <NullPointToPointChannel>();
UsingPublishSubscribeChannel <NullPublishSubscribeChannel>();
UsingRequestReplyChannel <NullRequestReplyChannel>();
UsingMessageSerializer <NullMessageSerializer>();
UsingMessageAdapter <NullMessageAdapter>();
InboundMiddlewareTypes = new List <Type>();
RouterLoggerTypes = new List <Type>();
MonitoringTaskTypes = new List <TaskMetadata>();
StartupTaskTypes = new List <Type>();
ShutdownTaskTypes = new List <Type>();
LoggerTypes = new Dictionary <Type, IList <Type> >();
OutboundMiddlewareTypes = new List <Type>();
AddLogger <HeartBeatLogger, HeartBeat>();
AddLogger <StartupBeatLogger, StartupBeat>();
AddLogger <ShutdownBeatLogger, ShutdownBeat>();
AddStartupTask <StartupTask>();
AddStartupTask <HandlerAndEndpointStartupTask>();
AddStartupTask <ChannelStartupTask>();
AddStartupTask <ListenerStartupTask>();
AddShutdownTask <ListenerShutdownTask>();
AddShutdownTask <ShutdownTask>();
UsingShutdownWatcher <ShutdownNullWatcher>();
Storage = new StorageConfiguration();
Identity = new IdentityConfiguration();
ApplicationName = "[Empty]";
ChannelProviderName = "[Empty]";
}
protected override void ValidateTestCase(string testVariation)
{
IdentityConfiguration identityConfig = new IdentityConfiguration(IdentityConfiguration.DefaultServiceName);
Assert.IsNotNull(identityConfig.IssuerTokenResolver);
Assert.IsFalse(identityConfig.IssuerTokenResolver.GetType() != typeof(NamedKeyIssuerTokenResolver), string.Format("Expected identityConfiguration.IsuerTokenResolver.GetType() == typeof( NamedKeyIssuerTokenResolver ), was: '{0}'", identityConfig.IssuerTokenResolver.GetType()));
NamedKeyIssuerTokenResolver resolver = identityConfig.IssuerTokenResolver as NamedKeyIssuerTokenResolver;
Assert.IsTrue(resolver.SecurityKeys.Count == 0);
Assert.IsTrue(IssuerTokenResolver.DefaultStoreName == StoreName.TrustedPeople);
Assert.IsTrue(IssuerTokenResolver.DefaultStoreLocation == StoreLocation.LocalMachine);
// Should not find key
SecurityKey key = null;
NamedKeySecurityKeyIdentifierClause clause = new NamedKeySecurityKeyIdentifierClause("keyName", "KeyingMaterial.SymmetricKeyBytes_256");
Assert.IsFalse(resolver.TryResolveSecurityKey(clause, out key));
Assert.IsNull(key);
// Should not find token
SecurityToken token = null;
Assert.IsFalse(resolver.TryResolveToken(clause, out token));
Assert.IsNull(token);
}
/// <summary>
/// Ctor
/// </summary>
public SPOptions()
{
systemIdentityModelIdentityConfiguration = new IdentityConfiguration(false);
MetadataCacheDuration = new TimeSpan(1, 0, 0);
Compatibility = new Compatibility();
SigningAlgorithm = XmlHelpers.GetDefaltSigningAlgorithmName();
}
public override void OnAuthorization(HttpActionContext actionContext)
{
var principal = actionContext.RequestContext.Principal;
var context = new AuthorizationContext(principal as ClaimsPrincipal, "resource", "action");
var claims = new List <Claim>();
if (Permissions == null || !Permissions.Any())
{
base.OnAuthorization(actionContext);
return;
}
foreach (var permission in Permissions)
{
var claim = new Claim("http://localhost/claims/permission", permission);
claims.Add(claim);
}
claims.ToList().ForEach(claim => context.Resource.Add(claim));
var config = new IdentityConfiguration();
var result = config.ClaimsAuthorizationManager.CheckAccess(context);
if (!result)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
return;
}
base.OnAuthorization(actionContext);
}
public void AuthenticateUsingMsftJwt(string token)
{
try
{
// Use JWTSecurityTokenHandler to validate the JWT token
JWTSecurityTokenHandler tokenHandler = new JWTSecurityTokenHandler();
TokenValidationParameters parms = new TokenValidationParameters()
{
AllowedAudience = "MyRelyingPartApp",
ValidIssuers = new List <string>()
{
"TokenIssuer"
},
SigningToken = new BinarySecretSecurityToken(Convert.FromBase64String(this.secretKey))
};
var config = new IdentityConfiguration();
Thread.CurrentPrincipal = config
.ClaimsAuthenticationManager
.Authenticate("TheMethodRequiringAuthZ",
tokenHandler.ValidateToken(token, parms));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
/// <summary>
/// Construct the options from the given configuration section
/// </summary>
/// <param name="configSection"></param>
public SPOptions(KentorAuthServicesSection configSection)
{
if (configSection == null)
{
throw new ArgumentNullException(nameof(configSection));
}
systemIdentityModelIdentityConfiguration = new IdentityConfiguration(true);
ReturnUrl = configSection.ReturnUrl;
MetadataCacheDuration = configSection.Metadata.CacheDuration;
MetadataValidDuration = configSection.Metadata.ValidUntil;
WantAssertionsSigned = configSection.Metadata.WantAssertionsSigned;
ValidateCertificates = configSection.ValidateCertificates;
DiscoveryServiceUrl = configSection.DiscoveryServiceUrl;
EntityId = configSection.EntityId;
ModulePath = configSection.ModulePath;
PublicOrigin = configSection.PublicOrigin;
Organization = configSection.Organization;
AuthenticateRequestSigningBehavior = configSection.AuthenticateRequestSigningBehavior;
NameIdPolicy = new Saml2NameIdPolicy(
configSection.NameIdPolicyElement.AllowCreate, configSection.NameIdPolicyElement.Format);
RequestedAuthnContext = new Saml2RequestedAuthnContext(configSection.RequestedAuthnContext);
configSection.ServiceCertificates.RegisterServiceCertificates(this);
foreach (var acs in configSection.AttributeConsumingServices)
{
AttributeConsumingServices.Add(acs);
}
foreach (var contact in configSection.Contacts)
{
Contacts.Add(contact);
}
}
/// <summary>
/// Handles the <see cref="E:System.Web.HttpApplication.AuthenticateRequest" /> event from the ASP.NET pipeline.
/// </summary>
/// <param name="sender">The source for the event. This will be an <see cref="T:System.Web.HttpApplication" /> object.</param>
/// <param name="eventArgs">The data for the event.</param>
protected override void OnAuthenticateRequest(object sender, EventArgs eventArgs)
{
var request = HttpContext.Current.Request;
var authenticationConfiguration = new AuthenticationConfiguration
{
RequireSsl = false,
EnableSessionToken = true,
SessionToken = new SessionTokenConfiguration
{
HeaderName = "Authorization",
Scheme = "Session",
}
};
if (request.Headers.AllKeys.Any(k => k == authenticationConfiguration.SessionToken.HeaderName))
{
var header = request.Headers.Get(authenticationConfiguration.SessionToken.HeaderName);
var parts = header.Split(' ');
if (parts.Length == 2)
{
// if configured scheme was sent, try to authenticate the session token
if (parts[0] == authenticationConfiguration.SessionToken.Scheme)
{
var token = new JwtSecurityToken(parts[1]);
var identityConfiguratin = new IdentityConfiguration();
if (identityConfiguratin.IssuerNameRegistry is ConfigurationBasedIssuerNameRegistry)
{
var issuers = (identityConfiguratin.IssuerNameRegistry as ConfigurationBasedIssuerNameRegistry).ConfiguredTrustedIssuers;
if (issuers.Any(i => i.Value == token.Issuer))
{
var issuer = issuers.FirstOrDefault(i => i.Value == token.Issuer);
var store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var cert = store.Certificates.Find(X509FindType.FindByThumbprint, issuer.Key, false)[0];
store.Close();
var validationParameters = new TokenValidationParameters
{
ValidIssuer = issuer.Value,
AllowedAudiences = identityConfiguratin.AudienceRestriction.AllowedAudienceUris.Select(uri => uri.OriginalString),
SigningToken = new X509SecurityToken(cert),
};
var handler = new JwtSecurityTokenHandler();
var claimsPrinciple = handler.ValidateToken(token, validationParameters);
claimsPrinciple = identityConfiguratin.ClaimsAuthenticationManager.Authenticate(request.RawUrl, claimsPrinciple);
if (claimsPrinciple != null && claimsPrinciple.Identity.IsAuthenticated)
{
HttpContext.Current.User = claimsPrinciple;
Thread.CurrentPrincipal = claimsPrinciple;
return;
}
}
}
}
}
}
base.OnAuthenticateRequest(sender, eventArgs);
}
private InitializedFixture()
{
var issuerRegistry = new TrustedIssuerNameRegistry();
if (X509Certificate == null)
{
X509Certificate = new X509Certificate2(@"CommonWellTokenTest.pfx", "commonwell");
}
if (IdentityConfigurationForTest == null)
{
IdentityConfigurationForTest = new IdentityConfiguration(false)
{
AudienceRestriction = { AudienceMode = AudienceUriMode.Never },
CertificateValidationMode = X509CertificateValidationMode.None,
RevocationMode = X509RevocationMode.NoCheck,
MaxClockSkew = new TimeSpan(50000000),
IssuerNameRegistry = issuerRegistry,
ServiceCertificate = X509Certificate
};
IdentityConfigurationForTest.SecurityTokenHandlers.Clear();
IdentityConfigurationForTest.SecurityTokenHandlers.Add(new CustomSaml2SecurityTokenHandler());
IdentityConfigurationForTest.SecurityTokenHandlers.Add(new JwtSecurityTokenHandler());
IdentityConfigurationForTest.SecurityTokenHandlers.Add(new X509SecurityTokenHandler());
}
}
public IdentityCloudContext(IdentityConfiguration config)
{
if (config == null)
{
throw new ArgumentNullException("config");
}
Initialize(config);
}
public InternalContext(IdentityConfiguration config)
{
_client = new CosmosClient(config.Uri, config.AuthKey, config.Options);
_databaseId = config.Database;
_identityContainerId = config.IdentityCollection;
InitDatabase();
InitCollection();
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
base.OnModelCreating(modelBuilder);
ConventionsRemoveConfiguration.ConventionsRemove(modelBuilder.Model.GetEntityTypes());
IdentityConfiguration.ConfigurationIdentityTables(modelBuilder);
MappingConfiguration.RegisterMappings(modelBuilder);
}
public static ApplicationDbContext Create()
{
var config = new IdentityConfiguration();
config.StorageConnectionString = System.Configuration.ConfigurationManager.AppSettings["StorageConnectionString"].ToString();
config.TablePrefix = System.Configuration.ConfigurationManager.AppSettings["TablePrefix"].ToString();
return(new ApplicationDbContext(config));
}
public ApplicationDbContext(IdentityConfiguration config)
: base(config)
{
}
