public static void UseIdentityManager(this IAppBuilder app, IdentityManagerConfiguration config) { if (app == null) { throw new ArgumentNullException("app"); } if (config == null) { throw new ArgumentNullException("config"); } config.Validate(); if (config.SecurityMode == SecurityMode.LocalMachine) { var local = new LocalAuthenticationOptions(config.AdminRoleName); app.Use <LocalAuthenticationMiddleware>(local); } else if (config.SecurityMode == SecurityMode.OAuth2) { if (config.OAuth2Configuration.SigningCert != null) { app.UseJsonWebToken(config.OAuth2Configuration.Issuer, config.OAuth2Configuration.Audience, config.OAuth2Configuration.SigningCert); } else { app.UseJsonWebToken(config.OAuth2Configuration.Issuer, config.OAuth2Configuration.Audience, config.OAuth2Configuration.SigningKey); } app.Use(async(ctx, next) => { await next(); }); } if (!config.DisableUserInterface) { app.UseFileServer(new FileServerOptions { RequestPath = new PathString("/assets"), FileSystem = new EmbeddedResourceFileSystem(typeof(AppBuilderExtensions).Assembly, "Thinktecture.IdentityManager.Assets") }); app.UseFileServer(new FileServerOptions { RequestPath = new PathString("/assets/libs/fonts"), FileSystem = new EmbeddedResourceFileSystem(typeof(AppBuilderExtensions).Assembly, "Thinktecture.IdentityManager.Assets.Content.fonts") }); app.UseStageMarker(PipelineStage.MapHandler); } SignatureConversions.AddConversions(app); var httpConfig = new HttpConfiguration(); WebApiConfig.Configure(httpConfig, config); app.UseWebApi(httpConfig); app.UseStageMarker(PipelineStage.MapHandler); }
public static AuthenticationBuilder AddLocalAuthentication(this AuthenticationBuilder authenticationBuilder, LocalAuthenticationOptions options) { authenticationBuilder .AddOpenIdConnect(LocalAuthenticationOptions.DefaultAuthenticationScheme, x => { x.Authority = options.Authority; x.ClientId = options.ClientId; x.ClientSecret = options.ClientSecret; x.Events = new Authentication.OpenIdConnect.OpenIdConnectEvents { OnRedirectToIdentityProvider = (context) => { if (context.Request.Path.StartsWithSegments("/api", StringComparison.OrdinalIgnoreCase)) { context.Response.StatusCode = (int)HttpStatusCode.Unauthorized; return(Task.CompletedTask); } return(Task.CompletedTask); }, }; x.GetClaimsFromUserInfoEndpoint = true; x.ResponseType = "code id_token token"; x.SignInScheme = options.SignInScheme; x.TokenValidationParameters = new IdentityModel.Tokens.TokenValidationParameters { NameClaimType = "name", RoleClaimType = "role", }; if (options.Scopes != null) { foreach (var scope in options.Scopes) { x.Scope.Add(scope); } } }); return(authenticationBuilder); }
public static void UseIdentityManager(this IAppBuilder app, IdentityManagerOptions options) { if (app == null) { throw new ArgumentNullException("app"); } if (options == null) { throw new ArgumentNullException("config"); } options.Validate(); JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>(); var container = AutofacConfig.Configure(options); app.Use <AutofacContainerMiddleware>(container); if (options.SecurityMode == SecurityMode.LocalMachine) { var local = new LocalAuthenticationOptions(options.AdminRoleName); app.Use <LocalAuthenticationMiddleware>(local); } else if (options.SecurityMode == SecurityMode.OAuth2) { var jwtParams = new System.IdentityModel.Tokens.TokenValidationParameters { NameClaimType = options.OAuth2Configuration.NameClaimType, RoleClaimType = options.OAuth2Configuration.RoleClaimType, ValidAudience = options.OAuth2Configuration.Audience, ValidIssuer = options.OAuth2Configuration.Issuer, }; if (options.OAuth2Configuration.SigningCert != null) { jwtParams.IssuerSigningToken = new X509SecurityToken(options.OAuth2Configuration.SigningCert); } else { var bytes = Convert.FromBase64String(options.OAuth2Configuration.SigningKey); jwtParams.IssuerSigningToken = new BinarySecretSecurityToken(bytes); } app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions { TokenValidationParameters = jwtParams }); app.RequireScopes(new ScopeValidationOptions { AllowAnonymousAccess = true, Scopes = new string[] { options.OAuth2Configuration.Scope } }); if (options.OAuth2Configuration.ClaimsTransformation != null) { app.Use(async(ctx, next) => { var user = ctx.Authentication.User; if (user != null) { user = options.OAuth2Configuration.ClaimsTransformation(user); ctx.Authentication.User = user; } await next(); }); } } if (!options.DisableUserInterface) { app.UseFileServer(new FileServerOptions { RequestPath = new PathString("/assets"), FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets") }); app.UseFileServer(new FileServerOptions { RequestPath = new PathString("/assets/libs/fonts"), FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets.Content.fonts") }); app.UseStageMarker(PipelineStage.MapHandler); } SignatureConversions.AddConversions(app); app.UseWebApi(WebApiConfig.Configure(options)); app.UseStageMarker(PipelineStage.MapHandler); }
public static void UseIdentityManager(this IAppBuilder app, IdentityManagerConfiguration config) { if (app == null) { throw new ArgumentNullException("app"); } if (config == null) { throw new ArgumentNullException("config"); } config.Validate(); JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>(); if (config.SecurityMode == SecurityMode.LocalMachine) { var local = new LocalAuthenticationOptions(config.AdminRoleName); app.Use <LocalAuthenticationMiddleware>(local); } else if (config.SecurityMode == SecurityMode.OAuth2) { var jwtParams = new System.IdentityModel.Tokens.TokenValidationParameters { RoleClaimType = Constants.ClaimTypes.Role, ValidAudience = config.OAuth2Configuration.Audience, ValidIssuer = config.OAuth2Configuration.Issuer, }; if (config.OAuth2Configuration.SigningCert != null) { jwtParams.IssuerSigningToken = new X509SecurityToken(config.OAuth2Configuration.SigningCert); } else { var bytes = Convert.FromBase64String(config.OAuth2Configuration.SigningKey); jwtParams.IssuerSigningToken = new BinarySecretSecurityToken(bytes); } app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions { TokenValidationParameters = jwtParams }); app.RequireScopes(new ScopeValidationOptions { AllowAnonymousAccess = true, Scopes = new string[] { config.OAuth2Configuration.Scope } }); } if (!config.DisableUserInterface) { app.UseFileServer(new FileServerOptions { RequestPath = new PathString("/assets"), FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "Thinktecture.IdentityManager.Assets") }); app.UseFileServer(new FileServerOptions { RequestPath = new PathString("/assets/libs/fonts"), FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "Thinktecture.IdentityManager.Assets.Content.fonts") }); app.UseStageMarker(PipelineStage.MapHandler); } SignatureConversions.AddConversions(app); var httpConfig = new HttpConfiguration(); WebApiConfig.Configure(httpConfig, config); app.UseWebApi(httpConfig); app.UseStageMarker(PipelineStage.MapHandler); }