public static void UseIdentityManager(this IAppBuilder app, IdentityManagerConfiguration config)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (config == null)
{
throw new ArgumentNullException("config");
}
config.Validate();
if (config.SecurityMode == SecurityMode.LocalMachine)
{
var local = new LocalAuthenticationOptions(config.AdminRoleName);
app.Use <LocalAuthenticationMiddleware>(local);
}
else if (config.SecurityMode == SecurityMode.OAuth2)
{
if (config.OAuth2Configuration.SigningCert != null)
{
app.UseJsonWebToken(config.OAuth2Configuration.Issuer,
config.OAuth2Configuration.Audience,
config.OAuth2Configuration.SigningCert);
}
else
{
app.UseJsonWebToken(config.OAuth2Configuration.Issuer,
config.OAuth2Configuration.Audience,
config.OAuth2Configuration.SigningKey);
}
app.Use(async(ctx, next) =>
{
await next();
});
}
if (!config.DisableUserInterface)
{
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets"),
FileSystem = new EmbeddedResourceFileSystem(typeof(AppBuilderExtensions).Assembly, "Thinktecture.IdentityManager.Assets")
});
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets/libs/fonts"),
FileSystem = new EmbeddedResourceFileSystem(typeof(AppBuilderExtensions).Assembly, "Thinktecture.IdentityManager.Assets.Content.fonts")
});
app.UseStageMarker(PipelineStage.MapHandler);
}
SignatureConversions.AddConversions(app);
var httpConfig = new HttpConfiguration();
WebApiConfig.Configure(httpConfig, config);
app.UseWebApi(httpConfig);
app.UseStageMarker(PipelineStage.MapHandler);
}
public static AuthenticationBuilder AddLocalAuthentication(this AuthenticationBuilder authenticationBuilder, LocalAuthenticationOptions options)
{
authenticationBuilder
.AddOpenIdConnect(LocalAuthenticationOptions.DefaultAuthenticationScheme, x =>
{
x.Authority = options.Authority;
x.ClientId = options.ClientId;
x.ClientSecret = options.ClientSecret;
x.Events = new Authentication.OpenIdConnect.OpenIdConnectEvents
{
OnRedirectToIdentityProvider = (context) =>
{
if (context.Request.Path.StartsWithSegments("/api", StringComparison.OrdinalIgnoreCase))
{
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return(Task.CompletedTask);
}
return(Task.CompletedTask);
},
};
x.GetClaimsFromUserInfoEndpoint = true;
x.ResponseType = "code id_token token";
x.SignInScheme = options.SignInScheme;
x.TokenValidationParameters = new IdentityModel.Tokens.TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role",
};
if (options.Scopes != null)
{
foreach (var scope in options.Scopes)
{
x.Scope.Add(scope);
}
}
});
return(authenticationBuilder);
}
public static void UseIdentityManager(this IAppBuilder app, IdentityManagerOptions options)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (options == null)
{
throw new ArgumentNullException("config");
}
options.Validate();
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>();
var container = AutofacConfig.Configure(options);
app.Use <AutofacContainerMiddleware>(container);
if (options.SecurityMode == SecurityMode.LocalMachine)
{
var local = new LocalAuthenticationOptions(options.AdminRoleName);
app.Use <LocalAuthenticationMiddleware>(local);
}
else if (options.SecurityMode == SecurityMode.OAuth2)
{
var jwtParams = new System.IdentityModel.Tokens.TokenValidationParameters
{
NameClaimType = options.OAuth2Configuration.NameClaimType,
RoleClaimType = options.OAuth2Configuration.RoleClaimType,
ValidAudience = options.OAuth2Configuration.Audience,
ValidIssuer = options.OAuth2Configuration.Issuer,
};
if (options.OAuth2Configuration.SigningCert != null)
{
jwtParams.IssuerSigningToken = new X509SecurityToken(options.OAuth2Configuration.SigningCert);
}
else
{
var bytes = Convert.FromBase64String(options.OAuth2Configuration.SigningKey);
jwtParams.IssuerSigningToken = new BinarySecretSecurityToken(bytes);
}
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions {
TokenValidationParameters = jwtParams
});
app.RequireScopes(new ScopeValidationOptions {
AllowAnonymousAccess = true,
Scopes = new string[] {
options.OAuth2Configuration.Scope
}
});
if (options.OAuth2Configuration.ClaimsTransformation != null)
{
app.Use(async(ctx, next) =>
{
var user = ctx.Authentication.User;
if (user != null)
{
user = options.OAuth2Configuration.ClaimsTransformation(user);
ctx.Authentication.User = user;
}
await next();
});
}
}
if (!options.DisableUserInterface)
{
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets")
});
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets/libs/fonts"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets.Content.fonts")
});
app.UseStageMarker(PipelineStage.MapHandler);
}
SignatureConversions.AddConversions(app);
app.UseWebApi(WebApiConfig.Configure(options));
app.UseStageMarker(PipelineStage.MapHandler);
}
public static void UseIdentityManager(this IAppBuilder app, IdentityManagerConfiguration config)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (config == null)
{
throw new ArgumentNullException("config");
}
config.Validate();
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>();
if (config.SecurityMode == SecurityMode.LocalMachine)
{
var local = new LocalAuthenticationOptions(config.AdminRoleName);
app.Use <LocalAuthenticationMiddleware>(local);
}
else if (config.SecurityMode == SecurityMode.OAuth2)
{
var jwtParams = new System.IdentityModel.Tokens.TokenValidationParameters
{
RoleClaimType = Constants.ClaimTypes.Role,
ValidAudience = config.OAuth2Configuration.Audience,
ValidIssuer = config.OAuth2Configuration.Issuer,
};
if (config.OAuth2Configuration.SigningCert != null)
{
jwtParams.IssuerSigningToken = new X509SecurityToken(config.OAuth2Configuration.SigningCert);
}
else
{
var bytes = Convert.FromBase64String(config.OAuth2Configuration.SigningKey);
jwtParams.IssuerSigningToken = new BinarySecretSecurityToken(bytes);
}
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions {
TokenValidationParameters = jwtParams
});
app.RequireScopes(new ScopeValidationOptions {
AllowAnonymousAccess = true,
Scopes = new string[] {
config.OAuth2Configuration.Scope
}
});
}
if (!config.DisableUserInterface)
{
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "Thinktecture.IdentityManager.Assets")
});
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets/libs/fonts"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "Thinktecture.IdentityManager.Assets.Content.fonts")
});
app.UseStageMarker(PipelineStage.MapHandler);
}
SignatureConversions.AddConversions(app);
var httpConfig = new HttpConfiguration();
WebApiConfig.Configure(httpConfig, config);
app.UseWebApi(httpConfig);
app.UseStageMarker(PipelineStage.MapHandler);
}
