/// <summary>
/// Creates a session cookie meant to be used to hold the generated JSON Web Token and appends it to the response.
/// </summary>
/// <param name="cookieValue">The cookie value.</param>
private void CreateJwtCookieAndAppendToResponse(string cookieValue)
{
CookieBuilder cookieBuilder = new RequestPathBaseCookieBuilder
{
Name = _generalSettings.JwtCookieName,
//// To support OAuth authentication, a lax mode is required, see https://github.com/aspnet/Security/issues/1231.
SameSite = SameSiteMode.Lax,
HttpOnly = true,
SecurePolicy = CookieSecurePolicy.Always,
IsEssential = true,
Domain = _generalSettings.HostName
};
CookieOptions cookieOptions = cookieBuilder.Build(HttpContext);
ICookieManager cookieManager = new ChunkingCookieManager();
cookieManager.AppendResponseCookie(
HttpContext,
cookieBuilder.Name,
cookieValue,
cookieOptions);
ApplyHeaders();
}
/// <summary>
/// Initializes a new instance of the <see cref="Saml2Options" /> class.
/// </summary>
public Saml2Options()
{
ForwardChallenge = AuthenticationScheme;
SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
SignOutScheme = AuthenticationScheme;
AuthenticationScheme = Saml2Defaults.AuthenticationScheme;
SignOutPath = new PathString("/signedout");
CallbackPath = new PathString("/saml2-signin");
DefaultRedirectUrl = new PathString("/");
RequireHttpsMetadata = true;
ForceAuthn = true;
NameIDType = new NameIDType();
IsPassive = false;
DefaultMetadataFolderLocation = "wwwroot";
DefaultMetadataFileName = "Metadata";
CreateMetadataFile = false;
ServiceProvider = new ServiceProviderInfo()
{
CertificateIdentifierType = X509FindType.FindBySerialNumber,
CertificateStoreName = StoreName.Root,
CertificateStoreLocation = StoreLocation.LocalMachine,
HashAlgorithm = HashAlgorithmName.SHA256,
AssertionConsumerServices = new IndexedEndpointType[]
{
new IndexedEndpointType()
{
Binding = ProtocolBindings.HTTP_Post, //must only allow POST
index = 0,
isDefault = true,
isDefaultSpecified = true
}
},
SingleLogoutServices = new EndpointType[]
{
new EndpointType()
{
Binding = ProtocolBindings.HTTP_Post //must only allow Post back to sp
}
}
};
WantAssertionsSigned = false;
RequireMessageSigned = false;
RequestIdCookieLifetime = TimeSpan.FromMinutes(10);
RequestCookieId = new RequestPathBaseCookieBuilder()
{
HttpOnly = true,
SameSite = SameSiteMode.None,
SecurePolicy = CookieSecurePolicy.SameAsRequest,
Expiration = RequestIdCookieLifetime
};
Events = new Saml2Events();
AllowUnsolicitedLogins = false;
}
/// <summary>
/// Creates a session cookie meant to be used to hold the generated JSON Web Token and appends it to the response.
/// </summary>
/// <param name="cookieValue">The cookie value.</param>
private void CreateJwtCookieAndAppendToResponse(string cookieValue)
{
CookieBuilder cookieBuilder = new RequestPathBaseCookieBuilder
{
Name = "AltinnStudioRuntime",
SameSite = SameSiteMode.Lax,
HttpOnly = true,
SecurePolicy = CookieSecurePolicy.None,
IsEssential = true,
Domain = _generalSettings.HostName,
Expiration = new TimeSpan(0, 1337, 0)
};
CookieOptions cookieOptions = cookieBuilder.Build(HttpContext);
ICookieManager cookieManager = new ChunkingCookieManager();
cookieManager.AppendResponseCookie(
HttpContext,
cookieBuilder.Name,
cookieValue,
cookieOptions);
}
