Example #1
0
        /// <summary>
        /// Initializes a new instance of the <see cref="SentinelAuthorizationServerProvider"/> class.
        /// </summary>
        /// <exception cref="ArgumentNullException">
        /// Thrown when one or more required arguments are null.
        /// </exception>
        /// <param name="options">The security handler.</param>
        public SentinelAuthorizationServerProvider(SentinelAuthorizationServerOptions options)
        {
            if (options == null)
            {
                throw new ArgumentNullException("options");
            }

            this.options = options;
        }
        /// <summary>
        ///     Initializes a new instance of the
        ///     Sentinel.OAuth.Core.Providers.SentinelAuthorizationCodeProvider class.
        /// </summary>
        /// <exception cref="ArgumentNullException">
        ///     Thrown when one or more required arguments are null.
        /// </exception>
        /// <param name="options">Options for controlling the operation.</param>
        public SentinelAuthorizationCodeProvider(SentinelAuthorizationServerOptions options)
        {
            if (options == null)
            {
                throw new ArgumentNullException("options");
            }

            this.options = options;

            this.OnCreate  += this.CreateAuthorizationCode;
            this.OnReceive += this.ReceiveAuthorizationCode;
        }
        /// <summary>
        /// Adds OAuth2 Authorization Server capabilities to an OWIN web application. This middleware
        /// performs the request processing for the Authorize and Token endpoints defined by the OAuth2 specification.
        /// See also http://tools.ietf.org/html/rfc6749
        /// </summary>
        /// <param name="app">The web application builder</param>
        /// <param name="options">Options which control the behavior of the Authorization Server.</param>
        /// <returns>The application builder</returns>
        public static IAppBuilder UseSentinelAuthorizationServer(this IAppBuilder app, SentinelAuthorizationServerOptions options)
        {
            if (app == null)
            {
                throw new ArgumentNullException(nameof(app));
            }

            // Last minute default configurations
            if (options.Logger == null)
            {
                options.Logger = LogManager.GetLogger("Sentinel.OAuth");
            }

            if (options.IssuerUri == null)
            {
                throw new InvalidOperationException("IssuerUri must be set");
            }

            if (options.TokenCryptoProvider == null)
            {
                options.TokenCryptoProvider = new SHA2CryptoProvider(HashAlgorithm.SHA256);
            }

            if (options.PasswordCryptoProvider == null)
            {
                options.PasswordCryptoProvider = new PBKDF2CryptoProvider();
            }

            if (options.SignatureCryptoProvider == null)
            {
                options.SignatureCryptoProvider = new AsymmetricCryptoProvider();
            }

            if (options.PrincipalProvider == null)
            {
                options.PrincipalProvider = new PrincipalProvider(options.TokenCryptoProvider);
            }

            if (options.UserRepository == null && options.UserManager == null)
            {
                throw new InvalidOperationException("UserRepository must be set if not using a specific UserManager");
            }

            if (options.ClientRepository == null && options.ClientManager == null)
            {
                throw new InvalidOperationException("ClientRepository must be set if not using a specific ClientManager");
            }

            if (options.TokenRepository == null)
            {
                options.TokenRepository = new MemoryTokenRepository();
            }

            if (options.TokenProvider == null)
            {
                options.TokenProvider = new JwtTokenProvider(new JwtTokenProviderConfiguration(options.TokenCryptoProvider, options.IssuerUri, options.TokenCryptoProvider.CreateHash(256)));
            }

            if (options.TokenManager == null)
            {
                options.TokenManager = new TokenManager(options.Logger, options.PrincipalProvider, options.TokenProvider, options.TokenRepository);
            }

            if (options.UserManager == null && options.UserRepository != null)
            {
                options.UserManager = new UserManager(options.Logger, options.PasswordCryptoProvider, options.SignatureCryptoProvider, options.UserRepository, options.UserApiKeyRepository, options.ClientRepository);
            }

            if (options.ClientManager == null && options.ClientRepository != null)
            {
                options.ClientManager = new ClientManager(options.Logger, options.PasswordCryptoProvider, options.SignatureCryptoProvider, options.ClientRepository);
            }

            var oauthOptions = new OAuthAuthorizationServerOptions
            {
                AllowInsecureHttp               = true,
                AccessTokenExpireTimeSpan       = options.AccessTokenLifetime,
                AuthorizationCodeExpireTimeSpan = options.AuthorizationCodeLifetime,
                AuthorizeEndpointPath           = new PathString(options.AuthorizationCodeEndpointUrl),
                TokenEndpointPath               = new PathString(options.TokenEndpointUrl),
                Provider                  = new SentinelAuthorizationServerProvider(options),
                AccessTokenProvider       = new SentinelAccessTokenProvider(options),
                AuthorizationCodeProvider = new SentinelAuthorizationCodeProvider(options),
                RefreshTokenProvider      = new SentinelRefreshTokenProvider(options)
            };

            // Initialize underlying OWIN OAuth system
            app.UseOAuthAuthorizationServer(oauthOptions);
            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
            {
                AccessTokenProvider = oauthOptions.AccessTokenProvider
            });

            // Initialize basic auth if specified
            if (options.EnableBasicAuthentication)
            {
                var basicAuthenticationOptions = new BasicAuthenticationOptions()
                {
                    ClientManager           = options.ClientManager,
                    UserManager             = options.UserManager,
                    Logger                  = options.Logger,
                    RequireSecureConnection = options.RequireSecureConnection,
                    Realm = options.Realm
                };
                app.Use <BasicAuthenticationMiddleware>(basicAuthenticationOptions, oauthOptions);
            }

            if (options.EnableSignatureAuthentication)
            {
                var apiKeyAuthenticationOptions = new SignatureAuthenticationOptions()
                {
                    ClientManager           = options.ClientManager,
                    UserManager             = options.UserManager,
                    Logger                  = options.Logger,
                    Realm                   = options.Realm,
                    RequireSecureConnection = options.RequireSecureConnection,
                    MaximumClockSkew        = options.MaximumClockSkew
                };
                app.Use <SignatureAuthenticationMiddleware>(apiKeyAuthenticationOptions, oauthOptions);
            }

            app.UseStageMarker(PipelineStage.Authenticate);

            // Set up identity endpoint
            app.Map(options.IdentityEndpointUrl, config => config.Use <UserInfoMiddleware>());

            return(app);
        }