public DiscoveryDocumentIssuerSecurityKeyProvider(string discoveryEndpoint, BearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory)
{
_logger = loggerFactory.Create(this.GetType().FullName);
//if (options.BackchannelCertificateValidator != null)
//{
// // Set the cert validate callback
// var webRequestHandler = handler as WebRequestHandler;
// if (webRequestHandler == null)
// {
// throw new InvalidOperationException("The back channel handler must derive from WebRequestHandler in order to use a certificate validator");
// }
// webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
//}RequireHttps
_configurationManager = new ConfigurationManager <OpenIdConnectConfiguration>(discoveryEndpoint, new OpenIdConnectConfigurationRetriever(), new HttpDocumentRetriever()
{
RequireHttps = false
})
{
AutomaticRefreshInterval = options.AutomaticRefreshInterval
};
if (!options.DelayLoadMetadata)
{
RetrieveMetadata();
}
}
internal static Lazy <OAuthBearerAuthenticationOptions> ConfigureLocalValidation(
BearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory)
{
return(new Lazy <OAuthBearerAuthenticationOptions>(() =>
{
// use discovery endpoint
if (string.IsNullOrWhiteSpace(options.Authority))
{
throw new Exception("Either set IssuerName and SigningCertificate - or Authority");
}
var discoveryEndpoint = options.Authority.EnsureTrailingSlash();
discoveryEndpoint += ".well-known/openid-configuration";
IIssuerSecurityKeyProvider issuerProvider = new DiscoveryDocumentIssuerSecurityKeyProvider(
discoveryEndpoint,
options,
loggerFactory);
var valParams = new TokenValidationParameters
{
NameClaimType = options.NameClaimType,
RoleClaimType = options.RoleClaimType
};
valParams.IssuerSigningKeyResolver = ResolveRsaKeys;
valParams.ValidateAudience = false;
var tokenFormat = new JwtFormat(valParams, issuerProvider);
var bearerOptions = new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = tokenFormat,
AuthenticationMode = options.AuthenticationMode,
AuthenticationType = options.AuthenticationType,
Provider = new ContextTokenProvider(options.TokenProvider)
};
return bearerOptions;
}, LazyThreadSafetyMode.PublicationOnly));
}
public static IAppBuilder UseCustomBearerTokenAuthentication(this IAppBuilder app, BearerTokenAuthenticationOptions options)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
var loggerFactory = app.GetLoggerFactory();
var middlewareOptions = ConfigureLocalValidation(options, loggerFactory);
app.Use <BearerTokenValidationMiddleware>(app, middlewareOptions);
//if (options.RequiredScopes.Any())
//{
// var scopeOptions = new ScopeRequirementOptions
// {
// AuthenticationType = options.AuthenticationType,
// RequiredScopes = options.RequiredScopes
// };
// app.Use<ScopeRequirementMiddleware>(scopeOptions);
//}
app.UseStageMarker(PipelineStage.Authenticate);
return(app);
}
