private static void ConfigureRoutes(IdentityServerOptions options, HttpConfiguration config)
{
if (options.EnableWelcomePage)
{
config.Routes.MapHttpRoute(Constants.RouteNames.Welcome, Constants.RoutePaths.Welcome, new { controller = "Welcome", action = "Get" });
}
}
public static HttpConfiguration Configure(IdentityServerOptions options, ILifetimeScope container)
{
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
config.SuppressDefaultHostAuthentication();
config.DependencyResolver = new AutofacWebApiDependencyResolver(container);
config.Services.Add(typeof(IExceptionLogger), new LogProviderExceptionLogger());
config.Services.Replace(typeof(IHttpControllerTypeResolver), new HttpControllerTypeResolver());
config.Formatters.Remove(config.Formatters.XmlFormatter);
config.IncludeErrorDetailPolicy = IncludeErrorDetailPolicy.LocalOnly;
if (options.LoggingOptions.EnableWebApiDiagnostics)
{
var liblog = new TraceSource("LibLog");
liblog.Switch.Level = SourceLevels.All;
liblog.Listeners.Add(new LibLogTraceListener());
var diag = config.EnableSystemDiagnosticsTracing();
diag.IsVerbose = options.LoggingOptions.WebApiDiagnosticsIsVerbose;
diag.TraceSource = liblog;
}
ConfigureRoutes(options, config);
return config;
}
internal LastUserNameCookie(IOwinContext ctx, IdentityServerOptions options)
{
if (ctx == null) throw new ArgumentNullException("ctx");
if (options == null) throw new ArgumentNullException("options");
this.ctx = ctx;
this.options = options;
}
public FranceConnectTokenValidator(IdentityServerOptions options, IdentityServerContext context, IClientStore clients, ITokenHandleStore tokenHandles, ICustomTokenValidator customValidator, IEnumerable<IValidationKeysStore> keys, ILogger<TokenValidator> logger)
{
_options = options;
_context = context;
_clients = clients;
_tokenHandles = tokenHandles;
_customValidator = customValidator;
_keys = keys;
_logger = logger;
}
public MultiTenantEndpointRouter(
Dictionary<string, EndpointName> pathToNameMap,
IdentityServerOptions options,
IEnumerable<EndpointMapping> mappings,
IOptions<MultiTenantOptions> multiTenantOptionsAccessor,
ILogger<MultiTenantEndpointRouter> logger
)
{
_pathToNameMap = pathToNameMap;
_options = options;
_mappings = mappings;
_logger = logger;
multiTenantOptions = multiTenantOptionsAccessor.Value;
}
public static HttpConfiguration Configure(IdentityServerOptions options)
{
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
config.SuppressDefaultHostAuthentication();
config.MessageHandlers.Insert(0, new KatanaDependencyResolver());
config.Services.Add(typeof(IExceptionLogger), new LogProviderExceptionLogger());
config.Formatters.Remove(config.Formatters.XmlFormatter);
if (options.EnableWebApiDiagnostics)
{
config.EnableSystemDiagnosticsTracing();
}
return config;
}
public BasicAuthenticationSecretParsing()
{
_options = new IdentityServerOptions();
_parser = new BasicAuthenticationSecretParser(_options, TestLogger.Create <BasicAuthenticationSecretParser>());
}
public static TokenRequestValidator CreateTokenRequestValidator(
IdentityServerOptions options = null,
IIssuerNameService issuerNameService = null,
IResourceStore resourceStore = null,
IAuthorizationCodeStore authorizationCodeStore = null,
IRefreshTokenStore refreshTokenStore = null,
IResourceOwnerPasswordValidator resourceOwnerValidator = null,
IProfileService profile = null,
IDeviceCodeValidator deviceCodeValidator = null,
IEnumerable <IExtensionGrantValidator> extensionGrantValidators = null,
ICustomTokenRequestValidator customRequestValidator = null,
IRefreshTokenService refreshTokenService = null,
IResourceValidator resourceValidator = null)
{
if (options == null)
{
options = TestIdentityServerOptions.Create();
}
if (issuerNameService == null)
{
issuerNameService = new TestIssuerNameService(options.IssuerUri);
}
if (resourceStore == null)
{
resourceStore = new InMemoryResourcesStore(TestScopes.GetIdentity(), TestScopes.GetApis(), TestScopes.GetScopes());
}
if (resourceOwnerValidator == null)
{
resourceOwnerValidator = new TestResourceOwnerPasswordValidator();
}
if (profile == null)
{
profile = new TestProfileService();
}
if (deviceCodeValidator == null)
{
deviceCodeValidator = new TestDeviceCodeValidator();
}
if (customRequestValidator == null)
{
customRequestValidator = new DefaultCustomTokenRequestValidator();
}
ExtensionGrantValidator aggregateExtensionGrantValidator;
if (extensionGrantValidators == null)
{
aggregateExtensionGrantValidator = new ExtensionGrantValidator(new[] { new TestGrantValidator() }, TestLogger.Create <ExtensionGrantValidator>());
}
else
{
aggregateExtensionGrantValidator = new ExtensionGrantValidator(extensionGrantValidators, TestLogger.Create <ExtensionGrantValidator>());
}
if (authorizationCodeStore == null)
{
authorizationCodeStore = CreateAuthorizationCodeStore();
}
if (refreshTokenStore == null)
{
refreshTokenStore = CreateRefreshTokenStore();
}
if (resourceValidator == null)
{
resourceValidator = CreateResourceValidator(resourceStore);
}
if (refreshTokenService == null)
{
refreshTokenService = CreateRefreshTokenService(
refreshTokenStore,
profile);
}
return(new TokenRequestValidator(
options,
issuerNameService,
authorizationCodeStore,
resourceOwnerValidator,
profile,
deviceCodeValidator,
aggregateExtensionGrantValidator,
customRequestValidator,
resourceValidator,
resourceStore,
refreshTokenService,
new TestEventService(),
new StubClock(),
TestLogger.Create <TokenRequestValidator>()));
}
private static void ConfigureRoutes(IdentityServerOptions options, HttpConfiguration config)
{
if (options.EnableWelcomePage)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Welcome,
Constants.RoutePaths.Welcome,
new { controller = "Welcome", action = "Get" });
}
if (options.Endpoints.EnableAccessTokenValidationEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.AccessTokenValidation,
Constants.RoutePaths.Oidc.AccessTokenValidation,
new { controller = "AccessTokenValidation" });
}
if (options.Endpoints.EnableIntrospectionEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.Introspection,
Constants.RoutePaths.Oidc.Introspection,
new { controller = "IntrospectionEndpoint" });
}
if (options.Endpoints.EnableAuthorizeEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.Authorize,
Constants.RoutePaths.Oidc.Authorize,
new { controller = "AuthorizeEndpoint", action = "Get" });
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.Consent,
Constants.RoutePaths.Oidc.Consent,
new { controller = "AuthorizeEndpoint", action = "PostConsent" });
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.SwitchUser,
Constants.RoutePaths.Oidc.SwitchUser,
new { controller = "AuthorizeEndpoint", action = "LoginAsDifferentUser" });
}
if (options.Endpoints.EnableCheckSessionEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.CheckSession,
Constants.RoutePaths.Oidc.CheckSession,
new { controller = "CheckSessionEndpoint" });
}
if (options.Endpoints.EnableClientPermissionsEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.ClientPermissions,
Constants.RoutePaths.ClientPermissions,
new { controller = "ClientPermissions" });
}
if (options.Endpoints.EnableCspReportEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.CspReport,
Constants.RoutePaths.CspReport,
new { controller = "CspReport" });
}
if (options.Endpoints.EnableDiscoveryEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.DiscoveryConfiguration,
Constants.RoutePaths.Oidc.DiscoveryConfiguration,
new { controller = "DiscoveryEndpoint", action = "GetConfiguration" });
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.DiscoveryWebKeys,
Constants.RoutePaths.Oidc.DiscoveryWebKeys,
new { controller = "DiscoveryEndpoint", action= "GetKeyData" });
}
if (options.Endpoints.EnableEndSessionEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.EndSession,
Constants.RoutePaths.Oidc.EndSession,
new { controller = "EndSession", action = "Logout" });
}
// this one is always enabled/allowed (for use by our logout page)
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.EndSessionCallback,
Constants.RoutePaths.Oidc.EndSessionCallback,
new { controller = "EndSession", action = "LogoutCallback" });
if (options.Endpoints.EnableIdentityTokenValidationEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.IdentityTokenValidation,
Constants.RoutePaths.Oidc.IdentityTokenValidation,
new { controller = "IdentityTokenValidation" });
}
if (options.Endpoints.EnableTokenEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.Token,
Constants.RoutePaths.Oidc.Token,
new { controller = "TokenEndpoint", action= "Post" });
}
if (options.Endpoints.EnableTokenRevocationEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.Revocation,
Constants.RoutePaths.Oidc.Revocation,
new { controller = "RevocationEndpoint", action = "Post" });
}
if (options.Endpoints.EnableUserInfoEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.UserInfo,
Constants.RoutePaths.Oidc.UserInfo,
new { controller = "UserInfoEndpoint" });
}
}
public static TokenRequestValidator CreateTokenRequestValidator(
IdentityServerOptions options = null,
IResourceStore resourceStore = null,
IAuthorizationCodeStore authorizationCodeStore = null,
IRefreshTokenStore refreshTokenStore = null,
IResourceOwnerPasswordValidator resourceOwnerValidator = null,
IProfileService profile = null,
IEnumerable <IExtensionGrantValidator> extensionGrantValidators = null,
ICustomTokenRequestValidator customRequestValidator = null,
ScopeValidator scopeValidator = null)
{
if (options == null)
{
options = TestIdentityServerOptions.Create();
}
if (resourceStore == null)
{
resourceStore = new InMemoryResourcesStore(TestScopes.GetIdentity(), TestScopes.GetApis());
}
if (resourceOwnerValidator == null)
{
resourceOwnerValidator = new TestResourceOwnerPasswordValidator();
}
if (profile == null)
{
profile = new TestProfileService();
}
if (customRequestValidator == null)
{
customRequestValidator = new DefaultCustomTokenRequestValidator();
}
ExtensionGrantValidator aggregateExtensionGrantValidator;
if (extensionGrantValidators == null)
{
aggregateExtensionGrantValidator = new ExtensionGrantValidator(new[] { new TestGrantValidator() }, TestLogger.Create <ExtensionGrantValidator>());
}
else
{
aggregateExtensionGrantValidator = new ExtensionGrantValidator(extensionGrantValidators, TestLogger.Create <ExtensionGrantValidator>());
}
if (authorizationCodeStore == null)
{
authorizationCodeStore = CreateAuthorizationCodeStore();
}
if (refreshTokenStore == null)
{
refreshTokenStore = CreateRefreshTokenStore();
}
if (scopeValidator == null)
{
scopeValidator = new ScopeValidator(resourceStore, new LoggerFactory().CreateLogger <ScopeValidator>());
}
return(new TokenRequestValidator(
options,
authorizationCodeStore,
refreshTokenStore,
resourceOwnerValidator,
profile,
aggregateExtensionGrantValidator,
customRequestValidator,
scopeValidator,
new TestEventService(),
TestLogger.Create <TokenRequestValidator>()));
}
void Init(HttpContext context)
{
_clientList = _clientList ?? context.RequestServices.GetRequiredService <IClientSessionService>();
_logoutMessageStore = _logoutMessageStore ?? context.RequestServices.GetRequiredService <IMessageStore <LogoutMessage> >();
_options = _options ?? context.RequestServices.GetRequiredService <IdentityServerOptions>();
}
private void Init(HttpContext context)
{
_options = _options ?? context.RequestServices.GetRequiredService <IdentityServerOptions>();
_authorizationParametersMessageStore = _authorizationParametersMessageStore ?? context.RequestServices.GetService <IAuthorizationParametersMessageStore>();
}
/// <summary>
/// Initializes a new instance of the <see cref="DefaultTokenCreationService"/> class.
/// </summary>
/// <param name="options">The options.</param>
/// <param name="keys">The keys.</param>
/// <param name="logger">The logger.</param>
public DefaultTokenCreationService(IdentityServerOptions options, IKeyMaterialService keys, ILogger <DefaultTokenCreationService> logger)
{
Options = options;
Keys = keys;
Logger = logger;
}
public virtual void Configure(IAppBuilder owinApp)
{
if (owinApp == null)
{
throw new ArgumentNullException(nameof(owinApp));
}
owinApp.Map("/core", coreApp =>
{
LogProvider.SetCurrentLogProvider(DependencyManager.Resolve <ILogProvider>());
IdentityServerServiceFactory factory = new IdentityServerServiceFactory()
.UseInMemoryClients(DependencyManager.Resolve <IOAuthClientsProvider>().GetClients().ToArray())
.UseInMemoryScopes(ScopesProvider.GetScopes());
IUserService ResolveUserService(IdentityServer3.Core.Services.IDependencyResolver resolver)
{
OwinEnvironmentService owinEnv = resolver.Resolve <OwinEnvironmentService>();
IOwinContext owinContext = new OwinContext(owinEnv.Environment);
IUserService userService = owinContext.GetDependencyResolver().Resolve <IUserService>();
if (userService is UserService bitUserService)
{
bitUserService.CurrentCancellationToken = owinContext.Request.CallCancelled;
}
return(userService);
}
factory.UserService = new Registration <IUserService>(ResolveUserService);
factory.EventService = new Registration <IEventService>(EventService);
IViewService ResolveViewService(IdentityServer3.Core.Services.IDependencyResolver resolver)
{
OwinEnvironmentService owinEnv = resolver.Resolve <OwinEnvironmentService>();
IOwinContext owinContext = new OwinContext(owinEnv.Environment);
return(owinContext.GetDependencyResolver().Resolve <IViewService>());
}
factory.ViewService = new Registration <IViewService>(ResolveViewService);
factory.RedirectUriValidator = new Registration <IRedirectUriValidator>(RedirectUriValidator);
bool requireSslConfigValue = AppEnvironment.GetConfig("RequireSsl", defaultValueOnNotFound: false);
string identityServerSiteName = AppEnvironment.GetConfig("IdentityServerSiteName", $"{AppEnvironment.AppInfo.Name} Identity Server");
IdentityServerOptions identityServerOptions = new IdentityServerOptions
{
SiteName = identityServerSiteName,
SigningCertificate = AppCertificatesProvider.GetSingleSignOnCertificate(),
Factory = factory,
RequireSsl = requireSslConfigValue,
EnableWelcomePage = AppEnvironment.DebugMode == true,
IssuerUri = AppEnvironment.GetSsoIssuerName(),
CspOptions = new CspOptions
{
// Content security policy
Enabled = false
},
Endpoints = new EndpointOptions
{
EnableAccessTokenValidationEndpoint = true,
EnableAuthorizeEndpoint = true,
EnableCheckSessionEndpoint = true,
EnableClientPermissionsEndpoint = true,
EnableCspReportEndpoint = true,
EnableDiscoveryEndpoint = true,
EnableEndSessionEndpoint = true,
EnableIdentityTokenValidationEndpoint = true,
EnableIntrospectionEndpoint = true,
EnableTokenEndpoint = true,
EnableTokenRevocationEndpoint = true,
EnableUserInfoEndpoint = true
},
EventsOptions = new EventsOptions
{
RaiseErrorEvents = true,
RaiseFailureEvents = true
},
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders
}
};
foreach (IIdentityServerOptionsCustomizer customizer in Customizers)
{
customizer.Customize(identityServerOptions);
}
coreApp.UseIdentityServer(identityServerOptions);
});
}
/// <summary>
/// ctor
/// </summary>
/// <param name="httpContextAccessor"></param>
/// <param name="identityServerOptions"></param>
/// <param name="options"></param>
public PostConfigureApplicationCookieTicketStore(IHttpContextAccessor httpContextAccessor, IdentityServerOptions identityServerOptions, IOptions <Microsoft.AspNetCore.Authentication.AuthenticationOptions> options)
{
_httpContextAccessor = httpContextAccessor;
_scheme = identityServerOptions.Authentication.CookieAuthenticationScheme ??
options.Value.DefaultAuthenticateScheme ??
options.Value.DefaultScheme;
}
public Startup(IHostingEnvironment env)
{
// Load all the configuration information from the "json" file & the environment variables.
var builder = new ConfigurationBuilder()
.AddJsonFile("appsettings.json")
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
.AddEnvironmentVariables();
Configuration = builder.Build();
_authenticationOptions = new AuthenticationMiddlewareOptions
{
IdServer = new IdServerOptions
{
ExternalLoginCallback = "/Authenticate/LoginCallback",
LoginUrls = new List <string>
{
"/Authenticate",
"/Authenticate/ExternalLogin",
"/Authenticate/OpenId",
"/Authenticate/LocalLoginOpenId",
"/Authenticate/LocalLogin",
"/Authenticate/ExternalLoginOpenId"
}
},
ConfigurationEdp = new ConfigurationEdpOptions
{
ConfigurationUrl = Configuration["ConfigurationEdp:Url"],
ClientId = Configuration["ConfigurationEdp:ClientId"],
ClientSecret = Configuration["ConfigurationEdp:ClientSecret"],
Scopes = new List <string>
{
"display_configuration"
}
}
};
var twoFactorServiceStore = new TwoFactorServiceStore();
var factory = new SimpleIdServerConfigurationClientFactory();
twoFactorServiceStore.Add(new DefaultTwilioSmsService(factory, Configuration["ConfigurationEdp:Url"]));
twoFactorServiceStore.Add(new DefaultEmailService(factory, Configuration["ConfigurationEdp:Url"]));
_options = new IdentityServerOptions
{
IsDeveloperModeEnabled = false,
DataSource = new DataSourceOptions
{
IsOpenIdDataMigrated = true,
IsEvtStoreDataMigrated = true,
},
Logging = new LoggingOptions
{
ElasticsearchOptions = new ElasticsearchOptions(),
FileLogOptions = new FileLogOptions()
},
Authenticate = new AuthenticateOptions
{
CookieName = Constants.CookieName
},
Scim = new ScimOptions
{
IsEnabled = true,
EndPoint = "http://localhost:5555/"
},
TwoFactorServiceStore = twoFactorServiceStore
};
var openIdType = Configuration["Db:OpenIdType"];
var evtStoreType = Configuration["Db:EvtStoreType"];
if (string.Equals(openIdType, "SQLSERVER", System.StringComparison.CurrentCultureIgnoreCase))
{
_options.DataSource.OpenIdDataSourceType = DataSourceTypes.SqlServer;
_options.DataSource.OpenIdConnectionString = Configuration["Db:OpenIdConnectionString"];
}
else if (string.Equals(openIdType, "SQLITE", System.StringComparison.CurrentCultureIgnoreCase))
{
_options.DataSource.OpenIdDataSourceType = DataSourceTypes.SqlLite;
_options.DataSource.OpenIdConnectionString = Configuration["Db:OpenIdConnectionString"];
}
else if (string.Equals(openIdType, "POSTGRE", System.StringComparison.CurrentCultureIgnoreCase))
{
_options.DataSource.OpenIdDataSourceType = DataSourceTypes.Postgre;
_options.DataSource.OpenIdConnectionString = Configuration["Db:OpenIdConnectionString"];
}
else
{
_options.DataSource.OpenIdDataSourceType = DataSourceTypes.InMemory;
}
if (string.Equals(evtStoreType, "SQLSERVER", System.StringComparison.CurrentCultureIgnoreCase))
{
_options.DataSource.EvtStoreDataSourceType = DataSourceTypes.SqlServer;
_options.DataSource.EvtStoreConnectionString = Configuration["Db:EvtStoreConnectionString"];
}
else if (string.Equals(evtStoreType, "SQLITE", System.StringComparison.CurrentCultureIgnoreCase))
{
_options.DataSource.EvtStoreDataSourceType = DataSourceTypes.SqlLite;
_options.DataSource.EvtStoreConnectionString = Configuration["Db:EvtStoreConnectionString"];
}
else if (string.Equals(evtStoreType, "POSTGRE", System.StringComparison.CurrentCultureIgnoreCase))
{
_options.DataSource.EvtStoreDataSourceType = DataSourceTypes.Postgre;
_options.DataSource.EvtStoreConnectionString = Configuration["Db:EvtStoreConnectionString"];
}
else
{
_options.DataSource.EvtStoreDataSourceType = DataSourceTypes.InMemory;
}
bool isLogFileEnabled,
isElasticSearchEnabled;
if (bool.TryParse(Configuration["Log:File:Enabled"], out isLogFileEnabled))
{
_options.Logging.FileLogOptions.IsEnabled = isLogFileEnabled;
if (isLogFileEnabled)
{
_options.Logging.FileLogOptions.PathFormat = Configuration["Log:File:PathFormat"];
}
}
if (bool.TryParse(Configuration["Log:Elasticsearch:Enabled"], out isElasticSearchEnabled))
{
_options.Logging.ElasticsearchOptions.IsEnabled = isElasticSearchEnabled;
if (isElasticSearchEnabled)
{
_options.Logging.ElasticsearchOptions.Url = Configuration["Log:Elasticsearch:Url"];
}
}
}
internal AntiForgeryToken(IOwinContext context, IdentityServerOptions options)
{
this.context = context;
this.options = options;
}
public AuthorizeRedirectResult(AuthorizeResponse response, IdentityServerOptions options)
{
_response = response;
_options = options;
}
public DefaultTokenSigningService(IdentityServerOptions options)
{
_options = options;
}
public static IContainer Configure(IdentityServerOptions options)
{
if (options == null) throw new ArgumentNullException("options");
if (options.Factory == null) throw new InvalidOperationException("null factory");
IdentityServerServiceFactory fact = options.Factory;
fact.Validate();
var builder = new ContainerBuilder();
builder.RegisterInstance(options).AsSelf();
// mandatory from factory
builder.Register(fact.UserService, "inner");
builder.RegisterDecorator<IUserService>((s, inner) =>
{
var filter = s.Resolve<IExternalClaimsFilter>();
return new ExternalClaimsFilterUserService(filter, inner);
}, "inner");
builder.Register(fact.ScopeStore);
builder.Register(fact.ClientStore);
// optional from factory
if (fact.AuthorizationCodeStore != null)
{
builder.Register(fact.AuthorizationCodeStore, "inner");
}
else
{
var inmemCodeStore = new InMemoryAuthorizationCodeStore();
builder.RegisterInstance(inmemCodeStore).Named<IAuthorizationCodeStore>("inner");
}
builder.RegisterDecorator<IAuthorizationCodeStore>((s, inner) =>
{
return new KeyHashingAuthorizationCodeStore(inner);
}, "inner");
if (fact.TokenHandleStore != null)
{
builder.Register(fact.TokenHandleStore, "inner");
}
else
{
var inmemTokenHandleStore = new InMemoryTokenHandleStore();
builder.RegisterInstance(inmemTokenHandleStore).Named<ITokenHandleStore>("inner");
}
builder.RegisterDecorator<ITokenHandleStore>((s, inner) =>
{
return new KeyHashingTokenHandleStore(inner);
}, "inner");
if (fact.RefreshTokenStore != null)
{
builder.Register(fact.RefreshTokenStore, "inner");
}
else
{
var inmemRefreshTokenStore = new InMemoryRefreshTokenStore();
builder.RegisterInstance(inmemRefreshTokenStore).Named<IRefreshTokenStore>("inner");
}
builder.RegisterDecorator<IRefreshTokenStore>((s, inner) =>
{
return new KeyHashingRefreshTokenStore(inner);
}, "inner");
if (fact.ConsentStore != null)
{
builder.Register(fact.ConsentStore);
}
else
{
var inmemConsentStore = new InMemoryConsentStore();
builder.RegisterInstance(inmemConsentStore).As<IConsentStore>();
}
if (fact.ClaimsProvider != null)
{
builder.Register(fact.ClaimsProvider);
}
else
{
builder.RegisterType<DefaultClaimsProvider>().As<IClaimsProvider>();
}
if (fact.TokenService != null)
{
builder.Register(fact.TokenService);
}
else
{
builder.RegisterType<DefaultTokenService>().As<ITokenService>();
}
if (fact.RefreshTokenService != null)
{
builder.Register(fact.RefreshTokenService);
}
else
{
builder.RegisterType<DefaultRefreshTokenService>().As<IRefreshTokenService>();
}
if (fact.TokenSigningService != null)
{
builder.Register(fact.TokenSigningService);
}
else
{
builder.RegisterType<DefaultTokenSigningService>().As<ITokenSigningService>();
}
if (fact.CustomRequestValidator != null)
{
builder.Register(fact.CustomRequestValidator);
}
else
{
builder.RegisterType<DefaultCustomRequestValidator>().As<ICustomRequestValidator>();
}
if (fact.CustomGrantValidator != null)
{
builder.Register(fact.CustomGrantValidator);
}
else
{
builder.RegisterType<DefaultCustomGrantValidator>().As<ICustomGrantValidator>();
}
if (fact.ExternalClaimsFilter != null)
{
builder.Register(fact.ExternalClaimsFilter);
}
else
{
builder.RegisterType<NopClaimsFilter>().As<IExternalClaimsFilter>();
}
if (fact.CustomTokenValidator != null)
{
builder.Register(fact.CustomTokenValidator);
}
else
{
builder.RegisterType<DefaultCustomTokenValidator>().As<ICustomTokenValidator>();
}
if (fact.ConsentService != null)
{
builder.Register(fact.ConsentService);
}
else
{
builder.RegisterType<DefaultConsentService>().As<IConsentService>();
}
if (fact.EventService != null)
{
builder.Register(fact.EventService);
}
else
{
builder.RegisterType<DefaultEventService>().As<IEventService>();
}
if (fact.RedirectUriValidator != null)
{
builder.Register(fact.RedirectUriValidator);
}
else
{
builder.RegisterType<DefaultRedirectUriValidator>().As<IRedirectUriValidator>();
}
// this is more of an internal interface, but maybe we want to open it up as pluggable?
// this is used by the DefaultClientPermissionsService below, or it could be used
// by a custom IClientPermissionsService
builder.Register(ctx =>
{
var consent = ctx.Resolve<IConsentStore>();
var refresh = ctx.Resolve<IRefreshTokenStore>();
var code = ctx.Resolve<IAuthorizationCodeStore>();
var access = ctx.Resolve<ITokenHandleStore>();
return new AggregatePermissionsStore(
consent,
new TokenMetadataPermissionsStoreAdapter(refresh.GetAllAsync, refresh.RevokeAsync),
new TokenMetadataPermissionsStoreAdapter(code.GetAllAsync, code.RevokeAsync),
new TokenMetadataPermissionsStoreAdapter(access.GetAllAsync, access.RevokeAsync)
);
}).As<IPermissionsStore>();
if (fact.ClientPermissionsService != null)
{
builder.Register(fact.ClientPermissionsService);
}
else
{
builder.RegisterType<DefaultClientPermissionsService>().As<IClientPermissionsService>();
}
if (fact.ViewService != null)
{
builder.Register(fact.ViewService);
}
else
{
builder.RegisterType<DefaultViewService>().As<IViewService>();
}
// hosting services
builder.RegisterType<OwinEnvironmentService>();
// validators
builder.RegisterType<TokenRequestValidator>();
builder.RegisterType<AuthorizeRequestValidator>();
builder.RegisterType<ClientValidator>();
builder.RegisterType<TokenValidator>();
builder.RegisterType<EndSessionRequestValidator>();
builder.RegisterType<BearerTokenUsageValidator>();
builder.RegisterType<ScopeValidator>();
// processors
builder.RegisterType<TokenResponseGenerator>();
builder.RegisterType<AuthorizeResponseGenerator>();
builder.RegisterType<AuthorizeInteractionResponseGenerator>();
builder.RegisterType<UserInfoResponseGenerator>();
builder.RegisterType<EndSessionResponseGenerator>();
// for authentication
var authenticationOptions = options.AuthenticationOptions ?? new AuthenticationOptions();
builder.RegisterInstance(authenticationOptions).AsSelf();
// load core controller
builder.RegisterApiControllers(typeof(AuthorizeEndpointController).Assembly);
// add any additional dependencies from hosting application
foreach(var registration in fact.Registrations)
{
builder.Register(registration);
}
return builder.Build();
}
public static IContainer Configure(IdentityServerOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
if (options.Factory == null)
{
throw new InvalidOperationException("null factory");
}
IdentityServerServiceFactory fact = options.Factory;
fact.Validate();
var builder = new ContainerBuilder();
builder.RegisterInstance(options).AsSelf();
// mandatory from factory
builder.Register(fact.ScopeStore);
builder.Register(fact.ClientStore);
builder.RegisterDecorator <IUserService, ExternalClaimsFilterUserService>(fact.UserService);
// optional from factory
builder.RegisterDecoratorDefaultInstance <IAuthorizationCodeStore, KeyHashingAuthorizationCodeStore, InMemoryAuthorizationCodeStore>(fact.AuthorizationCodeStore);
builder.RegisterDecoratorDefaultInstance <ITokenHandleStore, KeyHashingTokenHandleStore, InMemoryTokenHandleStore>(fact.TokenHandleStore);
builder.RegisterDecoratorDefaultInstance <IRefreshTokenStore, KeyHashingRefreshTokenStore, InMemoryRefreshTokenStore>(fact.RefreshTokenStore);
builder.RegisterDefaultInstance <IConsentStore, InMemoryConsentStore>(fact.ConsentStore);
builder.RegisterDefaultType <IClaimsProvider, DefaultClaimsProvider>(fact.ClaimsProvider);
builder.RegisterDefaultType <ITokenService, DefaultTokenService>(fact.TokenService);
builder.RegisterDefaultType <IRefreshTokenService, DefaultRefreshTokenService>(fact.RefreshTokenService);
builder.RegisterDefaultType <ITokenSigningService, DefaultTokenSigningService>(fact.TokenSigningService);
builder.RegisterDefaultType <ICustomRequestValidator, DefaultCustomRequestValidator>(fact.CustomRequestValidator);
builder.RegisterDefaultType <ICustomGrantValidator, DefaultCustomGrantValidator>(fact.CustomGrantValidator);
builder.RegisterDefaultType <IExternalClaimsFilter, NopClaimsFilter>(fact.ExternalClaimsFilter);
builder.RegisterDefaultType <ICustomTokenValidator, DefaultCustomTokenValidator>(fact.CustomTokenValidator);
builder.RegisterDefaultType <IConsentService, DefaultConsentService>(fact.ConsentService);
builder.RegisterDecoratorDefaultType <IEventService, EventServiceDecorator, DefaultEventService>(fact.EventService);
builder.RegisterDefaultType <IRedirectUriValidator, DefaultRedirectUriValidator>(fact.RedirectUriValidator);
builder.RegisterDefaultType <ILocalizationService, DefaultLocalizationService>(fact.LocalizationService);
builder.RegisterDefaultType <IClientPermissionsService, DefaultClientPermissionsService>(fact.ClientPermissionsService);
builder.RegisterDefaultType <IViewService, DefaultViewService>(fact.ViewService);
builder.RegisterDefaultType <IClientSecretValidator, HashedClientSecretValidator>(fact.ClientSecretValidator);
// this is more of an internal interface, but maybe we want to open it up as pluggable?
// this is used by the DefaultClientPermissionsService below, or it could be used
// by a custom IClientPermissionsService
builder.Register(ctx =>
{
var consent = ctx.Resolve <IConsentStore>();
var refresh = ctx.Resolve <IRefreshTokenStore>();
var code = ctx.Resolve <IAuthorizationCodeStore>();
var access = ctx.Resolve <ITokenHandleStore>();
return(new AggregatePermissionsStore(
consent,
new TokenMetadataPermissionsStoreAdapter(refresh.GetAllAsync, refresh.RevokeAsync),
new TokenMetadataPermissionsStoreAdapter(code.GetAllAsync, code.RevokeAsync),
new TokenMetadataPermissionsStoreAdapter(access.GetAllAsync, access.RevokeAsync)
));
}).As <IPermissionsStore>();
// hosting services
builder.RegisterType <OwinEnvironmentService>();
// validators
builder.RegisterType <TokenRequestValidator>();
builder.RegisterType <AuthorizeRequestValidator>();
builder.RegisterType <ClientValidator>();
builder.RegisterType <TokenValidator>();
builder.RegisterType <EndSessionRequestValidator>();
builder.RegisterType <BearerTokenUsageValidator>();
builder.RegisterType <ScopeValidator>();
// processors
builder.RegisterType <TokenResponseGenerator>();
builder.RegisterType <AuthorizeResponseGenerator>();
builder.RegisterType <AuthorizeInteractionResponseGenerator>();
builder.RegisterType <UserInfoResponseGenerator>();
builder.RegisterType <EndSessionResponseGenerator>();
// for authentication
var authenticationOptions = options.AuthenticationOptions ?? new AuthenticationOptions();
builder.RegisterInstance(authenticationOptions).AsSelf();
// load core controller
builder.RegisterApiControllers(typeof(AuthorizeEndpointController).Assembly);
// other internal
builder.Register(c => new OwinEnvironmentService(c.Resolve <IOwinContext>()));
builder.Register(c => new SessionCookie(c.Resolve <IOwinContext>(), c.Resolve <IdentityServerOptions>()));
builder.Register(c => new MessageCookie <SignInMessage>(c.Resolve <IOwinContext>(), c.Resolve <IdentityServerOptions>()));
builder.Register(c => new MessageCookie <SignOutMessage>(c.Resolve <IOwinContext>(), c.Resolve <IdentityServerOptions>()));
builder.Register(c => new LastUserNameCookie(c.Resolve <IOwinContext>(), c.Resolve <IdentityServerOptions>()));
builder.Register(c => new AntiForgeryToken(c.Resolve <IOwinContext>(), c.Resolve <IdentityServerOptions>()));
// add any additional dependencies from hosting application
foreach (var registration in fact.Registrations)
{
builder.Register(registration, registration.Name);
}
return(builder.Build());
}
public ClientListCookie(IOwinContext ctx, IdentityServerOptions options)
{
this.ctx = ctx;
this.options = options;
}
public ClientListCookie(IOwinContext ctx, IdentityServerOptions options)
{
this.ctx = ctx;
this.options = options;
}
public AlwaysInvalidAccessTokenValidator(IdentityServerOptions options, IClientStore clients, ITokenHandleStore tokenHandles, ICustomTokenValidator customValidator, OwinEnvironmentService context)
: base(options, clients, tokenHandles, customValidator, context, new DefaultSigningKeyService(options))
{
}
public TokenIssuerService(ITokenService tokenService, IdentityServerOptions options, IOptions <AuthorizationConfigs> authConfig)
{
_tokenService = tokenService;
_identityServerOptions = options;
_autorizationOptions = authConfig.Value;
}
// todo: remove in next major version
/// <summary>
/// Initializes a new instance of the <see cref="DefaultTokenSigningService"/> class.
/// </summary>
/// <param name="options">The options.</param>
public DefaultTokenSigningService(IdentityServerOptions options)
{
_options = options;
_keyService = new DefaultSigningKeyService(options);
}
public void Configuration(IAppBuilder app)
{
#if DEBUG
const string serverName = "devservername";
#else
const string serverName = "prodservername";
#endif
LogProvider.SetCurrentLogProvider(new TraceSourceLogProvider());
const string connectionName = "AspId";
var factory = new IdentityServerServiceFactory();
factory.ConfigureClientService(connectionName);
factory.ConfigureScopeService(connectionName);
factory.ConfigureUserService(connectionName);
//factory.ConfigureClientStoreCache();
//factory.ConfigureScopeStoreCache();
//factory.ConfigureUserServiceCache();
app.Map("/core1", coreApp =>
{
var options = new IdentityServerOptions
{
IssuerUri = "https://" + serverName + "/identityserver",
SiteName = "Identity Server Name",
SigningCertificate = Cert.Load(serverName),
Factory = factory,
CorsPolicy = CorsPolicy.AllowAll,
RequireSsl = true,
EnableWelcomePage = true,
AuthenticationOptions = new AuthenticationOptions
{
EnableLoginHint = true,
EnableSignOutPrompt = false,
EnableLocalLogin = false,
EnablePostSignOutAutoRedirect = true,
PostSignOutAutoRedirectDelay = 0,
RequireAuthenticatedUserForSignOutMessage = false,
RememberLastUsername = false,
SignInMessageThreshold = 3,
IdentityProviders = ConfigureAdditionalIdentityProviders1,
CookieOptions = new Thinktecture.IdentityServer.Core.Configuration.CookieOptions()
{
Prefix = "Core1",
SecureMode = CookieSecureMode.Always
}
},
LoggingOptions = new LoggingOptions
{
EnableHttpLogging = true,
EnableWebApiDiagnostics = true,
IncludeSensitiveDataInLogs = true,
WebApiDiagnosticsIsVerbose = false
},
EventsOptions = new EventsOptions
{
RaiseSuccessEvents = true,
RaiseErrorEvents = true,
RaiseFailureEvents = true,
RaiseInformationEvents = true
}
};
coreApp.UseIdentityServer(options);
});
app.Map("/core2", coreApp =>
{
var options = new IdentityServerOptions
{
IssuerUri = "https://" + serverName + "/identityserver",
SiteName = "Identity Server Name",
SigningCertificate = Cert.Load(serverName),
Factory = factory,
CorsPolicy = CorsPolicy.AllowAll,
RequireSsl = true,
EnableWelcomePage = false,
AuthenticationOptions = new AuthenticationOptions
{
EnableLoginHint = true,
EnableSignOutPrompt = false,
EnableLocalLogin = false,
EnablePostSignOutAutoRedirect = true,
PostSignOutAutoRedirectDelay = 0,
RequireAuthenticatedUserForSignOutMessage = false,
RememberLastUsername = false,
SignInMessageThreshold = 3,
IdentityProviders = ConfigureAdditionalIdentityProviders2,
CookieOptions = new Thinktecture.IdentityServer.Core.Configuration.CookieOptions()
{
Prefix = "Core2",
SecureMode = CookieSecureMode.Always
}
},
LoggingOptions = new LoggingOptions
{
EnableHttpLogging = true,
EnableWebApiDiagnostics = true,
IncludeSensitiveDataInLogs = true
},
EventsOptions = new EventsOptions
{
RaiseSuccessEvents = true,
RaiseErrorEvents = true,
RaiseFailureEvents = true,
RaiseInformationEvents = true
}
};
coreApp.UseIdentityServer(options);
});
}
public TokenRequestValidator(IdentityServerOptions options, IAuthorizationCodeStore authorizationCodes, IRefreshTokenStore refreshTokens, IUserService users, CustomGrantValidator customGrantValidator,
ICustomRequestValidator customRequestValidator, ScopeValidator scopeValidator, IEventService events)
: this(options, authorizationCodes, refreshTokens, (IBasicUserService)users, customGrantValidator, customRequestValidator, scopeValidator, events)
{
}
public static TokenValidator CreateTokenValidator(IReferenceTokenStore store = null, IProfileService profile = null, IdentityServerOptions options = null)
{
if (options == null)
{
options = TestIdentityServerOptions.Create();
}
if (profile == null)
{
profile = new TestProfileService();
}
if (store == null)
{
store = CreateReferenceTokenStore();
}
var clients = CreateClientStore();
var context = new MockHttpContextAccessor(options);
var logger = TestLogger.Create <TokenValidator>();
var validator = new TokenValidator(
clients: clients,
referenceTokenStore: store,
customValidator: new DefaultCustomTokenValidator(
profile: profile,
clients: clients,
logger: TestLogger.Create <DefaultCustomTokenValidator>()),
keys: new DefaultKeyMaterialService(new[] { new DefaultValidationKeysStore(new[] { TestCert.LoadSigningCredentials().Key }) }),
logger: logger,
options: options,
context: context);
return(validator);
}
// todo: remove this in 3.0.0 as it will be unnecessary. it's only being maintained now for backwards compat with 2.0 APIs.
public static IAppBuilder ConfigureIdentityServerIssuer(this IAppBuilder app, IdentityServerOptions options)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
if (options.IssuerUri.IsPresent())
{
options.DynamicallyCalculatedIssuerUri = options.IssuerUri;
}
else
{
Action <IOwinContext> op = ctx =>
{
var uri = ctx.Environment.GetIdentityServerBaseUrl();
if (uri.EndsWith("/"))
{
uri = uri.Substring(0, uri.Length - 1);
}
options.DynamicallyCalculatedIssuerUri = uri;
};
app.Use(async(ctx, next) =>
{
if (op != null)
{
var tmp = op;
op = null;
tmp(ctx);
}
await next();
});
}
return(app);
}
public EventServiceDecorator(IdentityServerOptions options, OwinEnvironmentService owinEnvironment, IEventService inner)
{
this.options = options;
this.context = new OwinContext(owinEnvironment.Environment);
this.inner = inner;
}
public static AuthorizeRequestValidator CreateAuthorizeRequestValidator(
IdentityServerOptions options = null,
IIssuerNameService issuerNameService = null,
IResourceStore resourceStore = null,
IClientStore clients = null,
IProfileService profile = null,
ICustomAuthorizeRequestValidator customValidator = null,
IRedirectUriValidator uriValidator = null,
IResourceValidator resourceValidator = null,
JwtRequestValidator jwtRequestValidator = null,
IJwtRequestUriHttpClient jwtRequestUriHttpClient = null)
{
if (options == null)
{
options = TestIdentityServerOptions.Create();
}
if (issuerNameService == null)
{
issuerNameService = new TestIssuerNameService(options.IssuerUri);
}
if (resourceStore == null)
{
resourceStore = new InMemoryResourcesStore(TestScopes.GetIdentity(), TestScopes.GetApis(), TestScopes.GetScopes());
}
if (clients == null)
{
clients = new InMemoryClientStore(TestClients.Get());
}
if (customValidator == null)
{
customValidator = new DefaultCustomAuthorizeRequestValidator();
}
if (uriValidator == null)
{
uriValidator = new StrictRedirectUriValidator();
}
if (resourceValidator == null)
{
resourceValidator = CreateResourceValidator(resourceStore);
}
if (jwtRequestValidator == null)
{
jwtRequestValidator = new JwtRequestValidator("https://identityserver", new LoggerFactory().CreateLogger <JwtRequestValidator>());
}
if (jwtRequestUriHttpClient == null)
{
jwtRequestUriHttpClient = new DefaultJwtRequestUriHttpClient(new HttpClient(new NetworkHandler(new Exception("no jwt request uri response configured"))), options, new LoggerFactory());
}
var userSession = new MockUserSession();
return(new AuthorizeRequestValidator(
options,
issuerNameService,
clients,
customValidator,
uriValidator,
resourceValidator,
userSession,
jwtRequestValidator,
jwtRequestUriHttpClient,
TestLogger.Create <AuthorizeRequestValidator>()));
}
public ClientConfigurationValidation()
{
_options = new IdentityServerOptions();
_validator = new DefaultClientConfigurationValidator(_options);
}
public static IClientSecretValidator CreateClientSecretValidator(IClientStore clients = null, SecretParser parser = null, SecretValidator validator = null, IdentityServerOptions options = null)
{
options = options ?? TestIdentityServerOptions.Create();
if (clients == null)
{
clients = new InMemoryClientStore(TestClients.Get());
}
if (parser == null)
{
var parsers = new List <ISecretParser>
{
new BasicAuthenticationSecretParser(options, TestLogger.Create <BasicAuthenticationSecretParser>()),
new PostBodySecretParser(options, TestLogger.Create <PostBodySecretParser>())
};
parser = new SecretParser(parsers, TestLogger.Create <SecretParser>());
}
if (validator == null)
{
var validators = new List <ISecretValidator>
{
new HashedSharedSecretValidator(TestLogger.Create <HashedSharedSecretValidator>()),
new PlainTextSharedSecretValidator(TestLogger.Create <PlainTextSharedSecretValidator>())
};
validator = new SecretValidator(new StubClock(), validators, TestLogger.Create <SecretValidator>());
}
return(new ClientSecretValidator(clients, parser, validator, new TestEventService(), TestLogger.Create <ClientSecretValidator>()));
}
public EndpointRouter(IEnumerable <Endpoint> endpoints, IdentityServerOptions options, ILogger <EndpointRouter> logger)
{
_endpoints = endpoints;
_options = options;
_logger = logger;
}
public void Configuration(IAppBuilder app)
{
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug() // change with your desired log level
.WriteTo.File(@"C:\temp\myPath.txt") // remember to assign proper writing privileges on the file
.CreateLogger();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.Map("/identity", idsrvApp =>
{
var options = new IdentityServerOptions
{
SiteName = "Security Token Server",
SigningCertificate = LoadCertificate(),
Factory = IdSrvFactory.Configure("SecurityTokenServiceConfig")
};
idsrvApp.UseIdentityServer(options);
});
app.Map("/UserManagement", adminApp =>
{
adminApp.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://*****:*****@"https://localhost:44300/UserManagement/",
ResponseType = "id_token",
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = n =>
{
return(AddClaims(n));
}
}
});
var factory = new IdentityManagerServiceFactory();
factory.ConfigureIdentityManagerService("SecurityTokenServiceConfig");
adminApp.UseIdentityManager(new IdentityManagerOptions()
{
Factory = factory,
SecurityConfiguration = new HostSecurityConfiguration
{
HostAuthenticationType = "Cookies",
AdminRoleName = "UserManagementAdmin"
}
});
});
app.Map("/Admin", adminApp =>
{
adminApp.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://*****:*****@"https://localhost:44300/Admin/",
ResponseType = "id_token",
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = n =>
{
return(AddClaims(n));
}
}
});
var factory = new IdentityAdminServiceFactory();
factory.Configure();
adminApp.UseIdentityAdmin(new IdentityAdminOptions
{
Factory = factory,
AdminSecurityConfiguration = new AdminHostSecurityConfiguration
{
HostAuthenticationType = "Cookies",
AdminRoleName = "ClientScopeManagementAdmin"
}
});
});
}
public void Configuration(IAppBuilder appBuilder)
{
Log.Logger = new LoggerConfiguration()
.WriteTo.Trace(outputTemplate: "{Timestamp} [{Level}] ({Name}){NewLine} {Message}{NewLine}{Exception}")
.CreateLogger();
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>();
appBuilder.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
LoginPath = new PathString("/Home/Login")
});
appBuilder.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
Authority = "https://localhost:44333",
ClientId = "idmgr_and_idadmin",
RedirectUri = "https://localhost:44333",
ResponseType = "id_token",
UseTokenLifetime = false,
Scope = "openid idmgr idAdmin",
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = n =>
{
n.AuthenticationTicket.Identity.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
return(Task.FromResult(0));
},
RedirectToIdentityProvider = async n =>
{
if (n.ProtocolMessage.RequestType == Microsoft.IdentityModel.Protocols.OpenIdConnectRequestType.LogoutRequest)
{
var result = await n.OwinContext.Authentication.AuthenticateAsync("Cookies");
if (result != null)
{
var id_token = result.Identity.Claims.GetValue("id_token");
if (id_token != null)
{
n.ProtocolMessage.IdTokenHint = id_token;
n.ProtocolMessage.PostLogoutRedirectUri = "https://localhost:44333";
}
}
}
}
}
});
var connString = ConfigurationManager.ConnectionStrings["IdSvr3Config"].ConnectionString;
// Identity admin
appBuilder.Map("/adm", adminApp =>
{
var idAdminOptions = new IdentityAdminOptions
{
Factory = ConfigIdentityServerAdmin.Factory.Configure(connString),
AdminSecurityConfiguration = new IdentityAdmin.Configuration.AdminHostSecurityConfiguration()
{
HostAuthenticationType = IdentityAdmin.Constants.CookieAuthenticationType,
AdminRoleName = "IdentityServerAdmin",
NameClaimType = "name",
RoleClaimType = "role",
}
};
adminApp.UseIdentityAdmin(idAdminOptions);
});
//Identity manager
appBuilder.Map("/idm", adminApp =>
{
var idManagerOptions = new IdentityManagerOptions
{
Factory = ConfigIdentityManager.Factory.Configure(connString),
SecurityConfiguration = new HostSecurityConfiguration()
{
HostAuthenticationType = IdentityManager.Constants.CookieAuthenticationType,
AdminRoleName = "IdentityManagerAdmin",
NameClaimType = "name",
RoleClaimType = "role",
}
};
adminApp.UseIdentityManager(idManagerOptions);
});
// Identity server
appBuilder.Map("/ids", adminApp =>
{
var idsrvOptions = new IdentityServerOptions
{
Factory = ConfigIdentityServer.Factory.Configure(connString),
SigningCertificate = Certificate.Get(),
RequireSsl = true
};
appBuilder.UseIdentityServer(idsrvOptions);
});
}
/// <summary>
/// Creates the parser with options
/// </summary>
/// <param name="options">IdentityServer options</param>
public PostBodySecretParser(IdentityServerOptions options, ILoggerFactory loggerFactory)
{
_logger = loggerFactory.CreateLogger <PostBodySecretParser>();
_options = options;
}
protected internal SessionCookie(IOwinContext ctx, IdentityServerOptions options)
{
this.context = ctx;
this.identityServerOptions = options;
}
public void Configuration(IAppBuilder app)
{
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.WriteTo.Trace()
.CreateLogger();
app.Map("/IdSrv3", idSrv3App =>
{
var options = new IdentityServerOptions
{
SiteName = "Embedded IdentityServer",
Factory = new IdentityServerServiceFactory()
.UseInMemoryScopes(StandardScopes.All)
.UseInMemoryClients(Clients.Get())
.UseInMemoryUsers(Users.Get()),
RequireSsl = false,
AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions
{
EnableAutoCallbackForFederatedSignout = true,
EnableSignOutPrompt = false
},
SigningCertificate =
new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + "\\App_Data\\Sustainsys.Saml2.SampleIdentityServer3.pfx"),
LoggingOptions = new LoggingOptions
{
EnableKatanaLogging = true
}
};
options.AuthenticationOptions.IdentityProviders = ConfigureSaml2;
idSrv3App.UseIdentityServer(options);
});
app.Use(async(ctx, next) =>
{
await next.Invoke();
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.Use(async(ctx, next) =>
{
await next.Invoke();
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "http://localhost:4589/IdSrv3",
ClientId = "serverside",
ClientSecret = "somesecret",
RedirectUri = "http://localhost:4589/",
ResponseType = "code id_token",
SignInAsAuthenticationType = "Cookies"
});
app.Use(async(ctx, next) =>
{
await next.Invoke();
});
app.Map("/ServerSide-Login", loginApp =>
{
loginApp.Use((ctx, next) =>
{
ctx.Authentication.Challenge(
new AuthenticationProperties
{
RedirectUri = "http://localhost:4589/"
},
OpenIdConnectAuthenticationDefaults.AuthenticationType);
ctx.Response.StatusCode = 401;
return(Task.FromResult(0));
});
});
app.Map("/ServerSide-Logout", logoutApp =>
{
logoutApp.Use((ctx, next) =>
{
ctx.Authentication.SignOut();
ctx.Response.Redirect("/");
return(Task.FromResult(0));
});
});
}
public FormPostCredentialExtraction()
{
_options = new IdentityServerOptions();
_parser = new PostBodySecretParser(_options);
}
