/// <summary>
/// Initializes a new instance of the <see cref="SentinelAuthorizationServerProvider"/> class.
/// </summary>
/// <exception cref="ArgumentNullException">
/// Thrown when one or more required arguments are null.
/// </exception>
/// <param name="options">The security handler.</param>
public SentinelAuthorizationServerProvider(SentinelAuthorizationServerOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
this.options = options;
}
/// <summary>
/// Initializes a new instance of the
/// Sentinel.OAuth.Core.Providers.SentinelAuthorizationCodeProvider class.
/// </summary>
/// <exception cref="ArgumentNullException">
/// Thrown when one or more required arguments are null.
/// </exception>
/// <param name="options">Options for controlling the operation.</param>
public SentinelAuthorizationCodeProvider(SentinelAuthorizationServerOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
this.options = options;
this.OnCreate += this.CreateAuthorizationCode;
this.OnReceive += this.ReceiveAuthorizationCode;
}
/// <summary>
/// Adds OAuth2 Authorization Server capabilities to an OWIN web application. This middleware
/// performs the request processing for the Authorize and Token endpoints defined by the OAuth2 specification.
/// See also http://tools.ietf.org/html/rfc6749
/// </summary>
/// <param name="app">The web application builder</param>
/// <param name="options">Options which control the behavior of the Authorization Server.</param>
/// <returns>The application builder</returns>
public static IAppBuilder UseSentinelAuthorizationServer(this IAppBuilder app, SentinelAuthorizationServerOptions options)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
// Last minute default configurations
if (options.Logger == null)
{
options.Logger = LogManager.GetLogger("Sentinel.OAuth");
}
if (options.IssuerUri == null)
{
throw new InvalidOperationException("IssuerUri must be set");
}
if (options.TokenCryptoProvider == null)
{
options.TokenCryptoProvider = new SHA2CryptoProvider(HashAlgorithm.SHA256);
}
if (options.PasswordCryptoProvider == null)
{
options.PasswordCryptoProvider = new PBKDF2CryptoProvider();
}
if (options.SignatureCryptoProvider == null)
{
options.SignatureCryptoProvider = new AsymmetricCryptoProvider();
}
if (options.PrincipalProvider == null)
{
options.PrincipalProvider = new PrincipalProvider(options.TokenCryptoProvider);
}
if (options.UserRepository == null && options.UserManager == null)
{
throw new InvalidOperationException("UserRepository must be set if not using a specific UserManager");
}
if (options.ClientRepository == null && options.ClientManager == null)
{
throw new InvalidOperationException("ClientRepository must be set if not using a specific ClientManager");
}
if (options.TokenRepository == null)
{
options.TokenRepository = new MemoryTokenRepository();
}
if (options.TokenProvider == null)
{
options.TokenProvider = new JwtTokenProvider(new JwtTokenProviderConfiguration(options.TokenCryptoProvider, options.IssuerUri, options.TokenCryptoProvider.CreateHash(256)));
}
if (options.TokenManager == null)
{
options.TokenManager = new TokenManager(options.Logger, options.PrincipalProvider, options.TokenProvider, options.TokenRepository);
}
if (options.UserManager == null && options.UserRepository != null)
{
options.UserManager = new UserManager(options.Logger, options.PasswordCryptoProvider, options.SignatureCryptoProvider, options.UserRepository, options.UserApiKeyRepository, options.ClientRepository);
}
if (options.ClientManager == null && options.ClientRepository != null)
{
options.ClientManager = new ClientManager(options.Logger, options.PasswordCryptoProvider, options.SignatureCryptoProvider, options.ClientRepository);
}
var oauthOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
AccessTokenExpireTimeSpan = options.AccessTokenLifetime,
AuthorizationCodeExpireTimeSpan = options.AuthorizationCodeLifetime,
AuthorizeEndpointPath = new PathString(options.AuthorizationCodeEndpointUrl),
TokenEndpointPath = new PathString(options.TokenEndpointUrl),
Provider = new SentinelAuthorizationServerProvider(options),
AccessTokenProvider = new SentinelAccessTokenProvider(options),
AuthorizationCodeProvider = new SentinelAuthorizationCodeProvider(options),
RefreshTokenProvider = new SentinelRefreshTokenProvider(options)
};
// Initialize underlying OWIN OAuth system
app.UseOAuthAuthorizationServer(oauthOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
AccessTokenProvider = oauthOptions.AccessTokenProvider
});
// Initialize basic auth if specified
if (options.EnableBasicAuthentication)
{
var basicAuthenticationOptions = new BasicAuthenticationOptions()
{
ClientManager = options.ClientManager,
UserManager = options.UserManager,
Logger = options.Logger,
RequireSecureConnection = options.RequireSecureConnection,
Realm = options.Realm
};
app.Use <BasicAuthenticationMiddleware>(basicAuthenticationOptions, oauthOptions);
}
if (options.EnableSignatureAuthentication)
{
var apiKeyAuthenticationOptions = new SignatureAuthenticationOptions()
{
ClientManager = options.ClientManager,
UserManager = options.UserManager,
Logger = options.Logger,
Realm = options.Realm,
RequireSecureConnection = options.RequireSecureConnection,
MaximumClockSkew = options.MaximumClockSkew
};
app.Use <SignatureAuthenticationMiddleware>(apiKeyAuthenticationOptions, oauthOptions);
}
app.UseStageMarker(PipelineStage.Authenticate);
// Set up identity endpoint
app.Map(options.IdentityEndpointUrl, config => config.Use <UserInfoMiddleware>());
return(app);
}
