public void Configuration(IAppBuilder app) { //if (System.Diagnostics.Debugger.IsAttached == false) System.Diagnostics.Debugger.Launch(); var myApp = app; var options = new UserAuthenticationOptions() { AccessControlAllowOrigin = "*", AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(8), //Access tokens should be short lived RefreshTokenExpireTimeSpan = TimeSpan.FromMinutes(10), // Refresh token should be long lived but stored securely AllowInsecureHttp = true, TokenEndpointPath = new PathString("/api/v1/token"), //path is actually now /api/v1/token UserContext = new UserContext(app.GetDataProtectionProvider()), ClientId = "BasicAuthTest" }; myApp.UseBasicUserTokenAuthentication(options); var configuration = new HttpConfiguration(); configuration.MapHttpAttributeRoutes(); var jsonFormatter = configuration.Formatters.OfType <JsonMediaTypeFormatter>().First(); myApp.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); myApp.UseWebApi(configuration); }
public static void UseBasicUserTokenAuthentication(this IAppBuilder app, UserAuthenticationOptions userAuthenticationOptions) { /* Remove ability to have auth token in URL */ //app.Use(async (context, next) => //{ // if (context.Request.QueryString.HasValue) // { // if (String.IsNullOrWhiteSpace(context.Request.Headers.Get("Authorization"))) // { // var queryString = HttpUtility.ParseQueryString(context.Request.QueryString.Value); // string token = queryString.Get("token"); // if (!String.IsNullOrWhiteSpace(token)) // { // context.Request.Headers.Add("Authorization", new[] { string.Format("Bearer {0}", token) }); // } // } // } // await next.Invoke(); //}); var userManager = new CoreUserManager(userAuthenticationOptions.UserContext, app.GetDataProtectionProvider()); var accessTokenLifeSpan = userAuthenticationOptions.AccessTokenExpireTimeSpan; var refreshTokenLifeSpan = userAuthenticationOptions.RefreshTokenExpireTimeSpan; var accessControlAllowOrigin = userAuthenticationOptions.AccessControlAllowOrigin; var clientId = userAuthenticationOptions.ClientId; userManager.PasswordValidator = userAuthenticationOptions.PasswordValidator; var OAuthServerOptions = new OAuthAuthorizationServerOptions { AllowInsecureHttp = userAuthenticationOptions.AllowInsecureHttp, TokenEndpointPath = userAuthenticationOptions.TokenEndpointPath, AccessTokenExpireTimeSpan = accessTokenLifeSpan, ApplicationCanDisplayErrors = true, Provider = new SimpleAuthorizationServerProvider(userManager, accessControlAllowOrigin, clientId), RefreshTokenProvider = new SimpleRefreshTokenProvider(userManager, refreshTokenLifeSpan, accessControlAllowOrigin), }; app.UseOAuthAuthorizationServer(OAuthServerOptions); app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions() { AccessTokenProvider = OAuthServerOptions.RefreshTokenProvider, AccessTokenFormat = OAuthServerOptions.AccessTokenFormat }); userManager.UserContext.Initialize(); }
public override void PerformAdditionalStartupConfiguration(IAppBuilder app, IUnityContainer container) { var mobileAuthOptions = new UserAuthenticationOptions() { AccessControlAllowOrigin = "*", AccessTokenExpireTimeSpan = TimeSpan.FromHours(1), // how long the access token should be valid for, usually a small amount, since it cannot be revoked. RefreshTokenExpireTimeSpan = TimeSpan.FromHours(10), // how long the refresh token should be valid for, can be much longer, since we can revoke this. AllowInsecureHttp = false, // or True TokenEndpointPath = new PathString(CUSTOM_TOKEN_PATH), // The url at which users can login and refresh tokens. UserContext = container.Resolve <CustomUserContext>(), // the user context to use for retrieving users and checking their passwords // could also just use this... //UserContext = container.Resolve<UserContextBase<CustomUser>>(), ClientId = CUSTOM_CLIENT_ID }; app.UseBasicUserTokenAuthentication(mobileAuthOptions); }
public void Configuration(IAppBuilder app) { var appSettings = Container.Resolve <ApplicationSettingsCore>(); var options = new UserAuthenticationOptions() { AccessControlAllowOrigin = appSettings.AccessControlAllowOrigin, AccessTokenExpireTimeSpan = appSettings.AccessTokenExpireTimeSpan, RefreshTokenExpireTimeSpan = appSettings.RefreshTokenExpireTimeSpan, AllowInsecureHttp = false, TokenEndpointPath = new PathString(appSettings.TokenEndpointPath), UserContext = Container.Resolve <UserContext>(), ClientId = appSettings.ClientId }; app.UseBasicUserTokenAuthentication(options); appSettings.PerformAdditionalStartupConfiguration(app, Container); Container.Resolve <SystemLogger>().Setup(appSettings.LogLevel); }