public void Configuration(IAppBuilder app)
{
//if (System.Diagnostics.Debugger.IsAttached == false) System.Diagnostics.Debugger.Launch();
var myApp = app;
var options = new UserAuthenticationOptions()
{
AccessControlAllowOrigin = "*",
AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(8), //Access tokens should be short lived
RefreshTokenExpireTimeSpan = TimeSpan.FromMinutes(10), // Refresh token should be long lived but stored securely
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/api/v1/token"), //path is actually now /api/v1/token
UserContext = new UserContext(app.GetDataProtectionProvider()),
ClientId = "BasicAuthTest"
};
myApp.UseBasicUserTokenAuthentication(options);
var configuration = new HttpConfiguration();
configuration.MapHttpAttributeRoutes();
var jsonFormatter = configuration.Formatters.OfType <JsonMediaTypeFormatter>().First();
myApp.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
myApp.UseWebApi(configuration);
}
public static void UseBasicUserTokenAuthentication(this IAppBuilder app, UserAuthenticationOptions userAuthenticationOptions)
{
/* Remove ability to have auth token in URL */
//app.Use(async (context, next) =>
//{
// if (context.Request.QueryString.HasValue)
// {
// if (String.IsNullOrWhiteSpace(context.Request.Headers.Get("Authorization")))
// {
// var queryString = HttpUtility.ParseQueryString(context.Request.QueryString.Value);
// string token = queryString.Get("token");
// if (!String.IsNullOrWhiteSpace(token))
// {
// context.Request.Headers.Add("Authorization", new[] { string.Format("Bearer {0}", token) });
// }
// }
// }
// await next.Invoke();
//});
var userManager = new CoreUserManager(userAuthenticationOptions.UserContext, app.GetDataProtectionProvider());
var accessTokenLifeSpan = userAuthenticationOptions.AccessTokenExpireTimeSpan;
var refreshTokenLifeSpan = userAuthenticationOptions.RefreshTokenExpireTimeSpan;
var accessControlAllowOrigin = userAuthenticationOptions.AccessControlAllowOrigin;
var clientId = userAuthenticationOptions.ClientId;
userManager.PasswordValidator = userAuthenticationOptions.PasswordValidator;
var OAuthServerOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = userAuthenticationOptions.AllowInsecureHttp,
TokenEndpointPath = userAuthenticationOptions.TokenEndpointPath,
AccessTokenExpireTimeSpan = accessTokenLifeSpan,
ApplicationCanDisplayErrors = true,
Provider = new SimpleAuthorizationServerProvider(userManager, accessControlAllowOrigin, clientId),
RefreshTokenProvider = new SimpleRefreshTokenProvider(userManager, refreshTokenLifeSpan, accessControlAllowOrigin),
};
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
AccessTokenProvider = OAuthServerOptions.RefreshTokenProvider,
AccessTokenFormat = OAuthServerOptions.AccessTokenFormat
});
userManager.UserContext.Initialize();
}
public override void PerformAdditionalStartupConfiguration(IAppBuilder app, IUnityContainer container)
{
var mobileAuthOptions = new UserAuthenticationOptions()
{
AccessControlAllowOrigin = "*",
AccessTokenExpireTimeSpan = TimeSpan.FromHours(1), // how long the access token should be valid for, usually a small amount, since it cannot be revoked.
RefreshTokenExpireTimeSpan = TimeSpan.FromHours(10), // how long the refresh token should be valid for, can be much longer, since we can revoke this.
AllowInsecureHttp = false, // or True
TokenEndpointPath = new PathString(CUSTOM_TOKEN_PATH), // The url at which users can login and refresh tokens.
UserContext = container.Resolve <CustomUserContext>(), // the user context to use for retrieving users and checking their passwords
// could also just use this...
//UserContext = container.Resolve<UserContextBase<CustomUser>>(),
ClientId = CUSTOM_CLIENT_ID
};
app.UseBasicUserTokenAuthentication(mobileAuthOptions);
}
public void Configuration(IAppBuilder app)
{
var appSettings = Container.Resolve <ApplicationSettingsCore>();
var options = new UserAuthenticationOptions()
{
AccessControlAllowOrigin = appSettings.AccessControlAllowOrigin,
AccessTokenExpireTimeSpan = appSettings.AccessTokenExpireTimeSpan,
RefreshTokenExpireTimeSpan = appSettings.RefreshTokenExpireTimeSpan,
AllowInsecureHttp = false,
TokenEndpointPath = new PathString(appSettings.TokenEndpointPath),
UserContext = Container.Resolve <UserContext>(),
ClientId = appSettings.ClientId
};
app.UseBasicUserTokenAuthentication(options);
appSettings.PerformAdditionalStartupConfiguration(app, Container);
Container.Resolve <SystemLogger>().Setup(appSettings.LogLevel);
}
