public void InitiateFederatedAuthentication(AccessControlServiceSettings accessControlServiceSettings = null)
{
if (accessControlServiceSettings == null)
{
if (!databaseUpgradeDetectorFactory().UpdateNeeded())
{
// Database needs an upgrade or is not reachable. We cannot configure Fed Auth at this time.
return;
}
if (!SettingsProvider.TryGetSettings(out accessControlServiceSettings))
{
// Unable to load the settings from the databse. We cannot configure Fed Auth at this time.
return;
}
}
string realm = accessControlServiceSettings.Realm;
string acsNamespace = accessControlServiceSettings.Namespace;
string thumbprint = accessControlServiceSettings.IssuerThumbprint;
IEnumerable<Uri> audienceUris = accessControlServiceSettings
.AudienceUris
.Split(Constants.Chars.NewLine, Constants.Chars.Space)
.Where(a => { Uri uri; return Uri.TryCreate(a, UriKind.Absolute, out uri); })
.Select(a => new Uri(a));
var defaultSettings = SettingsProvider.GetDefaultSettings<AccessControlServiceSettings>();
if (!accessControlServiceSettings.Enabled ||
realm == defaultSettings.Realm || acsNamespace == defaultSettings.Namespace || thumbprint == defaultSettings.IssuerThumbprint)
{
return;
}
// system.identityModel -> identityConfiguration
IdentityConfiguration identityConfiguration = FederatedAuthentication.FederationConfiguration.IdentityConfiguration;
identityConfiguration.AudienceRestriction.AllowedAudienceUris.Clear();
foreach (var audienceUri in audienceUris)
{
identityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(audienceUri);
}
var validatingIssuerNameRegistry = identityConfiguration.IssuerNameRegistry as ValidatingIssuerNameRegistry;
if (validatingIssuerNameRegistry != null)
{
string acsAddress = string.Format("https://{0}.accesscontrol.windows.net/", acsNamespace);
var authority = new IssuingAuthority(acsAddress);
authority.Issuers.Add(acsAddress);
authority.Thumbprints.Add(thumbprint);
validatingIssuerNameRegistry.IssuingAuthorities = new[] { authority };
}
// system.identityModel.services -> federationConfiguration -> wsFederation
string issuer = string.Format("https://{0}.accesscontrol.windows.net/v2/wsfederation", acsNamespace);
FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Issuer = issuer;
FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Realm = realm;
}
public virtual ActionResult AcsSettings(AccessControlServiceSettings acsSettings)
{
ViewBag.Themes = ThemeProvider.GetThemes();
ViewBag.FileRepositories = FileRepositoriesInfo().Keys;
if (!ModelState.IsValid)
{
ModelState.AddModelError("", "Your settings could not be saved. Please fix the errors shown below.");
return View(acsSettings);
}
// Special validation that the AudienceUris are indeed Uris. Only save the ones that are.
acsSettings.AudienceUris = string.Join(
Constants.Strings.NewLine,
acsSettings
.AudienceUris
.Split(Constants.Chars.NewLine, Constants.Chars.Space)
.Where(a => { Uri uri; return Uri.TryCreate(a, UriKind.Absolute, out uri); })
.Select(a => new Uri(a)));
SettingsProvider.SaveSettings(acsSettings);
FederatedAuthenticationConfigurator.InitiateFederatedAuthentication(acsSettings);
return RedirectToAction("AcsSettings").AndFlash("Your changes have been saved");
}
public void InitiateFederatedAuthentication(AccessControlServiceSettings accessControlServiceSettings = null)
{
if (accessControlServiceSettings == null)
{
if (!databaseUpgradeDetectorFactory().UpdateNeeded())
{
// Database needs an upgrade or is not reachable. We cannot configure Fed Auth at this time.
return;
}
if (!SettingsProvider.TryGetSettings(out accessControlServiceSettings))
{
// Unable to load the settings from the databse. We cannot configure Fed Auth at this time.
return;
}
}
string realm = accessControlServiceSettings.Realm;
string acsNamespace = accessControlServiceSettings.Namespace;
string thumbprint = accessControlServiceSettings.IssuerThumbprint;
IEnumerable <Uri> audienceUris = accessControlServiceSettings
.AudienceUris
.Split(Constants.Chars.NewLine, Constants.Chars.Space)
.Where(a => { Uri uri; return(Uri.TryCreate(a, UriKind.Absolute, out uri)); })
.Select(a => new Uri(a));
var defaultSettings = SettingsProvider.GetDefaultSettings <AccessControlServiceSettings>();
if (!accessControlServiceSettings.Enabled ||
realm == defaultSettings.Realm || acsNamespace == defaultSettings.Namespace || thumbprint == defaultSettings.IssuerThumbprint)
{
return;
}
// system.identityModel -> identityConfiguration
IdentityConfiguration identityConfiguration = FederatedAuthentication.FederationConfiguration.IdentityConfiguration;
identityConfiguration.AudienceRestriction.AllowedAudienceUris.Clear();
foreach (var audienceUri in audienceUris)
{
identityConfiguration.AudienceRestriction.AllowedAudienceUris.Add(audienceUri);
}
var validatingIssuerNameRegistry = identityConfiguration.IssuerNameRegistry as ValidatingIssuerNameRegistry;
if (validatingIssuerNameRegistry != null)
{
string acsAddress = string.Format("https://{0}.accesscontrol.windows.net/", acsNamespace);
var authority = new IssuingAuthority(acsAddress);
authority.Issuers.Add(acsAddress);
authority.Thumbprints.Add(thumbprint);
validatingIssuerNameRegistry.IssuingAuthorities = new[] { authority };
}
// system.identityModel.services -> federationConfiguration -> wsFederation
string issuer = string.Format("https://{0}.accesscontrol.windows.net/v2/wsfederation", acsNamespace);
FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Issuer = issuer;
FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Realm = realm;
}
