/// <summary>
/// Extension method to configure IdentityServer in the hosting application.
/// </summary>
/// <param name="app">The application.</param>
/// <param name="options">The <see cref="IdentityServer3.Core.Configuration.IdentityServerOptions"/>.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">
/// app
/// or
/// options
/// </exception>
public static IAppBuilder UseIdentityServer(this IAppBuilder app, IdentityServerOptions options)
{
if (app == null) throw new ArgumentNullException("app");
if (options == null) throw new ArgumentNullException("options");
options.Validate();
// turn off weird claim mappings for JWTs
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
JwtSecurityTokenHandler.OutboundClaimTypeMap = new Dictionary<string, string>();
if (options.RequireSsl)
{
app.Use<RequireSslMiddleware>();
}
if (options.LoggingOptions.EnableKatanaLogging)
{
app.SetLoggerFactory(new LibLogKatanaLoggerFactory());
}
app.ConfigureRequestId();
options.ProtocolLogoutUrls.Add(Constants.RoutePaths.Oidc.EndSessionCallback);
app.ConfigureDataProtectionProvider(options);
app.ConfigureIdentityServerBaseUrl(options.PublicOrigin);
app.ConfigureIdentityServerIssuer(options);
var container = AutofacConfig.Configure(options);
app.UseAutofacMiddleware(container);
app.UseCors();
app.ConfigureCookieAuthentication(options.AuthenticationOptions.CookieOptions, options.DataProtector);
if (options.AuthenticationOptions.IdentityProviders != null)
{
options.AuthenticationOptions.IdentityProviders(app, Constants.ExternalAuthenticationType);
}
app.UseEmbeddedFileServer();
if (options.PluginConfiguration != null)
{
options.PluginConfiguration(app, options);
}
app.ConfigureHttpLogging(options.LoggingOptions);
SignatureConversions.AddConversions(app);
var httpConfig = WebApiConfig.Configure(options, container);
app.UseAutofacWebApi(httpConfig);
app.UseWebApi(httpConfig);
using (var child = container.CreateScopeWithEmptyOwinContext())
{
var eventSvc = child.Resolve<IEventService>();
// TODO -- perhaps use AsyncHelper instead?
DoStartupDiagnosticsAsync(options, eventSvc).Wait();
}
return app;
}
/// <summary>
/// Extension method to configure IdentityServer in the hosting application.
/// </summary>
/// <param name="app">The application.</param>
/// <param name="options">The <see cref="IdentityServer3.Core.Configuration.IdentityServerOptions"/>.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">
/// app
/// or
/// options
/// </exception>
public static IAppBuilder UseIdentityServer(this IAppBuilder app, IdentityServerOptions options)
{
if (app == null) throw new ArgumentNullException("app");
if (options == null) throw new ArgumentNullException("options");
options.Validate();
// turn off weird claim mappings for JWTs
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
JwtSecurityTokenHandler.OutboundClaimTypeMap = new Dictionary<string, string>();
if (options.RequireSsl)
{
app.Use<RequireSslMiddleware>();
}
if (options.LoggingOptions.EnableKatanaLogging)
{
app.SetLoggerFactory(new LibLogKatanaLoggerFactory());
}
app.UseEmbeddedFileServer();
app.ConfigureRequestId();
app.ConfigureDataProtectionProvider(options);
app.ConfigureIdentityServerBaseUrl(options.PublicOrigin);
app.ConfigureIdentityServerIssuer(options);
// this needs to be earlier than the autofac middleware so anything is disposed and re-initialized
// if we send the request back into the pipeline to render the logged out page
app.ConfigureRenderLoggedOutPage();
var container = AutofacConfig.Configure(options);
app.UseAutofacMiddleware(container);
app.UseCors();
app.ConfigureCookieAuthentication(options.AuthenticationOptions.CookieOptions, options.DataProtector);
// this needs to be before external middleware
app.ConfigureSignOutMessageCookie();
if (options.PluginConfiguration != null)
{
options.PluginConfiguration(app, options);
}
if (options.AuthenticationOptions.IdentityProviders != null)
{
options.AuthenticationOptions.IdentityProviders(app, Constants.ExternalAuthenticationType);
}
app.ConfigureHttpLogging(options.LoggingOptions);
SignatureConversions.AddConversions(app);
var httpConfig = WebApiConfig.Configure(options, container);
app.UseAutofacWebApi(httpConfig);
app.UseWebApi(httpConfig);
using (var child = container.CreateScopeWithEmptyOwinContext())
{
var eventSvc = child.Resolve<IEventService>();
// TODO -- perhaps use AsyncHelper instead?
DoStartupDiagnosticsAsync(options, eventSvc).Wait();
}
return app;
}
public static IAppBuilder UseCustomIdentityServer(this IAppBuilder app)
{
// uncomment to enable HSTS headers for the host
// see: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
//app.UseHsts();
app.Map("/core", coreApp =>
{
var factory = new IdentityServerServiceFactory()
.UseInMemoryUsers(Users.Get())
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
factory.AddCustomGrantValidators();
factory.AddCustomTokenResponseGenerator();
factory.ConfigureClientStoreCache();
factory.ConfigureScopeStoreCache();
factory.ConfigureUserServiceCache();
var idsrvOptions = new IdentityServerOptions
{
Factory = factory,
SigningCertificate = Cert.Load(),
Endpoints = new EndpointOptions
{
// replaced by the introspection endpoint in v2.2
EnableAccessTokenValidationEndpoint = false
},
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders
//EnablePostSignOutAutoRedirect = true
},
NotBeforeLeeway = TimeSpan.FromMinutes(1)
//LoggingOptions = new LoggingOptions
//{
// EnableKatanaLogging = true
//},
//EventsOptions = new EventsOptions
//{
// RaiseFailureEvents = true,
// RaiseInformationEvents = true,
// RaiseSuccessEvents = true,
// RaiseErrorEvents = true
//}
};
//START CUSTOM IdentityServer
coreApp.Use<RequireSslMiddleware>();
idsrvOptions.Validate();
// turn off weird claim mappings for JWTs
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
JwtSecurityTokenHandler.OutboundClaimTypeMap = new Dictionary<string, string>();
if (idsrvOptions.LoggingOptions.EnableKatanaLogging)
{
coreApp.SetLoggerFactory(new LibLogKatanaLoggerFactory());
}
coreApp.UseEmbeddedFileServer();
coreApp.ConfigureRequestId();
coreApp.ConfigureDataProtectionProvider(idsrvOptions);
coreApp.ConfigureIdentityServerBaseUrl(idsrvOptions.PublicOrigin);
coreApp.ConfigureIdentityServerIssuer(idsrvOptions);
// this needs to be earlier than the autofac middleware so anything is disposed and re-initialized
// if we send the request back into the pipeline to render the logged out page
coreApp.ConfigureRenderLoggedOutPage();
var container = AutofacConfig.Configure(idsrvOptions);
coreApp.UseAutofacMiddleware(container);
coreApp.UseCors(container.Resolve<ICorsPolicyService>());
coreApp.ConfigureCookieAuthentication(idsrvOptions.AuthenticationOptions.CookieOptions, idsrvOptions.DataProtector);
// this needs to be before external middleware
coreApp.ConfigureSignOutMessageCookie();
if (idsrvOptions.PluginConfiguration != null)
{
idsrvOptions.PluginConfiguration(coreApp, idsrvOptions);
}
if (idsrvOptions.AuthenticationOptions.IdentityProviders != null)
{
idsrvOptions.AuthenticationOptions.IdentityProviders(coreApp, Constants.ExternalAuthenticationType);
}
coreApp.ConfigureHttpLogging(idsrvOptions.LoggingOptions);
SignatureConversions.AddConversions(coreApp);
var httpConfig = WebApiConfig.Configure(idsrvOptions, container);
coreApp.UseAutofacWebApi(httpConfig);
coreApp.UseWebApi(httpConfig);
//using (var child = container.CreateScopeWithEmptyOwinContext())
//{
// var eventSvc = child.Resolve<IEventService>();
// // TODO -- perhaps use AsyncHelper instead?
// DoStartupDiagnosticsAsync(options, eventSvc).Wait();
//}
});
return app;
}