void InitializeInMemoryIdentityServer(IAppBuilder app)
{
app.Map("/identity", identityServerApp =>
{
var factory = new IdentityServerServiceFactory();
factory.UseInMemoryUsers(Users.Get());
factory.UseInMemoryClients(Clients.Get());
factory.UseInMemoryScopes(Scopes.Get());
factory.ConfigureClientStoreCache();
factory.ConfigureScopeStoreCache();
factory.ConfigureUserServiceCache();
var identityServerOptions = new IdentityServerOptions
{
SiteName = "Paradise Security Provider",
Factory = factory,
SigningCertificate = Cert.Load(),
AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders,
EnableAutoCallbackForFederatedSignout = false
},
};
identityServerApp.UseIdentityServer(identityServerOptions);
});
}
public void Configuration(IAppBuilder app)
{
LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider());
// uncomment to enable HSTS headers for the host
// see: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
//app.UseHsts();
app.Map("/core", coreApp =>
{
var factory = Factory.Create();
var idsrvOptions = new IdentityServerOptions
{
IssuerUri = "https://idsrv3.com",
SiteName = "Thinktecture IdentityServer v3 - preview 1",
SigningCertificate = Cert.Load(),
CspReportEndpoint = EndpointSettings.Enabled,
AccessTokenValidationEndpoint = EndpointSettings.Enabled,
PublicHostName = "http://localhost:3333",
Factory = factory,
AdditionalIdentityProviderConfiguration = ConfigureAdditionalIdentityProviders,
CorsPolicy = CorsPolicy.AllowAll
};
coreApp.UseIdentityServer(idsrvOptions);
});
}
public static IAppBuilder UseIdentityServer(this IAppBuilder app)
{
// uncomment to enable HSTS headers for the host
// see: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
//app.UseHsts();
app.Map("/core", coreApp =>
{
var factory = new IdentityServerServiceFactory()
.UseInMemoryUsers(Users.Get())
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
factory.CustomGrantValidators.Add(
new Registration <ICustomGrantValidator>(typeof(CustomGrantValidator)));
factory.CustomGrantValidators.Add(
new Registration <ICustomGrantValidator>(typeof(AnotherCustomGrantValidator)));
factory.ConfigureClientStoreCache();
factory.ConfigureScopeStoreCache();
factory.ConfigureUserServiceCache();
factory.TokenSigningService = new Registration <ITokenSigningService, EnhancedDefaultTokenSigningService>();
var idsrvOptions = new IdentityServerOptions
{
Factory = factory,
SigningCertificate = Cert.Load(),
Endpoints = new EndpointOptions
{
// replaced by the introspection endpoint in v2.2
EnableAccessTokenValidationEndpoint = false
},
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders,
//EnablePostSignOutAutoRedirect = true
},
//LoggingOptions = new LoggingOptions
//{
// EnableKatanaLogging = true
//},
//EventsOptions = new EventsOptions
//{
// RaiseFailureEvents = true,
// RaiseInformationEvents = true,
// RaiseSuccessEvents = true,
// RaiseErrorEvents = true
//}
};
coreApp.UseIdentityServer(idsrvOptions);
});
return(app);
}
public void Configuration(IAppBuilder app)
{
LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider());
app.Map("/idsrv", idSrvApp =>
{
var factory = InMemoryFactory.Create(
users: Users.Get(),
clients: Clients.Get(),
scopes: Scopes.Get());
factory.ConfigureClientStoreCache();
factory.ConfigureScopeStoreCache();
factory.ConfigureUserServiceCache();
var idsrvOptions = new IdentityServerOptions
{
SiteName = "ACME Identity Server",
IssuerUri = "https://idsrv.acme.com",
Factory = factory,
SigningCertificate = Cert.Load(),
CorsPolicy = CorsPolicy.AllowAll,
};
idSrvApp.UseIdentityServer(idsrvOptions);
});
}
public void Configuration(IAppBuilder app)
{
app.Map(
"/core",
coreApp =>
{
var factory =
new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
factory.Register(new Registration <IdentityDbContext>());
factory.Register(new Registration <UserStore <IdentityUser> >());
factory.Register(new Registration <UserManager <IdentityUser, string> >(x => new UserManager <IdentityUser>(x.Resolve <UserStore <IdentityUser> >())));
factory.UserService = new Registration <IUserService, AspNetIdentityUserService <IdentityUser, string> >();
coreApp.UseIdentityServer(
new IdentityServerOptions
{
SiteName = "Standalone Identity Server",
SigningCertificate = Cert.Load(),
Factory = factory,
RequireSsl = true
});
});
}
public void Configuration(IAppBuilder app)
{
LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider());
//LogProvider.SetCurrentLogProvider(new TraceSourceLogProvider());
// uncomment to enable HSTS headers for the host
// see: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
//app.UseHsts();
app.Map("/core", coreApp =>
{
var factory = Factory.Create();
var idsrvOptions = new IdentityServerOptions
{
IssuerUri = "https://idsrv3.com",
SiteName = "Thinktecture IdentityServer v3 - beta 2",
RequireSsl = false,
SigningCertificate = Cert.Load(),
CspOptions = new CspOptions {
ReportEndpoint = EndpointSettings.Enabled,
},
AccessTokenValidationEndpoint = EndpointSettings.Enabled,
Factory = factory,
AdditionalIdentityProviderConfiguration = ConfigureAdditionalIdentityProviders,
CorsPolicy = CorsPolicy.AllowAll,
};
coreApp.UseIdentityServer(idsrvOptions);
});
// only for showing the getting started index page
app.UseStaticFiles();
}
public void Configuration(IAppBuilder app)
{
Log.Logger = new LoggerConfiguration()
.ReadFrom.AppSettings()
.CreateLogger();
app.Map(
"/core",
coreApp => {
coreApp.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Standalone Identity Server",
SigningCertificate = Cert.Load(),
Factory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
.UseInMemoryUsers(Users.Get()),
RequireSsl = true,
Endpoints = new EndpointOptions
{
EnableAccessTokenValidationEndpoint = false
}
});
});
}
public void Configuration(IAppBuilder app)
{
// this configures IdentityManager
// we're using a Map just to test hosting not at the root
app.Map("/idm", idm =>
{
LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider());
var factory = new IdentityManagerServiceFactory();
var rand = new System.Random();
var users = Users.Get(rand.Next(5000, 20000));
var roles = Roles.Get(rand.Next(15));
factory.Register(new Registration <ICollection <InMemoryUser> >(users));
factory.Register(new Registration <ICollection <InMemoryRole> >(roles));
factory.IdentityManagerService = new Registration <IIdentityManagerService, InMemoryIdentityManagerService>();
idm.UseIdentityManager(new IdentityManagerOptions
{
Factory = factory,
SecurityMode = SecurityMode.LocalMachine,
OAuth2Configuration = new OAuth2Configuration
{
AuthorizationUrl = "http://localhost:17457/ids/connect/authorize",
Issuer = "https://idsrv3.com",
Audience = "https://idsrv3.com/resources",
ClientId = "idmgr",
SigningCert = Cert.Load(),
Scope = "idmgr",
ClaimsTransformation = user =>
{
if (user.IsInRole("Foo"))
{
((ClaimsIdentity)user.Identity).AddClaim(new Claim("role", "IdentityManagerAdministrator"));
}
return(user);
},
//PersistToken = true,
//AutomaticallyRenewToken = true
}
});
});
// this configures an embedded IdentityServer to act as an external authentication provider
// when using IdentityManager in Token security mode. normally you'd configure this elsewhere.
app.Map("/ids", ids =>
{
IdSvrConfig.Configure(ids);
});
// used to redirect to the main admin page visiting the root of the host
app.Run(ctx =>
{
ctx.Response.Redirect("/idm/");
return(System.Threading.Tasks.Task.FromResult(0));
});
}
public IdentityServerOptions GetServerOptions()
{
var factory = new IdentityServerServiceFactory();
var knownClientStore = new KnownClientStore(identityManagerUri, identityAdminUri);
factory.ClientStore = new Registration <IClientStore>(
new CompositeClientStore(new IClientStore[]
{
new ClientStore(new ClientConfigurationDbContext("ClientsScopes")), // TODO: get connection string name from config
knownClientStore
}));
factory.ScopeStore = new Registration <IScopeStore>(
new CompositeScopeStore(new IScopeStore[]
{
new ScopeStore(new ScopeConfigurationDbContext("ClientsScopes")), // TODO: get connection string name from config
new KnownScopeStore()
}));
factory.UserService = new Registration <IUserService>(
new CompositeUserService(new IUserService[]
{
new ClaimsUserService(new NullClaimsService(), userService),
new KnownUserService(this.adminUsername, this.adminPassword)
}));
factory.CorsPolicyService = new Registration <ICorsPolicyService>(
new CompositeCorsPolicyService(new ICorsPolicyService[]
{
new ClientConfigurationCorsPolicyService(new ClientConfigurationDbContext("ClientsScopes")), // TODO: get connection string name from config
new InMemoryCorsPolicyService(knownClientStore.GetClients())
}));
//We can choose how to display the login screen
LoadViewService(factory);
return(new IdentityServerOptions
{
SiteName = "IdentityServer v3",
SigningCertificate = Cert.Load(typeof(IOwinBootstrapper).Assembly, "Cert", "idsrv3test.pfx", "idsrv3test"),
Endpoints = new EndpointOptions
{
EnableCspReportEndpoint = true
},
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = externalIdentityProviderService.UseExternalIdentityProviders,
//Registration link on login page
LoginPageLinks = new LoginPageLink[]
{
new LoginPageLink {
Text = "Register", Href = "localregistration"
}
}
},
Factory = factory
});
}
public void Configuration(IAppBuilder app)
{
LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider());
//LogProvider.SetCurrentLogProvider(new TraceSourceLogProvider());
// uncomment to enable HSTS headers for the host
// see: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
//app.UseHsts();
app.Map("/core", coreApp =>
{
var factory = InMemoryFactory.Create(
users: Users.Get(),
clients: Clients.Get(),
scopes: Scopes.Get());
factory.CustomGrantValidator =
new Registration <ICustomGrantValidator>(typeof(CustomGrantValidator));
factory.ConfigureClientStoreCache();
factory.ConfigureScopeStoreCache();
factory.ConfigureUserServiceCache();
var idsrvOptions = new IdentityServerOptions
{
SiteName = "Thinktecture IdentityServer v3",
Factory = factory,
SigningCertificate = Cert.Load(),
CorsPolicy = CorsPolicy.AllowAll,
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders,
},
DiagnosticsOptions = new LoggingOptions
{
EnableHttpLogging = true,
EnableWebApiDiagnostics = true,
IncludeSensitiveDataInLogs = true
},
EventsOptions = new EventsOptions
{
RaiseFailureEvents = true,
RaiseInformationEvents = true,
RaiseSuccessEvents = true,
RaiseErrorEvents = true
}
};
coreApp.UseIdentityServer(idsrvOptions);
});
// only for showing the getting started index page
app.UseStaticFiles();
}
public void Configuration(IAppBuilder app)
{
// setup serilog to use diagnostics trace
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.WriteTo.Trace()
.CreateLogger();
// uncomment to enable HSTS headers for the host
// see: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
//app.UseHsts();
app.Map("/core", coreApp =>
{
var factory = new IdentityServerServiceFactory()
.UseInMemoryUsers(Users.Get())
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
factory.CustomGrantValidators.Add(
new Registration <ICustomGrantValidator>(typeof(CustomGrantValidator)));
factory.CustomGrantValidators.Add(
new Registration <ICustomGrantValidator>(typeof(AnotherCustomGrantValidator)));
factory.ConfigureClientStoreCache();
factory.ConfigureScopeStoreCache();
factory.ConfigureUserServiceCache();
var idsrvOptions = new IdentityServerOptions
{
Factory = factory,
SigningCertificate = Cert.Load(),
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders,
//EnablePostSignOutAutoRedirect = true
},
LoggingOptions = new LoggingOptions
{
EnableKatanaLogging = true
},
EventsOptions = new EventsOptions
{
RaiseFailureEvents = true,
RaiseInformationEvents = true,
RaiseSuccessEvents = true,
RaiseErrorEvents = true
}
};
coreApp.UseIdentityServer(idsrvOptions);
});
}
public async Task <Client> FindClientByIdAsync(string clientId)
{
var clientsUri = $"admin-api/api/clients/{clientId}";
//var cert = Cert.Load(StoreName.My, StoreLocation.CurrentUser, "b512d01195667dbc7c4222ec6fd563ac64e3d450");
//var handler = new WebRequestHandler();
//handler.ClientCertificates.Add(cert);
// Retrieve an access token from the IdentityAdmin /authorize OAuth endpoint
using (var client = new HttpClient())
{
client.BaseAddress = new Uri(this.identityAdminUri);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var cert = Cert.Load(typeof(IOwinBootstrapper).Assembly, "Cert", "idsrv3test.pfx", "idsrv3test");
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim("name", "idServer"),
new Claim("role", "IdentityAdminManager"),
new Claim("scope", "idadmin-api")
}),
TokenIssuerName = "idServer",
AppliesToAddress = this.identityAdminUri,
Lifetime = new Lifetime(DateTime.Now, DateTime.Now.AddMinutes(10)),
SigningCredentials = new X509SigningCredentials(cert)
};
var tokenHandler = new JwtSecurityTokenHandler();
var securityToken = tokenHandler.CreateToken(tokenDescriptor);
var accessToken = tokenHandler.WriteToken(securityToken);
var jwtParams = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role",
ValidAudience = this.identityAdminUri,
ValidIssuer = "idServer",
IssuerSigningToken = new X509SecurityToken(cert)
};
SecurityToken validatedToken;
tokenHandler.ValidateToken(accessToken, jwtParams, out validatedToken);
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var response = await client.GetAsync(clientsUri);
var str = await response.Content.ReadAsStringAsync();
}
return(null);
}
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseKestrel(cfg =>
{
cfg.Listen(IPAddress.Any, Port, c => c.UseHttps(Cert.Load()));
})
.UseIISIntegration()
.UseUrls($"https://*:{Port}")
.UseStartup <Startup>()
.Build();
public static IAppBuilder UseIdentityServer(this IAppBuilder app)
{
// uncomment to enable HSTS headers for the host
// see: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
//app.UseHsts();
app.Map("/core", coreApp =>
{
var factory = new IdentityServerServiceFactory()
//.UseInMemoryUsers(Users.Get()) Fabio
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
factory.AddCustomGrantValidators();
factory.AddCustomTokenResponseGenerator();
factory.ConfigureClientStoreCache();
factory.ConfigureScopeStoreCache();
//factory.ConfigureUserServiceCache(); Fabio
// Fabio custom User on EF
var userService = new LocalRegistrationUserService();
factory.UserService = new Registration <IUserService>(resolver => userService);
factory.CorsPolicyService = new Registration <ICorsPolicyService>(new DefaultCorsPolicyService {
AllowAll = true
});
var idsrvOptions = new IdentityServerOptions
{
Factory = factory,
SigningCertificate = Cert.Load(),
RequireSsl = false,
Endpoints = new EndpointOptions
{
// replaced by the introspection endpoint in v2.2
EnableAccessTokenValidationEndpoint = false
},
// Fabio inibito configurazione provider esterni (facebook, google, etc ...)
//AuthenticationOptions = new AuthenticationOptions
//{
// IdentityProviders = ConfigureIdentityProviders,
// EnableAutoCallbackForFederatedSignout = true
//},
};
coreApp.UseIdentityServer(idsrvOptions);
});
return(app);
}
public void Configuration(IAppBuilder app)
{
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.WriteTo.Trace()
.CreateLogger();
app.Map("/api", apiApp =>
{
var config = new HttpConfiguration();
config.Services.Replace(typeof(IHttpControllerTypeResolver),
new TypeResolver(typeof(IdentityController), typeof(TestController)));
config.MapHttpAttributeRoutes();
apiApp.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://demo.identityserver.io",
ValidationMode = ValidationMode.ValidationEndpoint,
RequiredScopes = new[] { "api" },
DelayLoadMetadata = true
});
apiApp.UseWebApi(config);
});
var factory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
.UseInMemoryUsers(Users.Get());
// turns off redirect URI validaiton - ONLY FOR DEMO PURPOSES
factory.RedirectUriValidator = new Registration <IRedirectUriValidator, NopRedirectUriValidator>();
var idsrvOptions = new IdentityServerOptions
{
SiteName = "IdentityServer3 Demo",
Factory = factory,
SigningCertificate = Cert.Load(),
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders
}
};
app.UseIdentityServer(idsrvOptions);
}
public void Configuration(IAppBuilder app)
{
app.Map(
"/core",
coreApp =>
{
coreApp.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Standalone Identity Server",
SigningCertificate = Cert.Load(),
Factory = InMemoryFactory.Create(Users.Get(), Clients.Get(), Scopes.Get()),
RequireSsl = true
});
});
}
public static void Configuration(IAppBuilder app)
{
var idSrv = new IdentityServerStartup();
idSrv.Configuration(app);
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>();
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
ValidationMode = ValidationMode.Local,
IssuerName = "https://idsrv.acme.com",
IssuerCertificate = Cert.Load()
});
}
public static IAppBuilder UseIdentityServer(this IAppBuilder app)
{
// uncomment to enable HSTS headers for the host
// see: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
//app.UseHsts();
app.Map("/core", coreApp =>
{
//var factory = new IdentityServerServiceFactory()
// .UseInMemoryUsers(Users.Get())
// .UseInMemoryClients(Clients.Get())
// .UseInMemoryScopes(Scopes.Get());
var factory = new IdentityServerServiceFactory();
var scopeStore = new InMemoryScopeStore(Scopes.Get());
factory.ScopeStore = new Registration <IScopeStore>(scopeStore);
var clientStore = new InMemoryClientStore(Clients.Get());
factory.ClientStore = new Registration <IClientStore>(clientStore);
factory.UseInMemoryUsers(Users.Get());
factory.CorsPolicyService = new Registration <ICorsPolicyService>(new DefaultCorsPolicyService {
AllowAll = true
});
factory.ConfigureClientStoreCache();
factory.ConfigureScopeStoreCache();
factory.ConfigureUserServiceCache();
var idsrvOptions = new IdentityServerOptions
{
Factory = factory,
SigningCertificate = Cert.Load(),
RequireSsl = false,
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders,
},
};
coreApp.UseIdentityServer(idsrvOptions);
});
return(app);
}
public static IAppBuilder UseIdentityServer(this IAppBuilder app)
{
// uncomment to enable HSTS headers for the host
// see: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
//app.UseHsts();
app.Map("/core", coreApp =>
{
var factory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
//.UseInMemoryUsers(Users.GetCustomUsers());
//var userService = new Host.Configuration.Services.CustomUserService();
//factory.UserService = new Registration<IUserService>(resolver => userService);
factory.UserService = new Registration <IUserService, Host.Configuration.Services.CustomUserService>();
factory.AddCustomGrantValidators();
factory.AddCustomTokenResponseGenerator();
factory.ConfigureClientStoreCache();
factory.ConfigureScopeStoreCache();
factory.ConfigureUserServiceCache();
var idsrvOptions = new IdentityServerOptions
{
Factory = factory,
SigningCertificate = Cert.Load(),
Endpoints = new EndpointOptions
{
// replaced by the introspection endpoint in v2.2
EnableAccessTokenValidationEndpoint = false
}
//,
//AuthenticationOptions = new AuthenticationOptions
//{
// IdentityProviders = ConfigureIdentityProviders,
// EnableAutoCallbackForFederatedSignout = true
//},
};
coreApp.UseIdentityServer(idsrvOptions);
});
return(app);
}
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication();
var builder = services.AddIdentityServer(options =>
{
options.IssuerUri = "https://idsvr4";
});
builder.AddInMemoryClients(Clients.Get());
builder.AddInMemoryScopes(Scopes.Get());
builder.AddInMemoryUsers(Users.Get());
builder.SetSigningCredential(Cert.Load());
builder.AddCustomGrantValidator<CustomGrantValidator>();
builder.AddCustomGrantValidator<CustomGrantValidator2>();
}
public void Configuration(IAppBuilder app)
{
app.Map("/core", coreApp =>
{
var factory = Factory.Create();
var opts = new IdentityServerOptions
{
IssuerUri = "https://idsrv3.com",
SiteName = "Thinktecture IdentityServer v3 - preview 1",
SigningCertificate = Cert.Load(),
Factory = factory,
PublicHostName = "http://localhost:3333"
};
coreApp.UseIdentityServer(opts);
});
}
private static void RegisterApiServices(IConfigurationService configService, ContainerBuilder builder)
{
var usersApiUri = configService.GetSetting <string>("UsersApiUri", null);
var identityServerUri = configService.GetSetting <string>("IdentityServerUri", null);
builder.RegisterType <UsersApiUserService>().As <IUserService>()
.WithParameter("usersApiUri", usersApiUri)
.WithParameter("identityServerUri", identityServerUri);
builder.RegisterType <X509SignedTokenProvider>()
.WithParameter("cert", Cert.Load(typeof(IOwinBootstrapper).Assembly, "Cert", "idsrv3test.pfx", "idsrv3test"))
.Named <ITokenProvider>("tokenProvider");
builder.RegisterDecorator <ITokenProvider>(p => new CachingTokenProvider(p), "tokenProvider");
builder.RegisterType <UsersApiIdentityManagerService>().As <IIdentityManagerService>()
.WithParameter("usersApiUri", usersApiUri)
.WithParameter("identityServerUri", identityServerUri);
}
public void Configuration(IAppBuilder app)
{
app.Map(
"/core",
coreApp =>
{
coreApp.UseIdentityServer(
new IdentityServerOptions
{
SiteName = "Standalone Identity Server",
SigningCertificate = Cert.Load(),
Factory =
new IdentityServerServiceFactory().UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
.UseInMemoryUsers(Users.Get()),
RequireSsl = true,
PluginConfiguration = ConfigureWsFederation
});
});
}
public void Configuration(IAppBuilder app)
{
LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider());
//LogProvider.SetCurrentLogProvider(new TraceSourceLogProvider());
// uncomment to enable HSTS headers for the host
// see: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
//app.UseHsts();
app.Map("/core", coreApp =>
{
var factory = InMemoryFactory.Create(
users: Users.Get(),
clients: Clients.Get(),
scopes: Scopes.Get());
var idsrvOptions = new IdentityServerOptions
{
IssuerUri = "https://idsrv3.com",
SiteName = "Thinktecture IdentityServer v3 - beta 3",
Factory = factory,
SigningCertificate = Cert.Load(),
CorsPolicy = CorsPolicy.AllowAll,
CspOptions = new CspOptions
{
ReportEndpoint = EndpointSettings.Enabled,
},
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders,
}
};
coreApp.UseIdentityServer(idsrvOptions);
});
// only for showing the getting started index page
app.UseStaticFiles();
}
public void Configuration(IAppBuilder app)
{
// this configures IdentityManager
// we're using a Map just to test hosting not at the root
app.Map("/idm", idm =>
{
var rand = new System.Random();
var svc = new InMemoryIdentityManagerService(Users.Get(rand.Next(5000, 20000)), Roles.Get(rand.Next(15)));
idm.UseIdentityManager(new IdentityManagerConfiguration
{
IdentityManagerFactory = () => svc,
SecurityMode = SecurityMode.LocalMachine,
OAuth2Configuration = new OAuth2Configuration
{
AuthorizationUrl = "http://localhost:17457/ids/connect/authorize",
Issuer = "https://idsrv3.com",
Audience = "https://idsrv3.com/resources",
ClientId = "idmgr",
SigningCert = Cert.Load(),
Scope = "idmgr",
//PersistToken = true,
//AutomaticallyRenewToken = true
}
});
});
// this configures an embedded IdentityServer to act as an external authentication provider
// when using IdentityManager in Token security mode. normally you'd configure this elsewhere.
app.Map("/ids", ids =>
{
IdSvrConfig.Configure(ids);
});
// used to redirect to the main admin page visiting the root of the host
app.Run(ctx =>
{
ctx.Response.Redirect("/idm/");
return(System.Threading.Tasks.Task.FromResult(0));
});
}
public void Configuration(IAppBuilder app)
{
app.Map(
"/core",
coreApp =>
{
coreApp.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Standalone Identity Server",
SigningCertificate = Cert.Load(),
Factory =
new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
.UseInMemoryUsers(Users.Get()),
RequireSsl = true,
AuthenticationOptions = new AuthenticationOptions {
EnablePostSignOutAutoRedirect = true
}
});
});
}
public void Configuration(IAppBuilder app)
{
app.Map(
"/oauth/ls",
coreApp =>
{
var inMem = new InMemoryCorsPolicyService(Clients.Get());
var factory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
.UseInMemoryUsers(Users.Get());
factory.CorsPolicyService = new Registration <ICorsPolicyService>(inMem);
coreApp.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Standalone Identity Server",
SigningCertificate = Cert.Load(),
Factory = factory,
RequireSsl = true,
});
});
}
private AdminSecurityConfiguration GetSecurityConfiguration(bool useExternalAccessToken)
{
if (useExternalAccessToken)
{
return(new ExternalBearerTokenConfiguration()
{
Audience = "https://localhost:44333/admin", // TODO: get from config
Issuer = "idServer",
NameClaimType = "name",
RoleClaimType = "role",
AdminRoleName = "IdentityAdminManager",
SigningCert = Cert.Load(typeof(IOwinBootstrapper).Assembly, "Cert", "idsrv3test.pfx", "idsrv3test"),
Scope = "idadmin-api"
});
}
return(new AdminHostSecurityConfiguration
{
HostAuthenticationType = "Cookies",
NameClaimType = "name",
RoleClaimType = "role",
AdminRoleName = "IdentityAdminManager"
});
}
void InitializeDataStoreIdentityServer(IAppBuilder app)
{
app.Map("/identity", identityServerApp =>
{
var factory = new IdentityServerServiceFactory();
var adminConfiguration = new EntityFrameworkServiceOptions
{
ConnectionString = MyConstants.AdminConfig
};
factory.RegisterConfigurationServices(adminConfiguration);
factory.RegisterOperationalServices(adminConfiguration);
factory.ConfigureUserService(MyConstants.UserAdminConfig);
factory.ConfigureClientStoreCache();
factory.ConfigureScopeStoreCache();
factory.ConfigureUserServiceCache();
var identityServerOptions = new IdentityServerOptions
{
SiteName = "Paradise Security Provider",
Factory = factory,
SigningCertificate = Cert.Load(),
AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders,
EnableAutoCallbackForFederatedSignout = false
},
};
identityServerApp.UseIdentityServer(identityServerOptions);
});
}
public void Configuration(IAppBuilder app)
{
#if DEBUG
const string serverName = "devservername";
#else
const string serverName = "prodservername";
#endif
LogProvider.SetCurrentLogProvider(new TraceSourceLogProvider());
const string connectionName = "AspId";
var factory = new IdentityServerServiceFactory();
factory.ConfigureClientService(connectionName);
factory.ConfigureScopeService(connectionName);
factory.ConfigureUserService(connectionName);
//factory.ConfigureClientStoreCache();
//factory.ConfigureScopeStoreCache();
//factory.ConfigureUserServiceCache();
app.Map("/core1", coreApp =>
{
var options = new IdentityServerOptions
{
IssuerUri = "https://" + serverName + "/identityserver",
SiteName = "Identity Server Name",
SigningCertificate = Cert.Load(serverName),
Factory = factory,
CorsPolicy = CorsPolicy.AllowAll,
RequireSsl = true,
EnableWelcomePage = true,
AuthenticationOptions = new AuthenticationOptions
{
EnableLoginHint = true,
EnableSignOutPrompt = false,
EnableLocalLogin = false,
EnablePostSignOutAutoRedirect = true,
PostSignOutAutoRedirectDelay = 0,
RequireAuthenticatedUserForSignOutMessage = false,
RememberLastUsername = false,
SignInMessageThreshold = 3,
IdentityProviders = ConfigureAdditionalIdentityProviders1,
CookieOptions = new Thinktecture.IdentityServer.Core.Configuration.CookieOptions()
{
Prefix = "Core1",
SecureMode = CookieSecureMode.Always
}
},
LoggingOptions = new LoggingOptions
{
EnableHttpLogging = true,
EnableWebApiDiagnostics = true,
IncludeSensitiveDataInLogs = true,
WebApiDiagnosticsIsVerbose = false
},
EventsOptions = new EventsOptions
{
RaiseSuccessEvents = true,
RaiseErrorEvents = true,
RaiseFailureEvents = true,
RaiseInformationEvents = true
}
};
coreApp.UseIdentityServer(options);
});
app.Map("/core2", coreApp =>
{
var options = new IdentityServerOptions
{
IssuerUri = "https://" + serverName + "/identityserver",
SiteName = "Identity Server Name",
SigningCertificate = Cert.Load(serverName),
Factory = factory,
CorsPolicy = CorsPolicy.AllowAll,
RequireSsl = true,
EnableWelcomePage = false,
AuthenticationOptions = new AuthenticationOptions
{
EnableLoginHint = true,
EnableSignOutPrompt = false,
EnableLocalLogin = false,
EnablePostSignOutAutoRedirect = true,
PostSignOutAutoRedirectDelay = 0,
RequireAuthenticatedUserForSignOutMessage = false,
RememberLastUsername = false,
SignInMessageThreshold = 3,
IdentityProviders = ConfigureAdditionalIdentityProviders2,
CookieOptions = new Thinktecture.IdentityServer.Core.Configuration.CookieOptions()
{
Prefix = "Core2",
SecureMode = CookieSecureMode.Always
}
},
LoggingOptions = new LoggingOptions
{
EnableHttpLogging = true,
EnableWebApiDiagnostics = true,
IncludeSensitiveDataInLogs = true
},
EventsOptions = new EventsOptions
{
RaiseSuccessEvents = true,
RaiseErrorEvents = true,
RaiseFailureEvents = true,
RaiseInformationEvents = true
}
};
coreApp.UseIdentityServer(options);
});
}