public void ConfigureServices(IServiceCollection services)
{
var settings = Config.Setting();
services.AddMvc();
var opt = new HelseIdClientOptions
{
ClientId = settings.ClientId,
ClientSecret = settings.ClientSecret,
Authority = settings.Authority,
RedirectUri = settings.RedirectUri,
PostLogoutRedirectUri = settings.PostLogoutRedirectUri,
SigningMethod = (JwtGenerator.SigningMethod)Enum.Parse(typeof(JwtGenerator.SigningMethod), settings.SigningMethod),
CertificateThumbprint = settings.CertificateThumbprint,
Scope = settings.Scope
};
var client = new HelseIdClient(opt);
services.AddSingleton <IHelseIdClient>(client);
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "oidc";
})
.AddCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
options.Cookie.Name = "HelseId.Clients.Core.MvcHybrid";
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = settings.Authority;
options.RequireHttpsMetadata = true;
options.ClientSecret = settings.ClientSecret;
options.ClientId = settings.ClientId;
options.ResponseType = settings.ResponseType;
options.Scope.Clear();
foreach (var scope in settings.Scope.FromSpaceSeparatedToList())
{
options.Scope.Add(scope);
}
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
options.Events = new OpenIdConnectEvents
{
OnAuthorizationCodeReceived = async ctx =>
{
var result = await client.AcquireTokenByAuthorizationCodeAsync(ctx.ProtocolMessage.Code);
var response = new OpenIdConnectMessage
{
AccessToken = result.AccessToken,
IdToken = result.IdentityToken,
RefreshToken = result.RefreshToken
};
ctx.HandleCodeRedemption(response);
},
OnRedirectToIdentityProvider = redirectContext =>
{
var provider = settings.IdentityProvider;
var level = settings.OnlyLevel4 ? "Level4" : string.Empty;
var testPid = settings.TestPid;
var testHprNumber = settings.TestHprNumber;
var testSecurityLevel = settings.TestSecurityLevel;
var prompt = settings.ForceLogin ? "login" : string.Empty;
if (!string.IsNullOrWhiteSpace(provider))
{
redirectContext.ProtocolMessage.AcrValues = $"idp:{provider} {level}";
}
else if (!string.IsNullOrWhiteSpace(level))
{
redirectContext.ProtocolMessage.AcrValues = level;
}
if (!string.IsNullOrWhiteSpace(prompt))
{
redirectContext.ProtocolMessage.Prompt = "login";
}
if (!string.IsNullOrEmpty(testPid))
{
redirectContext.ProtocolMessage.SetParameter("test_pid", testPid);
if (!string.IsNullOrEmpty(testSecurityLevel))
{
redirectContext.ProtocolMessage.SetParameter("test_security_level", testSecurityLevel);
}
}
if (!string.IsNullOrEmpty(testHprNumber))
{
redirectContext.ProtocolMessage.SetParameter("test_hpr_number", testHprNumber);
}
return(Task.CompletedTask);
}
};
});
}
public void Configuration(IAppBuilder app)
{
var settings = Config.Setting();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ResponseType = settings.ResponseType,
SignInAsAuthenticationType = "Cookies",
ClientId = settings.ClientId,
ClientSecret = settings.ClientSecret,
Authority = settings.Authority,
RedirectUri = settings.RedirectUri,
PostLogoutRedirectUri = settings.PostLogoutRedirectUri,
Scope = settings.Scope,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
var opt = new HelseIdClientOptions
{
ClientId = n.Options.ClientId,
ClientSecret = n.Options.ClientSecret,
Authority = n.Options.Authority,
RedirectUri = settings.RedirectUri,
SigningMethod = (JwtGenerator.SigningMethod)Enum.Parse(typeof(JwtGenerator.SigningMethod), settings.SigningMethod),
CertificateThumbprint = settings.CertificateThumbprint
};
var client = new HelseIdClient(opt);
var tokenResponse = await client.AcquireTokenByAuthorizationCodeAsync(n.ProtocolMessage.Code);
//// create new identity
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
id.AddClaims(n.AuthenticationTicket.Identity.Claims);
id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(tokenResponse.ExpiresIn).ToLocalTime().ToString()));
id.AddClaim(new Claim("refresh_token", tokenResponse.RefreshToken));
id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
id.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value));
n.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType),
n.AuthenticationTicket.Properties);
},
RedirectToIdentityProvider = redirectContext =>
{
var provider = settings.IdentityProvider;
var level = settings.OnlyLevel4 ? "Level4" : string.Empty;
var testPid = settings.TestPid;
var testHprNumber = settings.TestHprNumber;
var testSecurityLevel = settings.TestSecurityLevel;
var prompt = settings.ForceLogin ? "login" : string.Empty;
if (!string.IsNullOrWhiteSpace(provider))
{
redirectContext.ProtocolMessage.AcrValues = $"idp:{provider} {level}";
}
else if (!string.IsNullOrWhiteSpace(level))
{
redirectContext.ProtocolMessage.AcrValues = level;
}
if (!string.IsNullOrWhiteSpace(prompt))
{
redirectContext.ProtocolMessage.Prompt = "login";
}
if (!string.IsNullOrEmpty(testPid))
{
redirectContext.ProtocolMessage.SetParameter("test_pid", testPid);
if (!string.IsNullOrEmpty(testSecurityLevel))
{
redirectContext.ProtocolMessage.SetParameter("test_security_level", testSecurityLevel);
}
}
if (!string.IsNullOrEmpty(testHprNumber))
{
redirectContext.ProtocolMessage.SetParameter("test_hpr_number", testHprNumber);
}
return(Task.CompletedTask);
}
}
});
}