public static void UseOAuthAuthorizationServer(this IAppBuilder app, HostSecurityConfiguration config)
{
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = !config.RequireSsl,
AccessTokenExpireTimeSpan = config.TokenExpiration,
AuthorizeEndpointPath = new PathString(Constants.AuthorizePath),
Provider = new OAuthAuthorizationServerProvider
{
OnValidateClientRedirectUri = ctx =>
{
if (ctx.ClientId == Constants.IdMgrClientId)
{
var path = ctx.Request.PathBase.ToString();
if (String.IsNullOrWhiteSpace(path)) path = "/";
var callbackUrl = new Uri(ctx.Request.Uri, path);
var url = callbackUrl.AbsoluteUri;
if (url.EndsWith("/")) url = url.Substring(0, url.Length - 1);
url += Constants.CallbackFragment;
ctx.Validated(url);
}
else
{
ctx.Rejected();
}
return Task.FromResult(0);
},
OnAuthorizeEndpoint = ctx =>
{
var owin = ctx.OwinContext;
var result = owin.Authentication.AuthenticateAsync(config.HostAuthenticationType).Result;
if (result != null)
{
Logger.InfoFormat("User is authenticated from {0}", config.HostAuthenticationType);
// we only want name and role claims
var expected = new[]{config.NameClaimType, config.RoleClaimType};
var claims = result.Identity.Claims.Where(x => expected.Contains(x.Type));
var id = new ClaimsIdentity(claims, Constants.BearerAuthenticationType, config.NameClaimType, config.RoleClaimType);
owin.Authentication.SignIn(id);
}
else
{
Logger.InfoFormat("User is authenticated from {0}; issuing challenge", config.HostAuthenticationType);
owin.Authentication.Challenge();
};
ctx.RequestCompleted();
return Task.FromResult(0);
}
}
});
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AuthenticationType = config.BearerAuthenticationType,
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive
});
}
public LocalhostAuthenticationOptions(HostSecurityConfiguration securityConfiguration)
: base(securityConfiguration.HostAuthenticationType)
{
this.Configuration = securityConfiguration;
}
public LocalhostAuthenticationOptions(HostSecurityConfiguration securityConfiguration)
: base(securityConfiguration.HostAuthenticationType)
{
this.Configuration = securityConfiguration;
}
public static void UseOAuthAuthorizationServer(this IAppBuilder app, HostSecurityConfiguration config)
{
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = !config.RequireSsl,
AccessTokenExpireTimeSpan = config.TokenExpiration,
AuthorizeEndpointPath = new PathString(Constants.AuthorizePath),
Provider = new OAuthAuthorizationServerProvider
{
OnValidateClientRedirectUri = ctx =>
{
if (ctx.ClientId == Constants.IdMgrClientId)
{
var path = ctx.Request.PathBase.ToString();
if (String.IsNullOrWhiteSpace(path))
{
path = "/";
}
var callbackUrl = new Uri(ctx.Request.Uri, path);
var url = callbackUrl.AbsoluteUri;
if (url.EndsWith("/"))
{
url = url.Substring(0, url.Length - 1);
}
url += Constants.CallbackFragment;
ctx.Validated(url);
}
else
{
ctx.Rejected();
}
return(Task.FromResult(0));
},
OnAuthorizeEndpoint = ctx =>
{
var owin = ctx.OwinContext;
var result = owin.Authentication.AuthenticateAsync(config.HostAuthenticationType).Result;
if (result != null)
{
Logger.InfoFormat("User is authenticated from {0}", config.HostAuthenticationType);
// we only want name and role claims
var expected = new[] { config.NameClaimType, config.RoleClaimType };
var claims = result.Identity.Claims.Where(x => expected.Contains(x.Type));
var id = new ClaimsIdentity(claims, Constants.BearerAuthenticationType, config.NameClaimType, config.RoleClaimType);
owin.Authentication.SignIn(id);
}
else
{
Logger.InfoFormat("User is authenticated from {0}; issuing challenge", config.HostAuthenticationType);
owin.Authentication.Challenge();
};
ctx.RequestCompleted();
return(Task.FromResult(0));
}
}
});
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AuthenticationType = config.BearerAuthenticationType,
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive
});
}