private static X509Certificate2 LoadCertificate(SsoServiceEnvironmentConfiguration environment) { if (environment.Environment == "Dev") { return(new X509Certificate2($@"{AppDomain.CurrentDomain.BaseDirectory}\bin\as-id-dev.pfx-dev", "P@ssw0rd1")); } using (var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser)) { certStore.Open(OpenFlags.ReadOnly); var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, environment.CertificateThumprint, false); if (certCollection.Count == 0) { Trace.TraceError("Failed to load certificate with thumbprint: {0}", environment.CertificateThumprint); return(null); } return(certCollection[0]); } }
private static IdentityServerServiceFactory ConfigureFactory(SsoServiceEnvironmentConfiguration environment) { var connectionString = environment.TableStorageConnectionString; var factory = new IdentityServerServiceFactory(); var viewOptions = new DefaultViewServiceOptions(); #if DEBUG viewOptions.CacheViews = false; #endif viewOptions.Stylesheets.Add("https://maxcdn.bootstrapcdn.com/bootswatch/3.3.6/united/bootstrap.min.css"); viewOptions.Stylesheets.Add("https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css"); viewOptions.Stylesheets.Add("https://appsyndication.azureedge.net/css/site.css"); #if DEBUG viewOptions.Stylesheets.Add("/sso/css/site.css"); #endif viewOptions.Scripts.Add("https://code.jquery.com/jquery-1.12.3.min.js"); viewOptions.Scripts.Add("https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"); viewOptions.Scripts.Add("https://appsyndication.azureedge.net/js/site.js"); factory.ConfigureDefaultViewService(viewOptions); var scopes = Scopes.Get(); var scopeStore = new InMemoryScopeStore(scopes); factory.ScopeStore = new Registration <IScopeStore>(scopeStore); var clients = Clients.Get(environment); var clientStore = new InMemoryClientStore(clients); factory.ClientStore = new Registration <IClientStore>(clientStore); factory.UserService = new Registration <IUserService, UserService>(); factory.Register(new Registration <AtsUserService>()); factory.Register(new Registration <AtsUserRepository>()); factory.Register(new Registration <AtsUserServiceConfig>(r => new AtsUserServiceConfig(connectionString, "appsyndication"))); return(factory); }
public void Configuration(IAppBuilder app) { Trace.TraceInformation("Starting up."); #if DEBUG Log.Logger = new LoggerConfiguration() .MinimumLevel.Debug() .WriteTo.Trace() .CreateLogger(); #endif var environment = new SsoServiceEnvironmentConfiguration(); var options = new IdentityServerOptions { SiteName = "AppSyndication Single Sign-On Service", SigningCertificate = LoadCertificate(environment), CspOptions = new CspOptions() { FontSrc = "'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com", ScriptSrc = "https://appsyndication.azureedge.net https://code.jquery.com https://maxcdn.bootstrapcdn.com", StyleSrc = "https://appsyndication.azureedge.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com", }, Factory = ConfigureFactory(environment), AuthenticationOptions = { EnableSignOutPrompt = false, //EnablePostSignOutAutoRedirect = true, //PostSignOutAutoRedirectDelay = 0, }, PublicOrigin = environment.PublicOrigin, EnableWelcomePage = false, #if DEBUG LoggingOptions = { EnableHttpLogging = true, EnableKatanaLogging = true, EnableWebApiDiagnostics = true, WebApiDiagnosticsIsVerbose = true, }, #endif RequireSsl = false, }; app.Map("/sso", ssoApp => { ssoApp.UseIdentityServer(options); }); app.Run(async context => { if (context.Request.Path.Value == "/") { await context.Response.WriteAsync( @"<!DOCTYPE html><html><head><meta charset=""utf-8""><meta http-equiv=""X-UA-Compatible"" content=""IE=edge"" /><meta name=""viewport"" content=""width=device-width, initial-scale=1.0"" />" + @"<title>AppSyndication Single Sign-on Service</title>" + @"</head>" + @"<body lang=""en""><h1>AppSyndication Single Sign-on Service</h1><a href=""/sso/"">Go here</a></body>" + @"</html>"); } else { context.Response.StatusCode = (int)HttpStatusCode.NotFound; } }); Trace.TraceInformation("Started."); }
public static List <Client> Get(SsoServiceEnvironmentConfiguration environment) { var clients = new List <Client> { new Client { Enabled = true, ClientName = "AppSyndication Account Service", ClientId = "as-ac", ClientSecrets = new List <Secret>() { new Secret(environment.AccountServiceSecret.Sha256()) }, Flow = Flows.AuthorizationCode, RedirectUris = new List <string> { "https://www.appsyndication.com/account/signin-oidc", "http://www.appsyndication.com/account/signin-oidc", "https://as-ac.azurewebsites.net/account/signin-oidc", "https://localhost:4101/account/signin-oidc", "http://localhost:4001/account/signin-oidc", }, //PostLogoutRedirectUris = new List<string> //{ // "https://localhost:44319/logout" //}, AllowAccessToAllScopes = true, RequireConsent = false, }, new Client { Enabled = true, ClientName = "Asp.NET Core Test Client", ClientId = "coretest", ClientSecrets = new List <Secret>() { new Secret("secret".Sha256()) }, Flow = Flows.AuthorizationCode, RedirectUris = new List <string> { "https://localhost:44319/signin-oidc", }, //PostLogoutRedirectUris = new List<string> //{ // "https://localhost:44319/logout" //}, AllowAccessToAllScopes = true }, new Client { Enabled = true, ClientName = "AppSyndication Upload Web Service", ClientId = "as-upload-websvc", ClientSecrets = new List <Secret>() { new Secret("secret".Sha256()) }, Flow = Flows.AuthorizationCode, //AllowedScopes = new List<string> //{ // Constants.StandardScopes.OpenId, // Constants.StandardScopes.Profile, // Constants.StandardScopes.Email, // Constants.StandardScopes.Roles, // Constants.StandardScopes.OfflineAccess, //}, RedirectUris = new List <string> { "https://localhost:44367/signin-oidc", //"https://localhost:44300/cb", }, PostLogoutRedirectUris = new List <string> { "https://localhost:44300/home/contact" }, AllowAccessToAllScopes = true //AccessTokenType = AccessTokenType.Reference, }, new Client { ClientName = "AppSyndication Console Access", ClientId = "consoleapp", Enabled = true, Flow = Flows.ResourceOwner, ClientSecrets = new List <Secret> { new Secret("secret".Sha256()) }, AllowedScopes = new List <string> //Scopes.Get().Select(s => s.Name).ToList(), { Constants.StandardScopes.OpenId, Constants.StandardScopes.Profile, Constants.StandardScopes.Email, Constants.StandardScopes.Roles, Constants.StandardScopes.OfflineAccess, "upload", }, }, new Client { ClientName = "AppSyndication Direct Client Access To Upload Service", ClientId = "as-upload-svc", Enabled = true, AccessTokenType = AccessTokenType.Reference, Flow = Flows.ClientCredentials, ClientSecrets = new List <Secret> { new Secret("B8134623-48DD-E56D-ECD4-AB1F61162CE6".Sha256()) }, AllowedScopes = new List <string> { "upload" } } }; return(clients); }