private static X509Certificate2 LoadCertificate(SsoServiceEnvironmentConfiguration environment)
{
if (environment.Environment == "Dev")
{
return(new X509Certificate2($@"{AppDomain.CurrentDomain.BaseDirectory}\bin\as-id-dev.pfx-dev", "P@ssw0rd1"));
}
using (var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))
{
certStore.Open(OpenFlags.ReadOnly);
var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, environment.CertificateThumprint, false);
if (certCollection.Count == 0)
{
Trace.TraceError("Failed to load certificate with thumbprint: {0}", environment.CertificateThumprint);
return(null);
}
return(certCollection[0]);
}
}
private static IdentityServerServiceFactory ConfigureFactory(SsoServiceEnvironmentConfiguration environment)
{
var connectionString = environment.TableStorageConnectionString;
var factory = new IdentityServerServiceFactory();
var viewOptions = new DefaultViewServiceOptions();
#if DEBUG
viewOptions.CacheViews = false;
#endif
viewOptions.Stylesheets.Add("https://maxcdn.bootstrapcdn.com/bootswatch/3.3.6/united/bootstrap.min.css");
viewOptions.Stylesheets.Add("https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css");
viewOptions.Stylesheets.Add("https://appsyndication.azureedge.net/css/site.css");
#if DEBUG
viewOptions.Stylesheets.Add("/sso/css/site.css");
#endif
viewOptions.Scripts.Add("https://code.jquery.com/jquery-1.12.3.min.js");
viewOptions.Scripts.Add("https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js");
viewOptions.Scripts.Add("https://appsyndication.azureedge.net/js/site.js");
factory.ConfigureDefaultViewService(viewOptions);
var scopes = Scopes.Get();
var scopeStore = new InMemoryScopeStore(scopes);
factory.ScopeStore = new Registration <IScopeStore>(scopeStore);
var clients = Clients.Get(environment);
var clientStore = new InMemoryClientStore(clients);
factory.ClientStore = new Registration <IClientStore>(clientStore);
factory.UserService = new Registration <IUserService, UserService>();
factory.Register(new Registration <AtsUserService>());
factory.Register(new Registration <AtsUserRepository>());
factory.Register(new Registration <AtsUserServiceConfig>(r => new AtsUserServiceConfig(connectionString, "appsyndication")));
return(factory);
}
public void Configuration(IAppBuilder app)
{
Trace.TraceInformation("Starting up.");
#if DEBUG
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.WriteTo.Trace()
.CreateLogger();
#endif
var environment = new SsoServiceEnvironmentConfiguration();
var options = new IdentityServerOptions
{
SiteName = "AppSyndication Single Sign-On Service",
SigningCertificate = LoadCertificate(environment),
CspOptions = new CspOptions()
{
FontSrc = "'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com",
ScriptSrc = "https://appsyndication.azureedge.net https://code.jquery.com https://maxcdn.bootstrapcdn.com",
StyleSrc = "https://appsyndication.azureedge.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com",
},
Factory = ConfigureFactory(environment),
AuthenticationOptions =
{
EnableSignOutPrompt = false,
//EnablePostSignOutAutoRedirect = true,
//PostSignOutAutoRedirectDelay = 0,
},
PublicOrigin = environment.PublicOrigin,
EnableWelcomePage = false,
#if DEBUG
LoggingOptions =
{
EnableHttpLogging = true,
EnableKatanaLogging = true,
EnableWebApiDiagnostics = true,
WebApiDiagnosticsIsVerbose = true,
},
#endif
RequireSsl = false,
};
app.Map("/sso", ssoApp =>
{
ssoApp.UseIdentityServer(options);
});
app.Run(async context =>
{
if (context.Request.Path.Value == "/")
{
await context.Response.WriteAsync(
@"<!DOCTYPE html><html><head><meta charset=""utf-8""><meta http-equiv=""X-UA-Compatible"" content=""IE=edge"" /><meta name=""viewport"" content=""width=device-width, initial-scale=1.0"" />" +
@"<title>AppSyndication Single Sign-on Service</title>" +
@"</head>" +
@"<body lang=""en""><h1>AppSyndication Single Sign-on Service</h1><a href=""/sso/"">Go here</a></body>" +
@"</html>");
}
else
{
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
});
Trace.TraceInformation("Started.");
}
public static List <Client> Get(SsoServiceEnvironmentConfiguration environment)
{
var clients = new List <Client>
{
new Client
{
Enabled = true,
ClientName = "AppSyndication Account Service",
ClientId = "as-ac",
ClientSecrets = new List <Secret>()
{
new Secret(environment.AccountServiceSecret.Sha256())
},
Flow = Flows.AuthorizationCode,
RedirectUris = new List <string>
{
"https://www.appsyndication.com/account/signin-oidc",
"http://www.appsyndication.com/account/signin-oidc",
"https://as-ac.azurewebsites.net/account/signin-oidc",
"https://localhost:4101/account/signin-oidc",
"http://localhost:4001/account/signin-oidc",
},
//PostLogoutRedirectUris = new List<string>
//{
// "https://localhost:44319/logout"
//},
AllowAccessToAllScopes = true,
RequireConsent = false,
},
new Client
{
Enabled = true,
ClientName = "Asp.NET Core Test Client",
ClientId = "coretest",
ClientSecrets = new List <Secret>()
{
new Secret("secret".Sha256())
},
Flow = Flows.AuthorizationCode,
RedirectUris = new List <string>
{
"https://localhost:44319/signin-oidc",
},
//PostLogoutRedirectUris = new List<string>
//{
// "https://localhost:44319/logout"
//},
AllowAccessToAllScopes = true
},
new Client
{
Enabled = true,
ClientName = "AppSyndication Upload Web Service",
ClientId = "as-upload-websvc",
ClientSecrets = new List <Secret>()
{
new Secret("secret".Sha256())
},
Flow = Flows.AuthorizationCode,
//AllowedScopes = new List<string>
//{
// Constants.StandardScopes.OpenId,
// Constants.StandardScopes.Profile,
// Constants.StandardScopes.Email,
// Constants.StandardScopes.Roles,
// Constants.StandardScopes.OfflineAccess,
//},
RedirectUris = new List <string>
{
"https://localhost:44367/signin-oidc",
//"https://localhost:44300/cb",
},
PostLogoutRedirectUris = new List <string>
{
"https://localhost:44300/home/contact"
},
AllowAccessToAllScopes = true
//AccessTokenType = AccessTokenType.Reference,
},
new Client
{
ClientName = "AppSyndication Console Access",
ClientId = "consoleapp",
Enabled = true,
Flow = Flows.ResourceOwner,
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha256())
},
AllowedScopes = new List <string> //Scopes.Get().Select(s => s.Name).ToList(),
{
Constants.StandardScopes.OpenId,
Constants.StandardScopes.Profile,
Constants.StandardScopes.Email,
Constants.StandardScopes.Roles,
Constants.StandardScopes.OfflineAccess,
"upload",
},
},
new Client
{
ClientName = "AppSyndication Direct Client Access To Upload Service",
ClientId = "as-upload-svc",
Enabled = true,
AccessTokenType = AccessTokenType.Reference,
Flow = Flows.ClientCredentials,
ClientSecrets = new List <Secret>
{
new Secret("B8134623-48DD-E56D-ECD4-AB1F61162CE6".Sha256())
},
AllowedScopes = new List <string>
{
"upload"
}
}
};
return(clients);
}
