public static void UseIdentityManager(this IAppBuilder app, IdentityManagerOptions options)
{
if (app == null) throw new ArgumentNullException("app");
if (options == null) throw new ArgumentNullException("config");
app.SetLoggerFactory(new LibLogLoggerFactory());
Logger.Info("Starting IdentityManager configuration");
options.Validate();
app.Use(async (ctx, next) =>
{
if (!ctx.Request.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase) &&
options.SecurityConfiguration.RequireSsl)
{
ctx.Response.Write("HTTPS required");
}
else
{
await next();
}
});
var container = AutofacConfig.Configure(options);
app.Use<AutofacContainerMiddleware>(container);
options.SecurityConfiguration.Configure(app);
if (!options.DisableUserInterface)
{
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets")
});
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets/libs/fonts"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets.Content.fonts")
});
app.UseStageMarker(PipelineStage.MapHandler);
}
SignatureConversions.AddConversions(app);
app.UseWebApi(WebApiConfig.Configure(options));
app.UseStageMarker(PipelineStage.MapHandler);
// clears out the OWIN logger factory so we don't recieve other hosting related logs
app.Properties["server.LoggerFactory"] = null;
}
public static void UseIdentityManager(this IAppBuilder app, IdentityManagerOptions options)
{
if (app == null) throw new ArgumentNullException("app");
if (options == null) throw new ArgumentNullException("config");
options.Validate();
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
var container = AutofacConfig.Configure(options);
app.Use<AutofacContainerMiddleware>(container);
if (options.SecurityMode == SecurityMode.LocalMachine)
{
var local = new LocalAuthenticationOptions(options.AdminRoleName);
app.Use<LocalAuthenticationMiddleware>(local);
}
else if (options.SecurityMode == SecurityMode.OAuth2)
{
var jwtParams = new System.IdentityModel.Tokens.TokenValidationParameters
{
NameClaimType = options.OAuth2Configuration.NameClaimType,
RoleClaimType = options.OAuth2Configuration.RoleClaimType,
ValidAudience = options.OAuth2Configuration.Audience,
ValidIssuer = options.OAuth2Configuration.Issuer,
};
if (options.OAuth2Configuration.SigningCert != null)
{
jwtParams.IssuerSigningToken = new X509SecurityToken(options.OAuth2Configuration.SigningCert);
}
else
{
var bytes = Convert.FromBase64String(options.OAuth2Configuration.SigningKey);
jwtParams.IssuerSigningToken = new BinarySecretSecurityToken(bytes);
}
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions {
TokenValidationParameters = jwtParams
});
app.RequireScopes(new ScopeValidationOptions {
AllowAnonymousAccess = true,
Scopes = new string[] {
options.OAuth2Configuration.Scope
}
});
if (options.OAuth2Configuration.ClaimsTransformation != null)
{
app.Use(async (ctx, next) =>
{
var user = ctx.Authentication.User;
if (user != null)
{
user = options.OAuth2Configuration.ClaimsTransformation(user);
ctx.Authentication.User = user;
}
await next();
});
}
}
if (!options.DisableUserInterface)
{
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets")
});
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets/libs/fonts"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets.Content.fonts")
});
app.UseStageMarker(PipelineStage.MapHandler);
}
SignatureConversions.AddConversions(app);
app.UseWebApi(WebApiConfig.Configure(options));
app.UseStageMarker(PipelineStage.MapHandler);
}
