public void Configuration(IAppBuilder app) { var options = new UseCookieAuthAgainstTokenServerOptions(EndPointConstants.TokenServer, ClientConstants.MvcClientId, new[] { ClaimTypeKeys.Subject, ClaimTypeKeys.GivenName, ClaimTypeKeys.FamilyName, ClaimTypeKeys.Email, ClaimTypeKeys.Role }) { ResponseType = ResponseType.IdToken | ResponseType.AccessToken, Scopes = new[] { "openid", "profile", "roles", ResourceScopes.SecuredApi }, RedirectUriAfterLogin = EndPointConstants.MvcClient, RedirectUriAfterLogout = EndPointConstants.MvcClient, //OnTransformingValidatedIdentity = async orgIdentity => //{ //}, OnLookupUserInfo = async accesstoken => { var userInfoClient = new UserInfoClient(new Uri(EndPointConstants.TokenServer + "/connect/userinfo"), accesstoken); var userInfo = await userInfoClient.GetAsync(); var claims = new List<Claim>(); userInfo.Claims.ToList().ForEach(ui => claims.Add(new Claim(ui.Item1, ui.Item2))); return claims.ToArray(); } }; app.UseCookieAuthAgainstTokenServer(options); }
public void Configuration(IAppBuilder app) { var options = new UseCookieAuthAgainstTokenServerOptions(EndPointConstants.TokenServer, ClientConstants.MvcClientId, new[] { ClaimTypeKeys.Subject, ClaimTypeKeys.GivenName, ClaimTypeKeys.FamilyName, ClaimTypeKeys.Email, ClaimTypeKeys.Role }) { ResponseType = ResponseType.IdToken | ResponseType.AccessToken, Scopes = new[] { "openid", "profile", "roles", ResourceScopes.SecuredApi }, RedirectUriAfterLogin = EndPointConstants.MvcClient, RedirectUriAfterLogout = EndPointConstants.MvcClient, //OnTransformingValidatedIdentity = async orgIdentity => //{ //}, OnLookupUserInfo = async accesstoken => { var userInfoClient = new UserInfoClient(new Uri(EndPointConstants.TokenServer + "/connect/userinfo"), accesstoken); var userInfo = await userInfoClient.GetAsync(); var claims = new List <Claim>(); userInfo.Claims.ToList().ForEach(ui => claims.Add(new Claim(ui.Item1, ui.Item2))); return(claims.ToArray()); } }; app.UseCookieAuthAgainstTokenServer(options); }
public static IAppBuilder UseCookieAuthAgainstTokenServer(this IAppBuilder app, UseCookieAuthAgainstTokenServerOptions options) { AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypeKeys.Subject; JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>(); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Cookies" }); var openIdConnectAuthenticationOptions = new OpenIdConnectAuthenticationOptions { Authority = options.TokenServerEndpoint, ClientId = options.ClientId, ClientSecret = options.ClientSecret, RedirectUri = options.RedirectUriAfterLogin, PostLogoutRedirectUri = options.RedirectUriAfterLogout, ResponseType = options.ResponseType.AsString(), Scope = string.Join(" ", options.Scopes), SignInAsAuthenticationType = "Cookies", Notifications = new OpenIdConnectAuthenticationNotifications { SecurityTokenValidated = async notification => { var claimsIdentity = notification.AuthenticationTicket.Identity; var transformedIdentity = new ClaimsIdentity( claimsIdentity.AuthenticationType, ClaimTypeKeys.GivenName, ClaimTypeKeys.Role); transformedIdentity.AddClaim(new Claim("id_token", notification.ProtocolMessage.IdToken)); if (notification.ProtocolMessage.AccessToken != null) transformedIdentity.AddClaim(new Claim("token", notification.ProtocolMessage.AccessToken)); var claimsOfInterest = claimsIdentity.Claims.Where(c => options.ClaimTypesOfInterest.Contains(c.Type)); transformedIdentity.AddClaims(claimsOfInterest); notification.AuthenticationTicket = new AuthenticationTicket( transformedIdentity, notification.AuthenticationTicket.Properties); if (options.OnTransformingValidatedIdentity != null) { var additionalClaims = await options.OnTransformingValidatedIdentity(claimsIdentity).ConfigureAwait(false); if(additionalClaims != null && additionalClaims.Any()) transformedIdentity.AddClaims(additionalClaims); } if (options.OnLookupUserInfo != null && notification.ProtocolMessage.AccessToken != null) { var additionalClaims = await options.OnLookupUserInfo(notification.ProtocolMessage.AccessToken).ConfigureAwait(false); if (additionalClaims != null && additionalClaims.Any()) transformedIdentity.AddClaims(additionalClaims); } }, RedirectToIdentityProvider = notification => { if (notification.ProtocolMessage.RequestType != OpenIdConnectRequestType.LogoutRequest) return Task.CompletedTask; var idToken = notification.OwinContext.Authentication.User.FindFirst("id_token"); if (idToken != null) notification.ProtocolMessage.IdTokenHint = idToken.Value; return Task.CompletedTask; } } }; app.UseOpenIdConnectAuthentication(openIdConnectAuthenticationOptions); return app; }
public static IAppBuilder UseCookieAuthAgainstTokenServer(this IAppBuilder app, UseCookieAuthAgainstTokenServerOptions options) { AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypeKeys.Subject; JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>(); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Cookies" }); var openIdConnectAuthenticationOptions = new OpenIdConnectAuthenticationOptions { Authority = options.TokenServerEndpoint, ClientId = options.ClientId, ClientSecret = options.ClientSecret, RedirectUri = options.RedirectUriAfterLogin, PostLogoutRedirectUri = options.RedirectUriAfterLogout, ResponseType = options.ResponseType.AsString(), Scope = string.Join(" ", options.Scopes), SignInAsAuthenticationType = "Cookies", Notifications = new OpenIdConnectAuthenticationNotifications { SecurityTokenValidated = async notification => { var claimsIdentity = notification.AuthenticationTicket.Identity; var transformedIdentity = new ClaimsIdentity( claimsIdentity.AuthenticationType, ClaimTypeKeys.GivenName, ClaimTypeKeys.Role); transformedIdentity.AddClaim(new Claim("id_token", notification.ProtocolMessage.IdToken)); if (notification.ProtocolMessage.AccessToken != null) { transformedIdentity.AddClaim(new Claim("token", notification.ProtocolMessage.AccessToken)); } var claimsOfInterest = claimsIdentity.Claims.Where(c => options.ClaimTypesOfInterest.Contains(c.Type)); transformedIdentity.AddClaims(claimsOfInterest); notification.AuthenticationTicket = new AuthenticationTicket( transformedIdentity, notification.AuthenticationTicket.Properties); if (options.OnTransformingValidatedIdentity != null) { var additionalClaims = await options.OnTransformingValidatedIdentity(claimsIdentity).ConfigureAwait(false); if (additionalClaims != null && additionalClaims.Any()) { transformedIdentity.AddClaims(additionalClaims); } } if (options.OnLookupUserInfo != null && notification.ProtocolMessage.AccessToken != null) { var additionalClaims = await options.OnLookupUserInfo(notification.ProtocolMessage.AccessToken).ConfigureAwait(false); if (additionalClaims != null && additionalClaims.Any()) { transformedIdentity.AddClaims(additionalClaims); } } }, RedirectToIdentityProvider = notification => { if (notification.ProtocolMessage.RequestType != OpenIdConnectRequestType.LogoutRequest) { return(Task.CompletedTask); } var idToken = notification.OwinContext.Authentication.User.FindFirst("id_token"); if (idToken != null) { notification.ProtocolMessage.IdTokenHint = idToken.Value; } return(Task.CompletedTask); } } }; app.UseOpenIdConnectAuthentication(openIdConnectAuthenticationOptions); return(app); }