public static void UseIdentityAdmin(this IAppBuilder app, IdentityAdminOptions options)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (options == null)
{
throw new ArgumentNullException("config");
}
app.SetLoggerFactory(new LibLogLoggerFactory());
Logger.Info("Starting IdentityAdmin configuration");
options.Validate();
app.Use(async(ctx, next) =>
{
if (!ctx.Request.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase) &&
options.AdminSecurityConfiguration.RequireSsl)
{
ctx.Response.Write("HTTPS required");
}
else
{
await next();
}
});
var container = AutofacConfig.Configure(options);
app.Use <AutofacContainerMiddleware>(container);
if (!options.DisableSecurity)
{
options.AdminSecurityConfiguration.Configure(app);
}
if (!options.DisableUserInterface)
{
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityAdminAppBuilderExtensions).Assembly, "IdentityAdmin.Assets")
});
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets/libs/fonts"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityAdminAppBuilderExtensions).Assembly, "IdentityAdmin.Assets.Content.fonts")
});
app.UseStageMarker(PipelineStage.MapHandler);
}
SignatureConversions.AddConversions(app);
app.UseWebApi(WebApiConfig.Configure(options));
app.UseStageMarker(PipelineStage.MapHandler);
// clears out the OWIN logger factory so we don't recieve other hosting related logs
app.Properties["server.LoggerFactory"] = null;
}
public static void UseIdentityManager(this IAppBuilder app, IdentityManagerOptions options)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (options == null)
{
throw new ArgumentNullException("config");
}
options.Validate();
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>();
var container = AutofacConfig.Configure(options);
app.Use <AutofacContainerMiddleware>(container);
if (options.SecurityMode == SecurityMode.LocalMachine)
{
var local = new LocalAuthenticationOptions(options.AdminRoleName);
app.Use <LocalAuthenticationMiddleware>(local);
}
else if (options.SecurityMode == SecurityMode.OAuth2)
{
var jwtParams = new System.IdentityModel.Tokens.TokenValidationParameters
{
NameClaimType = options.OAuth2Configuration.NameClaimType,
RoleClaimType = options.OAuth2Configuration.RoleClaimType,
ValidAudience = options.OAuth2Configuration.Audience,
ValidIssuer = options.OAuth2Configuration.Issuer,
};
if (options.OAuth2Configuration.SigningCert != null)
{
jwtParams.IssuerSigningToken = new X509SecurityToken(options.OAuth2Configuration.SigningCert);
}
else
{
var bytes = Convert.FromBase64String(options.OAuth2Configuration.SigningKey);
jwtParams.IssuerSigningToken = new BinarySecretSecurityToken(bytes);
}
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions {
TokenValidationParameters = jwtParams
});
app.RequireScopes(new ScopeValidationOptions {
AllowAnonymousAccess = true,
Scopes = new string[] {
options.OAuth2Configuration.Scope
}
});
if (options.OAuth2Configuration.ClaimsTransformation != null)
{
app.Use(async(ctx, next) =>
{
var user = ctx.Authentication.User;
if (user != null)
{
user = options.OAuth2Configuration.ClaimsTransformation(user);
ctx.Authentication.User = user;
}
await next();
});
}
}
if (!options.DisableUserInterface)
{
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "Thinktecture.IdentityManager.Assets")
});
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets/libs/fonts"),
FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "Thinktecture.IdentityManager.Assets.Content.fonts")
});
app.UseStageMarker(PipelineStage.MapHandler);
}
SignatureConversions.AddConversions(app);
app.UseWebApi(WebApiConfig.Configure(options));
app.UseStageMarker(PipelineStage.MapHandler);
}
/// <summary>
/// Extension method to configure IdentityServer in the hosting application.
/// </summary>
/// <param name="app">The application.</param>
/// <param name="options">The <see cref="IdentityServerOptions"/>.</param>
/// <returns></returns>
/// <exception cref="ArgumentNullException">
/// app
/// or
/// options
/// </exception>
public static IAppBuilder UseIdentityServer(this IAppBuilder app, IdentityServerOptions options)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
options.Validate();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
if (options.RequireSsl)
{
app.Use <RequireSslMiddleware>();
}
if (options.LoggingOptions.EnableKatanaLogging)
{
app.SetLoggerFactory(new LibLogKatanaLoggerFactory());
}
app.UseEmbeddedFileServer();
app.ConfigureRequestId();
app.ConfigureDataProtectionProvider(options);
app.ConfigureIdentityServerBaseUrl(options.PublicOrigin);
app.ConfigureIdentityServerIssuer(options);
app.ConfigureRequestBodyBuffer();
// this needs to be earlier than the autofac middleware so anything is disposed and re-initialized
// if we send the request back into the pipeline to render the logged out page
app.ConfigureRenderLoggedOutPage();
var container = AutofacConfig.Configure(options);
app.UseAutofacMiddleware(container);
app.UseCors();
app.ConfigureCookieAuthentication(options.AuthenticationOptions.CookieOptions, options.DataProtector);
// this needs to be before external middleware
app.ConfigureSignOutMessageCookie();
if (options.PluginConfiguration != null)
{
options.PluginConfiguration(app, options);
}
if (options.AuthenticationOptions.IdentityProviders != null)
{
options.AuthenticationOptions.IdentityProviders(app, Constants.ExternalAuthenticationType);
}
app.ConfigureHttpLogging(options.LoggingOptions);
SignatureConversions.AddConversions(app);
var httpConfig = WebApiConfig.Configure(options, container);
app.UseAutofacWebApi(httpConfig);
app.UseWebApi(httpConfig);
using (var child = container.CreateScopeWithEmptyOwinContext())
{
var eventSvc = child.Resolve <IEventService>();
// TODO -- perhaps use AsyncHelper instead?
DoStartupDiagnosticsAsync(options, eventSvc).Wait();
}
return(app);
}
public static IAppBuilder UseIdentityServerCore(this IAppBuilder app, IdentityServerCoreOptions options)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
var internalConfig = new InternalConfiguration();
var settings = options.Factory.CoreSettings();
if (settings.DataProtector == null)
{
internalConfig.DataProtector = new HostDataProtector(app.GetDataProtectionProvider());
}
else
{
internalConfig.DataProtector = settings.DataProtector;
}
// thank you Microsoft for the clean syntax
JwtSecurityTokenHandler.InboundClaimTypeMap = ClaimMappings.None;
JwtSecurityTokenHandler.OutboundClaimTypeMap = ClaimMappings.None;
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = Constants.PrimaryAuthenticationType
});
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = Constants.ExternalAuthenticationType, AuthenticationMode = AuthenticationMode.Passive
});
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = Constants.PartialSignInAuthenticationType, AuthenticationMode = AuthenticationMode.Passive
});
if (options.AdditionalIdentityProviderConfiguration != null)
{
options.AdditionalIdentityProviderConfiguration(app, Constants.ExternalAuthenticationType);
}
if (options.PluginConfiguration != null)
{
options.PluginConfiguration(app, internalConfig.PluginDependencies);
}
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets"),
FileSystem = new EmbeddedResourceFileSystem(typeof(Constants).Assembly, "Thinktecture.IdentityServer.Core.Assets")
});
app.UseStageMarker(PipelineStage.MapHandler);
app.UseFileServer(new FileServerOptions
{
RequestPath = new PathString("/assets/libs/fonts"),
FileSystem = new EmbeddedResourceFileSystem(typeof(Constants).Assembly, "Thinktecture.IdentityServer.Core.Assets.libs.bootstrap.fonts")
});
app.UseStageMarker(PipelineStage.MapHandler);
app.Use <AutofacContainerMiddleware>(AutofacConfig.Configure(options, internalConfig));
Microsoft.Owin.Infrastructure.SignatureConversions.AddConversions(app);
app.UseWebApi(WebApiConfig.Configure(options));
return(app);
}
