public void ConfigureAuth(IAppBuilder app)
{
var clientId = Settings.ProvisionerClient;
var password = Settings.ProvisionerPassword;
var authority = string.Format(Settings.LoginUri, "common");
var azureResourceManagerIdentifier = Settings.ApiEndpointUri;
// Set authentication types
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
if (!context.Request.Path.ToString().Contains("Account"))
{
var redirectToSignUp = context.Request.Path.ToString().Contains("SignUp");
context.HandleResponse();
context.Response.Redirect(string.Format("Login?redirectToSignUp={0}", redirectToSignUp));
}
else
{
object obj;
if (context.OwinContext.Environment.TryGetValue("Authority", out obj))
{
var auth = obj as string;
if (auth != null)
{
context.ProtocolMessage.IssuerAddress = auth;
}
}
if (context.OwinContext.Environment.TryGetValue("DomainHint", out obj))
{
var domainHint = obj as string;
if (domainHint != null)
{
context.ProtocolMessage.SetParameter("domain_hint", domainHint);
}
}
context.ProtocolMessage.RedirectUri = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path);
context.ProtocolMessage.PostLogoutRedirectUri = new UrlHelper(HttpContext.Current.Request.RequestContext).Action("Index", "Home", null, HttpContext.Current.Request.Url.Scheme);
context.ProtocolMessage.Resource = azureResourceManagerIdentifier;
}
return(Task.FromResult(0));
},
AuthorizationCodeReceived = (context) =>
{
var credential = new ClientCredential(clientId, password);
var tenantId = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
var signedInUserUniqueName = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('#').Last();
var tokenCache = new AdalTokenCache(signedInUserUniqueName);
tokenCache.Clear();
var authContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId), tokenCache);
var result = authContext.AcquireTokenByAuthorizationCode(context.Code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential);
return(Task.FromResult(0));
},
SecurityTokenValidated = (context) =>
{
var issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value;
if (!issuer.StartsWith("https://sts.windows.net/"))
{
throw new System.IdentityModel.Tokens.SecurityTokenValidationException();
}
return(Task.FromResult(0));
}
}
});
}
public static void ConfigureAuth(IAppBuilder app)
{
string commonAuthority = string.Format(Config.Authority, "common");
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
ExpireTimeSpan = new TimeSpan(3, 0, 0),
SlidingExpiration = true
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
//ProtocolValidator = new Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidator() { RequireNonce = false },
ClientId = Config.ClientId,
Authority = commonAuthority,
UseTokenLifetime = false,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
if (IsApiRequest(context.Request))
{
context.HandleResponse();
context.OwinContext.Response.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized;
}
else
{
// This ensures that the address used for sign in and sign out is picked up dynamically from the request
// this allows you to deploy your app (to Azure Web Sites, for example) without having to change settings
// Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
object obj = null;
if (context.OwinContext.Environment.TryGetValue("Authority", out obj))
{
string authority = obj as string;
if (authority != null)
{
context.ProtocolMessage.IssuerAddress = authority;
}
}
if (context.OwinContext.Environment.TryGetValue("DomainHint", out obj))
{
string domainHint = obj as string;
if (domainHint != null)
{
context.ProtocolMessage.SetParameter("domain_hint", domainHint);
}
}
if (context.OwinContext.Environment.TryGetValue("owin.RequestQueryString", out obj))
{
var queryString = obj as string;
if (queryString.StartsWith("domain="))
{
var domain = queryString.Substring(7).Replace(".onmicrosoft.com", null);
context.ProtocolMessage.PostLogoutRedirectUri = $"{appBaseUrl}/{domain}";
}
else
{
context.ProtocolMessage.PostLogoutRedirectUri = new UrlHelper(HttpContext.Current.Request.RequestContext).Action(
"Index", "Home", null, HttpContext.Current.Request.Url.Scheme
);
}
}
else
{
context.ProtocolMessage.PostLogoutRedirectUri = new UrlHelper(HttpContext.Current.Request.RequestContext).Action(
"Index", "Home", null, HttpContext.Current.Request.Url.Scheme
);
}
context.ProtocolMessage.RedirectUri = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path);
context.ProtocolMessage.Resource = Config.AzureResourceManagerIdentifier;
}
return(Task.FromResult(0));
},
AuthorizationCodeReceived = (context) =>
{
ClientCredential credential = new ClientCredential(Config.ClientId, Config.Password);
string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string signedInUserUniqueName = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('#')[context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('#').Length - 1];
var tokenCache = new AdalTokenCache(signedInUserUniqueName);
tokenCache.Clear();
AuthenticationContext authContext = new AuthenticationContext(string.Format(Config.Authority, tenantID), tokenCache);
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
context.Code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, Config.GraphAPIIdentifier);
return(Task.FromResult(0));
},
SecurityTokenValidated = (context) =>
{
// we use this notification for injecting our custom logic
// retriever caller data from the incoming principal
string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value;
if (!issuer.StartsWith("https://sts.windows.net/"))
{
// the caller is not from a trusted issuer - throw to block the authentication flow
throw new System.IdentityModel.Tokens.SecurityTokenValidationException();
}
return(Task.FromResult(0));
}
//AuthenticationFailed = (context) =>
//{
// context.OwinContext.Response.Redirect(new UrlHelper(HttpContext.Current.Request.RequestContext).
// Action("Index", "Home", null, HttpContext.Current.Request.Url.Scheme));
// context.HandleResponse(); // Suppress the exception
// return Task.FromResult(0);
//}
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions {
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = ClientId,
Authority = Authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
// This ensures that the address used for sign in and sign out is picked up dynamically from the request
// this allows you to deploy your app (to Azure Web Sites, for example) without having to change settings
// Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
//string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
object obj = null;
if (context.OwinContext.Environment.TryGetValue("Authority", out obj))
{
string authority = obj as string;
if (authority != null)
{
context.ProtocolMessage.IssuerAddress = authority;
}
}
if (context.OwinContext.Environment.TryGetValue("DomainHint", out obj))
{
string domainHint = obj as string;
if (domainHint != null)
{
context.ProtocolMessage.SetParameter("domain_hint", domainHint);
}
}
context.ProtocolMessage.RedirectUri = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path);
context.ProtocolMessage.PostLogoutRedirectUri = new UrlHelper(HttpContext.Current.Request.RequestContext).Action("Index", "Home", null, HttpContext.Current.Request.Url.Scheme);
context.ProtocolMessage.Resource = GraphApiIdentifier;
return(Task.FromResult(0));
},
AuthorizationCodeReceived = (context) =>
{
ClientCredential credential = new ClientCredential(ClientId, Password);
string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string signedInUserUniqueName = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('#')[context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value.Split('#').Length - 1];
AdalTokenCache cache = new AdalTokenCache(signedInUserUniqueName);
cache.Clear();
AuthenticationContext authContext = new AuthenticationContext(
String.Format("https://login.microsoftonline.com/{0}", tenantID),
new AdalTokenCache(signedInUserUniqueName));
var items = authContext.TokenCache.ReadItems().ToList();
AuthenticationResult result1 = authContext.AcquireTokenByAuthorizationCodeAsync(
context.Code,
new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)),
credential).GetAwaiter().GetResult();
items = authContext.TokenCache.ReadItems().ToList();
AuthenticationResult result2 = authContext.AcquireTokenSilentAsync(
AzureResourceManagerIdentifier,
credential,
new UserIdentifier(signedInUserUniqueName, UserIdentifierType.RequiredDisplayableId)).GetAwaiter().GetResult();
items = authContext.TokenCache.ReadItems().ToList();
return(Task.FromResult(0));
},
// we use this notification for injecting our custom logic
SecurityTokenValidated = (context) =>
{
// retriever caller data from the incoming principal
string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value;
if (!issuer.StartsWith("https://sts.windows.net/"))
{
// the caller is not from a trusted issuer - throw to block the authentication flow
throw new System.IdentityModel.Tokens.SecurityTokenValidationException();
}
return(Task.FromResult(0));
},
AuthenticationFailed = (context) =>
{
context.OwinContext.Response.Redirect(new UrlHelper(HttpContext.Current.Request.RequestContext).
Action("Error", "Home", new { ExceptionDetails = context.Exception.Message }, HttpContext.Current.Request.Url.Scheme));
context.HandleResponse(); // Suppress the exception
return(Task.FromResult(0));
}
}
});
}