protected virtual void UseJwtBearerAuthentication(IAppBuilder owinApp) { string issuerName = AppEnvironment.GetSsoIssuerName(); JwtBearerAuthenticationOptions jwtBearerAuthenticationOptions = new JwtBearerAuthenticationOptions { AllowedAudiences = new[] { $"{issuerName}/resources" }, IssuerSecurityKeyProviders = new[] { new X509CertificateSecurityKeyProvider(issuerName, AppCertificatesProvider.GetSingleSignOnCertificate()) } }; if (PlatformUtilities.IsRunningOnMono) { jwtBearerAuthenticationOptions.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = false, ValidIssuer = issuerName, ValidAudience = $"{issuerName}/resources", IssuerSigningKey = new X509SecurityKey(AppCertificatesProvider.GetSingleSignOnCertificate()), SignatureValidator = (token, parameters) => { JwtSecurityToken jwt = new JwtSecurityToken(token); return(jwt); } }; } owinApp.UseJwtBearerAuthentication(jwtBearerAuthenticationOptions); }
protected virtual void UseJwtBearerAuthentication(IAppBuilder owinApp) { string issuerName = AppEnvironment.GetSsoIssuerName(); RsaSecurityKey issuerSigningKey = new RsaSecurityKey(AppCertificatesProvider.GetSingleSignOnClientRsaKey()); JwtBearerAuthenticationOptions jwtBearerAuthenticationOptions = new JwtBearerAuthenticationOptions { AllowedAudiences = new[] { $"{issuerName}/resources" }, TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, ValidateTokenReplay = true, ValidateLifetime = true, ValidateActor = true, ValidateAudience = true, ValidateIssuer = true, ValidIssuer = issuerName, ValidAudience = $"{issuerName}/resources", IssuerSigningKey = issuerSigningKey } }; owinApp.UseJwtBearerAuthentication(jwtBearerAuthenticationOptions); }
protected virtual void UseJwtBearerAuthentication(IAppBuilder owinApp) { string issuerName = AppEnvironment.GetSsoIssuerName(); owinApp.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions { AllowedAudiences = new string[] { $"{issuerName}/resources" }, IssuerSecurityKeyProviders = new[] { new X509CertificateSecurityKeyProvider(issuerName, AppCertificatesProvider.GetSingleSignOnCertificate()) } }); }
public virtual void Configure(IAppBuilder owinApp) { if (owinApp == null) { throw new ArgumentNullException(nameof(owinApp)); } owinApp.Map("/core", coreApp => { LogProvider.SetCurrentLogProvider(DependencyManager.Resolve <ILogProvider>()); IdentityServerServiceFactory factory = new IdentityServerServiceFactory() .UseInMemoryClients(DependencyManager.Resolve <IOAuthClientsProvider>().GetClients().ToArray()) .UseInMemoryScopes(ScopesProvider.GetScopes()); IUserService ResolveUserService(IdentityServer3.Core.Services.IDependencyResolver resolver) { OwinEnvironmentService owinEnv = resolver.Resolve <OwinEnvironmentService>(); IOwinContext owinContext = new OwinContext(owinEnv.Environment); IUserService userService = owinContext.GetDependencyResolver().Resolve <IUserService>(); if (userService is UserService bitUserService) { bitUserService.CurrentCancellationToken = owinContext.Request.CallCancelled; } return(userService); } factory.UserService = new Registration <IUserService>(ResolveUserService); factory.EventService = new Registration <IEventService>(EventService); IViewService ResolveViewService(IdentityServer3.Core.Services.IDependencyResolver resolver) { OwinEnvironmentService owinEnv = resolver.Resolve <OwinEnvironmentService>(); IOwinContext owinContext = new OwinContext(owinEnv.Environment); return(owinContext.GetDependencyResolver().Resolve <IViewService>()); } factory.ViewService = new Registration <IViewService>(ResolveViewService); factory.RedirectUriValidator = new Registration <IRedirectUriValidator>(RedirectUriValidator); bool requireSslConfigValue = AppEnvironment.GetConfig("RequireSsl", defaultValueOnNotFound: false); string identityServerSiteName = AppEnvironment.GetConfig("IdentityServerSiteName", $"{AppEnvironment.AppInfo.Name} Identity Server"); IdentityServerOptions identityServerOptions = new IdentityServerOptions { SiteName = identityServerSiteName, SigningCertificate = AppCertificatesProvider.GetSingleSignOnCertificate(), Factory = factory, RequireSsl = requireSslConfigValue, EnableWelcomePage = AppEnvironment.DebugMode == true, IssuerUri = AppEnvironment.GetSsoIssuerName(), CspOptions = new CspOptions { // Content security policy Enabled = false }, Endpoints = new EndpointOptions { EnableAccessTokenValidationEndpoint = true, EnableAuthorizeEndpoint = true, EnableCheckSessionEndpoint = true, EnableClientPermissionsEndpoint = true, EnableCspReportEndpoint = true, EnableDiscoveryEndpoint = true, EnableEndSessionEndpoint = true, EnableIdentityTokenValidationEndpoint = true, EnableIntrospectionEndpoint = true, EnableTokenEndpoint = true, EnableTokenRevocationEndpoint = true, EnableUserInfoEndpoint = true }, EventsOptions = new EventsOptions { RaiseErrorEvents = true, RaiseFailureEvents = true }, AuthenticationOptions = new AuthenticationOptions { IdentityProviders = ConfigureIdentityProviders } }; foreach (IIdentityServerOptionsCustomizer customizer in Customizers) { customizer.Customize(identityServerOptions); } coreApp.UseIdentityServer(identityServerOptions); }); }