protected override void ProcessCore(IdentityProvidersArgs args)
{
Assert.ArgumentNotNull(args, nameof(args));
IdentityProvider = this.GetIdentityProvider();
var provider = new Auth0AuthenticationProvider
{
OnAuthenticated = (context) =>
{
context.Identity.ApplyClaimsTransformations(new Owin.Authentication.Services.TransformationContext(this.FederatedAuthenticationConfiguration, IdentityProvider));
return(Task.CompletedTask);
},
OnReturnEndpoint = (context) =>
{
return(Task.CompletedTask);
}
};
var auth0options = new Auth0AuthenticationOptions
{
ClientId = Configuration.Settings.GetSetting("FedAuth.Auth0.ClientId"),
ClientSecret = Configuration.Settings.GetSetting("FedAuth.Auth0.ClientSecret"),
Provider = provider,
Domain = Configuration.Settings.GetSetting("FedAuth.Auth0.Domain"),
AuthenticationType = IdentityProvider.Name,
CallbackPath = new PathString("/signin-auth0"),
};
args.App.UseAuth0Authentication(auth0options);
}
public void Configuration(IAppBuilder app)
{
// Configure Auth0 parameters
string auth0Domain = ConfigurationManager.AppSettings["auth0:Domain"];
string auth0ClientId = ConfigurationManager.AppSettings["auth0:ClientId"];
string auth0ClientSecret = ConfigurationManager.AppSettings["auth0:ClientSecret"];
// Set Cookies as default authentication type
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
LoginPath = new PathString("/Account/Login")
});
// Configure Auth0 authentication
var provider = new Auth0AuthenticationProvider()
{
//// When logging out
//OnApplyLogout = context =>
//{
// if (System.Configuration.ConfigurationManager.AppSettings["ForceHttps"] == "true" &&
// context.LogoutUri.Contains("&returnTo=http%3A%2F%2F"))
// {
// context.LogoutUri = context.LogoutUri.Replace("&returnTo=http%3A%2F%2F",
// "&returnTo=https%3A%2F%2F");
// }
// context.Response.Redirect(context.LogoutUri);
//},
//// When redirecting to /authorize
//OnApplyRedirect = context =>
//{
// if (System.Configuration.ConfigurationManager.AppSettings["ForceHttps"] == "true" &&
// context.RedirectUri.Contains("&redirect_uri=http%3A%2F%2F"))
// {
// context.RedirectUri = context.RedirectUri.Replace("&redirect_uri=http%3A%2F%2F",
// "&redirect_uri=https%3A%2F%2F");
// }
// context.Response.Redirect(context.RedirectUri);
//},
//// When doing the code exchange
//OnCustomizeTokenExchangeRedirectUri = (context) =>
//{
// var redirectUri = context.RedirectUri;
// if (System.Configuration.ConfigurationManager.AppSettings["ForceHttps"] == "true"
// && redirectUri.StartsWith("http://"))
// {
// context.RedirectUri = redirectUri.Replace("http://", "https://");
// }
//}
};
var options = new Auth0AuthenticationOptions()
{
Domain = auth0Domain,
ClientId = auth0ClientId,
ClientSecret = auth0ClientSecret,
ErrorRedirectPath = new PathString("/Account/LoginError"),
Provider = provider
};
app.UseAuth0Authentication(options);
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
// LoginPath property informs the middleware that it should change an outgoing 401 Unauthorized status code into a 302 redirection onto the given login path
// More info: http://msdn.microsoft.com/en-us/library/microsoft.owin.security.cookies.cookieauthenticationoptions.loginpath(v=vs.111).aspx
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Use Auth0
var provider = new Auth0AuthenticationProvider
{
OnReturnEndpoint = context =>
{
// xsrf validation
if (context.Request.Query["state"] != null && context.Request.Query["state"].Contains("xsrf="))
{
NameValueCollection state = HttpUtility.ParseQueryString(context.Request.Query["state"]);
if (state["xsrf"] != "your_xsrf_random_string")
{
throw new HttpException(400, "invalid xsrf");
}
}
return(Task.FromResult(0));
},
OnAuthenticated = context =>
{
if (context.User["activation_pending"] != null)
{
var pending = context.User.Value <bool>("activation_pending");
if (!pending)
{
context.Identity.AddClaim(new Claim(ClaimTypes.Role, "Member"));
}
}
// context.User is a JObject with the original user object from Auth0
if (context.User["admin"] != null)
{
context.Identity.AddClaim(new Claim("admin", context.User.Value <string>("admin")));
}
context.Identity.AddClaim(
new Claim(
"friendly_name",
string.Format("{0}, {1}", context.User["family_name"], context.User["given_name"])));
// NOTE: uncomment this if you send an array of roles (i.e.: ['sales','marketing','hr'])
//context.User["roles"].ToList().ForEach(r =>
//{
// context.Identity.AddClaim(new Claim(ClaimTypes.Role, r.ToString()));
//});
return(Task.FromResult(0));
}
};
app.UseAuth0Authentication(ConfigurationManager.AppSettings["auth0:ClientId"], ConfigurationManager.AppSettings["auth0:ClientSecret"], ConfigurationManager.AppSettings["auth0:Domain"],
//redirectPath: "/Account/ExternalLoginCallback", // use AccountController instead of Auth0AccountController
provider: provider);
}
