public static AuthenticationConfiguration CreateClientAuthConfig(IConfigurationRepository configuration)
{
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = false,
RequireSsl = !configuration.Global.DisableSSL,
};
// accept arbitrary credentials on basic auth header,
// validation will be done in the protocol endpoint
authConfig.AddBasicAuthentication((id, secret) => true, retainPassword: true);
return(authConfig);
}
public static AuthenticationConfiguration CreateClientAuthConfig()
{
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = false,
DefaultAuthenticationScheme = "Basic",
};
// accept arbitrary credentials on basic auth header,
// validation will be done in the protocol endpoint
authConfig.AddBasicAuthentication((id, secret) => true, retainPassword: true);
return(authConfig);
}
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AuthenticationConfiguration authenticationConfiguration = new AuthenticationConfiguration();
authenticationConfiguration.AddBasicAuthentication((username, password) => username == "admin" && password == "1234");
authenticationConfiguration.RequireSsl = false; // don't try this at home kids!
GlobalConfiguration.Configure(config => config.MessageHandlers.Add(new AuthenticationHandler(authenticationConfiguration)));
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
var authentication = new AuthenticationConfiguration
{
ClaimsAuthenticationManager = new ClaimsTransformer(),
RequireSsl = false,
EnableSessionToken = true
};
#region Basic Authentication
authentication.AddBasicAuthentication(UserCredentials.Validate);
#endregion
#region IdentityServer JWT
//authentication.AddJsonWebToken(
// issuer: Constants.IdSrv.IssuerUri,
// audience: Constants.Audience,
// signingKey: Constants.IdSrv.SigningKey);
authentication.AddMsftJsonWebToken(
issuer: Constants.IdSrv.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.IdSrv.SigningKey);
#endregion
#region Access Control Service JWT
authentication.AddJsonWebToken(
issuer: Constants.ACS.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.ACS.SigningKey,
scheme: Constants.ACS.Scheme);
#endregion
#region IdentityServer SAML
authentication.AddSaml2(
issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
issuerName: Constants.IdSrv.IssuerUri,
audienceUri: Constants.Realm,
certificateValidator: X509CertificateValidator.None,
options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme),
scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme));
#endregion
#region Client Certificates
authentication.AddClientCertificate(ClientCertificateMode.ChainValidation);
#endregion
return(authentication);
}
private static void ConfigureBasicAuth(HttpConfiguration config)
{
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = true, // Inherit authentication from Forms
EnableSessionToken = true, // Enable Session Tokens
RequireSsl = false, // Remember to change in Production
SendWwwAuthenticateResponseHeaders = false // Prevent browser window to show
};
// setup authentication against membership
authConfig.AddBasicAuthentication((userName, password) =>
WebSecurity.Login(userName, password, false));
config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
}
public static AuthenticationConfiguration Create(AuthenticationService authService)
{
var authentication = new AuthenticationConfiguration
{
ClaimsAuthenticationManager = new RestClaimsAuthenticationManager(authService),
RequireSsl = false,
EnableSessionToken = true
};
#region Basic Authentication
authentication.AddBasicAuthentication((username, password) => ValidateUser(username, password, authService));
#endregion
return(authentication);
}
private static void ConfigureAuth(HttpConfiguration config)
{
var authConfig = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
EnableSessionToken = true,
SendWwwAuthenticateResponseHeader = true,
RequireSsl = false
};
authConfig.AddBasicAuthentication((username, password) =>
{
return(username == "admin" && password == "password");
});
config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
}
public static void Register(HttpConfiguration config)
{
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = true,
ClaimsAuthenticationManager = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager
};
// setup authentication against membership
authConfig.AddBasicAuthentication((userName, password) => Membership.ValidateUser(userName, password));
config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
}
public void Configuration(IAppBuilder appBuilder)
{
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
var authenticationConfiguration = new AuthenticationConfiguration
{
RequireSsl = false
};
authenticationConfiguration.AddBasicAuthentication((userName, password) =>
{
return(userName == "filip" && password == "abc");
}, AuthenticationOptions.ForHeader("MyAuthorization"));
config.MessageHandlers.Add(new AuthenticationHandler(authenticationConfiguration));
appBuilder.UseWebApi(config);
}
private void RegisterAuth(HttpConfiguration config)
{
// NOTE: You need to get into the ASP.NET Web API pipeline
// in order to retrieve the session token.
// e.g: GET /token should get you the token but instead you get 404.
// but GET /api/token works as you are inside the ASP.NET Web API pipeline now.
var auth = new AuthenticationConfiguration {
RequireSsl = false,
// ClaimsAuthenticationManager = new ClaimsTransformer(),
DefaultAuthenticationScheme = "Basic",
EnableSessionToken = true // default lifetime is 10 hours
};
auth.AddBasicAuthentication(IsValid);
var authHandler = new AuthenticationHandler(auth);
config.MessageHandlers.Add(authHandler);
}
public static AuthenticationConfiguration Create(Oauth2AuthenticationSettings oauth2AuthenticationSettings, ILogger logger)
{
_logger = logger;
_oauth2AuthenticationSettings = oauth2AuthenticationSettings;
var authentication = new AuthenticationConfiguration
{
ClaimsAuthenticationManager = new ProvisioningClaimsAuthenticationManager(GetClaimsForUser),
RequireSsl = !AuthenticationConstants.AllowInsecureHttp,
EnableSessionToken = true
};
#region Basic Authentication
authentication.AddBasicAuthentication(AuthenticateUser);
#endregion
return(authentication);
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration(IConfigurationRepository configurationRepository)
{
const string audience = "api/";
var issuerUri = configurationRepository.Global.IssuerUri;
if (configurationRepository.Keys.SigningCertificate == null)
{
//Note: when set up Identity server 1st time, it goes here. After the initial configuration, please re-start IIS to make sure the following code executed.
return(null);
}
var signingKey = configurationRepository.Keys.SigningCertificate.Thumbprint;
var authenticationConfiguration = new AuthenticationConfiguration
{
ClaimsAuthenticationManager = new ClaimsTransformer(),
RequireSsl = false,
EnableSessionToken = true,
SessionToken = new SessionTokenConfiguration
{
DefaultTokenLifetime = TimeSpan.FromHours(10.0),
EndpointAddress = "/issue/simple",
HeaderName = "Authorization",
Scheme = "Session",
Audience = audience,
IssuerName = issuerUri,
SigningKey = Encoding.UTF8.GetBytes(signingKey),
}
};
// IdentityServer JWT
authenticationConfiguration.AddJsonWebToken(issuerUri, audience, signingKey);
authenticationConfiguration.AddBasicAuthentication(Membership.ValidateUser);
//Client Certificates
authenticationConfiguration.AddClientCertificate(ClientCertificateMode.ChainValidation);
return(authenticationConfiguration);
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
};
#region Basic Authentication
config.AddBasicAuthentication((userName, password) => userName == password);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
"http://identity.thinktecture.com/trust",
Constants.Realm,
Constants.IdSrvSymmetricSigningKey,
AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
"http://selfissued.test",
Constants.Realm,
Constants.IdSrvSymmetricSigningKey,
AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
"https://" + Constants.ACS + "/",
Constants.Realm,
Constants.AcsSymmetricSigningKey,
AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
var handler = new SimpleSecurityTokenHandler("my access key", token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return(new ClaimsIdentity(new Claim[]
{
new Claim("customerid", "123")
}, "Custom"));
}
return(null);
});
config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key"));
#endregion
return(config);
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
EnableSessionToken = true
};
#region BasicAuthentication
config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
issuer: Constants.IdSrvIssuerName,
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
issuer: "http://selfissued.test",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region JsonWebToken Windows Store Client
config.AddJsonWebToken(
issuer: "http://identityserver.v2.thinktecture.com/trust/changethis",
audience: "https://test/rp/",
signingKey: "3ihK5qGVhp8ptIk9+TDucXQW4Aaengg3d5m6gU8nzc8=",
options: AuthenticationOptions.ForAuthorizationHeader("Win8"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ADFS SAML
var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS");
var adfsConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
adfsConfig.IssuerNameRegistry = adfsRegistry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
issuer: "https://" + Constants.ACS + "/",
audience: Constants.Realm,
signingKey: Constants.AcsSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
config.AddAccessKey(token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return(Principal.Create("Custom",
new Claim("customerid", "123"),
new Claim("email", "*****@*****.**")));
}
return(null);
}, AuthenticationOptions.ForQueryString("key"));
#endregion
#region Client Certificate
config.AddClientCertificate(
ClientCertificateMode.ChainValidationWithIssuerSubjectName,
"CN=PortableCA");
#endregion
return(config);
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
EnableSessionToken = true
};
#region BasicAuthentication
config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
issuer: "http://identity.thinktecture.com/trust",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
issuer: "http://selfissued.test",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ADFS SAML
var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
adfsRegistry.AddTrustedIssuer("8EC7F962CC083FF7C5997D8A4D5ED64B12E4C174", "ADFS");
adfsRegistry.AddTrustedIssuer("b6 93 46 34 7f 70 a9 c3 72 02 18 ae f1 82 2a 5c 97 b1 8c a5", "PETS ADFS");
var adfsConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
adfsConfig.IssuerNameRegistry = adfsRegistry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
issuer: "https://" + Constants.ACS + "/",
audience: Constants.Realm,
signingKey: Constants.AcsSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
config.AddAccessKey(token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return(Principal.Create("Custom",
new Claim("customerid", "123"),
new Claim("email", "*****@*****.**")));
}
return(null);
}, AuthenticationOptions.ForQueryString("key"));
#endregion
#region Client Certificate
config.AddClientCertificate(
ClientCertificateMode.ChainValidationWithIssuerSubjectName,
"CN=PortableCA");
#endregion
return(config);
}
