public static AuthenticationConfiguration CreateAuthenticationConfiguration(ILog log)
{
var authentication = new AuthenticationConfiguration {
ClaimsAuthenticationManager = new ClaimsTransformer(),
RequireSsl = false,
EnableSessionToken = true
};
#region Basic Authentication
authentication.AddBasicAuthentication(UserCredentials.Validate);
log.Info("Configurada autenticación básica.");
#endregion
#region IdentityServer JWT
//authentication.AddJsonWebToken(
// issuer: Constants.IdSrv.IssuerUri,
// audience: Constants.Audience,
// signingKey: Constants.IdSrv.SigningKey);
authentication.AddMsftJsonWebToken(
issuer: Constants.IdSrv.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.IdSrv.SigningKey);
log.Info("Configurado IdentityServer JWT.");
#endregion
#region Access Control Service JWT
authentication.AddJsonWebToken(
issuer: Constants.ACS.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.ACS.SigningKey,
scheme: Constants.ACS.Scheme);
log.Info("Configurado Access Control Service JWT.");
#endregion
#region IdentityServer SAML
authentication.AddSaml2(
issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
issuerName: Constants.IdSrv.IssuerUri,
audienceUri: Constants.Realm,
certificateValidator: X509CertificateValidator.None,
options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme),
scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme));
log.Info("Configurado IdentityServer SAML.");
#endregion
#region Client Certificates
authentication.AddClientCertificate(ClientCertificateMode.ChainValidation);
log.Info("Configurado Client Certificate.");
#endregion
// OLL: Reeemplazo la session key generada automaticamente. Tendría que haber una variable de web.config para indicar si la quiero random o fija
// y obtener la key del config;
authentication.SessionToken.SigningKey = Constants.SessionKey;
log.Info("Configurada Clave.");
return(authentication);
}
public static void AddMsftJsonWebToken(
this AuthenticationConfiguration configuration,
string issuer, string audience,
X509Certificate2 signingCert)
{
configuration.AddMsftJsonWebToken(
issuer,
audience,
signingCert,
AuthenticationOptions.ForAuthorizationHeader(JwtConstants.Bearer),
AuthenticationScheme.SchemeOnly(JwtConstants.Bearer));
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
var authentication = new AuthenticationConfiguration
{
ClaimsAuthenticationManager = new ClaimsTransformer(),
RequireSsl = false,
EnableSessionToken = true
};
#region Basic Authentication
authentication.AddBasicAuthentication(UserCredentials.Validate);
#endregion
#region IdentityServer JWT
//authentication.AddJsonWebToken(
// issuer: Constants.IdSrv.IssuerUri,
// audience: Constants.Audience,
// signingKey: Constants.IdSrv.SigningKey);
authentication.AddMsftJsonWebToken(
issuer: Constants.IdSrv.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.IdSrv.SigningKey);
#endregion
#region Access Control Service JWT
authentication.AddJsonWebToken(
issuer: Constants.ACS.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.ACS.SigningKey,
scheme: Constants.ACS.Scheme);
#endregion
#region IdentityServer SAML
authentication.AddSaml2(
issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
issuerName: Constants.IdSrv.IssuerUri,
audienceUri: Constants.Realm,
certificateValidator: X509CertificateValidator.None,
options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme),
scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme));
#endregion
#region Client Certificates
authentication.AddClientCertificate(ClientCertificateMode.ChainValidation);
#endregion
return(authentication);
}
public static void Register(HttpConfiguration config)
{
var idsvrId = "http://idsrv.local/trust";
var cert = X509.LocalMachine.TrustedPeople.SubjectDistinguishedName.Find("CN=sts", false).Single();
{
var authConfig = new AuthenticationConfiguration();
authConfig.AddMsftJsonWebToken(
idsvrId,
"http://localhost/rp-adfs-webapi1",
cert);
var authHandler = new AuthenticationHandler(authConfig, config);
config.Routes.MapHttpRoute(
name: "test1",
routeTemplate: "api/test1",
defaults: new { controller = "Test1" },
constraints: null,
handler: authHandler
);
}
{
var authConfig = new AuthenticationConfiguration();
authConfig.AddMsftJsonWebToken(
idsvrId,
"http://localhost/rp-adfs-webapi2",
cert);
var authHandler = new AuthenticationHandler(authConfig, config);
config.Routes.MapHttpRoute(
name: "test2",
routeTemplate: "api/test2",
defaults: new { controller = "Test2" },
constraints: null,
handler: authHandler
);
}
}
