private static AuthenticationHandler GetDefaultAuthenticationHandler() { var authConfig = new AuthenticationConfiguration { RequireSsl = false, InheritHostClientIdentity = false }; #region Basic Authentication authConfig.AddBasicAuthentication((userName, password) => { return(userName == password); }); #endregion //#region SWT //authConfig.Handler.AddSimpleWebToken( // "SWT", // Constants.Issuer, // Constants.Realm, // "Dc9Mpi3jbooUpBQpB/4R7XtUsa3D/ALSjTVvK8IUZbg="); //#endregion #region SAML2 tokens var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer("D263DDCF598E716F0037380796A4A62DF017ADB8", "TEST"); var saml2Config = new SecurityTokenHandlerConfiguration(); saml2Config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://test")); saml2Config.IssuerNameRegistry = registry; saml2Config.CertificateValidator = X509CertificateValidator.None; authConfig.AddSaml2(saml2Config, AuthenticationOptions.ForAuthorizationHeader("Saml2"), null); #endregion var authHandler = new AuthenticationHandler(authConfig); return(authHandler); }
public static AuthenticationConfiguration CreateAuthenticationConfiguration(ILog log) { var authentication = new AuthenticationConfiguration { ClaimsAuthenticationManager = new ClaimsTransformer(), RequireSsl = false, EnableSessionToken = true }; #region Basic Authentication authentication.AddBasicAuthentication(UserCredentials.Validate); log.Info("Configurada autenticación básica."); #endregion #region IdentityServer JWT //authentication.AddJsonWebToken( // issuer: Constants.IdSrv.IssuerUri, // audience: Constants.Audience, // signingKey: Constants.IdSrv.SigningKey); authentication.AddMsftJsonWebToken( issuer: Constants.IdSrv.IssuerUri, audience: Constants.Audience, signingKey: Constants.IdSrv.SigningKey); log.Info("Configurado IdentityServer JWT."); #endregion #region Access Control Service JWT authentication.AddJsonWebToken( issuer: Constants.ACS.IssuerUri, audience: Constants.Audience, signingKey: Constants.ACS.SigningKey, scheme: Constants.ACS.Scheme); log.Info("Configurado Access Control Service JWT."); #endregion #region IdentityServer SAML authentication.AddSaml2( issuerThumbprint: Constants.IdSrv.SigningCertThumbprint, issuerName: Constants.IdSrv.IssuerUri, audienceUri: Constants.Realm, certificateValidator: X509CertificateValidator.None, options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme), scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme)); log.Info("Configurado IdentityServer SAML."); #endregion #region Client Certificates authentication.AddClientCertificate(ClientCertificateMode.ChainValidation); log.Info("Configurado Client Certificate."); #endregion // OLL: Reeemplazo la session key generada automaticamente. Tendría que haber una variable de web.config para indicar si la quiero random o fija // y obtener la key del config; authentication.SessionToken.SigningKey = Constants.SessionKey; log.Info("Configurada Clave."); return(authentication); }
public static void AddMsftJsonWebToken( this AuthenticationConfiguration configuration, string issuer, string audience, X509Certificate2 signingCert) { configuration.AddMsftJsonWebToken( issuer, audience, signingCert, AuthenticationOptions.ForAuthorizationHeader(JwtConstants.Bearer), AuthenticationScheme.SchemeOnly(JwtConstants.Bearer)); }
private static AuthenticationConfiguration CreateAuthenticationConfiguration() { var authentication = new AuthenticationConfiguration { ClaimsAuthenticationManager = new ClaimsTransformer(), RequireSsl = false, EnableSessionToken = true }; #region Basic Authentication authentication.AddBasicAuthentication(UserCredentials.Validate); #endregion #region IdentityServer JWT //authentication.AddJsonWebToken( // issuer: Constants.IdSrv.IssuerUri, // audience: Constants.Audience, // signingKey: Constants.IdSrv.SigningKey); authentication.AddMsftJsonWebToken( issuer: Constants.IdSrv.IssuerUri, audience: Constants.Audience, signingKey: Constants.IdSrv.SigningKey); #endregion #region Access Control Service JWT authentication.AddJsonWebToken( issuer: Constants.ACS.IssuerUri, audience: Constants.Audience, signingKey: Constants.ACS.SigningKey, scheme: Constants.ACS.Scheme); #endregion #region IdentityServer SAML authentication.AddSaml2( issuerThumbprint: Constants.IdSrv.SigningCertThumbprint, issuerName: Constants.IdSrv.IssuerUri, audienceUri: Constants.Realm, certificateValidator: X509CertificateValidator.None, options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme), scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme)); #endregion #region Client Certificates authentication.AddClientCertificate(ClientCertificateMode.ChainValidation); #endregion return(authentication); }
public static void Configure(HttpConfiguration config) { var authNConfig = new AuthenticationConfiguration(); authNConfig.AddJsonWebToken( "http://identityserver.v2.thinktecture.com/trust/cw", "http://tt.com/mobile/todos", ConfigurationManager.AppSettings["oauthSigningKey"], AuthenticationOptions.ForAuthorizationHeader("Bearer")); authNConfig.ClaimsAuthenticationManager = FederatedAuthentication.FederationConfiguration .IdentityConfiguration.ClaimsAuthenticationManager; config.MessageHandlers.Add(new AuthenticationHandler(authNConfig)); config.Filters.Add(new ClaimsAuthorizeAttribute()); }
public static void AddMsftJsonWebToken(this AuthenticationConfiguration configuration, string issuer, string audience, X509Certificate2 signingCertificate) { var validationParameters = new TokenValidationParameters() { AllowedAudience = audience, SigningToken = new X509SecurityToken(signingCertificate), ValidIssuer = issuer, ValidateExpiration = true }; var handler = new JWTSecurityTokenHandlerWrapper(validationParameters); configuration.AddMapping(new AuthenticationOptionMapping { TokenHandler = new SecurityTokenHandlerCollection { handler }, Options = AuthenticationOptions.ForAuthorizationHeader(JwtConstants.Bearer), Scheme = AuthenticationScheme.SchemeOnly(JwtConstants.Bearer) }); }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration(); // Get the SWT configuration from the Web Role configuration string issuerName = Microsoft.Azure.CloudConfigurationManager.GetSetting("ACS.IssuerName").Trim(); string realm = Microsoft.Azure.CloudConfigurationManager.GetSetting("ACS.Realm").Trim(); string signingKey = Microsoft.Azure.CloudConfigurationManager.GetSetting("ACS.SigningKey").Trim(); // Add an SWT authentication support config.AddSimpleWebToken( issuer: issuerName, audience: realm, signingKey: signingKey, options: AuthenticationOptions.ForAuthorizationHeader("OAuth")); // Set defaults config.DefaultAuthenticationScheme = "OAuth"; config.EnableSessionToken = true; return(config); }
public static void Register(HttpConfiguration config) { var authConfig = new AuthenticationConfiguration { RequireSsl = false, ClaimsAuthenticationManager = new ClaimsTransformer(), EnableSessionToken = true, }; var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer(System.Configuration.ConfigurationManager.AppSettings["SigningThumbPrint"], System.Configuration.ConfigurationManager.AppSettings["IssuerURI"]); var handlerConfig = new SecurityTokenHandlerConfiguration(); handlerConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(System.Configuration.ConfigurationManager.AppSettings["AudianceUri"])); handlerConfig.IssuerNameRegistry = registry; handlerConfig.CertificateValidator = X509CertificateValidator.None; handlerConfig.ServiceTokenResolver = new X509CertificateStoreTokenResolver(StoreName.My, StoreLocation.LocalMachine); authConfig.AddSaml2(handlerConfig, AuthenticationOptions.ForAuthorizationHeader("SAML"), AuthenticationScheme.SchemeOnly("SAML")); config.MessageHandlers.Add(new AuthenticationHandler(authConfig)); config.Routes.MapHttpRoute( name: "UsersCurrentPermittedUser", routeTemplate: "api/Users/{logonUserName}/CurrentPermittedUser", defaults: new { Controller = "UsersCurrentPermittedUser", id = RouteParameter.Optional }); //constraints:new {httpMethod = new System.Web.Http.Routing.HttpMethodConstraint(HttpMethod.Get,HttpMethod.Post)}); config.Routes.MapHttpRoute( name: "Calculations", routeTemplate: "api/Periods/{PeriodId}/Calculations/{id}", defaults: new { Controller = "Calculations", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "CalculationsState", routeTemplate: "api/Periods/{PeriodId}/Calculations/{id}/State", defaults: new { Controller = "CalculationsState", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "CalculationsExceptions", routeTemplate: "api/Periods/{PeriodId}/Calculations/{calculationId}/Exceptions/{id}", defaults: new { Controller = "CalculationsExceptions", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "JobIndexPoints", routeTemplate: "api/Periods/{PeriodId}/Calculations/{CalculationId}/JobIndexpoints/{id}", defaults: new { Controller = "JobIndexPoints", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "JobCustomFields", routeTemplate: "api/Jobs/{jobId}/CustomFields/{id}", defaults: new { Controller = "JobCustomFields", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PeriodState", routeTemplate: "api/Periods/{id}/State", defaults: new { Controller = "PeriodsState", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PeriodSourceDestinationState", routeTemplate: "api/SourcePeriods/{sourcePeriodId}/DestinationPeriods/{destinationPeriodId}/State", defaults: new { Controller = "PeriodSourceDestinationState", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PolicyFunctions", routeTemplate: "api/Policies/{PolicyId}/Functions/{id}", defaults: new { Controller = "PolicyFunctions", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PolicyRules", routeTemplate: "api/Policies/{PolicyId}/Rules/{id}", defaults: new { Controller = "PolicyRules", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PolicyRuleTrails", routeTemplate: "api/Policies/{policyId}/Rules/{ruleId}/Trails/{id}", defaults: new { Controller = "PolicyRuleTrails", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PolicyRuleCompilations", routeTemplate: "api/Policies/{PolicyId}/RuleCompilations/{id}", defaults: new { Controller = "RuleCompilations", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PeriodUnits", routeTemplate: "api/Periods/{PeriodId}/Units/{id}", defaults: new { Controller = "PeriodUnits", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "UnitInquirySubjectsController", routeTemplate: "api/Periods/{PeriodId}/Units/{UnitId}/InquirySubjects", defaults: new { Controller = "UnitInquirySubjects", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "UnitVerifiersController", routeTemplate: "api/Periods/{PeriodId}/Units/{UnitId}/Verifiers", defaults: new { Controller = "UnitVerifiers", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "InquirerInquiryUnits", routeTemplate: "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/InquiryUnits", defaults: new { Controller = "InquirerInquiryUnits", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "EmployeeUnits", routeTemplate: "api/Periods/{PeriodId}/Employees/{EmployeeNo}/Units", defaults: new { Controller = "EmployeeUnits", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "InquiryUnitInquiryUnitIndexPoints", routeTemplate: "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/Units/{unitId}/InquiryUnitIndexPoints", defaults: new { Controller = "InquiryUnitInquiryUnitIndexPoints", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PeriodEmployees", routeTemplate: "api/Periods/{PeriodId}/Employees/{id}", defaults: new { Controller = "PeriodEmployees", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "EmployeeJobPositions", routeTemplate: "api/Periods/{PeriodId}/Employees/{EmployeeNo}/JobPositions", defaults: new { Controller = "EmployeeJobPositions", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PeriodJobPositions", routeTemplate: "api/Periods/{PeriodId}/JobPositions/{id}", defaults: new { Controller = "PeriodJobPositions", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PeriodJobIndex", routeTemplate: "api/Periods/{PeriodId}/JobIndices/{id}", defaults: new { Controller = "PeriodJobIndex", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PeriodUnitIndex", routeTemplate: "api/Periods/{PeriodId}/UnitIndices/{id}", defaults: new { Controller = "PeriodUnitIndex", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PeriodJobs", routeTemplate: "api/Periods/{PeriodId}/Jobs/{id}", defaults: new { Controller = "PeriodJobs", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "JobIndexCustomFields", routeTemplate: "api/JobIndices/{jobindexid}/CustomFields/{id}", defaults: new { Controller = "CustomFields", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "JobPositionJobs", routeTemplate: "api/Periods/{PeriodId}/JobPositions/{JobPositionId}/Jobs", defaults: new { Controller = "JobPositionJobs", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "JobPositionInquirySubjects", routeTemplate: "api/Periods/{PeriodId}/JobPositions/{JobPositionId}/InquirySubjects", defaults: new { Controller = "JobPositionInquirySubjects", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "InquirySubjectInquirers", routeTemplate: "api/Periods/{PeriodId}/JobPositions/{JobPositionId}/InquirySubjects/{InquirySubjectEmployeeNo}/Inquirers", defaults: new { Controller = "InquirySubjectInquirers", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "InquirerInquirySubjects", routeTemplate: "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/InquirySubjects", defaults: new { Controller = "InquirerInquirySubjects", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "InquirerInquiryIndices", routeTemplate: "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/InquiryIndices", defaults: new { Controller = "InquirerInquiryIndices", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "InquirySubjectJobPositionInquiryJobIndexPoints", routeTemplate: "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/InquirySubjects/{InquirySubjectEmployeeNo}/JobPositions/{JobPositionId}/InquiryJobIndexPoints", defaults: new { Controller = "InquirySubjectJobPositionInquiryJobIndexPoints", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "InquiryIndexInquiryJobIndexPoints", routeTemplate: "api/Periods/{PeriodId}/Inquirers/{InquirerEmployeeNo}/InquiryIndices/{jobIndexId}/InquiryJobIndexPoints", defaults: new { Controller = "InquiryIndexInquiryJobIndexPoints", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PeriodClaims", routeTemplate: "api/Periods/{PeriodId}/Claims/{id}", defaults: new { Controller = "PeriodClaims", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PeriodClaimStates", routeTemplate: "api/Periods/{PeriodId}/ClaimStates", defaults: new { Controller = "PeriodClaimStates", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "PeriodClaimTypes", routeTemplate: "api/Periods/{PeriodId}/ClaimTypes", defaults: new { Controller = "PeriodClaimTypes", id = RouteParameter.Optional }); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional }); config.Formatters.Add(new PlainTextFormatter()); config.Filters.Add(new GlobalExceptionFilterAttribute()); config.Formatters.JsonFormatter.SerializerSettings.TypeNameHandling = TypeNameHandling.Auto; config.Formatters.JsonFormatter.SerializerSettings.TypeNameAssemblyFormat = System.Runtime.Serialization.Formatters.FormatterAssemblyStyle.Simple; config.Formatters.JsonFormatter.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Serialize; config.Formatters.JsonFormatter.SerializerSettings.PreserveReferencesHandling = PreserveReferencesHandling.Objects; config.Services.RemoveAll(typeof(System.Web.Http.Validation.ModelValidatorProvider), v => v is InvalidModelValidatorProvider); }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", }; #region Basic Authentication config.AddBasicAuthentication((userName, password) => userName == password); #endregion #region SimpleWebToken config.AddSimpleWebToken( "http://identity.thinktecture.com/trust", Constants.Realm, Constants.IdSrvSymmetricSigningKey, AuthenticationOptions.ForAuthorizationHeader("IdSrv")); #endregion #region JsonWebToken config.AddJsonWebToken( "http://selfissued.test", Constants.Realm, Constants.IdSrvSymmetricSigningKey, AuthenticationOptions.ForAuthorizationHeader("JWT")); #endregion #region IdentityServer SAML var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry(); idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv"); var idsrvConfig = new SecurityTokenHandlerConfiguration(); idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); idsrvConfig.IssuerNameRegistry = idsrvRegistry; idsrvConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml")); #endregion #region ACS SWT config.AddSimpleWebToken( "https://" + Constants.ACS + "/", Constants.Realm, Constants.AcsSymmetricSigningKey, AuthenticationOptions.ForAuthorizationHeader("ACS")); #endregion #region AccessKey var handler = new SimpleSecurityTokenHandler("my access key", token => { if (ObfuscatingComparer.IsEqual(token, "accesskey123")) { return(new ClaimsIdentity(new Claim[] { new Claim("customerid", "123") }, "Custom")); } return(null); }); config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key")); #endregion return(config); }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", EnableSessionToken = true }; #region BasicAuthentication config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false); #endregion #region SimpleWebToken config.AddSimpleWebToken( issuer: Constants.IdSrvIssuerName, audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("IdSrv")); #endregion #region JsonWebToken config.AddJsonWebToken( issuer: "http://selfissued.test", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("JWT")); #endregion #region JsonWebToken Windows Store Client config.AddJsonWebToken( issuer: "http://identityserver.v2.thinktecture.com/trust/changethis", audience: "https://test/rp/", signingKey: "3ihK5qGVhp8ptIk9+TDucXQW4Aaengg3d5m6gU8nzc8=", options: AuthenticationOptions.ForAuthorizationHeader("Win8")); #endregion #region IdentityServer SAML var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry(); idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv"); var idsrvConfig = new SecurityTokenHandlerConfiguration(); idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); idsrvConfig.IssuerNameRegistry = idsrvRegistry; idsrvConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml")); #endregion #region ADFS SAML var adfsRegistry = new ConfigurationBasedIssuerNameRegistry(); adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); adfsConfig.IssuerNameRegistry = adfsRegistry; adfsConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml")); #endregion #region ACS SWT config.AddSimpleWebToken( issuer: "https://" + Constants.ACS + "/", audience: Constants.Realm, signingKey: Constants.AcsSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("ACS")); #endregion #region AccessKey config.AddAccessKey(token => { if (ObfuscatingComparer.IsEqual(token, "accesskey123")) { return(Principal.Create("Custom", new Claim("customerid", "123"), new Claim("email", "*****@*****.**"))); } return(null); }, AuthenticationOptions.ForQueryString("key")); #endregion #region Client Certificate config.AddClientCertificate( ClientCertificateMode.ChainValidationWithIssuerSubjectName, "CN=PortableCA"); #endregion return(config); }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", EnableSessionToken = true }; #region BasicAuthentication config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false); #endregion #region SimpleWebToken config.AddSimpleWebToken( issuer: "http://identity.thinktecture.com/trust", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("IdSrv")); #endregion #region JsonWebToken config.AddJsonWebToken( issuer: "http://selfissued.test", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("JWT")); #endregion #region IdentityServer SAML var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry(); idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv"); var idsrvConfig = new SecurityTokenHandlerConfiguration(); idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); idsrvConfig.IssuerNameRegistry = idsrvRegistry; idsrvConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml")); #endregion #region ADFS SAML var adfsRegistry = new ConfigurationBasedIssuerNameRegistry(); adfsRegistry.AddTrustedIssuer("8EC7F962CC083FF7C5997D8A4D5ED64B12E4C174", "ADFS"); adfsRegistry.AddTrustedIssuer("b6 93 46 34 7f 70 a9 c3 72 02 18 ae f1 82 2a 5c 97 b1 8c a5", "PETS ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); adfsConfig.IssuerNameRegistry = adfsRegistry; adfsConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml")); #endregion #region ACS SWT config.AddSimpleWebToken( issuer: "https://" + Constants.ACS + "/", audience: Constants.Realm, signingKey: Constants.AcsSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("ACS")); #endregion #region AccessKey config.AddAccessKey(token => { if (ObfuscatingComparer.IsEqual(token, "accesskey123")) { return(Principal.Create("Custom", new Claim("customerid", "123"), new Claim("email", "*****@*****.**"))); } return(null); }, AuthenticationOptions.ForQueryString("key")); #endregion #region Client Certificate config.AddClientCertificate( ClientCertificateMode.ChainValidationWithIssuerSubjectName, "CN=PortableCA"); #endregion return(config); }