/// <summary>Configures the authentication. /// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864</summary> /// <param name="app">The app.</param> public void ConfigureAuth(IAppBuilder app) { // Changing this setting requires a website restart var corsOrigin = BootStrapper.GetApplicationSetting("Cors_Origin", string.Empty); if (!corsOrigin.IsBlank()) { var policy = new CorsPolicy { AllowAnyHeader = true, AllowAnyMethod = true, AllowAnyOrigin = corsOrigin.Equals("*"), SupportsCredentials = true }; if (!policy.AllowAnyOrigin) { corsOrigin.Split(',').ForEach(origin => policy.Origins.Add(origin.Trim())); } app.UseCors(new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(policy) } }); } app.CreatePerOwinContext(IdentityDbContext.Create); app.CreatePerOwinContext <IdentityUserManager>(IdentityUserManager.Create); app.CreatePerOwinContext <IdentitySignInManager>(IdentitySignInManager.Create); app.UseKentorOwinCookieSaver(); app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions { Authority = SecurityOptions.IdentityServerOptions.IssuerUri, RequiredScopes = new[] { SecurityOptions.Scope }, NameClaimType = Constants.ClaimTypes.PreferredUserName, RoleClaimType = Constants.ClaimTypes.Role }); app.UseCookieAuthentication(SecurityOptions.CookieOptions); // Use a cookie to temporarily store information about a user logging in with a third party login provider app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); app.Map("/identity", identityApp => { identityApp.UseIdentityServer(SecurityOptions.IdentityServerOptions); }); // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process. // app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5)); // Enables the application to remember the second login verification factor such as phone or email. // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from. // This is similar to the RememberMe option when you log in. // app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie); }