public void Configuration(IAppBuilder app) { app.Map(string.Empty, idsrvApp => { Log.Logger = new LoggerConfiguration() .MinimumLevel.Debug() .WriteTo.Trace() .CreateLogger(); var idServerServiceFactory = new IdentityServerServiceFactory() .UseInMemoryClients(Clients.Get()) .UseInMemoryScopes(IdentityScopes.Get()) .UseInMemoryUsers(Users.Get()); var corsPolicyService = new DefaultCorsPolicyService() { AllowAll = true }; idServerServiceFactory.CorsPolicyService = new Registration <IdentityServer3.Core.Services.ICorsPolicyService>(corsPolicyService); var options = new IdentityServerOptions { Factory = idServerServiceFactory, SiteName = "Security Token Service", IssuerUri = Constants.IssuerUri, PublicOrigin = Constants.Origin, SigningCertificate = LoadCertificate(), AuthenticationOptions = new AuthenticationOptions { EnablePostSignOutAutoRedirect = true, PostSignOutAutoRedirectDelay = 5 }, LoggingOptions = new LoggingOptions() { WebApiDiagnosticsIsVerbose = true, EnableWebApiDiagnostics = true, EnableKatanaLogging = true, EnableHttpLogging = true } }; idsrvApp.UseIdentityServer(options); }); }
public void Configuration(IAppBuilder app) { AntiForgeryConfig.UniqueClaimTypeIdentifier = Constants.ClaimTypes.Subject; JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>(); Common.Logging.Logger.Initialize(HostingEnvironment.ApplicationPhysicalPath + "errorLog.config"); app.MapSignalR(); app.Map( pathMatch: "/identity", configuration: idsrvApp => { idsrvApp.UseIdentityServer( new IdentityServerOptions { SiteName = "Embedded IdentityServer", SigningCertificate = LoadCertificate(), Factory = new IdentityServerServiceFactory() .UseInMemoryUsers(IdentityUsers.Get()) .UseInMemoryClients(IdentityClients.Get()) .UseInMemoryScopes(IdentityScopes.Get()), AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions { IdentityProviders = ConfigureIdentityProviders } }); }); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Cookies" }); app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { Authority = "https://localhost:44392/identity", ClientId = "mvc", Scope = "openid profile roles sampleApi", RedirectUri = "https://localhost:44392/", ResponseType = "id_token token", SignInAsAuthenticationType = "Cookies", UseTokenLifetime = false, Notifications = new OpenIdConnectAuthenticationNotifications { SecurityTokenValidated = async n => { // create new identity and set name and role claim type var nid = new ClaimsIdentity( n.AuthenticationTicket.Identity.AuthenticationType, Constants.ClaimTypes.GivenName, Constants.ClaimTypes.Role); // get userinfo data var userInfoClient = new UserInfoClient(n.Options.Authority + "/connect/userinfo"); var userInfo = await userInfoClient.GetAsync(n.ProtocolMessage.AccessToken); userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Type, ui.Value))); nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken)); // add access token for sample API nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken)); // keep track of access token expiration nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString())); // add some other app specific claim ////nid.AddClaim(new Claim("app_specific", "some data")); n.AuthenticationTicket = new AuthenticationTicket( nid, n.AuthenticationTicket.Properties); }, RedirectToIdentityProvider = n => { if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest) { var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token"); if (idTokenHint != null) { n.ProtocolMessage.IdTokenHint = idTokenHint.Value; } } return(Task.FromResult(0)); } } }); }