public DiscoveryDocumentIssuerSecurityKeyProvider(string discoveryEndpoint, BearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) { _logger = loggerFactory.Create(this.GetType().FullName); //if (options.BackchannelCertificateValidator != null) //{ // // Set the cert validate callback // var webRequestHandler = handler as WebRequestHandler; // if (webRequestHandler == null) // { // throw new InvalidOperationException("The back channel handler must derive from WebRequestHandler in order to use a certificate validator"); // } // webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate; //}RequireHttps _configurationManager = new ConfigurationManager <OpenIdConnectConfiguration>(discoveryEndpoint, new OpenIdConnectConfigurationRetriever(), new HttpDocumentRetriever() { RequireHttps = false }) { AutomaticRefreshInterval = options.AutomaticRefreshInterval }; if (!options.DelayLoadMetadata) { RetrieveMetadata(); } }
internal static Lazy <OAuthBearerAuthenticationOptions> ConfigureLocalValidation( BearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory) { return(new Lazy <OAuthBearerAuthenticationOptions>(() => { // use discovery endpoint if (string.IsNullOrWhiteSpace(options.Authority)) { throw new Exception("Either set IssuerName and SigningCertificate - or Authority"); } var discoveryEndpoint = options.Authority.EnsureTrailingSlash(); discoveryEndpoint += ".well-known/openid-configuration"; IIssuerSecurityKeyProvider issuerProvider = new DiscoveryDocumentIssuerSecurityKeyProvider( discoveryEndpoint, options, loggerFactory); var valParams = new TokenValidationParameters { NameClaimType = options.NameClaimType, RoleClaimType = options.RoleClaimType }; valParams.IssuerSigningKeyResolver = ResolveRsaKeys; valParams.ValidateAudience = false; var tokenFormat = new JwtFormat(valParams, issuerProvider); var bearerOptions = new OAuthBearerAuthenticationOptions { AccessTokenFormat = tokenFormat, AuthenticationMode = options.AuthenticationMode, AuthenticationType = options.AuthenticationType, Provider = new ContextTokenProvider(options.TokenProvider) }; return bearerOptions; }, LazyThreadSafetyMode.PublicationOnly)); }
public static IAppBuilder UseCustomBearerTokenAuthentication(this IAppBuilder app, BearerTokenAuthenticationOptions options) { if (app == null) { throw new ArgumentNullException("app"); } if (options == null) { throw new ArgumentNullException("options"); } var loggerFactory = app.GetLoggerFactory(); var middlewareOptions = ConfigureLocalValidation(options, loggerFactory); app.Use <BearerTokenValidationMiddleware>(app, middlewareOptions); //if (options.RequiredScopes.Any()) //{ // var scopeOptions = new ScopeRequirementOptions // { // AuthenticationType = options.AuthenticationType, // RequiredScopes = options.RequiredScopes // }; // app.Use<ScopeRequirementMiddleware>(scopeOptions); //} app.UseStageMarker(PipelineStage.Authenticate); return(app); }