private static AuthenticationHandler GetDefaultAuthenticationHandler()
{
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = false
};
#region Basic Authentication
authConfig.Handler.AddBasicAuthenticationHandler((userName, password) => { return userName == password; });
#endregion
#region SWT
authConfig.Handler.AddSimpleWebTokenHandler(
"SWT",
Constants.Issuer,
Constants.Realm,
"Dc9Mpi3jbooUpBQpB/4R7XtUsa3D/ALSjTVvK8IUZbg=");
#endregion
#region SAML tokens
var registry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer("D263DDCF598E716F0037380796A4A62DF017ADB8", "TEST");
var adfsConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
adfsConfig.IssuerNameRegistry = registry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
// token decryption (read from configuration section)
adfsConfig.ServiceTokenResolver = FederatedAuthentication.ServiceConfiguration.CreateAggregateTokenResolver();
authConfig.Handler.AddSaml11SecurityTokenHandler("SAML", adfsConfig);
//manager.AddSaml2SecurityTokenHandler("AdfsSaml", adfsConfig);
#endregion
var authHandler = new AuthenticationHandler(authConfig);
return authHandler;
}
private AuthenticationConfiguration ConfigureAuthentication()
{
var config = new AuthenticationConfiguration
{
// sample claims transformation for consultants sample, comment out to see raw claims
ClaimsAuthenticationManager = new ConsultantsClaimsTransformer(),
// value of the www-authenticate header, if not set, the first scheme added to the handler collection is used
DefaultAuthenticationScheme = "Basic"
};
#region Basic Authentication
config.Handler.AddBasicAuthenticationHandler((username, password) => username == password);
#endregion
#region IdSrv Simple Web Tokens
config.Handler.AddSimpleWebTokenHandler(
"IdSrv",
"http://identity.thinktecture.com/trust",
Constants.Realm,
"Dc9Mpi3jbooUpBQpB/4R7XtUsa3D/ALSjTVvK8IUZbg=");
#endregion
#region ACS Simple Web Tokens
config.Handler.AddSimpleWebTokenHandler(
"ACS",
"https://" + Constants.ACS + "/",
Constants.Realm,
"yFvxu8Xkmo/xBSSPrzqZLSAiB4lgjR4PIi0Bn1RsUDI=");
#endregion
#region ADFS SAML tokens
// SAML via ADFS
var registry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer("d1 c5 b1 25 97 d0 36 94 65 1c e2 64 fe 48 06 01 35 f7 bd db", "ADFS");
var adfsConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
adfsConfig.IssuerNameRegistry = registry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
// token decryption (read from configuration section)
adfsConfig.ServiceTokenResolver = FederatedAuthentication.ServiceConfiguration.CreateAggregateTokenResolver();
config.Handler.AddSaml11SecurityTokenHandler("AdfsSaml", adfsConfig);
//manager.AddSaml2SecurityTokenHandler("AdfsSaml", adfsConfig);
#endregion
#region IdSrv SAML tokens
// SAML via IdSrv
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
adfsConfig.IssuerNameRegistry = registry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
// token decryption (read from configuration section)
adfsConfig.ServiceTokenResolver = FederatedAuthentication.ServiceConfiguration.CreateAggregateTokenResolver();
config.Handler.AddSaml2SecurityTokenHandler("IdSrvSaml", adfsConfig);
#endregion
return config;
}
public AuthenticationHandler(AuthenticationConfiguration configuration)
{
_configuration = configuration;
}
private static AuthenticationConfiguration ConfigureAuthentication()
{
var config = new AuthenticationConfiguration();
config.ClaimsAuthenticationManager = new ConsultantsClaimsTransformer();
#region Basic Authentication
config.Handler.AddBasicAuthenticationHandler((username, password) => username == password);
#endregion
#region IdSrv Simple Web Tokens
config.Handler.AddSimpleWebTokenHandler(
"IdSrv",
"http://identity.thinktecture.com/trust",
Thinktecture.Samples.Constants.Realm,
"Dc9Mpi3jbooUpBQpB/4R7XtUsa3D/ALSjTVvK8IUZbg=");
#endregion
#region ACS Simple Web Tokens
config.Handler.AddSimpleWebTokenHandler(
"ACS",
"https://" + Thinktecture.Samples.Constants.ACS + "/",
Thinktecture.Samples.Constants.Realm,
"yFvxu8Xkmo/xBSSPrzqZLSAiB4lgjR4PIi0Bn1RsUDI=");
#endregion
#region ADFS SAML tokens
// SAML via ADFS
var registry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer("d1 c5 b1 25 97 d0 36 94 65 1c e2 64 fe 48 06 01 35 f7 bd db", "ADFS");
var adfsConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Thinktecture.Samples.Constants.Realm));
adfsConfig.IssuerNameRegistry = registry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
// token decryption (read from configuration section)
adfsConfig.ServiceTokenResolver = FederatedAuthentication.ServiceConfiguration.CreateAggregateTokenResolver();
config.Handler.AddSaml11SecurityTokenHandler("AdfsSaml", adfsConfig);
//manager.AddSaml2SecurityTokenHandler("AdfsSaml", adfsConfig);
#endregion
#region IdSrv SAML tokens
// SAML via IdSrv
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer("CD638612A35CD2F9232ECE36226B731FC666EF07", "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Thinktecture.Samples.Constants.Realm));
adfsConfig.IssuerNameRegistry = registry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
// token decryption (read from configuration section)
adfsConfig.ServiceTokenResolver = FederatedAuthentication.ServiceConfiguration.CreateAggregateTokenResolver();
config.Handler.AddSaml2SecurityTokenHandler("IdSrvSaml", adfsConfig);
#endregion
return config;
}
