public static void Register(HttpConfiguration config) { var authNConfig = new AuthenticationConfiguration { SendWwwAuthenticateResponseHeaders = false, RequireSsl = false }; //authNConfig.AddJsonWebToken( // "TODOApi", // "http://tt.com/mobile/todos", // ConfigurationManager.AppSettings["acsSigningKey"]); authNConfig.AddJsonWebToken( "http://identityserver.v2.thinktecture.com/trust/cw", "http://tt.com/mobile/todos", ConfigurationManager.AppSettings["oauthSigningKey"]); authNConfig.AddBasicAuthentication( (un, pw) => un == pw); // this is the super complex basic authentication validation logic :) authNConfig.ClaimsAuthenticationManager = FederatedAuthentication.FederationConfiguration .IdentityConfiguration.ClaimsAuthenticationManager; config.MessageHandlers.Add(new AuthenticationHandler(authNConfig)); config.Filters.Add(new ClaimsAuthorizeAttribute()); }
public static void AddJsonWebToken(this AuthenticationConfiguration configuration, string issuer, string audience, string signingKey, string scheme) { configuration.AddJsonWebToken( issuer, audience, signingKey, AuthenticationOptions.ForAuthorizationHeader(scheme), AuthenticationScheme.SchemeOnly(scheme)); }
private static AuthenticationConfiguration CreateAuthenticationConfiguration() { var authentication = new AuthenticationConfiguration { ClaimsAuthenticationManager = new ClaimsTransformer(), RequireSsl = false, EnableSessionToken = true }; #region Basic Authentication authentication.AddBasicAuthentication(UserCredentials.Validate); #endregion #region IdentityServer JWT authentication.AddJsonWebToken( issuer: Constants.IdSrv.IssuerUri, audience: Constants.Audience, signingKey: Constants.IdSrv.SigningKey); #endregion #region Access Control Service JWT authentication.AddJsonWebToken( issuer: Constants.ACS.IssuerUri, audience: Constants.Audience, signingKey: Constants.ACS.SigningKey, scheme: Constants.ACS.Scheme); #endregion #region IdentityServer SAML authentication.AddSaml2( issuerThumbprint: Constants.IdSrv.SigningCertThumbprint, issuerName: Constants.IdSrv.IssuerUri, audienceUri: Constants.Realm, certificateValidator: X509CertificateValidator.None, options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme), scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme)); #endregion #region Client Certificates authentication.AddClientCertificate(ClientCertificateMode.ChainValidation); #endregion return authentication; }
private static AuthenticationConfiguration CreateAuthenticationConfiguration() { var authentication = new AuthenticationConfiguration { RequireSsl = false, }; authentication.AddJsonWebToken(Constants.AS.IssuerName, Constants.Audience, Constants.AS.SigningKey, ClaimMappings.None); return authentication; }
private static AuthenticationConfiguration CreateAuthenticationConfiguration() { var authentication = new AuthenticationConfiguration { ClaimsAuthenticationManager = new ClaimsTransformer() }; #region Basic Authentication authentication.AddBasicAuthentication((username, password) => UserCredentials.Validate(username, password)); #endregion #region IdentityServer JWT authentication.AddJsonWebToken( Constants.IdSrv.IssuerUri, Constants.Audience, Constants.IdSrv.SigningKey); #endregion #region Access Control Service JWT authentication.AddJsonWebToken( Constants.ACS.IssuerUri, Constants.Audience, Constants.ACS.SigningKey, AuthenticationOptions.ForAuthorizationHeader(Constants.ACS.Scheme)); #endregion #region #IdentityServer SAML authentication.AddSaml2( issuerThumbprint: Constants.IdSrv.SigningCertThumbprint, issuerName: Constants.IdSrv.IssuerUri, audienceUri: Constants.Realm, certificateValidator: X509CertificateValidator.None, options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme)); #endregion return authentication; }
private static AuthenticationConfiguration CreateAuthenticationConfiguration() { var authentication = new AuthenticationConfiguration { RequireSsl = false, }; authentication.AddJsonWebToken( issuer: Constants.AuthzSrv.IssuerName, audience: Constants.Audience, signingKey: Constants.AuthzSrv.SigningKey, claimMappings: ClaimMappings.None); return authentication; }
public static AuthenticationConfiguration CreateUserInfoAuthConfig(IConfigurationRepository configuration) { var userInfoAuth = new AuthenticationConfiguration { RequireSsl = !configuration.Global.DisableSSL, InheritHostClientIdentity = false }; userInfoAuth.AddJsonWebToken( issuer: configuration.Global.IssuerUri, audience: configuration.Global.IssuerUri + "/userinfo", signingCertificate: configuration.Keys.SigningCertificate); return userInfoAuth; }
private static AuthenticationConfiguration CreateAuthenticationConfiguration() { var authentication = new AuthenticationConfiguration { ClaimsAuthenticationManager = new ClaimsTransformer(), RequireSsl = false, EnableSessionToken = true }; authentication.AddJsonWebToken( issuer: "http://identityserver.v2.thinktecture.com/trust/idsrv", audience: "https://localhost:44301/", signingKey: "8hlN4y8TZBYNLtUrhvLPUfLRjx3KWMo24JdAurlcRMs="); return authentication; }
public static AuthenticationConfiguration CreateAuthenticationConfiguration() { var authentication = new AuthenticationConfiguration() { ClaimsAuthenticationManager = new ClaimsTransformer(), RequireSsl = false, EnableSessionToken = true }; authentication.AddJsonWebToken( issuer: "http://identityserver.v2.thinktecture.com/trust/idsrv", audience: "https://localhost:44308/", signingKey: "CBvAWq7BA9EncagGwAK2gTrEhs2IL20LiHIhFtxRIT4="); return authentication; }
public static void Configure(HttpConfiguration config) { var authNConfig = new AuthenticationConfiguration(); authNConfig.AddJsonWebToken( "http://identityserver.v2.thinktecture.com/trust/cw", "http://tt.com/mobile/todos", ConfigurationManager.AppSettings["oauthSigningKey"], AuthenticationOptions.ForAuthorizationHeader("Bearer")); authNConfig.ClaimsAuthenticationManager = FederatedAuthentication.FederationConfiguration .IdentityConfiguration.ClaimsAuthenticationManager; config.MessageHandlers.Add(new AuthenticationHandler(authNConfig)); config.Filters.Add(new ClaimsAuthorizeAttribute()); }
/// <summary> /// Configuration related to the Thinktecture Authorization Server /// </summary> /// <returns></returns> private static AuthenticationConfiguration CreateAuthenticationConfiguration() { /*ClaimsAuthenticationManager = new GridsClaimsAuthenticationManager(),*/ var authentication = new AuthenticationConfiguration { RequireSsl = false, }; authentication.AddJsonWebToken( issuer: Constants.AuthorizationServer.IssuerName, audience: Constants.Audience, signingKey: Constants.AuthorizationServer.SigningKey, claimMappings: ClaimMappings.None); return authentication; }
public static void AddJsonWebToken( this AuthenticationConfiguration configuration, string issuer, string audience, X509Certificate2 signingCertificate, Dictionary<string, string> claimMappings = null) { var validationParameters = new TokenValidationParameters() { AllowedAudience = audience, SigningToken = new X509SecurityToken(signingCertificate), ValidIssuer = issuer, }; configuration.AddJsonWebToken( validationParameters, AuthenticationOptions.ForAuthorizationHeader(JwtConstants.Bearer), AuthenticationScheme.SchemeOnly(JwtConstants.Bearer), claimMappings); }
public static void AddJsonWebToken( this AuthenticationConfiguration configuration, string issuer, string audience, string signingKey, Dictionary<string, string> claimMappings = null) { var validationParameters = new TokenValidationParameters() { AllowedAudience = audience, SigningToken = new BinarySecretSecurityToken(Convert.FromBase64String(signingKey)), ValidIssuer = issuer, }; configuration.AddJsonWebToken( validationParameters, AuthenticationOptions.ForAuthorizationHeader(JwtConstants.Bearer), AuthenticationScheme.SchemeOnly(JwtConstants.Bearer), claimMappings); }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", EnableSessionToken = true }; #region BasicAuthentication config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false); #endregion #region SimpleWebToken config.AddSimpleWebToken( issuer: "http://identity.thinktecture.com/trust", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("IdSrv")); #endregion #region JsonWebToken config.AddJsonWebToken( issuer: "http://selfissued.test", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("JWT")); #endregion #region IdentityServer SAML var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry(); idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv"); var idsrvConfig = new SecurityTokenHandlerConfiguration(); idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); idsrvConfig.IssuerNameRegistry = idsrvRegistry; idsrvConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml")); #endregion #region ADFS SAML var adfsRegistry = new ConfigurationBasedIssuerNameRegistry(); adfsRegistry.AddTrustedIssuer("8EC7F962CC083FF7C5997D8A4D5ED64B12E4C174", "ADFS"); adfsRegistry.AddTrustedIssuer("b6 93 46 34 7f 70 a9 c3 72 02 18 ae f1 82 2a 5c 97 b1 8c a5", "PETS ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); adfsConfig.IssuerNameRegistry = adfsRegistry; adfsConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml")); #endregion #region ACS SWT config.AddSimpleWebToken( issuer: "https://" + Constants.ACS + "/", audience: Constants.Realm, signingKey: Constants.AcsSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("ACS")); #endregion #region AccessKey config.AddAccessKey(token => { if (ObfuscatingComparer.IsEqual(token, "accesskey123")) { return Principal.Create("Custom", new Claim("customerid", "123"), new Claim("email", "*****@*****.**")); } return null; }, AuthenticationOptions.ForQueryString("key")); #endregion #region Client Certificate config.AddClientCertificate( ClientCertificateMode.ChainValidationWithIssuerSubjectName, "CN=PortableCA"); #endregion return config; }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", }; #region BasicAuthentication config.AddBasicAuthentication((userName, password) => userName == password); #endregion #region SimpleWebToken config.AddSimpleWebToken( issuer: "http://localhost/idsrv/trust", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("IdSrv")); #endregion #region JsonWebToken config.AddJsonWebToken( issuer: "http://selfissued.test", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("JWT")); #endregion #region IdentityServer SAML var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry(); idsrvRegistry.AddTrustedIssuer("a90d2bc088d949d63321e1152065234c1acda7b1", "Thinktecture IdSrv"); var idsrvConfig = new SecurityTokenHandlerConfiguration(); idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); idsrvConfig.IssuerNameRegistry = idsrvRegistry; idsrvConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml")); #endregion #region ACS SWT config.AddSimpleWebToken( issuer: "https://" + Constants.ACS + "/", audience: Constants.Realm, signingKey: Constants.AcsSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("ACS")); #endregion #region AccessKey var handler = new SimpleSecurityTokenHandler(token => { if (ObfuscatingComparer.IsEqual(token, "accesskey123")) { return IdentityFactory.Create("Custom", new Claim("customerid", "123"), new Claim("email", "*****@*****.**")); } return null; }); config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key")); #endregion return config; }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", EnableSessionToken = true, SetNoRedirectMarker = true }; #region BasicAuthentication config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false); #endregion #region SimpleWebToken config.AddSimpleWebToken( issuer: Constants.IdSrvIssuerName, audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("IdSrv")); #endregion #region JsonWebToken config.AddJsonWebToken( issuer: "http://selfissued.test", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("JWT")); #endregion #region JsonWebToken Windows Store Client config.AddJsonWebToken( issuer: "http://identityserver45.thinktecture.com/trust/changethis", audience: "https://test/rp/", signingKey: "3ihK5qGVhp8ptIk9+TDucXQW4Aaengg3d5m6gU8nzc8=", options: AuthenticationOptions.ForAuthorizationHeader("Win8")); #endregion #region IdentityServer SAML var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry(); idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv"); var idsrvConfig = new SecurityTokenHandlerConfiguration(); idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); idsrvConfig.IssuerNameRegistry = idsrvRegistry; idsrvConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml")); #endregion #region ADFS SAML var adfsRegistry = new ConfigurationBasedIssuerNameRegistry(); adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); adfsConfig.IssuerNameRegistry = adfsRegistry; adfsConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml")); #endregion #region ACS SWT config.AddSimpleWebToken( issuer: "https://" + Constants.ACS + "/", audience: Constants.Realm, signingKey: Constants.AcsSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("ACS")); #endregion #region AccessKey config.AddAccessKey(token => { if (ObfuscatingComparer.IsEqual(token, "accesskey123")) { return Principal.Create("Custom", new Claim("customerid", "123"), new Claim("email", "*****@*****.**")); } return null; }, AuthenticationOptions.ForQueryString("key")); #endregion #region Client Certificate config.AddClientCertificate( ClientCertificateMode.ChainValidationWithIssuerSubjectName, "CN=PortableCA"); #endregion return config; }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", }; #region Basic Authentication config.AddBasicAuthentication((userName, password) => userName == password); #endregion #region SimpleWebToken config.AddSimpleWebToken( "http://identity.thinktecture.com/trust", Constants.Realm, Constants.IdSrvSymmetricSigningKey, AuthenticationOptions.ForAuthorizationHeader("IdSrv")); #endregion #region JsonWebToken config.AddJsonWebToken( "http://selfissued.test", Constants.Realm, Constants.IdSrvSymmetricSigningKey, AuthenticationOptions.ForAuthorizationHeader("JWT")); #endregion #region IdentityServer SAML var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry(); idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv"); var idsrvConfig = new SecurityTokenHandlerConfiguration(); idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); idsrvConfig.IssuerNameRegistry = idsrvRegistry; idsrvConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml")); #endregion #region ACS SWT config.AddSimpleWebToken( "https://" + Constants.ACS + "/", Constants.Realm, Constants.AcsSymmetricSigningKey, AuthenticationOptions.ForAuthorizationHeader("ACS")); #endregion #region AccessKey var handler = new SimpleSecurityTokenHandler("my access key", token => { if (ObfuscatingComparer.IsEqual(token, "accesskey123")) { return new ClaimsIdentity(new Claim[] { new Claim("customerid", "123") }, "Custom"); } return null; }); config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key")); #endregion return config; }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", EnableSessionToken = true }; #region BasicAuthentication config.AddBasicAuthentication((userName, password) => userName == password); #endregion #region SimpleWebToken config.AddSimpleWebToken( issuer: Constants.IdSrvIssuerName, audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("IdSrv")); #endregion #region JsonWebToken config.AddJsonWebToken( issuer: "http://selfissued.test", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("JWT")); #endregion #region IdentityServer SAML var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry(); idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv"); var idsrvConfig = new SecurityTokenHandlerConfiguration(); idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); idsrvConfig.IssuerNameRegistry = idsrvRegistry; idsrvConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml")); #endregion #region ADFS SAML var adfsRegistry = new ConfigurationBasedIssuerNameRegistry(); adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); adfsConfig.IssuerNameRegistry = adfsRegistry; adfsConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml")); #endregion #region ACS SWT config.AddSimpleWebToken( issuer: "https://" + Constants.ACS + "/", audience: Constants.Realm, signingKey: Constants.AcsSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("ACS")); #endregion #region AccessKey config.AddAccessKey(token => { if (ObfuscatingComparer.IsEqual(token, "accesskey123")) { return Principal.Create("Custom", new Claim("customerid", "123"), new Claim("email", "*****@*****.**")); } return null; }, AuthenticationOptions.ForQueryString("key")); #endregion return config; }
public static AuthenticationConfiguration CreateClientAuthConfig(HttpConfiguration httpConfiguration, IConfigurationRepository configuration) { _logger.Info("Creating client auth configuration... "); var authConfig = new AuthenticationConfiguration { InheritHostClientIdentity = false, RequireSsl = false, //EnableSessionToken = true, // DefaultAuthenticationScheme = JwtConstants.JWT, }; // accept arbitrary credentials on basic auth header, // validation will be done in the protocol endpoint authConfig.AddBasicAuthentication((id, secret) => true, retainPassword: true); authConfig.AddJsonWebToken( issuer: configuration.Global.IssuerUri, audience: FACCTS.Server.Common.Constants.RelyingParties.FACCTS, signingKey: configuration.Keys.SymmetricSigningKey ); httpConfiguration.MessageHandlers.Add(new AuthenticationHandler(authConfig)); _logger.Info("Client auth configuration done! "); return authConfig; }