public static AuthenticationConfiguration CreateClientAuthConfig(IConfigurationRepository configuration) { var authConfig = new AuthenticationConfiguration { InheritHostClientIdentity = false, RequireSsl = !configuration.Global.DisableSSL, }; // accept arbitrary credentials on basic auth header, // validation will be done in the protocol endpoint authConfig.AddBasicAuthentication((id, secret) => true, retainPassword: true); return(authConfig); }
public static AuthenticationConfiguration CreateClientAuthConfig() { var authConfig = new AuthenticationConfiguration { InheritHostClientIdentity = false, DefaultAuthenticationScheme = "Basic", }; // accept arbitrary credentials on basic auth header, // validation will be done in the protocol endpoint authConfig.AddBasicAuthentication((id, secret) => true, retainPassword: true); return(authConfig); }
protected void Application_Start() { AreaRegistration.RegisterAllAreas(); GlobalConfiguration.Configure(WebApiConfig.Register); FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); RouteConfig.RegisterRoutes(RouteTable.Routes); BundleConfig.RegisterBundles(BundleTable.Bundles); AuthenticationConfiguration authenticationConfiguration = new AuthenticationConfiguration(); authenticationConfiguration.AddBasicAuthentication((username, password) => username == "admin" && password == "1234"); authenticationConfiguration.RequireSsl = false; // don't try this at home kids! GlobalConfiguration.Configure(config => config.MessageHandlers.Add(new AuthenticationHandler(authenticationConfiguration))); }
private static AuthenticationConfiguration CreateAuthenticationConfiguration() { var authentication = new AuthenticationConfiguration { ClaimsAuthenticationManager = new ClaimsTransformer(), RequireSsl = false, EnableSessionToken = true }; #region Basic Authentication authentication.AddBasicAuthentication(UserCredentials.Validate); #endregion #region IdentityServer JWT //authentication.AddJsonWebToken( // issuer: Constants.IdSrv.IssuerUri, // audience: Constants.Audience, // signingKey: Constants.IdSrv.SigningKey); authentication.AddMsftJsonWebToken( issuer: Constants.IdSrv.IssuerUri, audience: Constants.Audience, signingKey: Constants.IdSrv.SigningKey); #endregion #region Access Control Service JWT authentication.AddJsonWebToken( issuer: Constants.ACS.IssuerUri, audience: Constants.Audience, signingKey: Constants.ACS.SigningKey, scheme: Constants.ACS.Scheme); #endregion #region IdentityServer SAML authentication.AddSaml2( issuerThumbprint: Constants.IdSrv.SigningCertThumbprint, issuerName: Constants.IdSrv.IssuerUri, audienceUri: Constants.Realm, certificateValidator: X509CertificateValidator.None, options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme), scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme)); #endregion #region Client Certificates authentication.AddClientCertificate(ClientCertificateMode.ChainValidation); #endregion return(authentication); }
private static void ConfigureBasicAuth(HttpConfiguration config) { var authConfig = new AuthenticationConfiguration { InheritHostClientIdentity = true, // Inherit authentication from Forms EnableSessionToken = true, // Enable Session Tokens RequireSsl = false, // Remember to change in Production SendWwwAuthenticateResponseHeaders = false // Prevent browser window to show }; // setup authentication against membership authConfig.AddBasicAuthentication((userName, password) => WebSecurity.Login(userName, password, false)); config.MessageHandlers.Add(new AuthenticationHandler(authConfig)); }
public static AuthenticationConfiguration Create(AuthenticationService authService) { var authentication = new AuthenticationConfiguration { ClaimsAuthenticationManager = new RestClaimsAuthenticationManager(authService), RequireSsl = false, EnableSessionToken = true }; #region Basic Authentication authentication.AddBasicAuthentication((username, password) => ValidateUser(username, password, authService)); #endregion return(authentication); }
private static void ConfigureAuth(HttpConfiguration config) { var authConfig = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", EnableSessionToken = true, SendWwwAuthenticateResponseHeader = true, RequireSsl = false }; authConfig.AddBasicAuthentication((username, password) => { return(username == "admin" && password == "password"); }); config.MessageHandlers.Add(new AuthenticationHandler(authConfig)); }
public static void Register(HttpConfiguration config) { config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); var authConfig = new AuthenticationConfiguration { InheritHostClientIdentity = true, ClaimsAuthenticationManager = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager }; // setup authentication against membership authConfig.AddBasicAuthentication((userName, password) => Membership.ValidateUser(userName, password)); config.MessageHandlers.Add(new AuthenticationHandler(authConfig)); }
public void Configuration(IAppBuilder appBuilder) { var config = new HttpConfiguration(); config.MapHttpAttributeRoutes(); var authenticationConfiguration = new AuthenticationConfiguration { RequireSsl = false }; authenticationConfiguration.AddBasicAuthentication((userName, password) => { return(userName == "filip" && password == "abc"); }, AuthenticationOptions.ForHeader("MyAuthorization")); config.MessageHandlers.Add(new AuthenticationHandler(authenticationConfiguration)); appBuilder.UseWebApi(config); }
private void RegisterAuth(HttpConfiguration config) { // NOTE: You need to get into the ASP.NET Web API pipeline // in order to retrieve the session token. // e.g: GET /token should get you the token but instead you get 404. // but GET /api/token works as you are inside the ASP.NET Web API pipeline now. var auth = new AuthenticationConfiguration { RequireSsl = false, // ClaimsAuthenticationManager = new ClaimsTransformer(), DefaultAuthenticationScheme = "Basic", EnableSessionToken = true // default lifetime is 10 hours }; auth.AddBasicAuthentication(IsValid); var authHandler = new AuthenticationHandler(auth); config.MessageHandlers.Add(authHandler); }
public static AuthenticationConfiguration Create(Oauth2AuthenticationSettings oauth2AuthenticationSettings, ILogger logger) { _logger = logger; _oauth2AuthenticationSettings = oauth2AuthenticationSettings; var authentication = new AuthenticationConfiguration { ClaimsAuthenticationManager = new ProvisioningClaimsAuthenticationManager(GetClaimsForUser), RequireSsl = !AuthenticationConstants.AllowInsecureHttp, EnableSessionToken = true }; #region Basic Authentication authentication.AddBasicAuthentication(AuthenticateUser); #endregion return(authentication); }
private static AuthenticationConfiguration CreateAuthenticationConfiguration(IConfigurationRepository configurationRepository) { const string audience = "api/"; var issuerUri = configurationRepository.Global.IssuerUri; if (configurationRepository.Keys.SigningCertificate == null) { //Note: when set up Identity server 1st time, it goes here. After the initial configuration, please re-start IIS to make sure the following code executed. return(null); } var signingKey = configurationRepository.Keys.SigningCertificate.Thumbprint; var authenticationConfiguration = new AuthenticationConfiguration { ClaimsAuthenticationManager = new ClaimsTransformer(), RequireSsl = false, EnableSessionToken = true, SessionToken = new SessionTokenConfiguration { DefaultTokenLifetime = TimeSpan.FromHours(10.0), EndpointAddress = "/issue/simple", HeaderName = "Authorization", Scheme = "Session", Audience = audience, IssuerName = issuerUri, SigningKey = Encoding.UTF8.GetBytes(signingKey), } }; // IdentityServer JWT authenticationConfiguration.AddJsonWebToken(issuerUri, audience, signingKey); authenticationConfiguration.AddBasicAuthentication(Membership.ValidateUser); //Client Certificates authenticationConfiguration.AddClientCertificate(ClientCertificateMode.ChainValidation); return(authenticationConfiguration); }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", }; #region Basic Authentication config.AddBasicAuthentication((userName, password) => userName == password); #endregion #region SimpleWebToken config.AddSimpleWebToken( "http://identity.thinktecture.com/trust", Constants.Realm, Constants.IdSrvSymmetricSigningKey, AuthenticationOptions.ForAuthorizationHeader("IdSrv")); #endregion #region JsonWebToken config.AddJsonWebToken( "http://selfissued.test", Constants.Realm, Constants.IdSrvSymmetricSigningKey, AuthenticationOptions.ForAuthorizationHeader("JWT")); #endregion #region IdentityServer SAML var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry(); idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv"); var idsrvConfig = new SecurityTokenHandlerConfiguration(); idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); idsrvConfig.IssuerNameRegistry = idsrvRegistry; idsrvConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml")); #endregion #region ACS SWT config.AddSimpleWebToken( "https://" + Constants.ACS + "/", Constants.Realm, Constants.AcsSymmetricSigningKey, AuthenticationOptions.ForAuthorizationHeader("ACS")); #endregion #region AccessKey var handler = new SimpleSecurityTokenHandler("my access key", token => { if (ObfuscatingComparer.IsEqual(token, "accesskey123")) { return(new ClaimsIdentity(new Claim[] { new Claim("customerid", "123") }, "Custom")); } return(null); }); config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key")); #endregion return(config); }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", EnableSessionToken = true }; #region BasicAuthentication config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false); #endregion #region SimpleWebToken config.AddSimpleWebToken( issuer: Constants.IdSrvIssuerName, audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("IdSrv")); #endregion #region JsonWebToken config.AddJsonWebToken( issuer: "http://selfissued.test", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("JWT")); #endregion #region JsonWebToken Windows Store Client config.AddJsonWebToken( issuer: "http://identityserver.v2.thinktecture.com/trust/changethis", audience: "https://test/rp/", signingKey: "3ihK5qGVhp8ptIk9+TDucXQW4Aaengg3d5m6gU8nzc8=", options: AuthenticationOptions.ForAuthorizationHeader("Win8")); #endregion #region IdentityServer SAML var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry(); idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv"); var idsrvConfig = new SecurityTokenHandlerConfiguration(); idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); idsrvConfig.IssuerNameRegistry = idsrvRegistry; idsrvConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml")); #endregion #region ADFS SAML var adfsRegistry = new ConfigurationBasedIssuerNameRegistry(); adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); adfsConfig.IssuerNameRegistry = adfsRegistry; adfsConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml")); #endregion #region ACS SWT config.AddSimpleWebToken( issuer: "https://" + Constants.ACS + "/", audience: Constants.Realm, signingKey: Constants.AcsSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("ACS")); #endregion #region AccessKey config.AddAccessKey(token => { if (ObfuscatingComparer.IsEqual(token, "accesskey123")) { return(Principal.Create("Custom", new Claim("customerid", "123"), new Claim("email", "*****@*****.**"))); } return(null); }, AuthenticationOptions.ForQueryString("key")); #endregion #region Client Certificate config.AddClientCertificate( ClientCertificateMode.ChainValidationWithIssuerSubjectName, "CN=PortableCA"); #endregion return(config); }
public static AuthenticationConfiguration CreateConfiguration() { var config = new AuthenticationConfiguration { DefaultAuthenticationScheme = "Basic", EnableSessionToken = true }; #region BasicAuthentication config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false); #endregion #region SimpleWebToken config.AddSimpleWebToken( issuer: "http://identity.thinktecture.com/trust", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("IdSrv")); #endregion #region JsonWebToken config.AddJsonWebToken( issuer: "http://selfissued.test", audience: Constants.Realm, signingKey: Constants.IdSrvSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("JWT")); #endregion #region IdentityServer SAML var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry(); idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv"); var idsrvConfig = new SecurityTokenHandlerConfiguration(); idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); idsrvConfig.IssuerNameRegistry = idsrvRegistry; idsrvConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml")); #endregion #region ADFS SAML var adfsRegistry = new ConfigurationBasedIssuerNameRegistry(); adfsRegistry.AddTrustedIssuer("8EC7F962CC083FF7C5997D8A4D5ED64B12E4C174", "ADFS"); adfsRegistry.AddTrustedIssuer("b6 93 46 34 7f 70 a9 c3 72 02 18 ae f1 82 2a 5c 97 b1 8c a5", "PETS ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm)); adfsConfig.IssuerNameRegistry = adfsRegistry; adfsConfig.CertificateValidator = X509CertificateValidator.None; config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml")); #endregion #region ACS SWT config.AddSimpleWebToken( issuer: "https://" + Constants.ACS + "/", audience: Constants.Realm, signingKey: Constants.AcsSymmetricSigningKey, options: AuthenticationOptions.ForAuthorizationHeader("ACS")); #endregion #region AccessKey config.AddAccessKey(token => { if (ObfuscatingComparer.IsEqual(token, "accesskey123")) { return(Principal.Create("Custom", new Claim("customerid", "123"), new Claim("email", "*****@*****.**"))); } return(null); }, AuthenticationOptions.ForQueryString("key")); #endregion #region Client Certificate config.AddClientCertificate( ClientCertificateMode.ChainValidationWithIssuerSubjectName, "CN=PortableCA"); #endregion return(config); }