public static AuthenticationConfiguration CreateAuthenticationConfiguration(ILog log) { var authentication = new AuthenticationConfiguration { ClaimsAuthenticationManager = new ClaimsTransformer(), RequireSsl = false, EnableSessionToken = true }; #region Basic Authentication authentication.AddBasicAuthentication(UserCredentials.Validate); log.Info("Configurada autenticación básica."); #endregion #region IdentityServer JWT //authentication.AddJsonWebToken( // issuer: Constants.IdSrv.IssuerUri, // audience: Constants.Audience, // signingKey: Constants.IdSrv.SigningKey); authentication.AddMsftJsonWebToken( issuer: Constants.IdSrv.IssuerUri, audience: Constants.Audience, signingKey: Constants.IdSrv.SigningKey); log.Info("Configurado IdentityServer JWT."); #endregion #region Access Control Service JWT authentication.AddJsonWebToken( issuer: Constants.ACS.IssuerUri, audience: Constants.Audience, signingKey: Constants.ACS.SigningKey, scheme: Constants.ACS.Scheme); log.Info("Configurado Access Control Service JWT."); #endregion #region IdentityServer SAML authentication.AddSaml2( issuerThumbprint: Constants.IdSrv.SigningCertThumbprint, issuerName: Constants.IdSrv.IssuerUri, audienceUri: Constants.Realm, certificateValidator: X509CertificateValidator.None, options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme), scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme)); log.Info("Configurado IdentityServer SAML."); #endregion #region Client Certificates authentication.AddClientCertificate(ClientCertificateMode.ChainValidation); log.Info("Configurado Client Certificate."); #endregion // OLL: Reeemplazo la session key generada automaticamente. Tendría que haber una variable de web.config para indicar si la quiero random o fija // y obtener la key del config; authentication.SessionToken.SigningKey = Constants.SessionKey; log.Info("Configurada Clave."); return(authentication); }
public static void AddMsftJsonWebToken( this AuthenticationConfiguration configuration, string issuer, string audience, X509Certificate2 signingCert) { configuration.AddMsftJsonWebToken( issuer, audience, signingCert, AuthenticationOptions.ForAuthorizationHeader(JwtConstants.Bearer), AuthenticationScheme.SchemeOnly(JwtConstants.Bearer)); }
private static AuthenticationConfiguration CreateAuthenticationConfiguration() { var authentication = new AuthenticationConfiguration { ClaimsAuthenticationManager = new ClaimsTransformer(), RequireSsl = false, EnableSessionToken = true }; #region Basic Authentication authentication.AddBasicAuthentication(UserCredentials.Validate); #endregion #region IdentityServer JWT //authentication.AddJsonWebToken( // issuer: Constants.IdSrv.IssuerUri, // audience: Constants.Audience, // signingKey: Constants.IdSrv.SigningKey); authentication.AddMsftJsonWebToken( issuer: Constants.IdSrv.IssuerUri, audience: Constants.Audience, signingKey: Constants.IdSrv.SigningKey); #endregion #region Access Control Service JWT authentication.AddJsonWebToken( issuer: Constants.ACS.IssuerUri, audience: Constants.Audience, signingKey: Constants.ACS.SigningKey, scheme: Constants.ACS.Scheme); #endregion #region IdentityServer SAML authentication.AddSaml2( issuerThumbprint: Constants.IdSrv.SigningCertThumbprint, issuerName: Constants.IdSrv.IssuerUri, audienceUri: Constants.Realm, certificateValidator: X509CertificateValidator.None, options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme), scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme)); #endregion #region Client Certificates authentication.AddClientCertificate(ClientCertificateMode.ChainValidation); #endregion return(authentication); }
public static void Register(HttpConfiguration config) { var idsvrId = "http://idsrv.local/trust"; var cert = X509.LocalMachine.TrustedPeople.SubjectDistinguishedName.Find("CN=sts", false).Single(); { var authConfig = new AuthenticationConfiguration(); authConfig.AddMsftJsonWebToken( idsvrId, "http://localhost/rp-adfs-webapi1", cert); var authHandler = new AuthenticationHandler(authConfig, config); config.Routes.MapHttpRoute( name: "test1", routeTemplate: "api/test1", defaults: new { controller = "Test1" }, constraints: null, handler: authHandler ); } { var authConfig = new AuthenticationConfiguration(); authConfig.AddMsftJsonWebToken( idsvrId, "http://localhost/rp-adfs-webapi2", cert); var authHandler = new AuthenticationHandler(authConfig, config); config.Routes.MapHttpRoute( name: "test2", routeTemplate: "api/test2", defaults: new { controller = "Test2" }, constraints: null, handler: authHandler ); } }