// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
var microsoftOnlineOptions = new MicrosoftOnlineAuthenticationOptions {
ClientId = "",
ClientSecret = "",
Provider = new MicrosoftOnlineAuthenticationProvider()
};
microsoftOnlineOptions.Scope.Add("https://outlook.office.com/Mail.ReadWrite");
microsoftOnlineOptions.Scope.Add("https://outlook.office.com/Calendars.ReadWrite");
microsoftOnlineOptions.Scope.Add("https://outlook.office.com/Contacts.ReadWrite");
microsoftOnlineOptions.Scope.Add("offline_access");
microsoftOnlineOptions.Scope.Add("openid");
app.UseMicrosoftOnlineAuthentication(microsoftOnlineOptions);
var azureAdOptions = new AzureADAuthenticationOptions {
ClientId = "",
ClientSecret = "",
Provider = new AzureADAuthenticationProvider()
};
// if an Office 365 subscription is attached to the Azure AD tenant you can ask for
// resource "https://outlook.office365.com/" and get access to Office 365 REST APIs
azureAdOptions.Resource.Add("https://graph.windows.net/");
app.UseAzureADAuthentication(azureAdOptions);
}
public static IAppBuilder UseStardustAzureAd(this IAppBuilder app, Func<Microsoft.Owin.IOwinContext, Task> handler = null, string tokenEncryptionKey = null)
{
app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
AuthenticationMode = AuthenticationMode.Active,
CookieName = ".sd.ec",
ExpireTimeSpan = TimeSpan.FromMinutes(5),
CookieManager = new SystemWebCookieManager(),
SlidingExpiration = true,
CookieSecure = CookieSecureOption.Always,
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = context =>
{
context.ReplaceIdentity(context.Identity);
return Task.FromResult(0);
},
OnResponseSignIn = context =>
{
Logging.DebugMessage(context.AuthenticationType);
}
},
LoginPath = PathString.FromUriComponent("/auth/login"),
LogoutPath = PathString.FromUriComponent("/auth/logout"),
});
var identitySettings = RuntimeFactory.Current.Context.GetServiceConfiguration().IdentitySettings;
var options = new AzureADAuthenticationOptions
{
ClientId = ClientId,
ClientSecret = ClientSecret,
AuthenticationMode = AuthenticationMode.Passive,
Provider = new AzureADAuthenticationProvider
{
OnAuthenticated = context =>
{
context.Identity.AddClaim(new Claim("AccessToken", context.AccessToken));
context.Identity.AddClaim(new Claim("RefreshToken", context.RefreshToken));
return Task.FromResult(0);
},
},
Resource = { identitySettings.Realm },
};
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Passive,
SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
ClientId = ClientId,
Authority = identitySettings.IssuerAddress.StartsWith("https://") ? identitySettings.IssuerAddress : "https://" + identitySettings.IssuerAddress,
//MetadataAddress = identitySettings.MetadataUrl.StartsWith("https://") ? identitySettings.MetadataUrl : "https://" + identitySettings.MetadataUrl ,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = context =>
{
if (context.OwinContext.Request.User.Identity.IsAuthenticated)
{
return Task.FromResult(0);
}
var code = context.Code;
var credential = new ClientCredential(ClientId, ClientSecret);
var authContext = new AuthenticationContext(identitySettings.IssuerAddress, new NativeTokenCache());
var result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, "https://graph.windows.net");
var principal = new ClaimsPrincipal(context.AuthenticationTicket.Identity);
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
context.OwinContext.Authentication.SignIn((ClaimsIdentity)principal.Identity);
return Task.FromResult(0);
},
RedirectToIdentityProvider = (context) =>
{
if (context.OwinContext.Authentication.AuthenticationResponseChallenge != null)
{
if (context.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary.ContainsKey(ResourceKey))
{
context.ProtocolMessage.Resource = context.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary[ResourceKey];
}
}
return Task.FromResult(0);
}
}
});
app.UseAzureADAuthentication(options);
new SetupContext(null).MakeOAuthAwareService();
return app;
}
public static IAppBuilder UseStardustAzureAd(this IAppBuilder app, Func <Microsoft.Owin.IOwinContext, Task> handler = null, string tokenEncryptionKey = null)
{
app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
AuthenticationMode = AuthenticationMode.Active,
CookieName = ".sd.ec",
ExpireTimeSpan = TimeSpan.FromMinutes(5),
CookieManager = new SystemWebCookieManager(),
SlidingExpiration = true,
CookieSecure = CookieSecureOption.Always,
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = context =>
{
context.ReplaceIdentity(context.Identity);
return(Task.FromResult(0));
},
OnResponseSignIn = context =>
{
Logging.DebugMessage(context.AuthenticationType);
}
},
LoginPath = PathString.FromUriComponent("/auth/login"),
LogoutPath = PathString.FromUriComponent("/auth/logout"),
});
var identitySettings = RuntimeFactory.Current.Context.GetServiceConfiguration().IdentitySettings;
var options = new AzureADAuthenticationOptions
{
ClientId = ClientId,
ClientSecret = ClientSecret,
AuthenticationMode = AuthenticationMode.Passive,
Provider = new AzureADAuthenticationProvider
{
OnAuthenticated = context =>
{
context.Identity.AddClaim(new Claim("AccessToken", context.AccessToken));
context.Identity.AddClaim(new Claim("RefreshToken", context.RefreshToken));
return(Task.FromResult(0));
},
},
Resource = { identitySettings.Realm },
};
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Passive,
SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
ClientId = ClientId,
Authority = identitySettings.IssuerAddress.StartsWith("https://") ? identitySettings.IssuerAddress : "https://" + identitySettings.IssuerAddress,
//MetadataAddress = identitySettings.MetadataUrl.StartsWith("https://") ? identitySettings.MetadataUrl : "https://" + identitySettings.MetadataUrl ,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = context =>
{
if (context.OwinContext.Request.User.Identity.IsAuthenticated)
{
return(Task.FromResult(0));
}
var code = context.Code;
var credential = new ClientCredential(ClientId, ClientSecret);
var authContext = new AuthenticationContext(identitySettings.IssuerAddress, new NativeTokenCache());
var result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, "https://graph.windows.net");
var principal = new ClaimsPrincipal(context.AuthenticationTicket.Identity);
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
context.OwinContext.Authentication.SignIn((ClaimsIdentity)principal.Identity);
return(Task.FromResult(0));
},
RedirectToIdentityProvider = (context) =>
{
if (context.OwinContext.Authentication.AuthenticationResponseChallenge != null)
{
if (context.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary.ContainsKey(ResourceKey))
{
context.ProtocolMessage.Resource = context.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary[ResourceKey];
}
}
return(Task.FromResult(0));
}
}
});
app.UseAzureADAuthentication(options);
new SetupContext(null).MakeOAuthAwareService();
return(app);
}
