public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = "299ecf3a-7f6e-4286-a3f6-e778cded8184", Tenant = ConfigurationManager.AppSettings["ida:Tenant"], }); app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = ConfigurationManager.AppSettings["ida:Audience"], Tenant = ConfigurationManager.AppSettings["ida:Tenant"], }); }
private void ConfigureAuth(IAppBuilder app) { var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true, AllowAnyOrigin = true, SupportsCredentials = true }; var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; app.UseCors(corsOptions); app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["ida:tenant"], TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters { ValidAudience = ConfigurationManager.AppSettings["ida:audience"], ValidateAudience = true, ValidIssuer = ConfigurationManager.AppSettings["ida:issuer"], ValidateIssuer = true, ValidateLifetime = true } }); }
public void Configuration(IAppBuilder app) { if (!HasNoSecurityConfigured()) { Trace.TraceInformation("Using AAD middleware"); string audience = _configurationService.Get("ida.Audience"); string tenant = _configurationService.Get("ida.Tenant"); string aadInstance = _configurationService.Get("ida.AADInstance"); string metadataAddress = string.Format(aadInstance, tenant) + "/federationmetadata/2007-06/federationmetadata.xml"; app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new TokenValidationParameters { SaveSigninToken = true, ValidAudience = audience, ValidateIssuer = true, IssuerValidator = (string issuer, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return issuer; } }, Tenant = tenant, MetadataAddress = metadataAddress }); } Initialize(); app.Run(Invoke); }
public void WaadAuthenticationWithProviderConfiguration(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new TokenValidationParameters() { ValidAudience = "http://localhost/redirectUri" }, Tenant = "4afbc689-805b-48cf-a24c-d4aa3248a248", BackchannelCertificateValidator = new WaadCertificateValidator(), BackchannelHttpHandler = new WaadChannelHttpHandler(), }); app.Run(async context => { if (context.Authentication.User == null || !context.Authentication.User.Identity.IsAuthenticated) { context.Authentication.Challenge("Bearer"); await context.Response.WriteAsync("Unauthorized"); } else { if (!context.Get<bool>("OnRequestToken") || !context.Get<bool>("OnValidateIdentity")) { await context.Response.WriteAsync("Provider not invoked"); } else { await context.Response.WriteAsync("Bearer"); } } }); }
public void ConfigureAuth(IAppBuilder app) { var authUri = "https://login.windows.net"; app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["ida:Tenant"], TokenValidationParameters = new TokenValidationParameters { ValidAudience = ConfigurationManager.AppSettings["ida:Audience"] }, Provider = new OAuthBearerAuthenticationProvider { OnApplyChallenge = async(context) => { context.OwinContext.Response.Headers.Add("WWW-Authenticate", new string[1] { $"Bearer authorization_uri=\"{authUri}\"" }); }, OnValidateIdentity = async(context) => { //System.Diagnostics.Debugger.Launch(); //var authUserId = context.OwinContext.Authentication.User.Claims // .FirstOrDefault(c => c.Type.Equals("upn?!")); } }, }); }
public void Configuration(IAppBuilder app) { string audience = ConfigurationManager.AppSettings["ida:Audience"]; string tenant = ConfigurationManager.AppSettings["ida:Tenant"]; string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"]; if (!string.IsNullOrWhiteSpace(audience)) { string metadataAddress = string.Format(aadInstance, tenant) + "/federationmetadata/2007-06/federationmetadata.xml"; app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new TokenValidationParameters { ValidAudience = audience, ValidateIssuer = true, IssuerValidator = (string issuer, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return issuer; } }, Tenant = tenant, MetadataAddress = metadataAddress }); } app.Run(Invoke); }
public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieName = "WeAreSpecialToo" }); // Use Winodws Azure Active Directory Bearer Authentication // This allows access to SignalR using JSON Web Tokens (JWT) // Applications registered on the Active Directory may authenticate themselves using this method app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = tenantId, TokenValidationParameters = new TokenValidationParameters { ValidAudiences = new List <string> { ConfigurationManager.AppSettings["ida:PortalResourceId"] } } }); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, PostLogoutRedirectUri = postLogoutRedirectUri, RedirectUri = redirectUri }); }
public void ConfigureAuth(IAppBuilder app) { WindowsAzureActiveDirectoryBearerAuthenticationOptions options = new WindowsAzureActiveDirectoryBearerAuthenticationOptions(); options.Tenant = ConfigurationManager.AppSettings["ida:Tenant"]; options.TokenValidationParameters = new TokenValidationParameters { ValidateAudience = Convert.ToBoolean(ConfigurationManager.AppSettings["ida:ValidateAudience"]), //ValidAudience = ConfigurationManager.AppSettings["ida:Audience"], AudienceValidator = ((audiences, jwt, validationParameters) => { // Write some code here to validate the audiences in the audiences parameter return(true); }) }; options.Provider = new OAuthBearerAuthenticationProvider() { OnValidateIdentity = context => { // Add custom claims here context.Ticket.Identity.AddClaim( new Claim(ClaimTypes.Role, "Admin")); return(Task.FromResult(0)); } }; app.UseWindowsAzureActiveDirectoryBearerAuthentication(options); }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["ida:Tenant"], TokenValidationParameters = new TokenValidationParameters { SaveSigninToken = true, ValidAudience = ConfigurationManager.AppSettings["ida:Audience"] } }); try { app.UseActiveDirectoryFederationServicesBearerAuthentication( new ActiveDirectoryFederationServicesBearerAuthenticationOptions { MetadataEndpoint = ConfigurationManager.AppSettings["ida:AdfsMetadataEndpoint"], TokenValidationParameters = new TokenValidationParameters() { SaveSigninToken = true, ValidAudience = ConfigurationManager.AppSettings["ida:Audience"], // ValidIssuer = ConfigurationManager.AppSettings["ida:Issuer"] } } ); } catch (Exception ex) { Logger.Error("Authentication Error ADFS", ex); } }
public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["ida:Tenant"], TokenValidationParameters = new TokenValidationParameters { // Load all acceptable audiences ValidAudiences = new List <string> { ConfigurationManager.AppSettings["ida:ClientID"] }, }, // Adds WWW-Authenticate to auth endpoint in response headers. Provider = new OAuthBearerAuthenticationProvider { OnApplyChallenge = (context) => { context.OwinContext.Response.Headers.AppendValues( "WWW-Authenticate", $"Bearer authorization_uri=\"{ConfigurationManager.AppSettings["ida:AuthorizationUri"]}\", {context.Challenge}"); return(Task.FromResult(0)); }, OnValidateIdentity = (OAuthValidateIdentityContext context) => { return(Task.FromResult(0)); }, OnRequestToken = (OAuthRequestTokenContext context) => { return(Task.FromResult(0)); } }, }); }
public void WaadAuthenticationWithProviderConfiguration(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new TokenValidationParameters() { ValidAudience = "http://localhost/redirectUri" }, Tenant = "4afbc689-805b-48cf-a24c-d4aa3248a248", BackchannelCertificateValidator = new WaadCertificateValidator(), BackchannelHttpHandler = new WaadChannelHttpHandler(), }); app.Run(async context => { if (context.Authentication.User == null || !context.Authentication.User.Identity.IsAuthenticated) { context.Authentication.Challenge("Bearer"); await context.Response.WriteAsync("Unauthorized"); } else { if (!context.Get <bool>("OnRequestToken") || !context.Get <bool>("OnValidateIdentity")) { await context.Response.WriteAsync("Provider not invoked"); } else { await context.Response.WriteAsync("Bearer"); } } }); }
public void ConfigureAuth(IAppBuilder app) { //string validAudience = "https://microsoft.onmicrosoft.com/7c54ed50-8bba-42d9-ad6b-1150d4384d11"; //var tenant = validAudience.Substring(0, validAudience.LastIndexOf('/')); // app.UseWindowsAzureActiveDirectoryBearerAuthentication( // new WindowsAzureActiveDirectoryBearerAuthenticationOptions // { // Tenant = tenant.ToLower(CultureInfo.InvariantCulture).Replace("https://", ""), // TokenValidationParameters = new TokenValidationParameters // { // SaveSigninToken = true, // ValidAudience = validAudience.ToLower() // }, // }); app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = "72f988bf-86f1-41af-91ab-2d7cd011db47", TokenValidationParameters = new TokenValidationParameters { ValidAudience = "7c54ed50-8bba-42d9-ad6b-1150d4384d11", SaveSigninToken = true } }); }
public void Configuration(IAppBuilder app) { if (!HasNoSecurityConfigured()) { Trace.TraceInformation("Using AAD middleware"); string audience = _configurationService.Get("ida.Audience"); string tenant = _configurationService.Get("ida.Tenant"); string aadInstance = _configurationService.Get("ida.AADInstance"); string metadataAddress = string.Format(aadInstance, tenant) + "/federationmetadata/2007-06/federationmetadata.xml"; app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new TokenValidationParameters { SaveSigninToken = true, ValidAudience = audience, ValidateIssuer = true, IssuerValidator = (string issuer, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return(issuer); } }, Tenant = tenant, MetadataAddress = metadataAddress }); } Initialize(); app.Run(Invoke); }
public void Configuration(IAppBuilder app) { string audience = ConfigurationManager.AppSettings["ida:Audience"]; string tenant = ConfigurationManager.AppSettings["ida:Tenant"]; string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"]; if (!string.IsNullOrWhiteSpace(audience)) { string metadataAddress = string.Format(aadInstance, tenant) + "/federationmetadata/2007-06/federationmetadata.xml"; app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new TokenValidationParameters { ValidAudience = audience, ValidateIssuer = true, IssuerValidator = (string issuer, SecurityToken securityToken, TokenValidationParameters validationParameters) => { return(issuer); } }, Tenant = tenant, MetadataAddress = metadataAddress }); } app.Run(Invoke); }
/// <summary> /// Configures the authentication. /// </summary> /// <param name="app">The application.</param> private void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = applicationId, Authority = string.Format(aadInstance, tenantId), PostLogoutRedirectUri = postLogoutRedirectUri, RedirectUri = redirectUri, }); var tokenValidationParameter = new TokenValidationParameters(); tokenValidationParameter.ValidAudiences = new string[] { applicationId }; tokenValidationParameter.ValidateIssuer = false; app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = tokenValidationParameter, Tenant = tenantId, }); app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); }
public static void UseAuthentication(this IAppBuilder app, HttpConfiguration config) { var configuration = new SecurityConfigurationFactory().ReadFromConfigurationFile(); var authOptions = new AuthenticationOptionsFactory().Create(configuration); app.UseWindowsAzureActiveDirectoryBearerAuthentication(authOptions); }
public void ConfigureAuth(IAppBuilder app) { // [NOTE] Allow Cross-Origin Resource Sharing (CORS) from a JavaScript client (SPA web application). app.UseCors(CorsOptions.AllowAll); // [SCENARIO] OAuth 2.0 Bearer Token Authorization // Use bearer authentication with tokens coming from Azure Active Directory / AD FS. var tokenValidationParameters = new TokenValidationParameters { ValidAudience = SiteConfiguration.TodoListWebApiResourceId, // [NOTE] This ensures the token is actually intended for the current application SaveSigninToken = true, // [NOTE] This places the original token on the ClaimsIdentity.BootstrapContext NameClaimType = StsConfiguration.NameClaimType, RoleClaimType = StsConfiguration.RoleClaimType }; if (StsConfiguration.StsType == StsType.AzureActiveDirectory) { app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = tokenValidationParameters, Tenant = StsConfiguration.AadTenant }); } else { app.UseActiveDirectoryFederationServicesBearerAuthentication(new ActiveDirectoryFederationServicesBearerAuthenticationOptions { TokenValidationParameters = tokenValidationParameters, MetadataEndpoint = StsConfiguration.FederationMetadataUrl }); } }
// For more information on configuring authentication, please visit https://go.microsoft.com/fwlink/?LinkId=301864 public async void ConfigureAuth(IAppBuilder app) { app.UseCookieAuthentication(new CookieAuthenticationOptions() { AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType }); app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = azureAdSecrets.IdaTenant, Realm = azureAdSecrets.IdaAudienceOrAppIdUri, TokenValidationParameters = new TokenValidationParameters { RequireExpirationTime = true, ValidateLifetime = true, ValidateAudience = true, ValidAudiences = new List <string> { azureAdSecrets.IdaAudienceOrAppIdUri }, ValidateIssuer = true, ValidIssuers = new List <string> { azureAdSecrets.IdaIssuer }, }, }); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = azureAdSecrets.IdaClient, Authority = azureAdSecrets.IdaAuthority, TokenValidationParameters = new TokenValidationParameters { RequireExpirationTime = true, ValidateLifetime = true, ValidAudiences = new List <string> { azureAdSecrets.IdaAudienceOrAppIdUri, azureAdSecrets.IdaClient }, ValidateAudience = true, ValidateIssuer = true, ValidIssuer = azureAdSecrets.IdaIssuer, }, Notifications = new OpenIdConnectAuthenticationNotifications { RedirectToIdentityProvider = (context) => { var appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase; var idpRedirectUri = string.Format(azureAdSecrets.IdaRedirectUriPattern, context.Request.Host.Value + context.Request.PathBase.Value); context.ProtocolMessage.RedirectUri = idpRedirectUri; context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl; return(Task.FromResult(0)); }, } }); app.SetDefaultSignInAsAuthenticationType(OpenIdConnectAuthenticationDefaults.AuthenticationType); }
public static void SetUpAuthentication(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = "https://contoso7.onmicrosoft.com/RichAPI", Tenant = "contoso7.onmicrosoft.com" }); }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = ConfigurationManager.AppSettings["ida:Audience"], Tenant = ConfigurationManager.AppSettings["ida:Tenant"], }); }
public static void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = Constants.AUDIENCE, Tenant = Constants.TENANT, }); }
public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = ConfigurationManager.AppSettings["ida:Audience"], Tenant = ConfigurationManager.AppSettings["ida:Tenant"], }); }
public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = "https://rzdemos.onmicrosoft.com/groupgenius", Tenant = "rzdemos.com" }); }
public void ConfigureAuth(IAppBuilder app, IConfigurationProvider configProvider) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); // Primary authentication method for web site to Azure AD via the WsFederation below app.UseCookieAuthentication(new CookieAuthenticationOptions()); string federationMetadataAddress = configProvider.GetConfigurationSettingValue("ida.FederationMetadataAddress"); string federationRealm = configProvider.GetConfigurationSettingValue("ida.FederationRealm"); if (string.IsNullOrEmpty(federationMetadataAddress) || string.IsNullOrEmpty(federationRealm)) { throw new ApplicationException("Config issue: Unable to load required federation values from web.config or other configuration source."); } // check for default values that will cause app to fail to startup with an unhelpful 404 exception if (federationMetadataAddress.StartsWith("-- ", StringComparison.Ordinal) || federationRealm.StartsWith("-- ", StringComparison.Ordinal)) { throw new ApplicationException("Config issue: Default federation values from web.config need to be overridden or replaced."); } app.UseWsFederationAuthentication( new WsFederationAuthenticationOptions { MetadataAddress = federationMetadataAddress, Wtrealm = federationRealm }); string aadTenant = configProvider.GetConfigurationSettingValue("ida.AADTenant"); string aadAudience = configProvider.GetConfigurationSettingValue("ida.AADAudience"); if (string.IsNullOrEmpty(aadTenant) || string.IsNullOrEmpty(aadAudience)) { throw new ApplicationException("Config issue: Unable to load required AAD values from web.config or other configuration source."); } // check for default values that will cause failure if (aadTenant.StartsWith("-- ", StringComparison.Ordinal) || aadAudience.StartsWith("-- ", StringComparison.Ordinal)) { throw new ApplicationException("Config issue: Default AAD values from web.config need to be overridden or replaced."); } // Fallback authentication method to allow "Authorization: Bearer <token>" in the header for WebAPI calls app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = aadTenant, TokenValidationParameters = new TokenValidationParameters { ValidAudience = aadAudience, RoleClaimType = "http://schemas.microsoft.com/identity/claims/scope" // Used to unwrap token roles and provide them to [Authorize(Roles="")] attributes } }); }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = ConfigurationManager.AppSettings["ida:Audience"], Tenant = ConfigurationManager.AppSettings["ida:Tenant"], TokenValidationParameters = new TokenValidationParameters{ SaveSigninToken = true } }); }
public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = tenantId, TokenValidationParameters = new TokenValidationParameters { SaveSigninToken = true, ValidAudience = clientId } }); }
public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = SettingsHelper.ClientId, Tenant = SettingsHelper.Tenant, TokenValidationParameters = new TokenValidationParameters { SaveSigninToken = true } }); }
public void ConfigureAuth(IAppBuilder app) { //TODO: Replace the web config values with your client ID and audience after configuring the app in Azure AD app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = ConfigurationManager.AppSettings["ida:Audience"], Tenant = ConfigurationManager.AppSettings["ida:Tenant"] }); }
public void Configuration(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = "https://SalesApplication.onmicrosoft.com/NancyDemoServer", Tenant = "SalesApplication.onmicrosoft.com" }) .UseNancy(); }
public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = ConfigurationManager.AppSettings["ida:Audience"], Tenant = ConfigurationManager.AppSettings["ida:Tenant"], TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters() { ValidateIssuer = false } }); }
private void WSFedAuth(IAppBuilder app, IConfigurationProvider configProvider) { /* * string federationMetadataAddress = configProvider.GetConfigurationSettingValue("ida.FederationMetadataAddress"); * string federationRealm = configProvider.GetConfigurationSettingValue("ida.FederationRealm"); * * if (string.IsNullOrEmpty(federationMetadataAddress) || string.IsNullOrEmpty(federationRealm)) * { * throw new ApplicationException("Config issue: Unable to load required federation values from web.config or other configuration source."); * } * * // check for default values that will cause app to fail to startup with an unhelpful 404 exception * if (federationMetadataAddress.StartsWith("-- ", StringComparison.Ordinal) || * federationRealm.StartsWith("-- ", StringComparison.Ordinal)) * { * throw new ApplicationException("Config issue: Default federation values from web.config need to be overridden or replaced."); * } * * app.UseWsFederationAuthentication( * new WsFederationAuthenticationOptions * { * MetadataAddress = federationMetadataAddress, * Wtrealm = federationRealm * }); * */ string aadTenant = configProvider.GetConfigurationSettingValue("ida.AADTenant"); string aadAudience = configProvider.GetConfigurationSettingValue("ida.AADAudience"); if (string.IsNullOrEmpty(aadTenant) || string.IsNullOrEmpty(aadAudience)) { throw new ApplicationException("Config issue: Unable to load required AAD values from web.config or other configuration source."); } // check for default values that will cause failure if (aadTenant.StartsWith("-- ", StringComparison.Ordinal) || aadAudience.StartsWith("-- ", StringComparison.Ordinal)) { throw new ApplicationException("Config issue: Default AAD values from web.config need to be overridden or replaced."); } // Fallback authentication method to allow "Authorization: Bearer <token>" in the header for WebAPI calls app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = aadTenant, TokenValidationParameters = new TokenValidationParameters { ValidAudience = aadAudience, RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" // Used to unwrap token roles and provide them to [Authorize(Roles="")] attributes }, }); }
// For more information on configuring authentication, please visit https://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["ida:Tenant"], TokenValidationParameters = new TokenValidationParameters { ValidAudience = ConfigurationManager.AppSettings["ida:Audience"] }, }); }
public void ConfigAuth(IAppBuilder app) { // Asks for the bearer token issed by http://AzureADOpenIdWebApi.JohnsonAzureAD.onmicrosoft.com app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions() { Audience = "http://AzureADOpenIdWebApi.JohnsonAzureAD.onmicrosoft.com", Tenant = "JohnsonAzureAD.onmicrosoft.com" }); }
public static void Configure(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication ( new Microsoft.Owin.Security.ActiveDirectory.WindowsAzureActiveDirectoryBearerAuthenticationOptions() { Tenant = CloudConfigurationManager.GetSetting(Geres.Util.GlobalConstants.AZUREAD_ADTENANT_CONFIG), Audience = CloudConfigurationManager.GetSetting(Geres.Util.GlobalConstants.AZUREAD_ADAUDIENCEURI_CONFIG) } ); }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { ValidAudience = ConfigurationManager.AppSettings["AADAudience"] }, Tenant = ConfigurationManager.AppSettings["AADTenant"] }); }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = DashConfiguration.Tenant, TokenValidationParameters = new TokenValidationParameters { ValidAudience = DashConfiguration.ClientId, }, }); }
private void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters() { ValidAudience = ConfigurationManager.AppSettings["Audience"] , }, Tenant = ConfigurationManager.AppSettings["Tenant"] }); }
public void Configuration(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new TokenValidationParameters { ValidAudience = ConfigurationManager.AppSettings["ida:AudienceUri"] }, Tenant = ConfigurationManager.AppSettings["AzureADTenant"] }); }
public void Configuration(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = CloudConfigurationManager.GetSetting("idaTenant"), TokenValidationParameters = new TokenValidationParameters() { RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", ValidAudience = CloudConfigurationManager.GetSetting("idaAudience") } }); }
public void Configuration(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["idaTenant"], TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", ValidAudience = ConfigurationManager.AppSettings["idaAudience"] } }); }
public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new TokenValidationParameters { ValidAudience = CommonConfig.ClientID }, Tenant = CommonConfig.Tenant, }); }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = ConfigurationManager.AppSettings["ida:Audience"], Tenant = ConfigurationManager.AppSettings["ida:Tenant"], }); //app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); //app.UseCookieAuthentication(new CookieAuthenticationOptions()); //app.UseOpenIdConnectAuthentication( // new OpenIdConnectAuthenticationOptions // { // ClientId = clientId, // Authority = Authority, // //PostLogoutRedirectUri = postLogoutRedirectUri, // //Notifications = new OpenIdConnectAuthenticationNotifications() // //{ // // // // // // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. // // // // // AuthorizationCodeReceived = (context) => // // { // // var code = context.Code; // // ClientCredential credential = new ClientCredential(clientId, appKey); // // string userObjectID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; // // //AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectID)); // // AuthenticationContext authContext = new AuthenticationContext(Authority); // // //AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId); // // return Task.FromResult(0); // // }, // // AuthenticationFailed = context => // // { // // context.HandleResponse(); // // context.Response.Redirect("/Home/Error?message=" + context.Exception.Message); // // return Task.FromResult(0); // // } // //} // }); }
public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = SettingsHelper.Tenant, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { ValidAudience = SettingsHelper.Audience } }); }
public void ConfigureAuth(IAppBuilder app) { WindowsAzureActiveDirectoryBearerAuthenticationOptions options = new WindowsAzureActiveDirectoryBearerAuthenticationOptions() { Tenant = ConfigurationManager.AppSettings["aad:Audience"], TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters() { ValidAudience = ConfigurationManager.AppSettings["aad:Audience"] }, }; app.UseWindowsAzureActiveDirectoryBearerAuthentication(options); }
//Confgire the authentication for the controllers. public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { //Use the AD details to define how users are authenticated. Tenant = ConfigurationManager.AppSettings["ida:Tenant"], TokenValidationParameters = new TokenValidationParameters { ValidAudience = ConfigurationManager.AppSettings["ida:Audience"] }, }); }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { //Audience = ConfigurationManager.AppSettings["ida:Audience"], TokenValidationParameters = new TokenValidationParameters { ValidAudience = ConfigurationManager.AppSettings["ida:Audience"], RoleClaimType = "roles", ValidateIssuer = false }, Tenant = ConfigurationManager.AppSettings["ida:Tenant"], AuthenticationType = "OAuth2Bearer" }); }
public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); //Configure OpenIDConnect, register callbacks for OpenIDConnect Notifications app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = ConfigHelper.ClientId, Authority = String.Format(CultureInfo.InvariantCulture, ConfigHelper.AadInstance, "common"), PostLogoutRedirectUri = ConfigHelper.PostLogoutRedirectUri, RedirectUri = ConfigHelper.PostLogoutRedirectUri, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { ValidateIssuer = false }, Notifications = new OpenIdConnectAuthenticationNotifications { AuthorizationCodeReceived = OnAuthorizationCodeReceived, AuthenticationFailed = OnAuthenticationFailed, RedirectToIdentityProvider = OnRedirectToIdentityProvider, } }); app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { // Replace deprecated parameter with TVP.ValidAudience // //Audience = "https://strockisdevtwo.onmicrosoft.com/tdlr", Tenant = "dev.skwantoso.com", TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { ValidAudience = "https://dev.skwantoso.com/tdlr", ValidateIssuer = false, }, AuthenticationType = "AADBearer", }); }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { // Enable the application to use a cookie to store information for the signed in user app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login") }); // Use a cookie to temporarily store information about a user this.logging in with a third party this.login provider app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); // Uncomment the following lines to enable this.logging in with third party this.login providers ////app.UseMicrosoftAccountAuthentication( //// clientId: "", //// clientSecret: ""); ////app.UseTwitterAuthentication( //// consumerKey: "", //// consumerSecret: ""); ////app.UseFacebookAuthentication( //// appId: "", //// appSecret: ""); app.UseGoogleAuthentication(); app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = ConfigurationManager.AppSettings["ida:AudienceUri"], Realm = ConfigurationManager.AppSettings["ida:realm"], Tenant = "nbeniad.onmicrosoft.com", AuthenticationType = System.IdentityModel.Services.FederatedAuthentication.WSFederationAuthenticationModule.AuthenticationType, Description = new AuthenticationDescription { AuthenticationType = "Azure", Caption = "Azure" } }); }
public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); // Configure OpenIDConnect auth used for web app sign in app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = ConfigHelper.ClientId, Authority = String.Format(CultureInfo.InvariantCulture, ConfigHelper.AadInstance, "common"), PostLogoutRedirectUri = ConfigHelper.PostLogoutRedirectUri, RedirectUri = ConfigHelper.PostLogoutRedirectUri, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { ValidateIssuer = false }, Notifications = new OpenIdConnectAuthenticationNotifications { AuthorizationCodeReceived = OnAuthorizationCodeReceived, AuthenticationFailed = OnAuthenticationFailed, RedirectToIdentityProvider = OnRedirectToIdentityProvider, } }); // Configure OAuth Bearer auth for the web api app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { // Any real tenant value can be used here, it is only used for fetching the Azure AD global metadata Tenant = ConfigHelper.Tenant, Audience = ConfigHelper.TaskApiResourceId, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters { ValidateIssuer = false }, AuthenticationType = "AADBearer", }); }
public void Configuration(IAppBuilder app) { Log.Info("Initializing authentication configuration"); var container = (IContainer) Bootstrapper.Container; var config = container.GetInstance<AuthenticationConfiguration>(); if (!config.RequireAuthentication) { Log.Warn("Authentication is disabled in the API. If this is production, this is very bad."); return; } Log.DebugFormat("Configuring WAAD bearer auth with audience '{0}', and tenant '{1}'", config.DirectoryDomain, config.ApiAppId); app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = config.ApiAppId, Tenant = config.DirectoryDomain }); Log.InfoFormat("Authentication enabled using domain '{0}', and tenant '{1}'", config.DirectoryDomain, config.ApiAppId); }
public void ConfigureAuth(IAppBuilder app) { // AAD Bearer if (ConfigurationManager.ConnectionStrings["AADApp"] != null) { string aadapp = ConfigurationManager.ConnectionStrings["AADApp"].ConnectionString; dynamic aadapp_j = Newtonsoft.Json.JsonConvert.DeserializeObject(aadapp); string tenant = aadapp_j.tenant; string clientId = aadapp_j.clientId; app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = tenant, TokenValidationParameters = new TokenValidationParameters { ValidAudience = clientId } }); } // JWT Bearer if (ConfigurationManager.ConnectionStrings["JWTKey"] != null) { string key_s = ConfigurationManager.ConnectionStrings["JWTKey"].ConnectionString; byte[] key_b = new byte[key_s.Length * sizeof(char)]; System.Buffer.BlockCopy(key_s.ToCharArray(), 0, key_b, 0, key_b.Length); app.UseJwtBearerAuthentication( new Microsoft.Owin.Security.Jwt.JwtBearerAuthenticationOptions { TokenValidationParameters = new TokenValidationParameters { IssuerSigningToken = new BinarySecretSecurityToken(key_b), ValidIssuer = "SpSat", ValidateIssuer = true, ValidateAudience = false } }); } }
private void OnServiceStartup(IAppBuilder applicationBuilder, HttpConfiguration configuration) { logger.Info("OnServiceStartup.... ###############"); // pvs // IFilter is defined in System.Web.Http.dll. System.Web.Http.Filters.IFilter authorizationFilter = new System.Web.Http.AuthorizeAttribute(); // Defined in System.Web.Http.dll.configuration.Filters.Add(authorizationFilter); // SystemIdentityModel.Tokens.TokenValidationParameters is defined in // System.IdentityModel.Token.Jwt.dll. System.IdentityModel.Tokens.TokenValidationParameters tokenValidationParameters = new TokenValidationParameters() { ValidAudience = "00000002-0000-0000-c000-000000000000" }; // WindowsAzureActiveDirectoryBearerAuthenticationOptions is defined in // Microsoft.Owin.Security.ActiveDirectory.dll Microsoft.Owin.Security.ActiveDirectory. WindowsAzureActiveDirectoryBearerAuthenticationOptions authenticationOptions = new WindowsAzureActiveDirectoryBearerAuthenticationOptions() { TokenValidationParameters = tokenValidationParameters, Tenant = TENANT_ID // Substitute the appropriate tenant’s // identifier for this one. }; applicationBuilder.UseWindowsAzureActiveDirectoryBearerAuthentication(authenticationOptions); //~pvs }
private void OnServiceStartup( IAppBuilder applicationBuilder, HttpConfiguration configuration) { if (null == applicationBuilder) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameApplicationBuilder); } if (null == configuration) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameConfiguration); } if (null == this.windowsAzureActiveDirectoryBearerAuthenticationOptions) { return; } System.Web.Http.Filters.IFilter authorizationFilter = new AuthorizeAttribute(); configuration.Filters.Add(authorizationFilter); applicationBuilder .UseWindowsAzureActiveDirectoryBearerAuthentication( this.windowsAzureActiveDirectoryBearerAuthenticationOptions); }
public void Configuration(IAppBuilder app) { app.UseErrorPage(); // search test console app.Use(async (context, next) => { if (String.Equals(context.Request.Path.Value, "/console", StringComparison.OrdinalIgnoreCase)) { // Redirect to trailing slash to maintain relative links context.Response.Redirect(context.Request.PathBase + context.Request.Path + "/"); context.Response.StatusCode = 301; return; } else if (String.Equals(context.Request.Path.Value, "/console/", StringComparison.OrdinalIgnoreCase)) { context.Request.Path = new PathString("/console/Index.html"); } await next(); }); app.UseStaticFiles(new StaticFileOptions(new SharedOptions { RequestPath = new PathString("/console"), FileSystem = new EmbeddedResourceFileSystem(typeof(Startup).Assembly, "NuGet.Services.Metadata.Console") })); // AAD integration - adding this middleware gives us the claims string audience = _configurationService.Get("ida.Audience"); string tenant = _configurationService.Get("ida.Tenant"); string aadInstance = _configurationService.Get("ida.AADInstance"); string metadataAddress = string.Format(aadInstance, tenant) + "/federationmetadata/2007-06/federationmetadata.xml"; app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { TokenValidationParameters = new TokenValidationParameters { ValidAudience = audience, ValidateIssuer = true, IssuerValidator = (string issuer, SecurityToken securityToken, TokenValidationParameters validationParameters) => issuer }, Tenant = tenant, MetadataAddress = metadataAddress }); // start the service running - the Lucene index needs to be reopened regularly on a background thread string searchIndexRefresh = _configurationService.Get("Search.IndexRefresh") ?? "15"; int seconds; if (!int.TryParse(searchIndexRefresh, out seconds)) { seconds = 60; } _searcherManager = null; _gate = 0; _timer = new Timer(ReopenCallback, 0, 10, seconds * 1000); app.Run(Invoke); }
/// <summary> /// Starting point for configuring Authentication /// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 /// </summary> /// <param name="app">An appbuilder instance</param> /// <param name="authorizationOptions">The autorization options to use</param> public void ConfigureAuth(IAppBuilder app, AuthorizationOptions authorizationOptions) { app.UseBearerTokenAuthentication(authorizationOptions); app.UseWindowsAzureActiveDirectoryBearerAuthentication(authorizationOptions.AzureAdServerOptions); }
public void ConfigureAuth(IAppBuilder app) { //app.Run(context => //{ // return Task.FromResult(0); //}); app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, PostLogoutRedirectUri = postLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications { AuthenticationFailed = context => { context.HandleResponse(); context.Response.Redirect("/Error?message=" + context.Exception.Message); return Task.FromResult(0); }, SecurityTokenReceived = context => { return Task.FromResult(0); }, AuthorizationCodeReceived = context => { return Task.FromResult(0); }, MessageReceived = context => { return Task.FromResult(0); } } }); app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = "http://anandmsraazuretest.azurewebsites.net/", Tenant = "microsoft.com", AuthenticationType = "OAuth2Bearer", }); }