public void Configuration(IAppBuilder app)
{
app.Map(string.Empty, idsrvApp =>
{
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.WriteTo.Trace()
.CreateLogger();
var idServerServiceFactory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(IdentityScopes.Get())
.UseInMemoryUsers(Users.Get());
var corsPolicyService = new DefaultCorsPolicyService()
{
AllowAll = true
};
idServerServiceFactory.CorsPolicyService = new
Registration <IdentityServer3.Core.Services.ICorsPolicyService>(corsPolicyService);
var options = new IdentityServerOptions
{
Factory = idServerServiceFactory,
SiteName = "Security Token Service",
IssuerUri = Constants.IssuerUri,
PublicOrigin = Constants.Origin,
SigningCertificate = LoadCertificate(),
AuthenticationOptions = new AuthenticationOptions
{
EnablePostSignOutAutoRedirect = true,
PostSignOutAutoRedirectDelay = 5
},
LoggingOptions = new LoggingOptions()
{
WebApiDiagnosticsIsVerbose = true,
EnableWebApiDiagnostics = true,
EnableKatanaLogging = true,
EnableHttpLogging = true
}
};
idsrvApp.UseIdentityServer(options);
});
}
public void Configuration(IAppBuilder app)
{
AntiForgeryConfig.UniqueClaimTypeIdentifier = Constants.ClaimTypes.Subject;
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>();
Common.Logging.Logger.Initialize(HostingEnvironment.ApplicationPhysicalPath + "errorLog.config");
app.MapSignalR();
app.Map(
pathMatch: "/identity",
configuration: idsrvApp =>
{
idsrvApp.UseIdentityServer(
new IdentityServerOptions
{
SiteName = "Embedded IdentityServer",
SigningCertificate = LoadCertificate(),
Factory = new IdentityServerServiceFactory()
.UseInMemoryUsers(IdentityUsers.Get())
.UseInMemoryClients(IdentityClients.Get())
.UseInMemoryScopes(IdentityScopes.Get()),
AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders
}
});
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://localhost:44392/identity",
ClientId = "mvc",
Scope = "openid profile roles sampleApi",
RedirectUri = "https://localhost:44392/",
ResponseType = "id_token token",
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false,
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = async n =>
{
// create new identity and set name and role claim type
var nid = new ClaimsIdentity(
n.AuthenticationTicket.Identity.AuthenticationType,
Constants.ClaimTypes.GivenName,
Constants.ClaimTypes.Role);
// get userinfo data
var userInfoClient = new UserInfoClient(n.Options.Authority + "/connect/userinfo");
var userInfo = await userInfoClient.GetAsync(n.ProtocolMessage.AccessToken);
userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Type, ui.Value)));
nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
// add access token for sample API
nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));
// keep track of access token expiration
nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString()));
// add some other app specific claim
////nid.AddClaim(new Claim("app_specific", "some data"));
n.AuthenticationTicket = new AuthenticationTicket(
nid,
n.AuthenticationTicket.Properties);
},
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
return(Task.FromResult(0));
}
}
});
}
public List <string> GetAllowedScopeNames()
{
return(IdentityScopes.Union(ApiScopes).Where(s => s.Checked).Select(s => s.Name).ToList());
}
