/// <summary> /// Creates a session cookie meant to be used to hold the generated JSON Web Token and appends it to the response. /// </summary> /// <param name="cookieValue">The cookie value.</param> private void CreateJwtCookieAndAppendToResponse(string cookieValue) { CookieBuilder cookieBuilder = new RequestPathBaseCookieBuilder { Name = _generalSettings.JwtCookieName, //// To support OAuth authentication, a lax mode is required, see https://github.com/aspnet/Security/issues/1231. SameSite = SameSiteMode.Lax, HttpOnly = true, SecurePolicy = CookieSecurePolicy.Always, IsEssential = true, Domain = _generalSettings.HostName }; CookieOptions cookieOptions = cookieBuilder.Build(HttpContext); ICookieManager cookieManager = new ChunkingCookieManager(); cookieManager.AppendResponseCookie( HttpContext, cookieBuilder.Name, cookieValue, cookieOptions); ApplyHeaders(); }
/// <summary> /// Initializes a new instance of the <see cref="Saml2Options" /> class. /// </summary> public Saml2Options() { ForwardChallenge = AuthenticationScheme; SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; SignOutScheme = AuthenticationScheme; AuthenticationScheme = Saml2Defaults.AuthenticationScheme; SignOutPath = new PathString("/signedout"); CallbackPath = new PathString("/saml2-signin"); DefaultRedirectUrl = new PathString("/"); RequireHttpsMetadata = true; ForceAuthn = true; NameIDType = new NameIDType(); IsPassive = false; DefaultMetadataFolderLocation = "wwwroot"; DefaultMetadataFileName = "Metadata"; CreateMetadataFile = false; ServiceProvider = new ServiceProviderInfo() { CertificateIdentifierType = X509FindType.FindBySerialNumber, CertificateStoreName = StoreName.Root, CertificateStoreLocation = StoreLocation.LocalMachine, HashAlgorithm = HashAlgorithmName.SHA256, AssertionConsumerServices = new IndexedEndpointType[] { new IndexedEndpointType() { Binding = ProtocolBindings.HTTP_Post, //must only allow POST index = 0, isDefault = true, isDefaultSpecified = true } }, SingleLogoutServices = new EndpointType[] { new EndpointType() { Binding = ProtocolBindings.HTTP_Post //must only allow Post back to sp } } }; WantAssertionsSigned = false; RequireMessageSigned = false; RequestIdCookieLifetime = TimeSpan.FromMinutes(10); RequestCookieId = new RequestPathBaseCookieBuilder() { HttpOnly = true, SameSite = SameSiteMode.None, SecurePolicy = CookieSecurePolicy.SameAsRequest, Expiration = RequestIdCookieLifetime }; Events = new Saml2Events(); AllowUnsolicitedLogins = false; }
/// <summary> /// Creates a session cookie meant to be used to hold the generated JSON Web Token and appends it to the response. /// </summary> /// <param name="cookieValue">The cookie value.</param> private void CreateJwtCookieAndAppendToResponse(string cookieValue) { CookieBuilder cookieBuilder = new RequestPathBaseCookieBuilder { Name = "AltinnStudioRuntime", SameSite = SameSiteMode.Lax, HttpOnly = true, SecurePolicy = CookieSecurePolicy.None, IsEssential = true, Domain = _generalSettings.HostName, Expiration = new TimeSpan(0, 1337, 0) }; CookieOptions cookieOptions = cookieBuilder.Build(HttpContext); ICookieManager cookieManager = new ChunkingCookieManager(); cookieManager.AppendResponseCookie( HttpContext, cookieBuilder.Name, cookieValue, cookieOptions); }