public void ConfigureAuth(IAppBuilder app) { var cookieOption = new CookieAuthenticationOptions { AuthenticationType = "Federation", Provider = new CookieAuthenticationProvider { OnApplyRedirect = c => { }, OnException = e => { }, OnResponseSignedIn = c => { }, OnResponseSignIn = c => { }, OnResponseSignOut = c => { }, OnValidateIdentity = c => { return(Task.CompletedTask); } }, }; app.UseCookieAuthentication(cookieOption); //app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); //OAuth2 bearer token middleware var resolver = ApplicationConfiguration.Instance.DependencyResolver; var optionProvider = resolver.Resolve <IAuthorizationServerOptionsProvider <OAuthAuthorizationServerOptions> >(); var options = optionProvider.GetOptions(); options.AccessTokenFormat = new JSonDataFormat(); Startup.OAuthOptions = options; // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthOptions); //SSOAuthenticationExtensions.UseSaml2SSOAuthentication(app, assertionEndpoints: "/api/Account/SSOLogon") SSOAuthenticationExtensions.UseSaml2SSOAuthentication(app); SSOAuthenticationExtensions.UseMetadataMiddleware(app, "/sp/metadata", MetadataType.SP, resolver); SSOAuthenticationExtensions.RegisterDiscoveryService(app, resolver); SSOAuthenticationExtensions.RegisterLogger(app, resolver); SLOAuthenticationExtensions.UseSaml2SLOAuthentication(app); //SLOAuthenticationExtensions.RegisterLogger(app,resolver); }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { // Configure the db context and user manager to use a single instance per request app.CreatePerOwinContext(ApplicationDbContext.Create); app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create); // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); // Configure the application for OAuth based flow PublicClientId = "self"; var resolver = ApplicationConfiguration.Instance.DependencyResolver; var optionProvider = resolver.Resolve <IAuthorizationServerOptionsProvider <OAuthAuthorizationServerOptions> >(); OAuthOptions = optionProvider.GetOptions(); // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthOptions); //Shibboleth middleware, test metadata SSOAuthenticationExtensions.UseShibbolethAuthentication(app, "testShib"); //Shibboleth middleware, localhost metadata metadata //SSOAuthenticationExtensions.UseShibbolethAuthentication(app, "imperial.ac.uk"); // Uncomment the following lines to enable logging in with third party login providers //app.UseMicrosoftAccountAuthentication( // clientId: "", // clientSecret: ""); //app.UseTwitterAuthentication( // consumerKey: "", // consumerSecret: ""); //app.UseFacebookAuthentication( // appId: "", // appSecret: ""); //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions() //{ // ClientId = "", // ClientSecret = "" //}); }
public void Configuration(IAppBuilder app) { var resolver = ApplicationConfiguration.Instance.DependencyResolver; SSOAuthenticationExtensions.UseMetadataMiddleware(app, "/idp/metadata", MetadataType.Idp, resolver); SSOAuthenticationExtensions.RegisterDiscoveryService(app, resolver); var optionProvider = resolver.Resolve <IAuthorizationServerOptionsProvider <OAuthAuthorizationServerOptions> >(); var OAuthOptions = optionProvider.GetOptions(); // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthOptions); app.Map(new PathString("/api/sso/signon"), a => { a.Run(async c => { var ticket = await c.Authentication.AuthenticateAsync("Bearer"); if (ticket == null || !ticket.Identity.IsAuthenticated) { c.Response.StatusCode = 403; return; } var state = c.Request.Query.Get("state"); var outboudContext = new HttpPostResponseOutboundContext(new SAMLForm()) { BindingContext = new BindingContext(new Dictionary <string, object>(), new Uri("http://localhost:60879/api/Account/SSOLogon")) }; outboudContext.DespatchDelegate = async form => { await c.Response.WriteAsync(form.ToString()); //return Task.CompletedTask; }; var protocolFactory = resolver.Resolve <Func <string, IProtocolHandler> >(); var protocolHanlder = protocolFactory(Bindings.Http_Post); await protocolHanlder.HandleOutbound(new SamlProtocolContext { RequestContext = outboudContext }); }); }); //owin middleware mock to parse auth request get the sp metadata and verrify the signarure //to be implementaed as OWIN middleware with handler and protocol handler. app.Map(new PathString("/sso/login"), a => { a.Run(async c => { var elements = c.Request.Query; var queryStringRaw = c.Request.QueryString.Value; var decoder = resolver.Resolve <IBindingDecoder <Uri> >(); var message = await decoder.Decode(c.Request.Uri); var form = elements.ToDictionary(k => k.Key, v => v.Value.First()); var state = form[HttpRedirectBindingConstants.RelayState]; var context = new HttpRedirectInboundContext { Message = message, HanlerAction = () => { //var id = Guid.NewGuid(); var urlBase = c.Request.Uri.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped); c.Response.Redirect(String.Format("https://localhost:44342/client?returnUrl={0}{1}&state={2}", urlBase, "/api/sso/signon", state)); }, DescriptorResolver = m => { var factory = resolver.Resolve <Func <Type, IMetadataHandler> >(); var metadataType = m.GetType(); var handlerType = typeof(IMetadataHandler <>).MakeGenericType(metadataType); var handler = factory(handlerType); if (handler == null) { throw new InvalidOperationException(String.Format("Handler must implement: {0}", typeof(IMetadataHandler).Name)); } return(handler.GetServiceProviderSingleSignOnDescriptor(m) .Single() .Roles.Single()); } }; //await parser.Parse(context); var protocolFactory = resolver.Resolve <Func <string, IProtocolHandler> >(); var protocolHanlder = protocolFactory(Bindings.Http_Redirect); await protocolHanlder.HandleInbound(new SamlProtocolContext { ResponseContext = context }); }); }); }