예제 #1
0
        public void ConfigureAuth(IAppBuilder app)
        {
            //ApplicationDbContext db = new ApplicationDbContext();

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            // Default OWIN cookie manager fails, hence the need for a custom cookiemanager. See http://blogs.msdn.com/b/kaevans/archive/2015/03/23/using-openid-connect-with-sharepoint-apps.aspx and
            // https://katanaproject.codeplex.com/workitem/197 for more details.
            app.UseCookieAuthentication(new CookieAuthenticationOptions()
            {
                CookieManager = new SystemWebCookieManager()
            });

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    ClientId = clientId,
                    Authority = Authority,
                    PostLogoutRedirectUri = postLogoutRedirectUri,
                    TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
                    {
                        // instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
                        // we inject our own multitenant validation logic
                        ValidateIssuer = false,
                    },
                    Notifications = new OpenIdConnectAuthenticationNotifications()
                    {
                        RedirectToIdentityProvider = (context) =>
                        {
                            // This ensures that the address used for sign in and sign out is picked up dynamically from the request
                            // this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings
                            // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
                            string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
                            context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
                            context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
                            return Task.FromResult(0);
                        },

                        // we use this notification for injecting our custom logic
                        SecurityTokenValidated = (context) =>
                        {
                            // retriever caller data from the incoming principal
                            string issuer = context.AuthenticationTicket.Identity.FindFirst("iss").Value;
                            string UPN = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;
                            string Name= context.AuthenticationTicket.Identity.FindFirst("name").Value;
                            string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;

                            // add logic to validate which accounts are allowed in
                            var user = dbContext.UsersSets.Where(u => u.UPN.Equals(UPN, StringComparison.InvariantCultureIgnoreCase));
                            if (user == null || user.Count<UsersSet>() != 1)
                            {
                                var newuser = new UsersSet();
                                newuser.Name = Name;
                                newuser.UPN = UPN;
                                newuser.IsCoreMember = false;
                                newuser.SendTestResults = false;
                                newuser.IsEmailVerified = false;
                                newuser.IsAdmin = false;
                                dbContext.UsersSets.Add(newuser);
                                dbContext.SaveChanges();
                            }

                            return Task.FromResult(0);
                        },

                        AuthenticationFailed = (context) =>
                        {
                            // Call error action on home controller to have the default MVC error handling pick up the error
                            context.OwinContext.Response.Redirect("/TestRuns/Error?message=" + context.Exception.Message);
                            context.HandleResponse(); // Suppress the exception
                            return Task.FromResult(0);
                        }

                    }
                });
        }
예제 #2
0
        public void ConfigureAuth(IAppBuilder app)
        {
            //ApplicationDbContext db = new ApplicationDbContext();

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            // Default OWIN cookie manager fails, hence the need for a custom cookiemanager. See http://blogs.msdn.com/b/kaevans/archive/2015/03/23/using-openid-connect-with-sharepoint-apps.aspx and
            // https://katanaproject.codeplex.com/workitem/197 for more details.
            app.UseCookieAuthentication(new CookieAuthenticationOptions()
            {
                CookieManager = new SystemWebCookieManager()
            });

            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
            {
                ClientId                  = clientId,
                Authority                 = Authority,
                PostLogoutRedirectUri     = postLogoutRedirectUri,
                TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
                {
                    // instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
                    // we inject our own multitenant validation logic
                    ValidateIssuer = false,
                },
                Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    RedirectToIdentityProvider = (context) =>
                    {
                        // This ensures that the address used for sign in and sign out is picked up dynamically from the request
                        // this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings
                        // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
                        string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
                        context.ProtocolMessage.RedirectUri           = appBaseUrl + "/";
                        context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
                        return(Task.FromResult(0));
                    },

                    // we use this notification for injecting our custom logic
                    SecurityTokenValidated = (context) =>
                    {
                        // retriever caller data from the incoming principal
                        string issuer   = context.AuthenticationTicket.Identity.FindFirst("iss").Value;
                        string UPN      = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.Name).Value;
                        string Name     = context.AuthenticationTicket.Identity.FindFirst("name").Value;
                        string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;

                        // add logic to validate which accounts are allowed in
                        var user = dbContext.UsersSets.Where(u => u.UPN.Equals(UPN, StringComparison.InvariantCultureIgnoreCase));
                        if (user == null || user.Count <UsersSet>() != 1)
                        {
                            var newuser             = new UsersSet();
                            newuser.Name            = Name;
                            newuser.UPN             = UPN;
                            newuser.IsCoreMember    = false;
                            newuser.SendTestResults = false;
                            newuser.IsEmailVerified = false;
                            newuser.IsAdmin         = false;
                            dbContext.UsersSets.Add(newuser);
                            dbContext.SaveChanges();
                        }

                        return(Task.FromResult(0));
                    },

                    AuthenticationFailed = (context) =>
                    {
                        // Call error action on home controller to have the default MVC error handling pick up the error
                        context.OwinContext.Response.Redirect("/TestRuns/Error?message=" + context.Exception.Message);
                        context.HandleResponse();     // Suppress the exception
                        return(Task.FromResult(0));
                    }
                }
            });
        }