private static CookieAuthenticationOptions GetCookieOptions(CloudFoundryOptions options) { var cookieOptions = new CookieAuthenticationOptions() { AuthenticationScheme = CloudFoundryOptions.AUTHENTICATION_SCHEME, AutomaticAuthenticate = true, AutomaticChallenge = false, CookieName = CloudFoundryOptions.AUTHENTICATION_SCHEME }; if (options.AccessDeniedPath != null) { cookieOptions.AccessDeniedPath = options.AccessDeniedPath; } if (options.TokenValidator != null) { cookieOptions.Events = new CookieAuthenticationEvents() { OnValidatePrincipal = options.TokenValidator.ValidateCookieAsync }; } return(cookieOptions); }
public CloudFoundryTokenValidator(CloudFoundryOptions options) { if (options == null) { throw new ArgumentNullException(nameof(options)); } Options = options; }
public CloudFoundryTokenKeyResolver(CloudFoundryOptions options) { if (options == null) { throw new ArgumentNullException(nameof(options)); } Options = options; Resolved = new Dictionary <string, SecurityKey>(); }
public static IApplicationBuilder UseCloudFoundryAuthentication(this IApplicationBuilder builder) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } CloudFoundryOptions options = UpdateCloudFoundryOptions(builder, new CloudFoundryOptions()); options.TokenValidationParameters = GetTokenValidationParameters(options); var cookieOptions = GetCookieOptions(options); builder.UseCookieAuthentication(cookieOptions); return(builder.UseMiddleware <CloudFoundryMiddleware>(Options.Create(options))); }
private static JwtBearerOptions GetJwtBearerOptions(CloudFoundryOptions options) { if (options.JwtBearerOptions != null) { return(options.JwtBearerOptions); } var tokenParameters = GetTokenValidationParameters(options); tokenParameters.ValidateAudience = false; tokenParameters.AudienceValidator = null; var bearerOpts = new JwtBearerOptions() { ClaimsIssuer = options.ClaimsIssuer, TokenValidationParameters = tokenParameters, Events = new CloudFoundryJwtBearerEvents() }; return(bearerOpts); }
private static TokenValidationParameters GetTokenValidationParameters(CloudFoundryOptions options) { if (options.TokenValidationParameters != null) { return(options.TokenValidationParameters); } var parameters = new TokenValidationParameters(); options.TokenKeyResolver = new CloudFoundryTokenKeyResolver(options); options.TokenValidator = new CloudFoundryTokenValidator(options); parameters.ValidateAudience = true; parameters.ValidateIssuer = true; parameters.ValidateLifetime = true; parameters.IssuerSigningKeyResolver = options.TokenKeyResolver.ResolveSigningKey; parameters.IssuerValidator = options.TokenValidator.ValidateIssuer; parameters.AudienceValidator = options.TokenValidator.ValidateAudience; return(parameters); }
public static IApplicationBuilder UseCloudFoundryJwtAuthentication(this IApplicationBuilder builder, CloudFoundryOptions options) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (options == null) { throw new ArgumentNullException(nameof(options)); } options = UpdateCloudFoundryOptions(builder, options); var bearerOpts = GetJwtBearerOptions(options); return(builder.UseJwtBearerAuthentication(bearerOpts)); }
private static CloudFoundryOptions UpdateCloudFoundryOptions(IApplicationBuilder builder, CloudFoundryOptions cloudOpts) { var iopts = builder.ApplicationServices.GetService(typeof(IOptions <OAuthServiceOptions>)) as IOptions <OAuthServiceOptions>; var signonOpts = iopts?.Value; cloudOpts.UpdateOptions(signonOpts); cloudOpts.BackchannelHttpHandler = cloudOpts.GetBackChannelHandler(); return(cloudOpts); }