private static AuthenticationHandler GetDefaultAuthenticationHandler()
{
var authConfig = new AuthenticationConfiguration();
#region Basic Authentication
authConfig.AddBasicAuthentication((userName, password) => { return userName == password; });
#endregion
//#region SWT
//authConfig.Handler.AddSimpleWebToken(
// "SWT",
// Constants.Issuer,
// Constants.Realm,
// "Dc9Mpi3jbooUpBQpB/4R7XtUsa3D/ALSjTVvK8IUZbg=");
//#endregion
#region SAML2 tokens
var registry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer("D263DDCF598E716F0037380796A4A62DF017ADB8", "TEST");
var saml2Config = new SecurityTokenHandlerConfiguration();
saml2Config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://test"));
saml2Config.IssuerNameRegistry = registry;
saml2Config.CertificateValidator = X509CertificateValidator.None;
authConfig.AddSaml2(saml2Config, AuthenticationOptions.ForAuthorizationHeader("Saml2"));
#endregion
var authHandler = new AuthenticationHandler(authConfig);
return authHandler;
}
public static void Register(HttpConfiguration config)
{
var authNConfig = new AuthenticationConfiguration
{
SendWwwAuthenticateResponseHeaders = false,
RequireSsl = false
};
//authNConfig.AddJsonWebToken(
// "TODOApi",
// "http://tt.com/mobile/todos",
// ConfigurationManager.AppSettings["acsSigningKey"]);
authNConfig.AddJsonWebToken(
"http://identityserver.v2.thinktecture.com/trust/cw",
"http://tt.com/mobile/todos",
ConfigurationManager.AppSettings["oauthSigningKey"]);
authNConfig.AddBasicAuthentication(
(un, pw) => un == pw); // this is the super complex basic authentication validation logic :)
authNConfig.ClaimsAuthenticationManager =
FederatedAuthentication.FederationConfiguration
.IdentityConfiguration.ClaimsAuthenticationManager;
config.MessageHandlers.Add(new AuthenticationHandler(authNConfig));
config.Filters.Add(new ClaimsAuthorizeAttribute());
}
public static void BasicAuthentication()
{
using (var config = new HttpConfiguration())
using (var server = new HttpServer(config))
using (var client = new HttpClient(server))
{
config.Routes.MapHttpRoute(
name: "Api",
routeTemplate: "api/{controller}/{id}",
defaults: new {id = RouteParameter.Optional}
);
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = true,
ClaimsAuthenticationManager = FederatedAuthentication
.FederationConfiguration
.IdentityConfiguration
.ClaimsAuthenticationManager
};
// You can setup authentication against membership:
//authConfig.AddBasicAuthentication((username, password) =>
// Membership.ValidateUser(username, password));
authConfig.AddBasicAuthentication((username, password) =>
username == Helpers.__ && password == Helpers.__);
config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
client.DefaultRequestHeaders.Authorization =
new BasicAuthenticationHeaderValue("happy", "holidays");
using (var response = client.GetAsync("http://go.com/api/authenticationkoan").Result)
Helpers.AssertEquality(HttpStatusCode.OK, response.StatusCode);
}
}
public static void RegisterAuth(HttpConfiguration config)
{
// To let users of this site log in using their accounts from other sites such as Microsoft, Facebook, and Twitter,
// you must update this site. For more information visit http://go.microsoft.com/fwlink/?LinkID=252166
//OAuthWebSecurity.RegisterMicrosoftClient(
// clientId: "",
// clientSecret: "");
//OAuthWebSecurity.RegisterTwitterClient(
// consumerKey: "",
// consumerSecret: "");
//OAuthWebSecurity.RegisterFacebookClient(
// appId: "",
// appSecret: "");
//OAuthWebSecurity.RegisterGoogleClient();
var authConfig = new AuthenticationConfiguration();
authConfig.AddBasicAuthentication((userName, password) =>
{
return Membership.ValidateUser(userName, password);
});
authConfig.InheritHostClientIdentity = true;
config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
}
public static AuthenticationConfiguration CreateClientAuthConfig()
{
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = false,
};
// accept arbitrary credentials on basic auth header,
// validation will be done in the protocol endpoint
authConfig.AddBasicAuthentication((id, secret) => true, retainPassword: true);
return authConfig;
}
public static AuthenticationConfiguration CreateBasicAuthConfig(IConfigurationRepository configuration, IUserRepository userRepository)
{
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = false,
RequireSsl = !configuration.Global.DisableSSL,
ClaimsAuthenticationManager = new ClaimsTransformer()
};
authConfig.AddBasicAuthentication((userName, password) => userRepository.ValidateUser(userName, password));
return authConfig;
}
private static AuthenticationConfiguration CreateSessionTokenAuthenticationConfiguration()
{
var config = new AuthenticationConfiguration
{
RequireSsl = false,
EnableSessionToken = true
};
config.AddBasicAuthentication((u, p) => u == p);
return config;
}
private AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
EnableSessionToken = true,
RequireSsl = false,
SendWwwAuthenticateResponseHeaders = false
};
config.AddBasicAuthentication(UserCredentials.Validate);
return config;
}
private static AuthenticationConfiguration CreateSessionTokenAuthenticationConfiguration()
{
var config = new AuthenticationConfiguration
{
RequireSsl = false,
EnableSessionToken = true,
ClaimsAuthenticationManager = new ClaimsTransformer()
};
config.AddBasicAuthentication((u, p) => u == p);
return config;
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
var authentication = new AuthenticationConfiguration
{
ClaimsAuthenticationManager = new ClaimsTransformer(),
RequireSsl = false,
EnableSessionToken = true
};
#region Basic Authentication
authentication.AddBasicAuthentication(UserCredentials.Validate);
#endregion
#region IdentityServer JWT
//authentication.AddJsonWebToken(
// issuer: Constants.IdSrv.IssuerUri,
// audience: Constants.Audience,
// signingKey: Constants.IdSrv.SigningKey);
authentication.AddMsftJsonWebToken(
issuer: Constants.IdSrv.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.IdSrv.SigningKey);
#endregion
#region Access Control Service JWT
authentication.AddJsonWebToken(
issuer: Constants.ACS.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.ACS.SigningKey,
scheme: Constants.ACS.Scheme);
#endregion
#region IdentityServer SAML
authentication.AddSaml2(
issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
issuerName: Constants.IdSrv.IssuerUri,
audienceUri: Constants.Realm,
certificateValidator: X509CertificateValidator.None,
options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme),
scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme));
#endregion
#region Client Certificates
authentication.AddClientCertificate(ClientCertificateMode.ChainValidation);
#endregion
return authentication;
}
private static void setBasicAuthentication(HttpConfiguration config)
{
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = true,
ClaimsAuthenticationManager = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager
};
var service=ObjectFactory.Container.GetInstance<IDeveloperService>();
// setup authentication against membership
authConfig.AddBasicAuthentication((userName, password) => service.CheckUserKey(userName,password));
config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
}
private void RegisterAuth(HttpConfiguration config)
{
// NOTE: You need to get into the ASP.NET Web API pipeline
// in order to retrieve the session token.
// e.g: GET /token should get you the token but instead you get 404.
// but GET /api/token works as you are inside the ASP.NET Web API pipeline now.
var auth = new AuthenticationConfiguration {
// ClaimsAuthenticationManager = new ClaimsTransformer(),
DefaultAuthenticationScheme = "Basic",
EnableSessionToken = true // default lifetime is 10 hours
};
auth.AddBasicAuthentication(IsValid);
var authHandler = new AuthenticationHandler(auth);
config.MessageHandlers.Add(authHandler);
}
public static void Register(HttpConfiguration config)
{
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = true,
ClaimsAuthenticationManager = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager
};
// setup authentication against membership
authConfig.AddBasicAuthentication((userName, password) => Membership.ValidateUser(userName, password));
config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
var authentication = new AuthenticationConfiguration
{
ClaimsAuthenticationManager = new ClaimsTransformer(),
RequireSsl = false,
EnableSessionToken = true
};
#region Basic Authentication
authentication.AddBasicAuthentication((username, password)
=> UserCredentials.Validate(username, password));
#endregion
#region IdentityServer JWT
authentication.AddJsonWebToken(
Constants.IdSrv.IssuerUri,
Constants.Audience,
Constants.IdSrv.SigningKey);
#endregion
#region Access Control Service JWT
authentication.AddJsonWebToken(
Constants.ACS.IssuerUri,
Constants.Audience,
Constants.ACS.SigningKey,
AuthenticationOptions.ForAuthorizationHeader(Constants.ACS.Scheme));
#endregion
#region #IdentityServer SAML
authentication.AddSaml2(
issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
issuerName: Constants.IdSrv.IssuerUri,
audienceUri: Constants.Realm,
certificateValidator: X509CertificateValidator.None,
options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme));
#endregion
return authentication;
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
const string signingKey = "fWUU28oBOIcaQuwUKiL01KztD/CsZX83C3I0M1MOYN4=";
var confing = new SessionTokenConfiguration();
confing.Scheme = "Session";
confing.SigningKey = signingKey;
var authentication = new AuthenticationConfiguration
{
RequireSsl = false,
EnableSessionToken = true,
SessionToken = confing,
};
authentication.DefaultAuthenticationScheme = "Basic";
authentication.AddBasicAuthentication((username, password) => IsAuthenticated(username, password));
//Use this to prevent your browser showing the standard basic auth login dialog on failure.
authentication.SendWwwAuthenticateResponseHeader = false;
return authentication;
}
public static AuthenticationConfiguration CreateBasicAuthConfig(IUserRepository userRepository)
{
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = false,
DefaultAuthenticationScheme = "Basic",
ClaimsAuthenticationManager = new ClaimsTransformer()
};
authConfig.AddBasicAuthentication((userName, password) => userRepository.ValidateUser(userName, password));
return authConfig;
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
EnableSessionToken = true
};
#region BasicAuthentication
config.AddBasicAuthentication((userName, password) => userName == password);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
issuer: Constants.IdSrvIssuerName,
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
issuer: "http://selfissued.test",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ADFS SAML
var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS");
var adfsConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
adfsConfig.IssuerNameRegistry = adfsRegistry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
issuer: "https://" + Constants.ACS + "/",
audience: Constants.Realm,
signingKey: Constants.AcsSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
config.AddAccessKey(token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return Principal.Create("Custom",
new Claim("customerid", "123"),
new Claim("email", "*****@*****.**"));
}
return null;
}, AuthenticationOptions.ForQueryString("key"));
#endregion
return config;
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
};
#region BasicAuthentication
config.AddBasicAuthentication((userName, password) => userName == password);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
issuer: "http://localhost/idsrv/trust",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
issuer: "http://selfissued.test",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer("a90d2bc088d949d63321e1152065234c1acda7b1", "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
issuer: "https://" + Constants.ACS + "/",
audience: Constants.Realm,
signingKey: Constants.AcsSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
var handler = new SimpleSecurityTokenHandler(token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return IdentityFactory.Create("Custom",
new Claim("customerid", "123"),
new Claim("email", "*****@*****.**"));
}
return null;
});
config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key"));
#endregion
return config;
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
EnableSessionToken = true,
SetNoRedirectMarker = true
};
#region BasicAuthentication
config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
issuer: Constants.IdSrvIssuerName,
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
issuer: "http://selfissued.test",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region JsonWebToken Windows Store Client
config.AddJsonWebToken(
issuer: "http://identityserver45.thinktecture.com/trust/changethis",
audience: "https://test/rp/",
signingKey: "3ihK5qGVhp8ptIk9+TDucXQW4Aaengg3d5m6gU8nzc8=",
options: AuthenticationOptions.ForAuthorizationHeader("Win8"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ADFS SAML
var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS");
var adfsConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
adfsConfig.IssuerNameRegistry = adfsRegistry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
issuer: "https://" + Constants.ACS + "/",
audience: Constants.Realm,
signingKey: Constants.AcsSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
config.AddAccessKey(token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return Principal.Create("Custom",
new Claim("customerid", "123"),
new Claim("email", "*****@*****.**"));
}
return null;
}, AuthenticationOptions.ForQueryString("key"));
#endregion
#region Client Certificate
config.AddClientCertificate(
ClientCertificateMode.ChainValidationWithIssuerSubjectName,
"CN=PortableCA");
#endregion
return config;
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
};
#region Basic Authentication
config.AddBasicAuthentication((userName, password) => userName == password);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
"http://identity.thinktecture.com/trust",
Constants.Realm,
Constants.IdSrvSymmetricSigningKey,
AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
"http://selfissued.test",
Constants.Realm,
Constants.IdSrvSymmetricSigningKey,
AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
"https://" + Constants.ACS + "/",
Constants.Realm,
Constants.AcsSymmetricSigningKey,
AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
var handler = new SimpleSecurityTokenHandler("my access key", token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return new ClaimsIdentity(new Claim[]
{
new Claim("customerid", "123")
}, "Custom");
}
return null;
});
config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key"));
#endregion
return config;
}
/// <summary>
/// Create the configuration
/// </summary>
private static AuthenticationConfiguration CreateConfiguration()
{
AuthenticationConfiguration config = new AuthenticationConfiguration();
config.AddBasicAuthentication(CheckAuthentication);
return config;
}
public static AuthenticationConfiguration CreateClientAuthConfig(HttpConfiguration httpConfiguration, IConfigurationRepository configuration)
{
_logger.Info("Creating client auth configuration... ");
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = false,
RequireSsl = false,
//EnableSessionToken = true,
// DefaultAuthenticationScheme = JwtConstants.JWT,
};
// accept arbitrary credentials on basic auth header,
// validation will be done in the protocol endpoint
authConfig.AddBasicAuthentication((id, secret) => true, retainPassword: true);
authConfig.AddJsonWebToken(
issuer: configuration.Global.IssuerUri,
audience: FACCTS.Server.Common.Constants.RelyingParties.FACCTS,
signingKey: configuration.Keys.SymmetricSigningKey
);
httpConfiguration.MessageHandlers.Add(new AuthenticationHandler(authConfig));
_logger.Info("Client auth configuration done! ");
return authConfig;
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
EnableSessionToken = true
};
#region BasicAuthentication
config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
issuer: "http://identity.thinktecture.com/trust",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
issuer: "http://selfissued.test",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ADFS SAML
var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
adfsRegistry.AddTrustedIssuer("8EC7F962CC083FF7C5997D8A4D5ED64B12E4C174", "ADFS");
adfsRegistry.AddTrustedIssuer("b6 93 46 34 7f 70 a9 c3 72 02 18 ae f1 82 2a 5c 97 b1 8c a5", "PETS ADFS");
var adfsConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
adfsConfig.IssuerNameRegistry = adfsRegistry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
issuer: "https://" + Constants.ACS + "/",
audience: Constants.Realm,
signingKey: Constants.AcsSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
config.AddAccessKey(token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return Principal.Create("Custom",
new Claim("customerid", "123"),
new Claim("email", "*****@*****.**"));
}
return null;
}, AuthenticationOptions.ForQueryString("key"));
#endregion
#region Client Certificate
config.AddClientCertificate(
ClientCertificateMode.ChainValidationWithIssuerSubjectName,
"CN=PortableCA");
#endregion
return config;
}
public static AuthenticationConfiguration CreateBasicAuthConfig(IUserRepository userRepository)
{
_logger.Info("Creating basic auth configuration...");
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = false,
//RequireSsl = true,
ClaimsAuthenticationManager = new FACCTS.Server.Data.ClaimsTransformer()
};
authConfig.AddBasicAuthentication((userName, password) => userRepository.ValidateUser(userName, password));
_logger.Info("Basic auth configuration done!");
return authConfig;
}