protected virtual void UseJwtBearerAuthentication(IAppBuilder owinApp)
{
string issuerName = AppEnvironment.GetSsoIssuerName();
JwtBearerAuthenticationOptions jwtBearerAuthenticationOptions = new JwtBearerAuthenticationOptions
{
AllowedAudiences = new[] { $"{issuerName}/resources" },
IssuerSecurityKeyProviders = new[]
{
new X509CertificateSecurityKeyProvider(issuerName, AppCertificatesProvider.GetSingleSignOnCertificate())
}
};
if (PlatformUtilities.IsRunningOnMono)
{
jwtBearerAuthenticationOptions.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = false,
ValidIssuer = issuerName,
ValidAudience = $"{issuerName}/resources",
IssuerSigningKey = new X509SecurityKey(AppCertificatesProvider.GetSingleSignOnCertificate()),
SignatureValidator = (token, parameters) =>
{
JwtSecurityToken jwt = new JwtSecurityToken(token);
return(jwt);
}
};
}
owinApp.UseJwtBearerAuthentication(jwtBearerAuthenticationOptions);
}
protected virtual void UseJwtBearerAuthentication(IAppBuilder owinApp)
{
string issuerName = AppEnvironment.GetSsoIssuerName();
RsaSecurityKey issuerSigningKey = new RsaSecurityKey(AppCertificatesProvider.GetSingleSignOnClientRsaKey());
JwtBearerAuthenticationOptions jwtBearerAuthenticationOptions = new JwtBearerAuthenticationOptions
{
AllowedAudiences = new[] { $"{issuerName}/resources" },
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidateTokenReplay = true,
ValidateLifetime = true,
ValidateActor = true,
ValidateAudience = true,
ValidateIssuer = true,
ValidIssuer = issuerName,
ValidAudience = $"{issuerName}/resources",
IssuerSigningKey = issuerSigningKey
}
};
owinApp.UseJwtBearerAuthentication(jwtBearerAuthenticationOptions);
}
protected virtual void UseJwtBearerAuthentication(IAppBuilder owinApp)
{
string issuerName = AppEnvironment.GetSsoIssuerName();
owinApp.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
AllowedAudiences = new string[] { $"{issuerName}/resources" },
IssuerSecurityKeyProviders = new[]
{
new X509CertificateSecurityKeyProvider(issuerName, AppCertificatesProvider.GetSingleSignOnCertificate())
}
});
}
public virtual void Configure(IAppBuilder owinApp)
{
if (owinApp == null)
{
throw new ArgumentNullException(nameof(owinApp));
}
owinApp.Map("/core", coreApp =>
{
LogProvider.SetCurrentLogProvider(DependencyManager.Resolve <ILogProvider>());
IdentityServerServiceFactory factory = new IdentityServerServiceFactory()
.UseInMemoryClients(DependencyManager.Resolve <IOAuthClientsProvider>().GetClients().ToArray())
.UseInMemoryScopes(ScopesProvider.GetScopes());
IUserService ResolveUserService(IdentityServer3.Core.Services.IDependencyResolver resolver)
{
OwinEnvironmentService owinEnv = resolver.Resolve <OwinEnvironmentService>();
IOwinContext owinContext = new OwinContext(owinEnv.Environment);
IUserService userService = owinContext.GetDependencyResolver().Resolve <IUserService>();
if (userService is UserService bitUserService)
{
bitUserService.CurrentCancellationToken = owinContext.Request.CallCancelled;
}
return(userService);
}
factory.UserService = new Registration <IUserService>(ResolveUserService);
factory.EventService = new Registration <IEventService>(EventService);
IViewService ResolveViewService(IdentityServer3.Core.Services.IDependencyResolver resolver)
{
OwinEnvironmentService owinEnv = resolver.Resolve <OwinEnvironmentService>();
IOwinContext owinContext = new OwinContext(owinEnv.Environment);
return(owinContext.GetDependencyResolver().Resolve <IViewService>());
}
factory.ViewService = new Registration <IViewService>(ResolveViewService);
factory.RedirectUriValidator = new Registration <IRedirectUriValidator>(RedirectUriValidator);
bool requireSslConfigValue = AppEnvironment.GetConfig("RequireSsl", defaultValueOnNotFound: false);
string identityServerSiteName = AppEnvironment.GetConfig("IdentityServerSiteName", $"{AppEnvironment.AppInfo.Name} Identity Server");
IdentityServerOptions identityServerOptions = new IdentityServerOptions
{
SiteName = identityServerSiteName,
SigningCertificate = AppCertificatesProvider.GetSingleSignOnCertificate(),
Factory = factory,
RequireSsl = requireSslConfigValue,
EnableWelcomePage = AppEnvironment.DebugMode == true,
IssuerUri = AppEnvironment.GetSsoIssuerName(),
CspOptions = new CspOptions
{
// Content security policy
Enabled = false
},
Endpoints = new EndpointOptions
{
EnableAccessTokenValidationEndpoint = true,
EnableAuthorizeEndpoint = true,
EnableCheckSessionEndpoint = true,
EnableClientPermissionsEndpoint = true,
EnableCspReportEndpoint = true,
EnableDiscoveryEndpoint = true,
EnableEndSessionEndpoint = true,
EnableIdentityTokenValidationEndpoint = true,
EnableIntrospectionEndpoint = true,
EnableTokenEndpoint = true,
EnableTokenRevocationEndpoint = true,
EnableUserInfoEndpoint = true
},
EventsOptions = new EventsOptions
{
RaiseErrorEvents = true,
RaiseFailureEvents = true
},
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureIdentityProviders
}
};
foreach (IIdentityServerOptionsCustomizer customizer in Customizers)
{
customizer.Customize(identityServerOptions);
}
coreApp.UseIdentityServer(identityServerOptions);
});
}
