Exemplo n.º 1
0
        public async Task<User> GetBySSOIoTUserAsync(string accessToken)
        {
            var client = new UserInfoClient(
                new Uri(UGConstants.SSO.UserInfoEndpoint),
                accessToken);

            var response = await client.GetAsync();
            var user = new User();
            if (response.Claims != null)
            {
                foreach (var ui in response.Claims)
                {
                    if (ui.Item1 == UGConstants.ClaimTypes.Subject)
                        user.Id = ui.Item2;
                    if (ui.Item1 == UGConstants.ClaimTypes.PreferredUserName)
                        user.UserName = ui.Item2;
                }
            }
            return user;
        }
Exemplo n.º 2
0
        // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
        public void ConfigureAuth(IAppBuilder app)
        {
            // Configure the db context, user manager and signin manager to use a single instance per request
            SSOFactory.CreateOwinContext(app);

            JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
            //Require => error sso
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = "Cookies"
            });
            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId = UGConstants.SSOClient.ClientId,
                ClientSecret = UGConstants.SSOClient.ClientSecret,
                Authority = UGConstants.SSO.AuthorityBaseUri + UGConstants.SSO.PathHostIdentityServer,
                RedirectUri = UGConstants.SSOClient.RedirectUri,
                ResponseType = "id_token token",
                Scope = "openid profile",
                PostLogoutRedirectUri = UGConstants.SSOClient.PostLogoutRedirectUri,
                SignInAsAuthenticationType = "Cookies",
                UseTokenLifetime = false,
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    SecurityTokenValidated = async n =>
                    {
                        var nid = new ClaimsIdentity(n.AuthenticationTicket.Identity.Claims,
                            n.AuthenticationTicket.Identity.AuthenticationType,
                            UGConstants.ClaimTypes.GivenName,
                            UGConstants.ClaimTypes.Role);
                        // get userinfo data
                        var userInfoClient = new UserInfoClient(
                            new Uri(n.Options.Authority + "/connect/userinfo"),
                            n.ProtocolMessage.AccessToken);
                        var userInfo = await userInfoClient.GetAsync();
                        if (userInfo.Claims != null)
                        {
                            //userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Item1, ui.Item2)));
                            foreach (var ui in userInfo.Claims)
                            {
                                if (nid.Claims.Where(x => x.Type == ui.Item1 && x.Value == ui.Item2).Count() < 1)
                                    nid.AddClaim(new Claim(ui.Item1, ui.Item2));
                            }
                        }
                        string userName = nid.GetUserName();
                        if (string.IsNullOrWhiteSpace(userName))
                            throw new ArgumentNullException("UserName is not null or empty");
                        // keep the id_token for logout
                        nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));

                        // add access token for sample API
                        nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));

                        // keep track of access token expiration
                        nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString()));

                        n.AuthenticationTicket = new Microsoft.Owin.Security.AuthenticationTicket(
                            nid,
                            n.AuthenticationTicket.Properties);
                    },
                    RedirectToIdentityProvider = n =>
                    {
                        if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                        {
                            var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                            if (idTokenHint != null)
                            {
                                n.ProtocolMessage.IdTokenHint = idTokenHint.Value;

                                var signOutMessageId = n.OwinContext.Environment.GetSignOutMessageId();
                                if (signOutMessageId != null)
                                {
                                    n.OwinContext.Response.Cookies.Append("state", signOutMessageId);
                                }
                            }
                        }

                        return Task.FromResult(0);
                    }
                }
            });
        }
Exemplo n.º 3
0
        // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
        public void ConfigureAuth(IAppBuilder app)
        {
            // Configure the db context, user manager and signin manager to use a single instance per request
            //register with IdentityServer3
            //app.CreatePerOwinContext(ApplicationDbContext.Create);
            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
            app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
            app.CreatePerOwinContext<ApplicationPermissionManager>(ApplicationPermissionManager.Create);
                
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = "Cookies"
            });
            app.UseExternalSignInCookie(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ExternalCookie);

            // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
            app.UseTwoFactorSignInCookie(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

            // Enables the application to remember the second login verification factor such as phone or email.
            // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
            // This is similar to the RememberMe option when you log in.
            app.UseTwoFactorRememberBrowserCookie(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);

            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId = SSOISConstants.LocalClientId,
                ClientSecret = SSOISConstants.LocalClientSecret,
                Authority = SSOISConstants.LocalClientUri + SSOISConstants.PathHostIdentityServer,
                RedirectUri = SSOISConstants.LocalRedirectUris.First(),
                ResponseType = "id_token token",
                Scope = "openid profile email roles",
                PostLogoutRedirectUri = SSOISConstants.LocalPostLogoutRedirectUris.First(),
                SignInAsAuthenticationType = "Cookies",
                UseTokenLifetime = false,
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    SecurityTokenValidated = async n =>
                    {
                        var nid = new ClaimsIdentity(n.AuthenticationTicket.Identity.Claims,
                            n.AuthenticationTicket.Identity.AuthenticationType,
                            Constants.ClaimTypes.GivenName,
                            Constants.ClaimTypes.Role);

                        // get userinfo data
                        var userInfoClient = new UserInfoClient(
                            new Uri(n.Options.Authority + "/connect/userinfo"),
                            n.ProtocolMessage.AccessToken);
                        var userInfo = await userInfoClient.GetAsync();
                        if (userInfo.Claims != null)
                        {
                            //userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Item1, ui.Item2)));
                            foreach (var ui in userInfo.Claims)
                            {
                                if (nid.Claims.Where(x => x.Type == ui.Item1 &&x.Value == ui.Item2).Count()<1)
                                    nid.AddClaim(new Claim(ui.Item1, ui.Item2));
                            }
                        }
                        // keep the id_token for logout
                        nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));

                        // add access token for sample API
                        nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));

                        // keep track of access token expiration
                        nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString()));

                        n.AuthenticationTicket = new Microsoft.Owin.Security.AuthenticationTicket(
                            nid,
                            n.AuthenticationTicket.Properties);
                    },
                    RedirectToIdentityProvider = n =>
                    {
                        if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                        {
                            var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                            if (idTokenHint != null)
                            {
                                n.ProtocolMessage.IdTokenHint = idTokenHint.Value;

                                //https://identityserver.github.io/Documentation/docsv2/advanced/federated-post-logout-redirect.html
                                //https://github.com/IdentityServer/IdentityServer3/issues/1000
                                var signOutMessageId = n.OwinContext.Environment.GetSignOutMessageId();
                                if (signOutMessageId != null)
                                {
                                    n.OwinContext.Response.Cookies.Append("state", signOutMessageId);
                                }
                            }
                        }

                        return Task.FromResult(0);
                    }
                }
            });
        }
Exemplo n.º 4
0
        private async Task<IEnumerable<Tuple<string, string>>> GetClaimsAsync(string token)
        {
            var client = new UserInfoClient(
                new Uri(UGConstants.SSO.UserInfoEndpoint),
                token);

            var response = await client.GetAsync();
            var claim = response.Claims;
            return response.Claims;
        }