public static void AddJsonWebToken(this AuthenticationConfiguration configuration, string issuer, string audience, string signingKey, AuthenticationOptions options, AuthenticationScheme scheme)
{
var config = new SecurityTokenHandlerConfiguration();
var registry = new WebTokenIssuerNameRegistry();
registry.AddTrustedIssuer(issuer, issuer);
config.IssuerNameRegistry = registry;
var issuerResolver = new WebTokenIssuerTokenResolver();
issuerResolver.AddSigningKey(issuer, signingKey);
config.IssuerTokenResolver = issuerResolver;
config.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audience));
var handler = new JsonWebTokenHandler();
handler.Configuration = config;
configuration.AddMapping(new AuthenticationOptionMapping
{
TokenHandler = new SecurityTokenHandlerCollection { handler },
Options = options,
Scheme = scheme
});
}
public static void AddMsftJsonWebToken(
this AuthenticationConfiguration configuration,
string issuer, string audience,
X509Certificate2 signingCert,
AuthenticationOptions options,
AuthenticationScheme scheme)
{
var validationParameters = new TokenValidationParameters()
{
AllowedAudience = audience,
SigningToken = new X509SecurityToken(signingCert),
ValidIssuer = issuer,
ValidateExpiration = true
};
var handler = new JWTSecurityTokenHandlerWrapper(validationParameters);
configuration.AddMapping(new AuthenticationOptionMapping
{
TokenHandler = new SecurityTokenHandlerCollection { handler },
Options = options,
Scheme = scheme
});
}
public static void AddSaml2(this AuthenticationConfiguration configuration, SecurityTokenHandlerConfiguration handlerConfiguration, AuthenticationOptions options, AuthenticationScheme scheme)
{
var handler = new HttpSaml2SecurityTokenHandler();
handler.Configuration = handlerConfiguration;
configuration.AddMapping(new AuthenticationOptionMapping
{
TokenHandler = new SecurityTokenHandlerCollection { handler },
Options = options,
Scheme = scheme
});
}
public static void AddSaml2(this AuthenticationConfiguration configuration, string issuerThumbprint, string issuerName, string audienceUri, X509CertificateValidator certificateValidator, AuthenticationOptions options, AuthenticationScheme scheme)
{
var registry = new ConfigurationBasedIssuerNameRegistry();
registry.AddTrustedIssuer(issuerThumbprint, issuerName);
var handlerConfig = new SecurityTokenHandlerConfiguration();
handlerConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(audienceUri));
handlerConfig.IssuerNameRegistry = registry;
handlerConfig.CertificateValidator = certificateValidator;
configuration.AddSaml2(handlerConfig, options, scheme);
}
public static void AddJsonWebToken(
this AuthenticationConfiguration configuration,
TokenValidationParameters validationParameters,
AuthenticationOptions options,
AuthenticationScheme scheme,
Dictionary<string, string> claimMappings = null)
{
var handler = new JwtSecurityTokenHandlerWrapper(validationParameters, claimMappings);
configuration.AddMapping(new AuthenticationOptionMapping
{
TokenHandler = new SecurityTokenHandlerCollection { handler },
Options = options,
Scheme = scheme
});
}
public static void AddSaml2AndJwt(this AuthenticationConfiguration configuration, string issuerThumbprint, X509Certificate2 signingCertificate, string issuerName, string audienceUri, X509CertificateValidator certificateValidator, AuthenticationOptions options, AuthenticationScheme scheme, X509Certificate2 encryptionCertificate)
{
var validationParameters = new TokenValidationParameters()
{
AllowedAudience = audienceUri,
SigningToken = new X509SecurityToken(signingCertificate),
ValidIssuer = issuerName,
};
var jwtHandler = new JwtSecurityTokenHandlerWrapper(validationParameters);
var samlHandlerConfig = CreateSaml2SecurityTokenHandlerConfiguration(issuerThumbprint, issuerName, audienceUri, certificateValidator, encryptionCertificate);
var saml2Handler = new HttpSaml2SecurityTokenHandler()
{
Configuration = samlHandlerConfig
};
configuration.AddMapping(new AuthenticationOptionMapping
{
TokenHandler = new SecurityTokenHandlerCollection {
jwtHandler, saml2Handler
},
Options = options,
Scheme = scheme
});
}
public static void AddSaml2(this AuthenticationConfiguration configuration, SecurityTokenHandlerConfiguration handlerConfiguration, AuthenticationOptions options, AuthenticationScheme scheme)
{
var handler = new HttpSaml2SecurityTokenHandler
{
Configuration = handlerConfiguration
};
configuration.AddMapping(new AuthenticationOptionMapping
{
TokenHandler = new SecurityTokenHandlerCollection {
handler
},
Options = options,
Scheme = scheme
});
}
public static void AddSaml2(this AuthenticationConfiguration configuration, string issuerThumbprint, string issuerName, string audienceUri, X509CertificateValidator certificateValidator, AuthenticationOptions options, AuthenticationScheme scheme)
{
var handlerConfig = CreateSaml2SecurityTokenHandlerConfiguration(issuerThumbprint, issuerName, audienceUri, certificateValidator);
configuration.AddSaml2(handlerConfig, options, scheme);
}
public static void AddSaml2AndJwt(this AuthenticationConfiguration configuration, string issuerThumbprint, X509Certificate2 signingCertificate, string issuerName, string audienceUri, X509CertificateValidator certificateValidator, AuthenticationOptions options, AuthenticationScheme scheme, X509Certificate2 encryptionCertificate)
{
var validationParameters = new TokenValidationParameters()
{
AllowedAudience = audienceUri,
SigningToken = new X509SecurityToken(signingCertificate),
ValidIssuer = issuerName,
};
var jwtHandler = new JwtSecurityTokenHandlerWrapper(validationParameters);
var samlHandlerConfig = CreateSaml2SecurityTokenHandlerConfiguration(issuerThumbprint, issuerName, audienceUri, certificateValidator, encryptionCertificate);
var saml2Handler = new HttpSaml2SecurityTokenHandler() { Configuration = samlHandlerConfig };
configuration.AddMapping(new AuthenticationOptionMapping
{
TokenHandler = new SecurityTokenHandlerCollection { jwtHandler, saml2Handler },
Options = options,
Scheme = scheme
});
}
public static void AddSaml2(this AuthenticationConfiguration configuration, string issuerThumbprint, string issuerName, string audienceUri, X509CertificateValidator certificateValidator, AuthenticationOptions options, AuthenticationScheme scheme)
{
var handlerConfig = CreateSaml2SecurityTokenHandlerConfiguration(issuerThumbprint, issuerName, audienceUri, certificateValidator);
configuration.AddSaml2(handlerConfig, options, scheme);
}
