public void Configuration(IAppBuilder app)
{
//string pass = UG.Framework.RSAEngine.Password.EncryptPassword("system!@#$%^");
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.WriteTo.Trace()
.CreateLogger();
AntiForgeryConfig.UniqueClaimTypeIdentifier = Constants.ClaimTypes.Subject;
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
//User AD identity
app.Map(ADISConstants.PathHostIdentityServer, core =>
{
var idSvrFactory = Factory.Configure();
//custom layout
idSvrFactory.ViewService = new Registration<IViewService>(typeof(CustomViewService));
//custom token claim
idSvrFactory.ClaimsProvider = new Registration<IClaimsProvider>(typeof(CustomClaimsProvider));
//custom AD userservices
var userService = new ADUserService();
idSvrFactory.UserService = new Registration<IUserService>(resolver => userService);
//custom grant
idSvrFactory.CustomGrantValidators.Add(new Registration<ICustomGrantValidator>(typeof(CustomGrantValidator)));
var options = new IdentityServerOptions
{
SiteName = ADISConstants.SiteName,
RequireSsl = ADISConstants.RequireHTTPS,
SigningCertificate = Certificate.Get(),
Factory = idSvrFactory,
AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions
{
EnableSignOutPrompt = false,
EnablePostSignOutAutoRedirect = true,
//PostSignOutAutoRedirectDelay = 0,
},
};
core.UseIdentityServer(options);
// https://github.com/IdentityServer/Documentation/issues/136
//https://identityserver.github.io/Documentation/docsv2/advanced/federated-post-logout-redirect.html
core.Map("/signoutcallback", cleanup =>
{
cleanup.Run(async ctx =>
{
var state = ctx.Request.Cookies["state"];
await ctx.Environment.RenderLoggedOutViewAsync(state);
});
});
//https://github.com/IdentityServer/IdentityServer3/issues/1000
core.Map("/post-logout-callback", cb =>
{
cb.Run(async ctx =>
{
var state = ctx.Request.Cookies["state"];
await ctx.Environment.RenderLoggedOutViewAsync(state);
});
});
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = ADISConstants.LocalClientId,
ClientSecret = ADISConstants.LocalClientSecret,
Authority = ADISConstants.LocalBaseAddress + ADISConstants.PathHostIdentityServer,
RedirectUri = ADISConstants.LocalBaseAddress,
ResponseType = "id_token token",
Scope = "openid email",
PostLogoutRedirectUri = ADISConstants.LocalBaseAddress,
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false,
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = n =>
{
// keep the id_token for logout
n.AuthenticationTicket.Identity.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
// add access token for sample API
n.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken));
// keep track of access token expiration
n.AuthenticationTicket.Identity.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString()));
return Task.FromResult(0);
},
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
//https://identityserver.github.io/Documentation/docsv2/advanced/federated-post-logout-redirect.html
//https://github.com/IdentityServer/IdentityServer3/issues/1000
var signOutMessageId = n.OwinContext.Environment.GetSignOutMessageId();
if (signOutMessageId != null)
{
n.OwinContext.Response.Cookies.Append("state", signOutMessageId);
}
}
}
return Task.FromResult(0);
}
}
});
}
