private static AuthenticationConfiguration CreateAuthenticationConfiguration(IConfigurationRepository configurationRepository)
        {
            const string audience  = "api/";
            var          issuerUri = configurationRepository.Global.IssuerUri;

            var authenticationConfiguration = new AuthenticationConfiguration
            {
                ClaimsAuthenticationManager = new ClaimsTransformer(),
                RequireSsl         = false,
                EnableSessionToken = true,
                SessionToken       = new SessionTokenConfiguration
                {
                    DefaultTokenLifetime = TimeSpan.FromHours(10.0),
                    EndpointAddress      = "/issue/simple",
                    HeaderName           = "Authorization",
                    Scheme     = "Session",
                    Audience   = audience,
                    IssuerName = issuerUri
                }
            };

            authenticationConfiguration.AddBasicAuthentication(Membership.ValidateUser);

            //Client Certificates
            authenticationConfiguration.AddClientCertificate(ClientCertificateMode.ChainValidation);

            return(authenticationConfiguration);
        }
Пример #2
0
        public static AuthenticationConfiguration CreateAuthenticationConfiguration(ILog log)
        {
            var authentication = new AuthenticationConfiguration {
                ClaimsAuthenticationManager = new ClaimsTransformer(),
                RequireSsl         = false,
                EnableSessionToken = true
            };

            #region Basic Authentication
            authentication.AddBasicAuthentication(UserCredentials.Validate);
            log.Info("Configurada autenticación básica.");
            #endregion

            #region IdentityServer JWT
            //authentication.AddJsonWebToken(
            //    issuer: Constants.IdSrv.IssuerUri,
            //    audience: Constants.Audience,
            //    signingKey: Constants.IdSrv.SigningKey);

            authentication.AddMsftJsonWebToken(
                issuer: Constants.IdSrv.IssuerUri,
                audience: Constants.Audience,
                signingKey: Constants.IdSrv.SigningKey);
            log.Info("Configurado IdentityServer JWT.");
            #endregion

            #region Access Control Service JWT
            authentication.AddJsonWebToken(
                issuer: Constants.ACS.IssuerUri,
                audience: Constants.Audience,
                signingKey: Constants.ACS.SigningKey,
                scheme: Constants.ACS.Scheme);
            log.Info("Configurado Access Control Service JWT.");
            #endregion

            #region IdentityServer SAML
            authentication.AddSaml2(
                issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
                issuerName: Constants.IdSrv.IssuerUri,
                audienceUri: Constants.Realm,
                certificateValidator: X509CertificateValidator.None,
                options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme),
                scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme));
            log.Info("Configurado IdentityServer SAML.");
            #endregion

            #region Client Certificates
            authentication.AddClientCertificate(ClientCertificateMode.ChainValidation);
            log.Info("Configurado Client Certificate.");
            #endregion

            // OLL: Reeemplazo la session key generada automaticamente. Tendría que haber una variable de web.config para indicar si la quiero random o fija
            // y obtener la key del config;
            authentication.SessionToken.SigningKey = Constants.SessionKey;
            log.Info("Configurada Clave.");

            return(authentication);
        }
Пример #3
0
        private static AuthenticationConfiguration CreateAuthenticationConfiguration()
        {
            var authentication = new AuthenticationConfiguration
            {
                ClaimsAuthenticationManager = new ClaimsTransformer(),
                RequireSsl         = false,
                EnableSessionToken = true
            };

            #region Basic Authentication
            authentication.AddBasicAuthentication(UserCredentials.Validate);
            #endregion

            #region IdentityServer JWT
            //authentication.AddJsonWebToken(
            //    issuer: Constants.IdSrv.IssuerUri,
            //    audience: Constants.Audience,
            //    signingKey: Constants.IdSrv.SigningKey);

            authentication.AddMsftJsonWebToken(
                issuer: Constants.IdSrv.IssuerUri,
                audience: Constants.Audience,
                signingKey: Constants.IdSrv.SigningKey);
            #endregion

            #region Access Control Service JWT
            authentication.AddJsonWebToken(
                issuer: Constants.ACS.IssuerUri,
                audience: Constants.Audience,
                signingKey: Constants.ACS.SigningKey,
                scheme: Constants.ACS.Scheme);
            #endregion

            #region IdentityServer SAML
            authentication.AddSaml2(
                issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
                issuerName: Constants.IdSrv.IssuerUri,
                audienceUri: Constants.Realm,
                certificateValidator: X509CertificateValidator.None,
                options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme),
                scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme));
            #endregion

            #region Client Certificates
            authentication.AddClientCertificate(ClientCertificateMode.ChainValidation);
            #endregion

            return(authentication);
        }
        private static AuthenticationConfiguration CreateAuthenticationConfiguration(IConfigurationRepository configurationRepository)
        {
            const string audience  = "api/";
            var          issuerUri = configurationRepository.Global.IssuerUri;

            if (configurationRepository.Keys.SigningCertificate == null)
            {
                //Note: when set up Identity server 1st time, it goes here. After the initial configuration, please re-start IIS to make sure the following code executed.
                return(null);
            }

            var signingKey = configurationRepository.Keys.SigningCertificate.Thumbprint;
            var authenticationConfiguration = new AuthenticationConfiguration
            {
                ClaimsAuthenticationManager = new ClaimsTransformer(),
                RequireSsl         = false,
                EnableSessionToken = true,
                SessionToken       = new SessionTokenConfiguration
                {
                    DefaultTokenLifetime = TimeSpan.FromHours(10.0),
                    EndpointAddress      = "/issue/simple",
                    HeaderName           = "Authorization",
                    Scheme     = "Session",
                    Audience   = audience,
                    IssuerName = issuerUri,
                    SigningKey = Encoding.UTF8.GetBytes(signingKey),
                }
            };

            // IdentityServer JWT
            authenticationConfiguration.AddJsonWebToken(issuerUri, audience, signingKey);

            authenticationConfiguration.AddBasicAuthentication(Membership.ValidateUser);

            //Client Certificates
            authenticationConfiguration.AddClientCertificate(ClientCertificateMode.ChainValidation);

            return(authenticationConfiguration);
        }
        public static AuthenticationConfiguration CreateConfiguration()
        {
            var config = new AuthenticationConfiguration
            {
                DefaultAuthenticationScheme = "Basic",
                EnableSessionToken          = true
            };

            #region BasicAuthentication
            config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
            #endregion

            #region SimpleWebToken
            config.AddSimpleWebToken(
                issuer: Constants.IdSrvIssuerName,
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
            #endregion

            #region JsonWebToken
            config.AddJsonWebToken(
                issuer: "http://selfissued.test",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
            #endregion

            #region JsonWebToken Windows Store Client
            config.AddJsonWebToken(
                issuer: "http://identityserver.v2.thinktecture.com/trust/changethis",
                audience: "https://test/rp/",
                signingKey: "3ihK5qGVhp8ptIk9+TDucXQW4Aaengg3d5m6gU8nzc8=",
                options: AuthenticationOptions.ForAuthorizationHeader("Win8"));
            #endregion

            #region IdentityServer SAML
            var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
            idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv");

            var idsrvConfig = new SecurityTokenHandlerConfiguration();
            idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            idsrvConfig.IssuerNameRegistry   = idsrvRegistry;
            idsrvConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
            #endregion

            #region ADFS SAML
            var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
            adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS");

            var adfsConfig = new SecurityTokenHandlerConfiguration();
            adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            adfsConfig.IssuerNameRegistry   = adfsRegistry;
            adfsConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
            #endregion

            #region ACS SWT
            config.AddSimpleWebToken(
                issuer: "https://" + Constants.ACS + "/",
                audience: Constants.Realm,
                signingKey: Constants.AcsSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
            #endregion

            #region AccessKey
            config.AddAccessKey(token =>
            {
                if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
                {
                    return(Principal.Create("Custom",
                                            new Claim("customerid", "123"),
                                            new Claim("email", "*****@*****.**")));
                }

                return(null);
            }, AuthenticationOptions.ForQueryString("key"));
            #endregion

            #region Client Certificate
            config.AddClientCertificate(
                ClientCertificateMode.ChainValidationWithIssuerSubjectName,
                "CN=PortableCA");
            #endregion

            return(config);
        }
        public static AuthenticationConfiguration CreateConfiguration()
        {
            var config = new AuthenticationConfiguration
            {
                DefaultAuthenticationScheme = "Basic",
                EnableSessionToken          = true
            };

            #region BasicAuthentication
            config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
            #endregion

            #region SimpleWebToken
            config.AddSimpleWebToken(
                issuer: "http://identity.thinktecture.com/trust",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
            #endregion

            #region JsonWebToken
            config.AddJsonWebToken(
                issuer: "http://selfissued.test",
                audience: Constants.Realm,
                signingKey: Constants.IdSrvSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
            #endregion

            #region IdentityServer SAML
            var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
            idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");

            var idsrvConfig = new SecurityTokenHandlerConfiguration();
            idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            idsrvConfig.IssuerNameRegistry   = idsrvRegistry;
            idsrvConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
            #endregion

            #region ADFS SAML
            var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
            adfsRegistry.AddTrustedIssuer("8EC7F962CC083FF7C5997D8A4D5ED64B12E4C174", "ADFS");
            adfsRegistry.AddTrustedIssuer("b6 93 46 34 7f 70 a9 c3 72 02 18 ae f1 82 2a 5c 97 b1 8c a5", "PETS ADFS");

            var adfsConfig = new SecurityTokenHandlerConfiguration();
            adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
            adfsConfig.IssuerNameRegistry   = adfsRegistry;
            adfsConfig.CertificateValidator = X509CertificateValidator.None;

            config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
            #endregion

            #region ACS SWT
            config.AddSimpleWebToken(
                issuer: "https://" + Constants.ACS + "/",
                audience: Constants.Realm,
                signingKey: Constants.AcsSymmetricSigningKey,
                options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
            #endregion

            #region AccessKey
            config.AddAccessKey(token =>
            {
                if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
                {
                    return(Principal.Create("Custom",
                                            new Claim("customerid", "123"),
                                            new Claim("email", "*****@*****.**")));
                }

                return(null);
            }, AuthenticationOptions.ForQueryString("key"));
            #endregion

            #region Client Certificate
            config.AddClientCertificate(
                ClientCertificateMode.ChainValidationWithIssuerSubjectName,
                "CN=PortableCA");
            #endregion

            return(config);
        }