public static void AddLogixAuthentication(this IServiceCollection services, Microsoft.Extensions.Configuration.IConfiguration configuration)
{
double sessionLifeTime = System.Convert.ToDouble(configuration["ConnectAuthentication:SessionLifeTime"]);
string tokenValidatorServiceEndpoint = configuration["ConnectAuthentication:Extension:Address"];
string tokenValidatorServiceBinding = configuration["ConnectAuthentication:Extension:Binding"];
authority = configuration["ConnectAuthentication:Authority"];
certificateFindValue = configuration["ConnectAuthentication:Thumbprint"];
audienceUrl = configuration["ApplicationUrl"];
Microsoft.IdentityModel.Tokens.X509SecurityKey securityKey = SecurityKey;
// Creates Custom Token Validators
System.Collections.ObjectModel.Collection <Microsoft.IdentityModel.Tokens.ISecurityTokenValidator> logixTokenValidators =
new System.Collections.ObjectModel.Collection <Microsoft.IdentityModel.Tokens.ISecurityTokenValidator>
{
new LogixTokenValidator
(
Microsoft.AspNetCore.Authentication.WsFederation.WsFederationDefaults.AuthenticationScheme,
securityKey.Certificate,
tokenValidatorServiceBinding,
tokenValidatorServiceEndpoint
)
};
services
.AddAuthentication
(
options =>
{
options.DefaultScheme = Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = Microsoft.AspNetCore.Authentication.WsFederation.WsFederationDefaults.AuthenticationScheme;
}
)
.AddCookie()
.AddWsFederation
(
options =>
{
options.CallbackPath = "/";
options.Configuration = new Microsoft.IdentityModel.Protocols.WsFederation.WsFederationConfiguration
{
Issuer = authority,
TokenEndpoint = authority
};
options.SecurityTokenHandlers = logixTokenValidators;
options.SkipUnrecognizedRequests = true;
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
IssuerSigningKey = securityKey,
TokenDecryptionKey = securityKey
};
options.Wreply = audienceUrl;
options.Wtrealm = audienceUrl;
}
);
}
static void Main(string[] args)
{
if (args.Length != 6)
{
Console.WriteLine("Usage: .. adfsUrl certificatePath certificatePassword clientId resource audience");
return;
}
var url = args[0];
var cert_path = args[1];
var cert_password = args[2];
var clientId = args[3];
var resource = args[4];
var audience = args[5];
X509Certificate2 certificate = CertificateUtil.GetCertificate(cert_path, cert_password);
var securityKey = new Microsoft.IdentityModel.Tokens.X509SecurityKey(certificate);
var header = new JwtHeader(new Microsoft.IdentityModel.Tokens.SigningCredentials(securityKey, "RS256"));
DateTime foo = DateTime.UtcNow;
var nbf = ((DateTimeOffset)foo).ToUnixTimeSeconds();
var payload = new JwtPayload
{
{ "aud", audience }, //audience for the authorization server
{ "iss", clientId }, //clientId
{ "sub", clientId }, //clientId
{ "nbf", nbf },
{ "exp", nbf + 600 }, //600 second lifetime
{ "jti", Guid.NewGuid().ToString() } //Unique identifier
};
var token = new JwtSecurityToken(header, payload);
var handler = new JwtSecurityTokenHandler();
var cielToken = handler.WriteToken(token);
var dict = new Dictionary <string, string>();
dict.Add("client_id", clientId);
dict.Add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
dict.Add("grant_type", "client_credentials");
dict.Add("resource", resource);
dict.Add("client_assertion", cielToken);
var req = new HttpRequestMessage(HttpMethod.Post, url)
{
Content = new FormUrlEncodedContent(dict)
};
using (HttpClient client = new HttpClient())
{
client.DefaultRequestHeaders.Accept.Clear();
HttpResponseMessage res = client.SendAsync(req).Result;
var result = res.Content.ReadAsStringAsync().Result;
if (res.IsSuccessStatusCode)
{
AuthResult authResult = JsonConvert.DeserializeObject <AuthResult>(result);
Console.WriteLine("Access token: {0}", authResult.AccessToken);
Console.WriteLine("Token type : {0}", authResult.TokenType);
Console.WriteLine("Expires in : {0}", authResult.ExpiresIn);
}
else
{
Console.WriteLine("Error");
Console.WriteLine("StatusCode : {0}", res.StatusCode);
Console.WriteLine("Response : {0}", result);
}
}
}
