/* Configure External Identity*/
private void ConfigureAdditionalIdProviders(IAppBuilder appBuilder, string signInAsType)
{
// Using Facebook Authentication
var fbAuthOptions = new FacebookAuthenticationOptions
{
AuthenticationType = "Facebook",
SignInAsAuthenticationType = signInAsType,
AppId = "895739530475035",
AppSecret = "af8fb8900e65ebd7b7056265d130c3ee",
Provider = new Microsoft.Owin.Security.Facebook.FacebookAuthenticationProvider()
{
OnAuthenticated = (context) =>
{
using (var client = new HttpClient())
{
// get claims from FB's graph
var result = client.GetAsync("https://graph.facebook.com/me?fields=first_name,last_name,email&access_token="
+ context.AccessToken).Result;
if (result.IsSuccessStatusCode)
{
var userInformation = result.Content.ReadAsStringAsync().Result;
var fbUser = JsonConvert.DeserializeObject <FacebookUser>(userInformation);
context.Identity.AddClaim(new System.Security.Claims.Claim(
IdentityServer3.Core.Constants.ClaimTypes.GivenName, fbUser.first_name));
context.Identity.AddClaim(new System.Security.Claims.Claim(
IdentityServer3.Core.Constants.ClaimTypes.FamilyName, fbUser.last_name));
context.Identity.AddClaim(new System.Security.Claims.Claim(
IdentityServer3.Core.Constants.ClaimTypes.Email, fbUser.email));
//// there's no role concept...
//context.Identity.AddClaim(new System.Security.Claims.Claim(
// "role", "FreeUser"));
}
}
return(Task.FromResult(0));
}
}
};
fbAuthOptions.Scope.Add("email");
appBuilder.UseFacebookAuthentication(fbAuthOptions);
// Using Windows Authentication
var windowsAuthentication = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "https://localhost:44330/",
Wtrealm = "urn:win"
};
appBuilder.UseWsFederationAuthentication(windowsAuthentication);
}
public static void ConfigureBackOfficeAdfsAuthentication(
this IAppBuilder app,
string caption = "AD FS",
string style = "btn-microsoft",
string icon = "fa-windows")
{
var adfsMetadataEndpoint = ConfigurationManager.AppSettings["AdfsMetadataEndpoint"];
var adfsRelyingParty = ConfigurationManager.AppSettings["AdfsRelyingParty"];
var adfsFederationServerIdentifier = ConfigurationManager.AppSettings["AdfsFederationServerIdentifier"];
app.SetDefaultSignInAsAuthenticationType(Constants.Security.BackOfficeExternalAuthenticationType);
var wsFedOptions = new WsFederationAuthenticationOptions
{
Wtrealm = adfsRelyingParty,
MetadataAddress = adfsMetadataEndpoint,
SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
Caption = caption,
Wreply = $"{adfsRelyingParty}umbraco" // Redirect to the Umbraco back office after succesful authentication
};
wsFedOptions.ForUmbracoBackOffice(style, icon);
wsFedOptions.AuthenticationType = adfsFederationServerIdentifier;
// https://our.umbraco.com/apidocs/csharp/api/Umbraco.Web.Security.Identity.ExternalSignInAutoLinkOptions.html
wsFedOptions.SetExternalSignInAutoLinkOptions(new ExternalSignInAutoLinkOptions(true, null, "en-GB"));
app.UseWsFederationAuthentication(wsFedOptions);
}
public void ConfigureAuth(IAppBuilder app)
{
var logger = StructuremapMvc.StructureMapDependencyScope.Container.GetInstance <IProviderCommitmentsLogger>();
var authenticationOrchestrator = StructuremapMvc.StructureMapDependencyScope.Container.GetInstance <AuthenticationOrchestrator>();
var accountOrchestrator = StructuremapMvc.StructureMapDependencyScope.Container.GetInstance <AccountOrchestrator>();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieManager = new SystemWebCookieManager()
});
var options = new WsFederationAuthenticationOptions
{
Wtrealm = ConfigurationManager.AppSettings["IdamsRealm"],
MetadataAddress = ConfigurationManager.AppSettings["IdamsADFSMetadata"],
Notifications = new WsFederationAuthenticationNotifications
{
SecurityTokenValidated = notification => SecurityTokenValidated(notification, logger, authenticationOrchestrator, accountOrchestrator)
}
};
app.UseWsFederationAuthentication(options);
}
public void ConfigureAuth(IAppBuilder app)
{
app.Properties["Microsoft.Owin.Security.Constants.DefaultSignInAsAuthenticationType"] = "ExternalCookie";
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "ExternalCookie",
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive,
CookieName = CookieAuthenticationDefaults.CookiePrefix + "CSLP_External",
ExpireTimeSpan = TimeSpan.FromMinutes(5)
});
var nighthawkAdfs = new WsFederationAuthenticationOptions
{
MetadataAddress = "https://nhadfs.eastus.cloudapp.azure.com/FederationMetadata/2007-06/FederationMetadata.xml",
AuthenticationType = "Nighthawk ADFS",
//Wreply = string.Concat(rootUrl,"LoginCallbackNighthawkAdfs"),
//Wtrealm = string.Concat(rootUrl, "LoginCallbackNighthawkAdfs"),
//Wreply = "https://localhost:12345/api/test",
Wreply = "https://desinto.com/customerregistrationapi/logout",
Wtrealm = "https://desinto.com/customerregistrationapi/logout",
BackchannelCertificateValidator = null,
SignInAsAuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
};
app.UseWsFederationAuthentication(nighthawkAdfs);
}
/// <summary>
/// Сконфирировать провайдеры для windows-аутентификации (ws-federation).
/// Метод передаётся как callback в <see cref="IdentityServerOptions.AuthenticationOptions"/>, поле
/// IdentityProviders и вызывается самим identity server.
/// </summary>
/// <param name="app">Owin-приложение</param>
/// <param name="signInAsType">Используется внутри identity server</param>
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var options = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "https://localhost:44363/windows",
Wtrealm = "urn:idsrv3",
Notifications = new WsFederationAuthenticationNotifications
{
// ignore signout requests (we can't sign out of Windows)
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.IsSignOutMessage)
{
n.HandleResponse();
}
return(Task.FromResult(0));
},
},
};
app.UseWsFederationAuthentication(options);
}
// For more information on configuring authentication, please visit https://go.microsoft.com/fwlink/?LinkId=301883
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,
LoginPath = new PathString("/account/login"),
LogoutPath = new PathString("/account/logout"),
});
var claimsService = new ClaimsService();
foreach (var issuer in claimsService.Issuers)
{
var wsFederation = new WsFederationAuthenticationOptions
{
AuthenticationType = issuer.IssuerName,
Caption = issuer.Name,
MetadataAddress = issuer.MetadataUrl,
Wtrealm = claimsService.CurrentRealm.RealmUri,
TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false
}
};
app.UseWsFederationAuthentication(wsFederation);
}
app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ExternalCookie);
}
private static void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var wsFederation = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Login with Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = Application.StsWindowsUrl,
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(wsFederation);
}
private static void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var options = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = RootUrl + "windows",
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(options);
}
private static void ConfigureWsFederationServer(IAppBuilder app, string signInAsType)
{
var windowsAuthentication = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "https://localhost:44300/",
Wtrealm = "urn:win"
};
app.UseWsFederationAuthentication(windowsAuthentication);
}
public static IAppBuilder UseUmbracoBackOfficeAdfsAuthentication(
this IAppBuilder app,
string caption = "AD FS",
string style = "btn-microsoft",
string icon = "fa-windows",
string[] defaultUserGroups = null,
string defaultCulture = "en-GB",
Action <BackOfficeIdentityUser, ExternalLoginInfo> onAutoLinking = null,
Func <SecurityTokenValidatedNotification <WsFederationMessage, WsFederationAuthenticationOptions>, Task> onSecurityTokenValidated = null
)
{
var adfsMetadataEndpoint = ConfigurationManager.AppSettings["AdfsMetadataEndpoint"];
var adfsRelyingParty = ConfigurationManager.AppSettings["AdfsRelyingParty"];
var adfsFederationServerIdentifier = ConfigurationManager.AppSettings["AdfsFederationServerIdentifier"];
app.SetDefaultSignInAsAuthenticationType(Constants.Security.BackOfficeExternalAuthenticationType);
var wsFedOptions = new WsFederationAuthenticationOptions
{
Wtrealm = adfsRelyingParty,
MetadataAddress = adfsMetadataEndpoint,
SignInAsAuthenticationType = Constants.Security.BackOfficeExternalAuthenticationType,
Caption = caption
};
wsFedOptions.ForUmbracoBackOffice(style, icon);
wsFedOptions.AuthenticationType = adfsFederationServerIdentifier;
var autoLinking = new ExternalSignInAutoLinkOptions(
autoLinkExternalAccount: true,
defaultUserGroups: defaultUserGroups ?? new[] { "writer" },
defaultCulture: defaultCulture)
{
OnAutoLinking = onAutoLinking
};
if (onSecurityTokenValidated != null)
{
wsFedOptions.Notifications = new WsFederationAuthenticationNotifications
{
SecurityTokenValidated = onSecurityTokenValidated
};
}
wsFedOptions.SetExternalSignInAutoLinkOptions(autoLinking);
app.UseWsFederationAuthentication(wsFedOptions);
return(app);
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
LoginPath = new PathString("/Account/Login")
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// these two lines of code are needed if you are using any of the external authentication middleware
app.Properties["Microsoft.Owin.Security.Constants.DefaultSignInAsAuthenticationType"] = "ExternalCookie";
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "ExternalCookie",
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Passive
});
//configure Antariksh ADFS middleware
var antarikshADFS = new WsFederationAuthenticationOptions
{
MetadataAddress = "https://antariksh.cloudapp.net/FederationMetadata/2007-06/FederationMetadata.xml",
AuthenticationType = "Antariksh ADFS",
Caption = "Antariksh Domain",
BackchannelCertificateValidator = null,
//localhost
Wreply = "https://localhost:44314/Account/LoginCallbackAntarikshAdfs",
Wtrealm = "https://localhost:44314/Account/LoginCallbackAntarikshAdfs"
};
//configure IndiaUniverse ADFS middleware
var indiaUniverseADFS = new WsFederationAuthenticationOptions
{
MetadataAddress = "https://indiauniverse.cloudapp.net/FederationMetadata/2007-06/FederationMetadata.xml",
AuthenticationType = "IndiaUniverse ADFS",
Caption = "India Universe Domain",
BackchannelCertificateValidator = null,
//localhost
Wreply = "https://localhost:44314/Account/LoginCallbackIndiaUniverseAdfs",
Wtrealm = "https://localhost:44314/Account/LoginCallbackIndiaUniverseAdfs"
};
app.Map("/Account", configuration =>
{
configuration.UseWsFederationAuthentication(antarikshADFS);
configuration.UseWsFederationAuthentication(indiaUniverseADFS);
});
}
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var wsFederation = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "https://localhost:44366",
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(wsFederation);
}
// For more information on configuring authentication, please visit https://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
//Trust all certificates
System.Net.ServicePointManager.ServerCertificateValidationCallback =
((sender, certificate, chain, sslPolicyErrors) => true);
//// trust sender
//System.Net.ServicePointManager.ServerCertificateValidationCallback
// = ((sender, cert, chain, errors) => cert.Subject.Contains("YourServerName"));
//// validate cert by calling a function
//System.Net.ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
var cookieAuthOptions = new CookieAuthenticationOptions();
app.UseCookieAuthentication(cookieAuthOptions);
//app.UseCookieAuthentication(new CookieAuthenticationOptions
//{
// AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
//});
var wsFedPassiveAuthOptions = new WsFederationAuthenticationOptions
{
MetadataAddress =
ConfigurationManager.AppSettings["ida:AdfsMetadataEndpoint"],
Wtrealm = ConfigurationManager.AppSettings["ida:Audience"],
};
//// Azure Ws-Fed Passive federated authentication support
app.UseWsFederationAuthentication(wsFedPassiveAuthOptions);
// app.UseActiveDirectoryFederationServicesBearerAuthentication(
// new ActiveDirectoryFederationServicesBearerAuthenticationOptions
// {
// MetadataEndpoint = ConfigurationManager.AppSettings["ida:AdfsMetadataEndpoint"],
// TokenValidationParameters = new TokenValidationParameters()
// {
// ValidAudience = ConfigurationManager.AppSettings["ida:Audience"]
// }
// });
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
//app.UseCookieAuthentication(new CookieAuthenticationOptions());
var options_cookie = new CookieAuthenticationOptions
{
CookieManager = new SystemWebCookieManager()
};
app.UseCookieAuthentication(options_cookie);
var options = new WsFederationAuthenticationOptions
{
Wtrealm = ConfigurationManager.AppSettings["ida:Wtrealm"],
MetadataAddress = ConfigurationManager.AppSettings["ida:ADFSMetadata"],
// optional for customization and adding AD groups to the token in case they are omitted by ADFS
Notifications = new WsFederationAuthenticationNotifications()
{
SecurityTokenValidated = async notification =>
{
var upn = notification.AuthenticationTicket.Identity.Claims.SingleOrDefault(c => c.Type == ClaimTypes.Upn).Value;
using (var principalContext = new PrincipalContext(ContextType.Domain, "UTAD"))
{
using (var user = UserPrincipal.FindByIdentity(principalContext, upn))
{
var groups = user.GetGroups().Select(group => new Claim(ClaimTypes.Role, group.Name));
notification.AuthenticationTicket.Identity.AddClaims(groups);
//Removing the claim NAme which gives full name and adding UTAD for name
var claim = notification.AuthenticationTicket.Identity.Claims.SingleOrDefault(c => c.Type == ClaimTypes.Name);
if (claim != null)
{
notification.AuthenticationTicket.Identity.RemoveClaim(claim);
}
notification.AuthenticationTicket.Identity.AddClaim(new Claim(ClaimTypes.Name, user.SamAccountName));
}
}
await Task.CompletedTask;
}
}
};
app.UseWsFederationAuthentication(options);
}
private static void ConfigureAdditionalIdProviders(IAppBuilder appBuilder, string signInAsType)
{
// const string wsFederationUrl = "http://localhost:9877/";
const string wsFederationUrl = "http://localhost:9877/wsfederationserver";
var windowsAuthentication = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows User",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = wsFederationUrl,
Wtrealm = "urn:win"
};
appBuilder.UseWsFederationAuthentication(windowsAuthentication);
}
public static IAppBuilder UseSupportConsoleAuthentication(this IAppBuilder app, SupportConsoleAuthenticationOptions options)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (options.Logger == null)
{
throw new ArgumentNullException(nameof(options.Logger));
}
Logger = options.Logger;
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = Staff,
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = Employer,
ExpireTimeSpan = new TimeSpan(0, 10, 0)
});
var WsFederationAuthenticationOptions = new WsFederationAuthenticationOptions
{
AuthenticationType = Staff,
Wtrealm = options.AdfsOptions.Wtrealm,
MetadataAddress = options.AdfsOptions.MetadataAddress,
Notifications = Notifications(),
Wreply = options.AdfsOptions.Wreply
};
//https://skillsfundingagency.atlassian.net/wiki/spaces/ERF/pages/104010807/Staff+IDAMS
app.UseWsFederationAuthentication(WsFederationAuthenticationOptions);
app.Map($"/login/staff", SetAuthenticationContextForStaffUser());
app.Map($"/login", SetAuthenticationContext());
return(app);
}
public static IApplicationBuilder UseWsFederationAuthentication(this IApplicationBuilder app,
WsFederationAuthenticationOptions options)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (string.IsNullOrWhiteSpace(options.TokenValidationParameters.ValidAudience))
{
options.TokenValidationParameters.ValidAudience = options.Wtrealm;
}
return(app.UseMiddleware <WsFederationAuthenticationMiddleware>(Options.Create(options)));
}
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
string host = ConfigurationManager.AppSettings["Host"];
string metadataAddress = ConfigurationManager.AppSettings["MetadataAddress"];
HttpClientHandler handler;
handler = new HttpClientHandler();
//handler.ClientCertificates.Add(X509.LocalMachine.My.SubjectDistinguishedName.Find("CN=localhost").First());
handler.UseDefaultCredentials = true;
handler.AllowAutoRedirect = false;
handler.ServerCertificateCustomValidationCallback =
(req, cert, er, t) =>
true;
WsFederationAuthenticationOptions wsFederation = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = metadataAddress,
Wtrealm = "urn:idsrv3",
BackchannelCertificateValidator = null,
Notifications = new WsFederationAuthenticationNotifications
{
// ignore signout requests (we can't sign out of Windows)
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.IsSignOutMessage)
{
// tell IdentityServer to manage the sign out instead of the Windows provider
n.OwinContext.Authentication.SignOut();
n.HandleResponse();
}
return(Task.FromResult(0));
}
},
BackchannelHttpHandler = handler
};
app.UseWsFederationAuthentication(wsFederation);
}
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions {
AuthenticationType = "Google",
Caption = "Sign-in with Google",
SignInAsAuthenticationType = signInAsType,
ClientId = "658080129204-2osr9ots9lnmhnr0hi1niekb9bsrke76.apps.googleusercontent.com",
ClientSecret = "2SZ8dGRyuyT6qykVoD-mFeVE"
});
var wsFederation = new WsFederationAuthenticationOptions {
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "https://localhost:44366",
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(wsFederation);
}
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions
//{
// AuthenticationType = "Google",
// Caption = "Sign-in with Google",
// SignInAsAuthenticationType = signInAsType,
// ClientId = "key",
// ClientSecret = "secret"
//});
var wsFederation = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows - A",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = ConfigurationManager.AppSettings["Security.WindowsAuthProviderAddress"],
Wtrealm = "urn:idsrv3",
};
app.UseWsFederationAuthentication(wsFederation);
}
private void ConfigureIpds(IAppBuilder app, string signInAsType)
{
var wsFed = new WsFederationAuthenticationOptions
{
AuthenticationType = "adfs",
Caption = "Signing with ADFS",
MetadataAddress = "",
Wtrealm = "urn:evision",
SignInAsAuthenticationType = signInAsType
};
var googleOptions = new GoogleOAuth2AuthenticationOptions
{
AuthenticationType = "google",
Caption = "Sign in with Google",
ClientId = "936550414368-lj6k0md1ncivv85mh696sle5flcr0u1i.apps.googleusercontent.com",
ClientSecret = "tM9HJMr79kBQ8w6dGhMEUM_p",
SignInAsAuthenticationType = signInAsType
};
app.UseGoogleAuthentication(googleOptions);
}
public void ConfigureAuth(IAppBuilder app)
{
//Cookie Auth
var cookieOptions =
new CookieAuthenticationOptions {
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType
};
app.UseCookieAuthentication(cookieOptions);
//TODO: Ensure you update your application settings for your ADFS Config and then remove this todo note.
//TODO: Remember you will need the ADFS admin to configure a relying partner and rules for your application and then remove this todo note.
//WS Fed Auth (Uses cookies to store info)
var wsFedOptions = new WsFederationAuthenticationOptions
{
MetadataAddress = ConfigurationManager.AppSettings["ida:ADFSMetadata"], //"https://youradfsserver.address.com/FederationMetadata/2007-06/FederationMetadata.xml",
Wtrealm = ConfigurationManager.AppSettings["ida:Wtrealm"], //Example: https://yourwebsite/Account/LoginCallbackAdfs,
Wreply = ConfigurationManager.AppSettings["ida:Wreply"], //Example: https://yourwebsite/Account/LoginCallbackAdfs || ""
};
app.UseWsFederationAuthentication(wsFedOptions);
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
}
private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var feds = GetWsFedProviders();
foreach (var wsFed in feds)
{
var wsf = new WsFederationAuthenticationOptions
{
AuthenticationType = $"wsfed{wsFed.WsFedId}",
Caption = wsFed.Caption,
TokenValidationParameters =
new TokenValidationParameters
{
ValidAudience = wsFed.Audience
},
SignInAsAuthenticationType = signInAsType,
CallbackPath = new PathString($"{AppSettings.IdsAppPath}/callback/wsfed{wsFed.WsFedId}"),
MetadataAddress = wsFed.MetadataAddress,
Wtrealm = wsFed.Realm
};
app.UseWsFederationAuthentication(wsf);
}
}
/// <summary>
/// Adds the <see cref="WsFederationAuthenticationMiddleware"/> into the OWIN runtime.
/// </summary>
/// <param name="app">The <see cref="IAppBuilder"/> passed to the configuration method</param>
/// <param name="wsFederationOptions">WsFederationAuthenticationOptions configuration options</param>
/// <returns>The updated <see cref="IAppBuilder"/></returns>
public static IAppBuilder UseWsFederationAuthentication(this IAppBuilder app, WsFederationAuthenticationOptions wsFederationOptions)
{
if (app == null)
{
throw new ArgumentNullException("app");
}
if (wsFederationOptions == null)
{
throw new ArgumentNullException("wsFederationOptions");
}
if (string.IsNullOrWhiteSpace(wsFederationOptions.TokenValidationParameters.ValidAudience))
{
wsFederationOptions.TokenValidationParameters.ValidAudience = wsFederationOptions.Wtrealm;
}
return(app.Use <WsFederationAuthenticationMiddleware>(app, wsFederationOptions));
}
public static void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var google = new GoogleOAuth2AuthenticationOptions
{
AuthenticationType = "Google",
Caption = "Google",
SignInAsAuthenticationType = signInAsType,
ClientId = "767400843187-8boio83mb57ruogr9af9ut09fkg56b27.apps.googleusercontent.com",
ClientSecret = "5fWcBT0udKY7_b6E3gEiJlze"
};
app.UseGoogleAuthentication(google);
var fb = new FacebookAuthenticationOptions
{
AuthenticationType = "Facebook",
Caption = "Facebook",
SignInAsAuthenticationType = signInAsType,
AppId = "676607329068058",
AppSecret = "9d6ab75f921942e61fb43a9b1fc25c63"
};
app.UseFacebookAuthentication(fb);
var twitter = new TwitterAuthenticationOptions
{
AuthenticationType = "Twitter",
Caption = "Twitter",
SignInAsAuthenticationType = signInAsType,
ConsumerKey = "N8r8w7PIepwtZZwtH066kMlmq",
ConsumerSecret = "df15L2x6kNI50E4PYcHS0ImBQlcGIt6huET8gQN41VFpUCwNjM"
};
app.UseTwitterAuthentication(twitter);
var aad = new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "aad",
Caption = "Azure AD",
SignInAsAuthenticationType = signInAsType,
Authority = "https://login.windows.net/4ca9cb4c-5e5f-4be9-b700-c532992a3705",
ClientId = "65bbbda8-8b85-4c9d-81e9-1502330aacba",
RedirectUri = "https://localhost:44333/core/aadcb",
};
app.UseOpenIdConnectAuthentication(aad);
// workaround for https://katanaproject.codeplex.com/workitem/409
var metadataAddress = "https://adfs.leastprivilege.vm/federationmetadata/2007-06/federationmetadata.xml";
var manager = new SyncConfigurationManager(new ConfigurationManager <WsFederationConfiguration>(metadataAddress));
var adfs = new WsFederationAuthenticationOptions
{
AuthenticationType = "adfs",
Caption = "ADFS",
SignInAsAuthenticationType = signInAsType,
CallbackPath = new PathString("/core/adfs"),
ConfigurationManager = manager,
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(adfs);
var was = new WsFederationAuthenticationOptions
{
AuthenticationType = "was",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,
CallbackPath = new PathString("/core/was"),
MetadataAddress = "https://localhost:44350",
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(was);
}
public SecurityTokenContext(HttpContext context, WsFederationAuthenticationOptions options)
: base(context, options)
{
}
public static IAppBuilder UseWsFederationAndCookieAuthenticationWithDefaults(this IAppBuilder app, WsFederationAuthenticationOptions wsFederationAuthenticationOptions = null, CookieAuthenticationOptions cookieAuthenticationOptions = null, Func <IOwinContext, Task> signOutCallback = null)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(cookieAuthenticationOptions ?? app.CreateDefaultCookieAuthenticationOptions());
app.UseWsFederationAuthentication(wsFederationAuthenticationOptions ?? app.CreateDefaultWSFederationOptionsFromConfig());
app.UseWsFederationSignout(signOutCallback);
return(app);
}
public MessageReceivedContext(HttpContext context, WsFederationAuthenticationOptions options)
: base(context, options)
{
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
var avensiaADFS = new WsFederationAuthenticationOptions
{
MetadataAddress = "https://adfs.avensia.com/FederationMetadata/2007-06/FederationMetadata.xml",
AuthenticationType = "Avensia ADFS",
Caption = "Avensia Domain",
BackchannelCertificateValidator = null,
//localhost
Wreply = "https://localhost:44314/Account/LoginCallbackAvensiaAdfs",
Wtrealm = "https://localhost:44314/Account/LoginCallbackAvensiaAdfs"
};
//configure IndiaUniverse ADFS middleware
var samhallADFS = new WsFederationAuthenticationOptions
{
MetadataAddress = "https://adfs.samhall.se/federationmetadata/2007-06/federationmetadata.xml",
AuthenticationType = "Samhall ADFS",
Caption = "Samhall Domain",
BackchannelCertificateValidator = null,
//localhost
Wreply = "https://localhost:44314/Account/LoginCallbackSamhallAdfs",
Wtrealm = "https://localhost:44314/Account/LoginCallbackSamhallAdfs"
};
app.Map("/Account", configuration =>
{
configuration.UseWsFederationAuthentication(avensiaADFS);
configuration.UseWsFederationAuthentication(samhallADFS);
});
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
}
