/// <summary> /// Extension method for adding the windows authentication service to the pipeline /// </summary> /// <param name="app">The app builder.</param> /// <param name="options">The options class.</param> /// <returns></returns> public static IAppBuilder UseWindowsAuthenticationService(this IAppBuilder app, WindowsAuthenticationOptions options) { Logger.Info("Starting configuration."); app.ConfigureBaseUrl(options.PublicOrigin); if (options.EnableWsFederationEndpoint) { Logger.Info("Adding WS-Federation endpoint"); var webApiConfig = new HttpConfiguration(); webApiConfig.MapHttpAttributeRoutes(); webApiConfig.Services.Add(typeof(IExceptionLogger), new LogProviderExceptionLogger()); webApiConfig.Services.Replace(typeof(IHttpControllerTypeResolver), new ControllerResolver()); var builder = new ContainerBuilder(); builder.RegisterInstance(options); builder.RegisterApiControllers(typeof(AuthenticationController).Assembly); webApiConfig.DependencyResolver = new AutofacWebApiDependencyResolver(builder.Build()); app.UseWebApi(webApiConfig); } if (options.EnableOAuth2Endpoint) { Logger.Info("Adding OAuth2 endpoint"); app.Use(async (context, next) => { if (context.Request.Uri.AbsolutePath.EndsWith("/token", StringComparison.OrdinalIgnoreCase)) { if (context.Authentication.User == null || !context.Authentication.User.Identity.IsAuthenticated) { context.Response.StatusCode = 401; return; } } await next(); }); app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/token"), Provider = new WindowsAuthenticationTokenProvider(options), AccessTokenFormat = new JwtFormat(options), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(options.TokenLifeTime) }); } SignatureConversions.AddConversions(app); Logger.Info("Configuration done."); return app; }
public static ClaimsIdentity Create(WindowsPrincipal principal, WindowsAuthenticationOptions options) { var claims = new List<Claim>(); string sub = null; if (options.SubjectType == SubjectType.WindowsAccountName) { Logger.Debug("Using WindowsAccountName as subject"); sub = principal.Identity.Name; } else if (options.SubjectType == SubjectType.Sid) { Logger.Debug("Using primary SID as subject"); sub = principal.FindFirst(ClaimTypes.PrimarySid).Value; } claims.Add(new Claim("sub", sub)); if (options.EmitWindowsAccountNameAsName) { Logger.Debug("Emitting WindowsAccountName as name claim"); claims.Add(new Claim("name", principal.Identity.Name)); } if (options.EmitGroups) { Logger.Debug("Using Windows groups as role claims"); claims.AddRange(CreateGroupClaims(principal)); } claims.Add(new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Windows)); claims.Add(AuthenticationInstantClaim.Now); return new ClaimsIdentity(claims, "Windows"); }
public AuthenticationController(WindowsAuthenticationOptions options) { _options = options; }
public WindowsAuthenticationTokenProvider(WindowsAuthenticationOptions options) { _options = options; }
public MetadataResponseGenerator(WindowsAuthenticationOptions options) { _options = options; }
public WindowsAuthenticationTokenProvider(WindowsAuthenticationOptions options) { _options = options; }
public JwtFormat(WindowsAuthenticationOptions options) { _options = options; }
public SignInResponseGenerator(WindowsAuthenticationOptions options) { _options = options; }