protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
{
Scope scope = new Scope(request.AppliesTo.Uri.AbsoluteUri, SecurityTokenServiceConfiguration.SigningCredentials);
string encryptingCertificateName = WebConfigurationManager.AppSettings[ApplicationSettingsNames.EncryptingCertificateName];
if (!string.IsNullOrEmpty(encryptingCertificateName))
{
scope.EncryptingCredentials = new X509EncryptingCredentials(CertificateUtilities.GetCertificate(StoreName.My, StoreLocation.LocalMachine, encryptingCertificateName));
}
else
{
scope.TokenEncryptionRequired = false;
}
if (!string.IsNullOrEmpty(request.ReplyTo))
{
scope.ReplyToAddress = request.ReplyTo;
}
else
{
scope.ReplyToAddress = scope.AppliesToAddress;
}
return(scope);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.Configure <AppSettings>(Configuration.GetSection("AppSettings"));
services.AddHttpContextAccessor();
services.AddScoped <IUserService, UserService>();
services.AddAuthentication(a =>
{
a.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
a.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new X509SecurityKey(CertificateUtilities.GetCertificate(Configuration.GetValue <string>("XCM_AUTH_CERT"))),
ValidateIssuer = false,
ValidateAudience = false
};
});
}
public IdentityProviderSecurityTokenServiceConfiguration()
: base(
WebConfigurationManager.AppSettings[ApplicationSettingsNames.IssuerName],
new X509SigningCredentials(
CertificateUtilities.GetCertificate(
StoreName.My,
StoreLocation.LocalMachine,
WebConfigurationManager.AppSettings[ApplicationSettingsNames.SigningCertificateName])))
{
this.SecurityTokenService = typeof(IdentityProviderSecurityTokenService);
}
public FederationSecurityTokenServiceConfiguration()
: base(
WebConfigurationManager.AppSettings[ApplicationSettingsNames.IssuerName],
new X509SigningCredentials(
CertificateUtilities.GetCertificate(
StoreName.My,
StoreLocation.LocalMachine,
WebConfigurationManager.AppSettings[ApplicationSettingsNames.SigningCertificateName])))
{
this.SecurityTokenService = typeof(FederationSecurityTokenService);
this.DefaultTokenType = SecurityTokenTypes.Saml2TokenProfile11;
}
/// <summary>
/// Retrieves the X509 Certificate used for the server side of TLS
/// </summary>
/// <param name="configuration">The gateway configuration</param>
/// <returns>An X509 Certificate if available</returns>
X509Certificate2 GetServerCertificate(GatewayConfiguration configuration)
{
X509Certificate2 certificate = null;
switch (configuration.X509Location)
{
case GatewayConfiguration.CertificateLocation.Data:
string certificateFile = Path.Combine(this.serviceContext.CodePackageActivationContext.GetDataPackageObject("Data").Path, configuration.X509Identifier);
certificate = CertificateUtilities.GetCertificateFromFile(certificateFile, configuration.X509Credential);
break;
case GatewayConfiguration.CertificateLocation.KeyVault:
// certificate = CertificateUtilities.GetCertificateFromKeyVault(certificateFile, this.configuration.X509Credential);
throw new NotImplementedException();
case GatewayConfiguration.CertificateLocation.LocalStore:
certificate = CertificateUtilities.GetCertificate(configuration.X509Identifier, StoreName.My, StoreLocation.LocalMachine);
break;
}
return(certificate);
}