public static void Configure(IAppBuilder app) { Log.Logger = new LoggerConfiguration() .MinimumLevel.Debug() .WriteTo.Trace() .CreateLogger(); app.UseAesDataProtectorProvider(); BasePath = AppDomain.CurrentDomain.BaseDirectory; var certFile = Path.Combine(BasePath, "idsrv3test.pfx"); Console.WriteLine(certFile); var options = ConfigureIdentityServer(certFile); // var cpath = Path.GetFullPath(Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location),"..", "..", "..", "src", "Janitor", "Content")); // Console.WriteLine(cpath); // app.UseStaticFiles (new StaticFileOptions { // RequestPath = new PathString("/Content"), // FileSystem = new PhysicalFileSystem(cpath) // }); app.Map("/admin", adminApp => { var factory = new IdentityManagerServiceFactory(); factory.ConfigureSimpleIdentityManagerService("AspId"); var adminOptions = new IdentityManagerOptions { Factory = factory, }; adminOptions.SecurityConfiguration.RequireSsl = false; adminApp.UseIdentityManager(adminOptions); }); app.UseIdentityServer(options); }
public void ConfigureIdentityManager(IAppBuilder app) { app.Map("/idm", idm => { var db = new ApplicationDbContext(); var userMgr = new ApplicationUserManager(new UserStore <ApplicationUser>(db)); var roleMgr = new RoleManager <IdentityRole>(new RoleStore <IdentityRole>(db)); var svc = new AspNetIdentityManagerService <ApplicationUser, string, IdentityRole, string>(userMgr, roleMgr); var options = new IdentityManagerOptions() { Factory = { IdentityManagerService = new Registration <IIdentityManagerService>(svc) }, DisableUserInterface = false, SecurityConfiguration = new HostSecurityConfiguration() { HostAuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, RequireSsl = !GlobalSettings.IsDevelopment, AdminRoleName = Constants.Roles.Administrator, RoleClaimType = ClaimTypes.Role } }; idm.UseIdentityManager(options); }); }
public static void ConfigureManagerService(this IAppBuilder app) { app.Map("/admin", adminApp => { var factory = new IdentityManagerServiceFactory(); //IdentityDbContext identityDbContext = new IdentityDbContext("AuthServer"); IdentityDbContext identityDbContext = new CustomIdentityDbContext("AuthServer"); UserManager <IdentityUser> userManager = new UserManager <IdentityUser>(new UserStore <IdentityUser>(identityDbContext)); RoleManager <IdentityRole> roleManager = new RoleManager <IdentityRole>(new RoleStore <IdentityRole>(identityDbContext)); //var managerService = new AspNetIdentityManagerService<IdentityUser, string, IdentityRole, string>(userManager, roleManager); var managerService = new CustomAspNetIdentityManagerService(userManager, roleManager); factory.IdentityManagerService = new Registration <IIdentityManagerService>(managerService); var managerOptions = new IdentityManagerOptions() { Factory = factory }; managerOptions.SecurityConfiguration.RequireSsl = false; managerOptions.SecurityConfiguration.AdminRoleName = "admin";//setup which role can manage the account adminApp.UseIdentityManager(managerOptions); }); }
public static void UseIdentityManager(this IAppBuilder app, IdentityManagerOptions options) { if (app == null) { throw new ArgumentNullException("app"); } if (options == null) { throw new ArgumentNullException("config"); } app.SetLoggerFactory(new LibLogLoggerFactory()); Logger.Info("Starting IdentityManager configuration"); options.Validate(); app.Use(async(ctx, next) => { if (!ctx.Request.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase) && options.SecurityConfiguration.RequireSsl) { ctx.Response.Write("HTTPS required"); } else { await next(); } }); var container = AutofacConfig.Configure(options); app.Use <AutofacContainerMiddleware>(container); options.SecurityConfiguration.Configure(app); if (!options.DisableUserInterface) { app.UseFileServer(new FileServerOptions { RequestPath = new PathString("/assets"), FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets") }); app.UseFileServer(new FileServerOptions { RequestPath = new PathString("/assets/libs/fonts"), FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets.Content.fonts") }); app.UseStageMarker(PipelineStage.MapHandler); } SignatureConversions.AddConversions(app); app.UseWebApi(WebApiConfig.Configure(options)); app.UseStageMarker(PipelineStage.MapHandler); // clears out the OWIN logger factory so we don't recieve other hosting related logs app.Properties["server.LoggerFactory"] = null; }
public PageController(IOptions <IdentityManagerOptions> idmConfig) { if (idmConfig == null) { throw new ArgumentNullException("idmConfig"); } this._idmConfig = idmConfig.Value; }
public PageController(IdentityManagerOptions idmConfig) { if (idmConfig == null) { throw new ArgumentNullException("idmConfig"); } this.idmConfig = idmConfig; }
public MetaController(IdentityManagerOptions config, IIdentityManagerService userManager) { if (config == null) { throw new ArgumentNullException("config"); } if (userManager == null) { throw new ArgumentNullException("userManager"); } this.config = config; this.userManager = userManager; }
public void Configuration(IAppBuilder appBuilder) { Log.Logger = new LoggerConfiguration() .WriteTo.Trace(outputTemplate: "{Timestamp} [{Level}] ({Name}){NewLine} {Message}{NewLine}{Exception}") .CreateLogger(); JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>(); appBuilder.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Cookies", LoginPath = new PathString("/Home/Login") }); appBuilder.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { AuthenticationType = "oidc", Authority = "https://localhost:44333", ClientId = "idmgr_and_idadmin", RedirectUri = "https://localhost:44333", ResponseType = "id_token", UseTokenLifetime = false, Scope = "openid idmgr idAdmin", SignInAsAuthenticationType = "Cookies", Notifications = new OpenIdConnectAuthenticationNotifications { SecurityTokenValidated = n => { n.AuthenticationTicket.Identity.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken)); return(Task.FromResult(0)); }, RedirectToIdentityProvider = async n => { if (n.ProtocolMessage.RequestType == Microsoft.IdentityModel.Protocols.OpenIdConnectRequestType.LogoutRequest) { var result = await n.OwinContext.Authentication.AuthenticateAsync("Cookies"); if (result != null) { var id_token = result.Identity.Claims.GetValue("id_token"); if (id_token != null) { n.ProtocolMessage.IdTokenHint = id_token; n.ProtocolMessage.PostLogoutRedirectUri = "https://localhost:44333"; } } } } } }); var connString = ConfigurationManager.ConnectionStrings["IdSvr3Config"].ConnectionString; // Identity admin appBuilder.Map("/adm", adminApp => { var idAdminOptions = new IdentityAdminOptions { Factory = ConfigIdentityServerAdmin.Factory.Configure(connString), AdminSecurityConfiguration = new IdentityAdmin.Configuration.AdminHostSecurityConfiguration() { HostAuthenticationType = IdentityAdmin.Constants.CookieAuthenticationType, AdminRoleName = "IdentityServerAdmin", NameClaimType = "name", RoleClaimType = "role", } }; adminApp.UseIdentityAdmin(idAdminOptions); }); //Identity manager appBuilder.Map("/idm", adminApp => { var idManagerOptions = new IdentityManagerOptions { Factory = ConfigIdentityManager.Factory.Configure(connString), SecurityConfiguration = new HostSecurityConfiguration() { HostAuthenticationType = IdentityManager.Constants.CookieAuthenticationType, AdminRoleName = "IdentityManagerAdmin", NameClaimType = "name", RoleClaimType = "role", } }; adminApp.UseIdentityManager(idManagerOptions); }); // Identity server appBuilder.Map("/ids", adminApp => { var idsrvOptions = new IdentityServerOptions { Factory = ConfigIdentityServer.Factory.Configure(connString), SigningCertificate = Certificate.Get(), RequireSsl = true }; appBuilder.UseIdentityServer(idsrvOptions); }); }
public AuthController(ITokenProvider <AuthenticationTicket> tokenProvider, IdentityManagerOptions options) { this.tokenProvider = tokenProvider ?? throw new ArgumentNullException(nameof(tokenProvider)); this.options = options ?? throw new ArgumentNullException(nameof(options)); }
public void Configuration(IAppBuilder appBuilder) { var connectionString = ConfigurationManager.AppSettings["Connection"]; JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>(); appBuilder.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Cookies" }); appBuilder.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); appBuilder.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { AuthenticationType = "oidc", Authority = ConfigurationManager.AppSettings["IdentityServer"], ClientId = "idmgr_client", RedirectUri = ConfigurationManager.AppSettings["IdentityManager"], ResponseType = "id_token", UseTokenLifetime = false, Scope = "openid idmgr", SignInAsAuthenticationType = "Cookies" }); // Identity Manager appBuilder.Map("/admin", adminApp => { var factory = new IdentityManagerServiceFactory(); factory.Configure(connectionString); var options = new IdentityManagerOptions { Factory = factory }; if (Convert.ToBoolean(ConfigurationManager.AppSettings["SecurityEnabled"])) { options.SecurityConfiguration = new HostSecurityConfiguration { HostAuthenticationType = "Cookies", AdditionalSignOutType = "oidc" }; } adminApp.UseIdentityManager(options); }); // Identity Server var idFactory = new IdentityServerServiceFactory(); idFactory.Configure(connectionString); var idOptions = new IdentityServerOptions { SigningCertificate = Certificate.Load(), Factory = idFactory, CorsPolicy = CorsPolicy.AllowAll, AuthenticationOptions = new AuthenticationOptions { IdentityProviders = ConfigureIdentityProviders } }; appBuilder.UseIdentityServer(idOptions); }
public AuthenticationTicketTokenProvider(IDataProtectionProvider dataProtectionProvider, IdentityManagerOptions options) { protector = dataProtectionProvider.CreateProtector("authTicket"); this.options = options; }
public PageController(IOptions <IdentityManagerOptions> config) { this.config = config?.Value ?? throw new ArgumentNullException(nameof(config)); }
public void Configuration(IAppBuilder app) { LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider()); Log.Logger = new LoggerConfiguration() .MinimumLevel.Debug() .WriteTo.Trace() .CreateLogger(); app.UseAesDataProtectorProvider(); app.Map("/admin", adminApp => { var factory = new IdentityManagerServiceFactory(); factory.ConfigureSimpleIdentityManagerService("AspId"); //factory.ConfigureCustomIdentityManagerServiceWithIntKeys("AspId_CustomPK"); var adminOptions = new IdentityManagerOptions() { Factory = factory }; adminOptions.SecurityConfiguration.RequireSsl = false; adminApp.UseIdentityManager(adminOptions); }); var idSvrFactory = Factory.Configure(); idSvrFactory.ConfigureUserService("AspId"); var viewOptions = new ViewServiceOptions { TemplatePath = this.basePath.TrimEnd(new char[] { '/' }) }; idSvrFactory.ViewService = new IdentityServer3.Core.Configuration.Registration <IViewService>(new ViewService(viewOptions)); var options = new IdentityServerOptions { SiteName = "IdentityServer3 - ViewSerive-AspNetIdentity", SigningCertificate = Certificate.Get(), Factory = idSvrFactory, RequireSsl = false, AuthenticationOptions = new AuthenticationOptions { IdentityProviders = ConfigureAdditionalIdentityProviders, } }; app.Map("/core", core => { core.UseIdentityServer(options); }); app.UseStaticFiles(new StaticFileOptions { RequestPath = new PathString("/Content"), FileSystem = new PhysicalFileSystem(Path.Combine(this.basePath, "Content")) }); var config = new HttpConfiguration(); // config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute("API", "api/{controller}/{action}", new { controller = "Home", action = "Get" }); app.UseWebApi(config); }
public EmbeddedHtmlResult(PathString pathBase, string file, IdentityManagerOptions options) { path = pathBase.Value; this.file = file; this.options = options; }
// Per ulteriori informazioni sulla configurazione dell'autenticazione, visitare http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { // Configurare il contesto di database, la gestione utenti e la gestione accessi in modo da usare un'unica istanza per richiesta app.CreatePerOwinContext(ApplicationDbContext.Create); app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create); app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create); #region cookie authentication // Consentire all'applicazione di utilizzare un cookie per memorizzare informazioni relative all'utente connesso // e per memorizzare temporaneamente le informazioni relative a un utente che accede tramite un provider di accesso di terze parti // Configurare il cookie di accesso app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { // Consente all'applicazione di convalidare l'indicatore di sicurezza quando l'utente esegue l'accesso. // Questa funzionalità di sicurezza è utile quando si cambia una password o si aggiungono i dati di un account di accesso esterno all'account personale. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)), OnApplyRedirect = ctx => { var response = ctx.Response; if (!IsApiResponse(ctx.Response)) { response.Redirect(ctx.RedirectUri); } } }, }); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); // Consente all'applicazione di memorizzare temporaneamente le informazioni dell'utente durante la verifica del secondo fattore nel processo di autenticazione a due fattori. app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5)); // Consente all'applicazione di memorizzare il secondo fattore di verifica dell'accesso, ad esempio il numero di telefono o l'indirizzo e-mail. // Una volta selezionata questa opzione, il secondo passaggio di verifica durante la procedura di accesso viene memorizzato sul dispositivo usato per accedere. // È simile all'opzione RememberMe disponibile durante l'accesso. app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie); #endregion #region external login // Rimuovere il commento dalle seguenti righe per abilitare l'accesso con provider di accesso di terze parti //app.UseMicrosoftAccountAuthentication( // clientId: "", // clientSecret: ""); //app.UseTwitterAuthentication( // consumerKey: "", // consumerSecret: ""); //app.UseFacebookAuthentication( // appId: "", // appSecret: ""); //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions() //{ // ClientId = "", // ClientSecret = "" //}); #endregion #region Bearer token var oAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/api/Token"), Provider = new ApplicationOAuthProvider("self"), AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), // In production mode set AllowInsecureHttp = false AllowInsecureHttp = true }; // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(oAuthOptions); #endregion #region IdentityManagerConfiguration var factory = new IdentityManagerServiceFactory(); // In questo specifico esempio, usiamo Entity Framework // e perciò registriamo le classi UserStore<TUser> e // RoleStore<TRole> dal namespace Microsoft.AspNet.Identity.EntityFramework factory.IdentityManagerService = new Registration <IIdentityManagerService>( resolver => { var userManager = new UserManager <IdentityUser>(new UserStore <IdentityUser>()); var roleManager = new RoleManager <IdentityRole>(new RoleStore <IdentityRole>()); return(new AspNetIdentityManagerService < IdentityUser, string, IdentityRole, string>(userManager, roleManager)); }); // Creiamo l'oggetto di configurazione var managerOptions = new IdentityManagerOptions { // Consentiamo l'accesso solo dalla macchina locale SecurityConfiguration = new LocalhostSecurityConfiguration { RequireSsl = false }, // Potremmo decidere di fare a meno dell'interfaccia grafica, // se volessimo sfruttare la Web API sottostante, esposta // su /identitymanager/api DisableUserInterface = false, //Indichiamo la factory creata in precedenza Factory = factory }; // Infine, registriamo il middleware indicando il percorso // da cui desideriamo accedere al pannello di gestione app.Map("/identitymanager", map => { map.UseIdentityManager(managerOptions); }); #endregion }
public static void UseIdentityManager(this IAppBuilder app, IdentityManagerOptions options) { if (app == null) { throw new ArgumentNullException("app"); } if (options == null) { throw new ArgumentNullException("config"); } options.Validate(); JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>(); var container = AutofacConfig.Configure(options); app.Use <AutofacContainerMiddleware>(container); if (options.SecurityMode == SecurityMode.LocalMachine) { var local = new LocalAuthenticationOptions(options.AdminRoleName); app.Use <LocalAuthenticationMiddleware>(local); } else if (options.SecurityMode == SecurityMode.OAuth2) { var jwtParams = new System.IdentityModel.Tokens.TokenValidationParameters { NameClaimType = options.OAuth2Configuration.NameClaimType, RoleClaimType = options.OAuth2Configuration.RoleClaimType, ValidAudience = options.OAuth2Configuration.Audience, ValidIssuer = options.OAuth2Configuration.Issuer, }; if (options.OAuth2Configuration.SigningCert != null) { jwtParams.IssuerSigningToken = new X509SecurityToken(options.OAuth2Configuration.SigningCert); } else { var bytes = Convert.FromBase64String(options.OAuth2Configuration.SigningKey); jwtParams.IssuerSigningToken = new BinarySecretSecurityToken(bytes); } app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions { TokenValidationParameters = jwtParams }); app.RequireScopes(new ScopeValidationOptions { AllowAnonymousAccess = true, Scopes = new string[] { options.OAuth2Configuration.Scope } }); if (options.OAuth2Configuration.ClaimsTransformation != null) { app.Use(async(ctx, next) => { var user = ctx.Authentication.User; if (user != null) { user = options.OAuth2Configuration.ClaimsTransformation(user); ctx.Authentication.User = user; } await next(); }); } } if (!options.DisableUserInterface) { app.UseFileServer(new FileServerOptions { RequestPath = new PathString("/assets"), FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets") }); app.UseFileServer(new FileServerOptions { RequestPath = new PathString("/assets/libs/fonts"), FileSystem = new EmbeddedResourceFileSystem(typeof(IdentityManagerAppBuilderExtensions).Assembly, "IdentityManager.Assets.Content.fonts") }); app.UseStageMarker(PipelineStage.MapHandler); } SignatureConversions.AddConversions(app); app.UseWebApi(WebApiConfig.Configure(options)); app.UseStageMarker(PipelineStage.MapHandler); }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { // Configure the db context, user manager and signin manager to use a single instance per request app.CreatePerOwinContext(ApplicationDbContext.Create); app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create); app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create); // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } }); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process. app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5)); // Enables the application to remember the second login verification factor such as phone or email. // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from. // This is similar to the RememberMe option when you log in. app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie); // Uncomment the following lines to enable logging in with third party login providers //app.UseMicrosoftAccountAuthentication( // clientId: "", // clientSecret: ""); //app.UseTwitterAuthentication( // consumerKey: "", // consumerSecret: ""); //app.UseFacebookAuthentication( // appId: "", // appSecret: ""); //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions() //{ // ClientId = "", // ClientSecret = "" //}); #region IdentityManagerConfiguration var factory = new IdentityManagerServiceFactory(); // In questo specifico esempio, usiamo Entity Framework // e perciò registriamo le classi UserStore<TUser> e // RoleStore<TRole> dal namespace Microsoft.AspNet.Identity.EntityFramework factory.IdentityManagerService = new Registration <IIdentityManagerService>( resolver => { var userManager = new UserManager <IdentityUser>(new UserStore <IdentityUser>()); var roleManager = new RoleManager <IdentityRole>(new RoleStore <IdentityRole>()); return(new AspNetIdentityManagerService < IdentityUser, string, IdentityRole, string>(userManager, roleManager)); }); // Creiamo l'oggetto di configurazione var managerOptions = new IdentityManagerOptions { // Consentiamo l'accesso solo dalla macchina locale SecurityConfiguration = new LocalhostSecurityConfiguration { RequireSsl = false }, // Potremmo decidere di fare a meno dell'interfaccia grafica, // se volessimo sfruttare la Web API sottostante, esposta // su /identitymanager/api DisableUserInterface = false, //Indichiamo la factory creata in precedenza Factory = factory }; // Infine, registriamo il middleware indicando il percorso // da cui desideriamo accedere al pannello di gestione app.Map("/identitymanager", map => { map.UseIdentityManager(managerOptions); }); #endregion }