public MultipleAuthenticationStartup(ClaimsPrincipal principal1, ClaimsPrincipal principal2, bool automaticAuthenticate, ScopeValidationOptions options) { _principal1 = principal1; _principal2 = principal2; _scopeOptions = options; _automaticAuthenticate = automaticAuthenticate; }
/// <summary> /// Initializes a new instance of the <see cref="ScopeValidationMiddleware"/> class. /// </summary> /// <param name="next">The next midleware.</param> /// <param name="scopes">The scopes.</param> public ScopeValidationMiddleware(RequestDelegate next, ScopeValidationOptions options, ILogger <ScopeValidationMiddleware> logger) { _logger = logger; if (next == null) { throw new ArgumentNullException(nameof(next)); } if (options == null) { throw new ArgumentNullException(nameof(options)); } if (string.IsNullOrWhiteSpace(options.ScopeClaimType)) { throw new ArgumentNullException(nameof(options.ScopeClaimType)); } if (options.AllowedScopes == null) { throw new ArgumentNullException(nameof(options.AllowedScopes)); } _next = next; _options = options; }
public static IApplicationBuilder UseIdentityServerAuthentication(this IApplicationBuilder app, IdentityServerAuthenticationOptions options) { var combinedOptions = new CombinedAuthenticationOptions(); combinedOptions.TokenRetriever = options.TokenRetriever; combinedOptions.AuthenticationScheme = options.AuthenticationScheme; switch (options.SupportedTokens) { case SupportedTokens.Jwt: combinedOptions.JwtBearerOptions = ConfigureJwt(options); break; case SupportedTokens.Reference: combinedOptions.IntrospectionOptions = ConfigureIntrospection(options); break; case SupportedTokens.Both: combinedOptions.JwtBearerOptions = ConfigureJwt(options); combinedOptions.IntrospectionOptions = ConfigureIntrospection(options); break; default: throw new Exception("SupportedTokens has invalid value"); } app.UseMiddleware <IdentityServerAuthenticationMiddleware>(app, combinedOptions); var allowedScopes = new List <string>(); if (!string.IsNullOrWhiteSpace(options.ScopeName)) { allowedScopes.Add(options.ScopeName); } if (options.AdditionalScopes != null && options.AdditionalScopes.Any()) { allowedScopes.AddRange(options.AdditionalScopes); } if (allowedScopes.Any()) { var scopeOptions = new ScopeValidationOptions { AllowedScopes = allowedScopes, AuthenticationScheme = options.AuthenticationScheme }; app.AllowScopes(scopeOptions); } return(app); }
public static IAppBuilder RequireScopes(this IAppBuilder app, params string[] scopes) { var options = new ScopeValidationOptions { Scopes = scopes, AllowAnonymousAccess = false, ScopeClaimType = "scope" }; app.RequireScopes(options); return(app); }
//[Fact] //public async Task Authenticated_User_Missing_Scopes_Should_Be_Forbidden() //{ // var principal = Principal.Create("custom", // new Claim("sub", "123")); // var allowedScopes = new[] { "scope1", "scope2" }; // var client = CreateClient(principal, allowedScopes); // var response = await client.GetAsync("/"); // response.StatusCode.Should().Be(HttpStatusCode.Forbidden); //} //[Fact] //public async Task Authenticated_User_Matching_Scope_Should_Be_Allowed() //{ // var principal = Principal.Create("custom", // new Claim("sub", "123"), // new Claim("scope", "scope1")); // var allowedScopes = new[] { "scope1", "scope2" }; // var client = CreateClient(principal, allowedScopes); // var response = await client.GetAsync("/"); // response.StatusCode.Should().Be(HttpStatusCode.OK); //} private HttpClient CreateClient(ClaimsPrincipal principal1, ClaimsPrincipal principal2, bool automaticAuthenticate, IEnumerable <string> allowedScopes, string scopeAuthenticationScheme) { var options = new ScopeValidationOptions { AllowedScopes = allowedScopes, AuthenticationScheme = scopeAuthenticationScheme }; var startup = new MultipleAuthenticationStartup(principal1, principal2, automaticAuthenticate, options); var server = new TestServer(new WebHostBuilder() .Configure(startup.Configure) .ConfigureServices(startup.ConfigureServices)); return(server.CreateClient()); }
public static CombinedAuthenticationOptions FromIdentityServerAuthenticationOptions(IdentityServerAuthenticationOptions options) { var combinedOptions = new CombinedAuthenticationOptions(); combinedOptions.TokenRetriever = options.TokenRetriever; combinedOptions.AuthenticationScheme = options.AuthenticationScheme; combinedOptions.PassThruOptions = new NopAuthenticationOptions() { AuthenticationScheme = options.AuthenticationScheme, AutomaticAuthenticate = options.AutomaticAuthenticate, AutomaticChallenge = options.AutomaticChallenge }; switch (options.SupportedTokens) { case SupportedTokens.Jwt: combinedOptions.JwtBearerOptions = ConfigureJwt(options); break; case SupportedTokens.Reference: combinedOptions.IntrospectionOptions = ConfigureIntrospection(options); break; case SupportedTokens.Both: combinedOptions.JwtBearerOptions = ConfigureJwt(options); combinedOptions.IntrospectionOptions = ConfigureIntrospection(options); break; default: throw new Exception("SupportedTokens has invalid value"); } if (options.ValidateScope) { var allowedScopes = new List <string>(); if (options.AllowedScopes != null && options.AllowedScopes.Any()) { allowedScopes.AddRange(options.AllowedScopes); } if (allowedScopes.Any()) { var scopeOptions = new ScopeValidationOptions { AllowedScopes = allowedScopes, AuthenticationScheme = options.AuthenticationScheme }; combinedOptions.ScopeValidationOptions = scopeOptions; } else { var scopeOptions = new ScopeValidationOptions { AllowedScopes = new string[] { } }; combinedOptions.ScopeValidationOptions = scopeOptions; } } return(combinedOptions); }
public static IAppBuilder RequireScopes(this IAppBuilder app, ScopeValidationOptions options) { app.Use(typeof(ScopeValidationMiddleware), options); return(app); }