static public int GetProviderIndexByAuthority(string authority)
{
int index = -1;
Fs.Data.Models.AppContext appContext = Fs.Data.Models.AppContext.Instance;
if (appContext != null && appContext.AuthSchemes != null && appContext.AuthSchemes.Length > 0)
{
foreach (SchemeContext context in appContext.AuthSchemes)
{
index++;
if (context.Authority == authority)
{
return(index);
}
}
}
return(-1);
}
static public int GetProviderIndexByLogoutPath(string logoutPath)
{
int index = -1;
Fs.Data.Models.AppContext appContext = Fs.Data.Models.AppContext.Instance;
if (appContext != null && appContext.AuthSchemes != null && appContext.AuthSchemes.Length > 0)
{
foreach (SchemeContext context in appContext.AuthSchemes)
{
index++;
if (context.SignOutUri == logoutPath)
{
return(index);
}
}
}
return(-1);
}
public static IServiceCollection AddOidcProviders(this IServiceCollection services, bool addServerJwt = true)
{
Fs.Data.Models.AppContext appContext = Fs.Data.Models.AppContext.Instance;
string authScheme = SharedConfiguration.GetValue <string>("OidcProviders:Enabled");
appContext.RedirectUri = SharedConfiguration.GetValue <string>("OidcProviders:RedirectUri");
AuthenticationBuilder builder = null;
IConfigurationSection section = SharedConfiguration.GetSection("OidcProviders");
IEnumerable <IConfigurationSection> providers = section.GetChildren();
int providerCount = 0;
if (authScheme == null)
{
services.AddAuthentication(AzureADDefaults.AuthenticationScheme);
builder = services.AddAuthentication(options =>
{
options.DefaultScheme = OpenIdDefaults.Scheme;
options.DefaultChallengeScheme = OpenIdDefaults.ChallengeScheme;
});
providerCount = providers.Count();
if (appContext.RedirectUri != null)
{
providerCount--;
}
}
else if (authScheme == OpenIdDefaults.ChallengeScheme)
{
builder = services.AddAuthentication(options =>
{
options.DefaultScheme = OpenIdDefaults.Scheme;
options.DefaultChallengeScheme = OpenIdDefaults.ChallengeScheme;
});
providerCount = 1;
}
else if (authScheme == AzureADDefaults.AuthenticationScheme)
{
builder = services.AddAuthentication(AzureADDefaults.AuthenticationScheme);
providerCount = 1;
}
else
{
throw new Exception("AddOidcProviders: 0 supported providers are found in 'OidcProviders' section of appsettings.json");
}
if (addServerJwt)
{
builder.AddIdentityServerJwt();
}
builder.AddCookie(OpenIdDefaults.Scheme);
appContext.AuthSchemes = new SchemeContext[providerCount];
int i = 0;
foreach (IConfigurationSection providerSection in providers)
{
bool addProvider = authScheme == null || authScheme == providerSection.Key;
if (addProvider)
{
if (providerSection.Key == OpenIdDefaults.ChallengeScheme)
{
builder.AddOpenIdConnect(providerSection.Key, options =>
{
options.Authority = providerSection.GetValue <string>("Authority");
if (options.Authority == null)
{
options.Authority = SharedConfiguration.GetOidcLink();
}
options.ClientId = providerSection.GetValue <string>("ClientID");
string secret = providerSection.GetValue <string>("ClientSecret");
if (secret != null && secret.Length > 0)
{
options.ClientSecret = secret;
}
string response = providerSection.GetValue <string>("ResponseType");
if (response != null && response.Length > 0)
{
options.ResponseType = response;
}
string scope = providerSection.GetValue <string>("Scope");
if (scope != null && scope.Length > 0)
{
options.Scope.Add(scope);
}
options.SaveTokens = providerSection.GetValue <bool>("SaveTokens");
options.RequireHttpsMetadata = providerSection.GetValue <bool>("HttpsMetadata");
options.GetClaimsFromUserInfoEndpoint = providerSection.GetValue <bool>("ClaimsUserEndpoint");
appContext.AuthSchemes[i] = new SchemeContext();
appContext.AuthSchemes[i].Authority = options.Authority;
appContext.AuthSchemes[i].SignOutCallbackPath = providerSection.GetValue <string>("OutCallbackPath");
appContext.AuthSchemes[i].SignInUri = providerSection.GetValue <string>("SignInUri");
appContext.AuthSchemes[i].SignOutUri = providerSection.GetValue <string>("SignOutUri");
appContext.AuthSchemes[i].AuthScheme = OpenIdDefaults.ChallengeScheme;
if (dataProtectionProvider != null)
{
options.DataProtectionProvider = dataProtectionProvider;
}
if (providerSection.GetValue <bool>("Events"))
{
options.Events = new OpenIdConnectEvents
{
// called if user clicks Cancel during login
OnAccessDenied = context =>
{
context.Response.Redirect("/");
context.HandleResponse();
return(Task.CompletedTask);
}
};
}
i++;
});
}
else if (providerSection.Key == AzureADDefaults.AuthenticationScheme)
{
builder.AddAzureAD(options =>
{
options.Instance = providerSection.GetValue <string>("Instance");
if (options.Instance == null)
{
options.Instance = SharedConfiguration.GetAzureInstance();
}
appContext.AuthSchemes[i] = new SchemeContext();
appContext.AuthSchemes[i].Authority = options.Instance;
options.Domain = providerSection.GetValue <string>("Domain");
appContext.AuthSchemes[i].TenantId = options.TenantId = providerSection.GetValue <string>("TenantId");
appContext.AuthSchemes[i].ClientId = options.ClientId = providerSection.GetValue <string>("ClientId");
options.CallbackPath = providerSection.GetValue <string>("CallbackPath");
appContext.AuthSchemes[i].SignOutCallbackPath = options.SignedOutCallbackPath = providerSection.GetValue <string>("OutCallbackPath");
appContext.AuthSchemes[i].SignInUri = providerSection.GetValue <string>("SignInUri");
appContext.AuthSchemes[i].SignOutUri = providerSection.GetValue <string>("SignOutUri");
appContext.AuthSchemes[i].ClientSecret = providerSection.GetValue <string>("ClientSecret");
appContext.AuthSchemes[i].ResourceId = providerSection.GetValue <string>("ResourceId");
appContext.AuthSchemes[i].AuthorizePath = providerSection.GetValue <string>("AuthorizePath");
appContext.AuthSchemes[i].CodeField = providerSection.GetValue <string>("CodeField");
appContext.AuthSchemes[i].ResponseType = providerSection.GetValue <string>("ResponseType");
appContext.AuthSchemes[i].AuthScheme = AzureADDefaults.AuthenticationScheme;
i++;
});
}
}
}
/*if (appContext.AuthScheme == null)
* //appContext.AuthScheme = AzureADDefaults.AuthenticationScheme;
* appContext.AuthScheme = OpenIdDefaults.ChallengeScheme;*/
return(services);
}
