static public int GetProviderIndexByAuthority(string authority) { int index = -1; Fs.Data.Models.AppContext appContext = Fs.Data.Models.AppContext.Instance; if (appContext != null && appContext.AuthSchemes != null && appContext.AuthSchemes.Length > 0) { foreach (SchemeContext context in appContext.AuthSchemes) { index++; if (context.Authority == authority) { return(index); } } } return(-1); }
static public int GetProviderIndexByLogoutPath(string logoutPath) { int index = -1; Fs.Data.Models.AppContext appContext = Fs.Data.Models.AppContext.Instance; if (appContext != null && appContext.AuthSchemes != null && appContext.AuthSchemes.Length > 0) { foreach (SchemeContext context in appContext.AuthSchemes) { index++; if (context.SignOutUri == logoutPath) { return(index); } } } return(-1); }
public static IServiceCollection AddOidcProviders(this IServiceCollection services, bool addServerJwt = true) { Fs.Data.Models.AppContext appContext = Fs.Data.Models.AppContext.Instance; string authScheme = SharedConfiguration.GetValue <string>("OidcProviders:Enabled"); appContext.RedirectUri = SharedConfiguration.GetValue <string>("OidcProviders:RedirectUri"); AuthenticationBuilder builder = null; IConfigurationSection section = SharedConfiguration.GetSection("OidcProviders"); IEnumerable <IConfigurationSection> providers = section.GetChildren(); int providerCount = 0; if (authScheme == null) { services.AddAuthentication(AzureADDefaults.AuthenticationScheme); builder = services.AddAuthentication(options => { options.DefaultScheme = OpenIdDefaults.Scheme; options.DefaultChallengeScheme = OpenIdDefaults.ChallengeScheme; }); providerCount = providers.Count(); if (appContext.RedirectUri != null) { providerCount--; } } else if (authScheme == OpenIdDefaults.ChallengeScheme) { builder = services.AddAuthentication(options => { options.DefaultScheme = OpenIdDefaults.Scheme; options.DefaultChallengeScheme = OpenIdDefaults.ChallengeScheme; }); providerCount = 1; } else if (authScheme == AzureADDefaults.AuthenticationScheme) { builder = services.AddAuthentication(AzureADDefaults.AuthenticationScheme); providerCount = 1; } else { throw new Exception("AddOidcProviders: 0 supported providers are found in 'OidcProviders' section of appsettings.json"); } if (addServerJwt) { builder.AddIdentityServerJwt(); } builder.AddCookie(OpenIdDefaults.Scheme); appContext.AuthSchemes = new SchemeContext[providerCount]; int i = 0; foreach (IConfigurationSection providerSection in providers) { bool addProvider = authScheme == null || authScheme == providerSection.Key; if (addProvider) { if (providerSection.Key == OpenIdDefaults.ChallengeScheme) { builder.AddOpenIdConnect(providerSection.Key, options => { options.Authority = providerSection.GetValue <string>("Authority"); if (options.Authority == null) { options.Authority = SharedConfiguration.GetOidcLink(); } options.ClientId = providerSection.GetValue <string>("ClientID"); string secret = providerSection.GetValue <string>("ClientSecret"); if (secret != null && secret.Length > 0) { options.ClientSecret = secret; } string response = providerSection.GetValue <string>("ResponseType"); if (response != null && response.Length > 0) { options.ResponseType = response; } string scope = providerSection.GetValue <string>("Scope"); if (scope != null && scope.Length > 0) { options.Scope.Add(scope); } options.SaveTokens = providerSection.GetValue <bool>("SaveTokens"); options.RequireHttpsMetadata = providerSection.GetValue <bool>("HttpsMetadata"); options.GetClaimsFromUserInfoEndpoint = providerSection.GetValue <bool>("ClaimsUserEndpoint"); appContext.AuthSchemes[i] = new SchemeContext(); appContext.AuthSchemes[i].Authority = options.Authority; appContext.AuthSchemes[i].SignOutCallbackPath = providerSection.GetValue <string>("OutCallbackPath"); appContext.AuthSchemes[i].SignInUri = providerSection.GetValue <string>("SignInUri"); appContext.AuthSchemes[i].SignOutUri = providerSection.GetValue <string>("SignOutUri"); appContext.AuthSchemes[i].AuthScheme = OpenIdDefaults.ChallengeScheme; if (dataProtectionProvider != null) { options.DataProtectionProvider = dataProtectionProvider; } if (providerSection.GetValue <bool>("Events")) { options.Events = new OpenIdConnectEvents { // called if user clicks Cancel during login OnAccessDenied = context => { context.Response.Redirect("/"); context.HandleResponse(); return(Task.CompletedTask); } }; } i++; }); } else if (providerSection.Key == AzureADDefaults.AuthenticationScheme) { builder.AddAzureAD(options => { options.Instance = providerSection.GetValue <string>("Instance"); if (options.Instance == null) { options.Instance = SharedConfiguration.GetAzureInstance(); } appContext.AuthSchemes[i] = new SchemeContext(); appContext.AuthSchemes[i].Authority = options.Instance; options.Domain = providerSection.GetValue <string>("Domain"); appContext.AuthSchemes[i].TenantId = options.TenantId = providerSection.GetValue <string>("TenantId"); appContext.AuthSchemes[i].ClientId = options.ClientId = providerSection.GetValue <string>("ClientId"); options.CallbackPath = providerSection.GetValue <string>("CallbackPath"); appContext.AuthSchemes[i].SignOutCallbackPath = options.SignedOutCallbackPath = providerSection.GetValue <string>("OutCallbackPath"); appContext.AuthSchemes[i].SignInUri = providerSection.GetValue <string>("SignInUri"); appContext.AuthSchemes[i].SignOutUri = providerSection.GetValue <string>("SignOutUri"); appContext.AuthSchemes[i].ClientSecret = providerSection.GetValue <string>("ClientSecret"); appContext.AuthSchemes[i].ResourceId = providerSection.GetValue <string>("ResourceId"); appContext.AuthSchemes[i].AuthorizePath = providerSection.GetValue <string>("AuthorizePath"); appContext.AuthSchemes[i].CodeField = providerSection.GetValue <string>("CodeField"); appContext.AuthSchemes[i].ResponseType = providerSection.GetValue <string>("ResponseType"); appContext.AuthSchemes[i].AuthScheme = AzureADDefaults.AuthenticationScheme; i++; }); } } } /*if (appContext.AuthScheme == null) * //appContext.AuthScheme = AzureADDefaults.AuthenticationScheme; * appContext.AuthScheme = OpenIdDefaults.ChallengeScheme;*/ return(services); }