public static void RegisterRouteMapping(IAppBuilder app) { app.Use((context, next) => { string pathWithQuery = ((context.Request.Path != null && string.IsNullOrEmpty(context.Request.Path.Value) == false) ? (context.Request.QueryString != null && string.IsNullOrEmpty(context.Request.QueryString.Value) == false) ? $@"{context.Request.Path.Value}?{context.Request.QueryString.Value}" : context.Request.Path.Value : null); if (string.IsNullOrEmpty(pathWithQuery) == false && _rxPTVPath.IsMatch(pathWithQuery) == true) { string url = _rxPTVPath.Match(pathWithQuery)?.Groups["url"]?.Value; if (string.IsNullOrEmpty(url) == false) { //if (context.Request.User != null && context.Request.User.IsInRole("Employee")) { return context.Response.WriteAsync("You are not authorized to use this resource."); } // string redirectUrl = PTVService.GetPTVApiUrlWithSignature(url, scheme: (context.Request.IsSecure ? "https" : "http")); if (string.IsNullOrEmpty(redirectUrl) == false) { context.Response.Redirect(redirectUrl); return(Task.FromResult <object>(null)); } } } return(next.Invoke()); }); }
public void Configuration(IAppBuilder app) { AuthSettings settings = new AuthSettings(); #region Register Route Mappings PTVService.RegisterRouteMapping(app); #endregion Register Route Mappings #region Configure the Service instances, User manager and Signin manager to use a single instance per request app.CreatePerOwinContext(ApplicationDbContext.Create); app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create); app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create); #endregion Configure the Service instances, User manager and Signin manager to use a single instance per request #region Configure Owin to use Authentication Cookie(s) (default behaviour) CookieAuthenticationOptions cookieOptions = new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, Provider = new CookieAuthenticationProvider { OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>( validateInterval : TimeSpan.FromMinutes(30), regenerateIdentity : delegate(ApplicationUserManager manager, ApplicationUser user) { return(user.GenerateUserIdentityAsync(manager)); } ) } }; if (string.IsNullOrEmpty(settings.LoginPath) == false) { cookieOptions.LoginPath = new PathString(settings.LoginPath); } if (settings.ExpireTimeSpan != null) { cookieOptions.ExpireTimeSpan = settings.ExpireTimeSpan.Value; } if (settings.SlidingExpiration != null) { cookieOptions.SlidingExpiration = settings.SlidingExpiration.Value; } if (string.IsNullOrEmpty(settings.CookieDomain) == false) { cookieOptions.CookieDomain = settings.CookieDomain; } if (settings.CookieHttpOnly != null) { cookieOptions.CookieHttpOnly = (settings.CookieHttpOnly ?? true); } // NOTE: set to 'false' to allow javascript to send Cookie information (need to send Cookie information) through to remote CORS-enabled WCF services if (settings.CookieAlwaysSecure != null) { cookieOptions.CookieSecure = ((settings.CookieAlwaysSecure == null) ? CookieSecureOption.SameAsRequest : (settings.CookieAlwaysSecure == true) ? CookieSecureOption.Always : CookieSecureOption.Never); } // Enable the application to use a cookie to store information for the signed in user and to use a cookie to temporarily store information about a user logging in with a third party login provider. Configure the sign in cookie app.UseCookieAuthentication(cookieOptions); // Use a cookie to temporarily store information about a user logging in with a third party login provider app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); if ((settings.EnableTwoFactorAuthenticationQ ?? false) == true) { // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process. app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5)); // Enables the application to remember the second login verification factor such as phone or email. Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from. This is similar to the RememberMe option when you log in. app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie); } else { } #endregion Configure Owin to use Authentication Cookie(s) (default behaviour) #region Configure additional OAuth Authentication Providers #if AUTH_GOOGLE if (string.IsNullOrEmpty(settings.Google_AppId) == false && string.IsNullOrEmpty(settings.Google_Secret) == false && string.IsNullOrEmpty(settings.Google_CallbackPath) == false) { GoogleOAuth2AuthenticationOptions options = new GoogleOAuth2AuthenticationOptions() { ClientId = settings.Google_AppId, ClientSecret = settings.Google_Secret, Scope = { "openid", "profile", "email" }, // , "https://www.googleapis.com/auth/plus.login", "https://www.googleapis.com/auth/plus.me", "https://www.googleapis.com/auth/userinfo.email" CallbackPath = new PathString(settings.Google_CallbackPath), Provider = new CustomGoogleOAuth2AuthenticationProvider(), //BackchannelHttpHandler = new CustomGoogleBackChannelHandler(), //BackchannelCertificateValidator = GetTrustedCertificatesValidator(), SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie, }; app.UseGoogleAuthentication(options); } #endif #if AUTH_FACEBOOK if (string.IsNullOrEmpty(settings.Facebook_AppId) == false && string.IsNullOrEmpty(settings.Facebook_Secret) == false && string.IsNullOrEmpty(settings.Facebook_CallbackPath) == false) { FacebookAuthenticationOptions options = new FacebookAuthenticationOptions() { AppId = settings.Facebook_AppId, AppSecret = settings.Facebook_Secret, Scope = { "email", "public_profile", }, //, "user_friends" CallbackPath = new PathString(settings.Facebook_CallbackPath), Provider = new CustomFacebookAuthenticationProvider(), BackchannelHttpHandler = new CustomFacebookBackChannelHandler(), //BackchannelCertificateValidator = GetTrustedCertificatesValidator(), UserInformationEndpoint = $@"https://graph.facebook.com/{settings.Facebook_ApiVersion}/me?fields=id,name,email,first_name,last_name,location", //$@"https://graph.facebook.com/me?fields=id,email,first_name,last_name", //,company SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie, }; app.UseFacebookAuthentication(options); } #endif #if AUTH_MICROSOFT if (string.IsNullOrEmpty(settings.Microsoft_AppId) == false && string.IsNullOrEmpty(settings.Microsoft_Secret) == false && string.IsNullOrEmpty(settings.Microsoft_CallbackPath) == false) { MicrosoftAccountAuthenticationOptions options = new MicrosoftAccountAuthenticationOptions() { ClientId = settings.Microsoft_AppId, ClientSecret = settings.Microsoft_Secret, CallbackPath = new PathString(settings.Microsoft_CallbackPath), Scope = { "User.Read", }, // "wl.basic", "wl.emails" Provider = new CustomMicrosoftAccountAuthenticationProvider(), //BackchannelHttpHandler = new CustomMicrosoftBackChannelHandler(), //BackchannelCertificateValidator = GetTrustedCertificatesValidator(), SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie, }; app.UseMicrosoftAccountAuthentication(options); } #endif #if AUTH_LINKEDIN if (string.IsNullOrEmpty(settings.LinkedIn_AppId) == false && string.IsNullOrEmpty(settings.LinkedIn_Secret) == false && string.IsNullOrEmpty(settings.LinkedIn_CallbackPath) == false) { LinkedInAuthenticationOptions options = new LinkedInAuthenticationOptions() { ClientId = settings.LinkedIn_AppId, ClientSecret = settings.LinkedIn_Secret, CallbackPath = new PathString(settings.LinkedIn_CallbackPath), //Scope = { "r_basicprofile", "r_emailaddress", }, //Scope = (IList<string>)(settings.LinkedIn_Scope ?? new string[] { "r_basicprofile" }).ToList(), Provider = new CustomLinkedInAuthenticationProvider(), //BackchannelHttpHandler = new CustomLinkedInBackChannelHandler(), //BackchannelCertificateValidator = GetTrustedCertificatesValidator(), SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie, }; app.UseLinkedInAuthentication(options); } #endif #if AUTH_TWITTER if (string.IsNullOrEmpty(settings.Twitter_AppId) == false && string.IsNullOrEmpty(settings.Twitter_Secret) == false && string.IsNullOrEmpty(settings.Twitter_CallbackPath) == false) { TwitterAuthenticationOptions options = new TwitterAuthenticationOptions() { ConsumerKey = settings.Twitter_AppId, ConsumerSecret = settings.Twitter_Secret, CallbackPath = new PathString(settings.Twitter_CallbackPath), //Scope = { "read", "email", }, Provider = new CustomTwitterAuthenticationProvider(), BackchannelCertificateValidator = GetTrustedCertificatesValidator(), SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie, }; app.UseTwitterAuthentication(options); } #endif #if AUTH_GITHUB if (string.IsNullOrEmpty(settings.GitHub_AppId) == false && string.IsNullOrEmpty(settings.GitHub_Secret) == false && string.IsNullOrEmpty(settings.GitHub_CallbackPath) == false) { GitHubAuthenticationOptions options = new GitHubAuthenticationOptions() { ClientId = settings.GitHub_AppId, ClientSecret = settings.GitHub_Secret, CallbackPath = new PathString(settings.GitHub_CallbackPath), Scope = { "user", }, Provider = new CustomGitHubAuthenticationProvider(), //BackchannelHttpHandler = new CustomGitHubBackChannelHandler(), //BackchannelCertificateValidator = GetTrustedCertificatesValidator(), SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie, }; app.UseGitHubAuthentication(options); } #endif #endregion Configure additional OAuth Authentication Providers }