public static void Register(HttpConfiguration config)
{
var authNConfig = new AuthenticationConfiguration
{
SendWwwAuthenticateResponseHeaders = false,
RequireSsl = false
};
//authNConfig.AddJsonWebToken(
// "TODOApi",
// "http://tt.com/mobile/todos",
// ConfigurationManager.AppSettings["acsSigningKey"]);
authNConfig.AddJsonWebToken(
"http://identityserver.v2.thinktecture.com/trust/cw",
"http://tt.com/mobile/todos",
ConfigurationManager.AppSettings["oauthSigningKey"]);
authNConfig.AddBasicAuthentication(
(un, pw) => un == pw); // this is the super complex basic authentication validation logic :)
authNConfig.ClaimsAuthenticationManager =
FederatedAuthentication.FederationConfiguration
.IdentityConfiguration.ClaimsAuthenticationManager;
config.MessageHandlers.Add(new AuthenticationHandler(authNConfig));
config.Filters.Add(new ClaimsAuthorizeAttribute());
}
public static void AddJsonWebToken(this AuthenticationConfiguration configuration, string issuer, string audience, string signingKey, string scheme)
{
configuration.AddJsonWebToken(
issuer,
audience,
signingKey,
AuthenticationOptions.ForAuthorizationHeader(scheme),
AuthenticationScheme.SchemeOnly(scheme));
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
var authentication = new AuthenticationConfiguration
{
ClaimsAuthenticationManager = new ClaimsTransformer(),
RequireSsl = false,
EnableSessionToken = true
};
#region Basic Authentication
authentication.AddBasicAuthentication(UserCredentials.Validate);
#endregion
#region IdentityServer JWT
authentication.AddJsonWebToken(
issuer: Constants.IdSrv.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.IdSrv.SigningKey);
#endregion
#region Access Control Service JWT
authentication.AddJsonWebToken(
issuer: Constants.ACS.IssuerUri,
audience: Constants.Audience,
signingKey: Constants.ACS.SigningKey,
scheme: Constants.ACS.Scheme);
#endregion
#region IdentityServer SAML
authentication.AddSaml2(
issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
issuerName: Constants.IdSrv.IssuerUri,
audienceUri: Constants.Realm,
certificateValidator: X509CertificateValidator.None,
options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme),
scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme));
#endregion
#region Client Certificates
authentication.AddClientCertificate(ClientCertificateMode.ChainValidation);
#endregion
return authentication;
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
var authentication = new AuthenticationConfiguration
{
RequireSsl = false,
};
authentication.AddJsonWebToken(Constants.AS.IssuerName, Constants.Audience, Constants.AS.SigningKey,
ClaimMappings.None);
return authentication;
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
var authentication = new AuthenticationConfiguration
{
ClaimsAuthenticationManager = new ClaimsTransformer()
};
#region Basic Authentication
authentication.AddBasicAuthentication((username, password)
=> UserCredentials.Validate(username, password));
#endregion
#region IdentityServer JWT
authentication.AddJsonWebToken(
Constants.IdSrv.IssuerUri,
Constants.Audience,
Constants.IdSrv.SigningKey);
#endregion
#region Access Control Service JWT
authentication.AddJsonWebToken(
Constants.ACS.IssuerUri,
Constants.Audience,
Constants.ACS.SigningKey,
AuthenticationOptions.ForAuthorizationHeader(Constants.ACS.Scheme));
#endregion
#region #IdentityServer SAML
authentication.AddSaml2(
issuerThumbprint: Constants.IdSrv.SigningCertThumbprint,
issuerName: Constants.IdSrv.IssuerUri,
audienceUri: Constants.Realm,
certificateValidator: X509CertificateValidator.None,
options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme));
#endregion
return authentication;
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
var authentication = new AuthenticationConfiguration
{
RequireSsl = false,
};
authentication.AddJsonWebToken(
issuer: Constants.AuthzSrv.IssuerName,
audience: Constants.Audience,
signingKey: Constants.AuthzSrv.SigningKey,
claimMappings: ClaimMappings.None);
return authentication;
}
public static AuthenticationConfiguration CreateUserInfoAuthConfig(IConfigurationRepository configuration)
{
var userInfoAuth = new AuthenticationConfiguration
{
RequireSsl = !configuration.Global.DisableSSL,
InheritHostClientIdentity = false
};
userInfoAuth.AddJsonWebToken(
issuer: configuration.Global.IssuerUri,
audience: configuration.Global.IssuerUri + "/userinfo",
signingCertificate: configuration.Keys.SigningCertificate);
return userInfoAuth;
}
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
var authentication = new AuthenticationConfiguration
{
ClaimsAuthenticationManager = new ClaimsTransformer(),
RequireSsl = false,
EnableSessionToken = true
};
authentication.AddJsonWebToken(
issuer: "http://identityserver.v2.thinktecture.com/trust/idsrv",
audience: "https://localhost:44301/",
signingKey: "8hlN4y8TZBYNLtUrhvLPUfLRjx3KWMo24JdAurlcRMs=");
return authentication;
}
public static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
var authentication = new AuthenticationConfiguration()
{
ClaimsAuthenticationManager = new ClaimsTransformer(),
RequireSsl = false,
EnableSessionToken = true
};
authentication.AddJsonWebToken(
issuer: "http://identityserver.v2.thinktecture.com/trust/idsrv",
audience: "https://localhost:44308/",
signingKey: "CBvAWq7BA9EncagGwAK2gTrEhs2IL20LiHIhFtxRIT4=");
return authentication;
}
public static void Configure(HttpConfiguration config)
{
var authNConfig = new AuthenticationConfiguration();
authNConfig.AddJsonWebToken(
"http://identityserver.v2.thinktecture.com/trust/cw",
"http://tt.com/mobile/todos",
ConfigurationManager.AppSettings["oauthSigningKey"],
AuthenticationOptions.ForAuthorizationHeader("Bearer"));
authNConfig.ClaimsAuthenticationManager =
FederatedAuthentication.FederationConfiguration
.IdentityConfiguration.ClaimsAuthenticationManager;
config.MessageHandlers.Add(new AuthenticationHandler(authNConfig));
config.Filters.Add(new ClaimsAuthorizeAttribute());
}
/// <summary>
/// Configuration related to the Thinktecture Authorization Server
/// </summary>
/// <returns></returns>
private static AuthenticationConfiguration CreateAuthenticationConfiguration()
{
/*ClaimsAuthenticationManager = new GridsClaimsAuthenticationManager(),*/
var authentication = new AuthenticationConfiguration
{
RequireSsl = false,
};
authentication.AddJsonWebToken(
issuer: Constants.AuthorizationServer.IssuerName,
audience: Constants.Audience,
signingKey: Constants.AuthorizationServer.SigningKey,
claimMappings: ClaimMappings.None);
return authentication;
}
public static void AddJsonWebToken(
this AuthenticationConfiguration configuration,
string issuer,
string audience,
X509Certificate2 signingCertificate,
Dictionary<string, string> claimMappings = null)
{
var validationParameters = new TokenValidationParameters()
{
AllowedAudience = audience,
SigningToken = new X509SecurityToken(signingCertificate),
ValidIssuer = issuer,
};
configuration.AddJsonWebToken(
validationParameters,
AuthenticationOptions.ForAuthorizationHeader(JwtConstants.Bearer),
AuthenticationScheme.SchemeOnly(JwtConstants.Bearer),
claimMappings);
}
public static void AddJsonWebToken(
this AuthenticationConfiguration configuration,
string issuer,
string audience,
string signingKey,
Dictionary<string, string> claimMappings = null)
{
var validationParameters = new TokenValidationParameters()
{
AllowedAudience = audience,
SigningToken = new BinarySecretSecurityToken(Convert.FromBase64String(signingKey)),
ValidIssuer = issuer,
};
configuration.AddJsonWebToken(
validationParameters,
AuthenticationOptions.ForAuthorizationHeader(JwtConstants.Bearer),
AuthenticationScheme.SchemeOnly(JwtConstants.Bearer),
claimMappings);
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
EnableSessionToken = true
};
#region BasicAuthentication
config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
issuer: "http://identity.thinktecture.com/trust",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
issuer: "http://selfissued.test",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ADFS SAML
var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
adfsRegistry.AddTrustedIssuer("8EC7F962CC083FF7C5997D8A4D5ED64B12E4C174", "ADFS");
adfsRegistry.AddTrustedIssuer("b6 93 46 34 7f 70 a9 c3 72 02 18 ae f1 82 2a 5c 97 b1 8c a5", "PETS ADFS");
var adfsConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
adfsConfig.IssuerNameRegistry = adfsRegistry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
issuer: "https://" + Constants.ACS + "/",
audience: Constants.Realm,
signingKey: Constants.AcsSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
config.AddAccessKey(token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return Principal.Create("Custom",
new Claim("customerid", "123"),
new Claim("email", "*****@*****.**"));
}
return null;
}, AuthenticationOptions.ForQueryString("key"));
#endregion
#region Client Certificate
config.AddClientCertificate(
ClientCertificateMode.ChainValidationWithIssuerSubjectName,
"CN=PortableCA");
#endregion
return config;
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
};
#region BasicAuthentication
config.AddBasicAuthentication((userName, password) => userName == password);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
issuer: "http://localhost/idsrv/trust",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
issuer: "http://selfissued.test",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer("a90d2bc088d949d63321e1152065234c1acda7b1", "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
issuer: "https://" + Constants.ACS + "/",
audience: Constants.Realm,
signingKey: Constants.AcsSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
var handler = new SimpleSecurityTokenHandler(token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return IdentityFactory.Create("Custom",
new Claim("customerid", "123"),
new Claim("email", "*****@*****.**"));
}
return null;
});
config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key"));
#endregion
return config;
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
EnableSessionToken = true,
SetNoRedirectMarker = true
};
#region BasicAuthentication
config.AddBasicAuthentication((userName, password) => userName == password, retainPassword: false);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
issuer: Constants.IdSrvIssuerName,
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
issuer: "http://selfissued.test",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region JsonWebToken Windows Store Client
config.AddJsonWebToken(
issuer: "http://identityserver45.thinktecture.com/trust/changethis",
audience: "https://test/rp/",
signingKey: "3ihK5qGVhp8ptIk9+TDucXQW4Aaengg3d5m6gU8nzc8=",
options: AuthenticationOptions.ForAuthorizationHeader("Win8"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ADFS SAML
var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS");
var adfsConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
adfsConfig.IssuerNameRegistry = adfsRegistry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
issuer: "https://" + Constants.ACS + "/",
audience: Constants.Realm,
signingKey: Constants.AcsSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
config.AddAccessKey(token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return Principal.Create("Custom",
new Claim("customerid", "123"),
new Claim("email", "*****@*****.**"));
}
return null;
}, AuthenticationOptions.ForQueryString("key"));
#endregion
#region Client Certificate
config.AddClientCertificate(
ClientCertificateMode.ChainValidationWithIssuerSubjectName,
"CN=PortableCA");
#endregion
return config;
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
};
#region Basic Authentication
config.AddBasicAuthentication((userName, password) => userName == password);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
"http://identity.thinktecture.com/trust",
Constants.Realm,
Constants.IdSrvSymmetricSigningKey,
AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
"http://selfissued.test",
Constants.Realm,
Constants.IdSrvSymmetricSigningKey,
AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer("A1EED7897E55388FCE60FEF1A1EED81FF1CBAEC6", "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
"https://" + Constants.ACS + "/",
Constants.Realm,
Constants.AcsSymmetricSigningKey,
AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
var handler = new SimpleSecurityTokenHandler("my access key", token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return new ClaimsIdentity(new Claim[]
{
new Claim("customerid", "123")
}, "Custom");
}
return null;
});
config.AddAccessKey(handler, AuthenticationOptions.ForQueryString("key"));
#endregion
return config;
}
public static AuthenticationConfiguration CreateConfiguration()
{
var config = new AuthenticationConfiguration
{
DefaultAuthenticationScheme = "Basic",
EnableSessionToken = true
};
#region BasicAuthentication
config.AddBasicAuthentication((userName, password) => userName == password);
#endregion
#region SimpleWebToken
config.AddSimpleWebToken(
issuer: Constants.IdSrvIssuerName,
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("IdSrv"));
#endregion
#region JsonWebToken
config.AddJsonWebToken(
issuer: "http://selfissued.test",
audience: Constants.Realm,
signingKey: Constants.IdSrvSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("JWT"));
#endregion
#region IdentityServer SAML
var idsrvRegistry = new ConfigurationBasedIssuerNameRegistry();
idsrvRegistry.AddTrustedIssuer(Constants.IdSrvSamlSigningKeyThumbprint, "Thinktecture IdSrv");
var idsrvConfig = new SecurityTokenHandlerConfiguration();
idsrvConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
idsrvConfig.IssuerNameRegistry = idsrvRegistry;
idsrvConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(idsrvConfig, AuthenticationOptions.ForAuthorizationHeader("IdSrvSaml"));
#endregion
#region ADFS SAML
var adfsRegistry = new ConfigurationBasedIssuerNameRegistry();
adfsRegistry.AddTrustedIssuer(Constants.AdfsSamlSigningKeyThumbprint, "ADFS");
var adfsConfig = new SecurityTokenHandlerConfiguration();
adfsConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Constants.Realm));
adfsConfig.IssuerNameRegistry = adfsRegistry;
adfsConfig.CertificateValidator = X509CertificateValidator.None;
config.AddSaml2(adfsConfig, AuthenticationOptions.ForAuthorizationHeader("AdfsSaml"));
#endregion
#region ACS SWT
config.AddSimpleWebToken(
issuer: "https://" + Constants.ACS + "/",
audience: Constants.Realm,
signingKey: Constants.AcsSymmetricSigningKey,
options: AuthenticationOptions.ForAuthorizationHeader("ACS"));
#endregion
#region AccessKey
config.AddAccessKey(token =>
{
if (ObfuscatingComparer.IsEqual(token, "accesskey123"))
{
return Principal.Create("Custom",
new Claim("customerid", "123"),
new Claim("email", "*****@*****.**"));
}
return null;
}, AuthenticationOptions.ForQueryString("key"));
#endregion
return config;
}
public static AuthenticationConfiguration CreateClientAuthConfig(HttpConfiguration httpConfiguration, IConfigurationRepository configuration)
{
_logger.Info("Creating client auth configuration... ");
var authConfig = new AuthenticationConfiguration
{
InheritHostClientIdentity = false,
RequireSsl = false,
//EnableSessionToken = true,
// DefaultAuthenticationScheme = JwtConstants.JWT,
};
// accept arbitrary credentials on basic auth header,
// validation will be done in the protocol endpoint
authConfig.AddBasicAuthentication((id, secret) => true, retainPassword: true);
authConfig.AddJsonWebToken(
issuer: configuration.Global.IssuerUri,
audience: FACCTS.Server.Common.Constants.RelyingParties.FACCTS,
signingKey: configuration.Keys.SymmetricSigningKey
);
httpConfiguration.MessageHandlers.Add(new AuthenticationHandler(authConfig));
_logger.Info("Client auth configuration done! ");
return authConfig;
}
