public static void MapRebarODataRoute( this HttpConfiguration config, string routeName, string routePrefix, IEdmModel model, IEnumerable<Func<DelegatingHandler>> handlers, string serviceIdentifier = null) { if (config == null) { throw new ArgumentNullException("config"); } HttpMessageHandler delegatingHandler; if (handlers != null) { delegatingHandler = HttpClientFactory.CreatePipeline(new HttpControllerDispatcher(config), handlers.Select(x => x())); } else { delegatingHandler = HttpClientFactory.CreatePipeline(new HttpControllerDispatcher(config), null); } DelegatingHandler handler; var uriBuilder = new UriBuilder(); var disableSecurity = ConfigurationManager.AppSettings[DisableSecuritySetting]; var isSecurityDisabled = !string.IsNullOrWhiteSpace(disableSecurity) && bool.Parse(disableSecurity); if (uriBuilder.Host.Equals("localhost", StringComparison.OrdinalIgnoreCase) && isSecurityDisabled) { handler = new EmptyAuthenticationHandler(delegatingHandler); } else { var identifier = serviceIdentifier ?? ((NameValueCollection)ConfigurationManager.GetSection("accenture.security.eso.service"))["Services:Identifier"]; var authConfig = new AuthenticationConfiguration { RequireSsl = false, SetPrincipalOnRequestInstance = true }; authConfig.AddMsftJsonWebToken(identifier); handler = new AuthenticationHandler(authConfig, delegatingHandler); } // Create the default odata route using regular conventions config.MapODataServiceRoute( routeName: routeName, routePrefix: routePrefix, model: model, pathHandler: new DefaultODataPathHandler(), routingConventions: ODataRoutingConventions.CreateDefaultWithAttributeRouting(config, model), defaultHandler: handler); }
private static AuthenticationConfiguration CreateAuthenticationConfiguration() { var authentication = new AuthenticationConfiguration { ClaimsAuthenticationManager = new ClaimsTransformer(), RequireSsl = false, EnableSessionToken = true }; #region Basic Authentication authentication.AddBasicAuthentication(UserCredentials.Validate); #endregion #region IdentityServer JWT //authentication.AddJsonWebToken( // issuer: Constants.IdSrv.IssuerUri, // audience: Constants.Audience, // signingKey: Constants.IdSrv.SigningKey); authentication.AddMsftJsonWebToken( issuer: Constants.IdSrv.IssuerUri, audience: Constants.Audience, signingKey: Constants.IdSrv.SigningKey); #endregion #region Access Control Service JWT authentication.AddJsonWebToken( issuer: Constants.ACS.IssuerUri, audience: Constants.Audience, signingKey: Constants.ACS.SigningKey, scheme: Constants.ACS.Scheme); #endregion #region IdentityServer SAML authentication.AddSaml2( issuerThumbprint: Constants.IdSrv.SigningCertThumbprint, issuerName: Constants.IdSrv.IssuerUri, audienceUri: Constants.Realm, certificateValidator: X509CertificateValidator.None, options: AuthenticationOptions.ForAuthorizationHeader(Constants.IdSrv.SamlScheme), scheme: AuthenticationScheme.SchemeOnly(Constants.IdSrv.SamlScheme)); #endregion #region Client Certificates authentication.AddClientCertificate(ClientCertificateMode.ChainValidation); #endregion return authentication; }
public static void Register(HttpConfiguration config) { var idsvrId = "http://idsrv.local/trust"; var cert = X509.LocalMachine.TrustedPeople.SubjectDistinguishedName.Find("CN=sts", false).Single(); { var authConfig = new AuthenticationConfiguration(); authConfig.AddMsftJsonWebToken( idsvrId, "http://localhost/rp-adfs-webapi1", cert); var authHandler = new AuthenticationHandler(authConfig, config); config.Routes.MapHttpRoute( name: "test1", routeTemplate: "api/test1", defaults: new { controller = "Test1" }, constraints: null, handler: authHandler ); } { var authConfig = new AuthenticationConfiguration(); authConfig.AddMsftJsonWebToken( idsvrId, "http://localhost/rp-adfs-webapi2", cert); var authHandler = new AuthenticationHandler(authConfig, config); config.Routes.MapHttpRoute( name: "test2", routeTemplate: "api/test2", defaults: new { controller="Test2" }, constraints: null, handler: authHandler ); } }