public void Configuration(IAppBuilder app) { Log.Logger = new LoggerConfiguration() .MinimumLevel.Debug() .WriteTo.RollingFile("log-{Date}.txt") .CreateLogger(); var factory = new IdentityServerServiceFactory() .UseInMemoryUsers(Users.Get()) .UseInMemoryClients(Clients.Get()) .UseInMemoryScopes(Scopes.Get()); var options = new IdentityServerOptions { SigningCertificate = Certificate.Load(), Factory = factory, }; app.Map("/core", idsrvApp => { idsrvApp.UseIdentityServer(options); }); }
public void Configuration(IAppBuilder app) { AntiForgeryConfig.UniqueClaimTypeIdentifier = Constants.ClaimTypes.Subject; JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>(); var factory = new IdentityServerServiceFactory() .UseInMemoryClients(Clients.Get()) .UseInMemoryScopes(Scopes.Get()); var userService = new IncidereUserAuthenticationService(); factory.UserService = new Registration <IUserService>(resolver => userService); app.Map("/identity", idsrvApp => { idsrvApp.UseIdentityServer(new IdentityServerOptions { SiteName = "Web IdentityServer3", SigningCertificate = LoadCertificate(), Factory = factory, AuthenticationOptions = new IdentityServer3.Core.Configuration.AuthenticationOptions { EnablePostSignOutAutoRedirect = true, //IdentityProviders = ConfigureIdentityProviders }, RequireSsl = false }); }); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = "Cookies" }); app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions { Authority = $"{m_idSvrBaseUrl}identity", ClientId = "mvc", Scope = "openid profile roles extra incidereServiceApi", RedirectUri = $"{m_idSvrBaseUrl}", ResponseType = "id_token token", SignInAsAuthenticationType = "Cookies", UseTokenLifetime = false, Notifications = new OpenIdConnectAuthenticationNotifications { SecurityTokenValidated = async n => { var nid = new ClaimsIdentity( n.AuthenticationTicket.Identity.AuthenticationType, Constants.ClaimTypes.GivenName, Constants.ClaimTypes.Role); var userInfoClient = new UserInfoClient( new Uri(n.Options.Authority + "/connect/userinfo"), n.ProtocolMessage.AccessToken); var userInfo = await userInfoClient.GetAsync(); userInfo.Claims.ToList().ForEach(ui => nid.AddClaim(new Claim(ui.Item1, ui.Item2))); nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken)); nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString())); nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken)); nid.AddClaim(new Claim("sid", n.AuthenticationTicket.Identity.FindFirst("sid").Value)); nid.AddClaim(new Claim("app_specific", "some data")); n.AuthenticationTicket = new AuthenticationTicket(nid, n.AuthenticationTicket.Properties); }, RedirectToIdentityProvider = n => { if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest) { var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token"); if (idTokenHint != null) { n.ProtocolMessage.IdTokenHint = idTokenHint.Value; } } return(Task.FromResult(0)); } } }); }