Skip to content

Commit

Permalink
Merge branch 'dev'
Browse files Browse the repository at this point in the history
  • Loading branch information
@leastprivilege
leastprivilege committed Jan 31, 2016
2 parents 1a591a7 + 5e932ac commit 49f6a27
Show file tree
Hide file tree
Showing 39 changed files with 2,173 additions and 0 deletions.
10 changes: 10 additions & 0 deletions source/WebHost (Windows Auth All-in-One)/NuGet.config
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<packageSources>
<add key="Identity* Dev Feed" value="https://www.myget.org/F/identity/" />
<add key="Nuget" value="https://www.nuget.org/api/v2/" />
</packageSources>
<activePackageSource>
<add key="All" value="(Aggregate source)" />
</activePackageSource>
</configuration>
10 changes: 10 additions & 0 deletions source/WebHost (Windows Auth All-in-One)/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
WebHost (Windows Auth All-in-One)
======================================

This solution is composed of a single project that hosts both:
1. The [IdentityServer.WindowsAuthentication](https://github.com/IdentityServer/WindowsAuthentication) component, which converts windows tokens to identity tokens. Note that for IIS Express, Windows Authentication is enabled via the project's proprty pages. For IIS, please refer to the comment in the web.config file.
2. An instance of identity server which is configured to consume the above component via WS-Federation.
Please note that since both components are hosted within the same web app, no other provider can be configured along with the windows provider concurrently as Windows Authentication is setup at the web app host level.


Thanks to Eran Stiller (@estiller) for contributing this sample. Please contact him directly when you have questions or improvements.
27 changes: 27 additions & 0 deletions source/WebHost (Windows Auth All-in-One)/WebHost (Windows Auth All-in-One).sln
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 14
VisualStudioVersion = 14.0.24720.0
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "WebHost", "WebHost\WebHost.csproj", "{7F281277-505F-4E86-B462-79B740208E63}"
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{4803AFA9-35F7-4E8E-B91E-DDB7FFCD2FA3}"
ProjectSection(SolutionItems) = preProject
README.md = README.md
EndProjectSection
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{7F281277-505F-4E86-B462-79B740208E63}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{7F281277-505F-4E86-B462-79B740208E63}.Debug|Any CPU.Build.0 = Debug|Any CPU
{7F281277-505F-4E86-B462-79B740208E63}.Release|Any CPU.ActiveCfg = Release|Any CPU
{7F281277-505F-4E86-B462-79B740208E63}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
46 changes: 46 additions & 0 deletions source/WebHost (Windows Auth All-in-One)/WebHost/Configuration/Cert.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
/*
* Copyright 2014 Dominick Baier, Brock Allen
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
using System.IO;
using System.Security.Cryptography.X509Certificates;

namespace Configuration
{
public class Certificate
{
public static X509Certificate2 Load()
{
var assembly = typeof(Certificate).Assembly;
using (var stream = assembly.GetManifestResourceStream("WebHost.Configuration.idsrv3test.pfx"))
{
return new X509Certificate2(ReadStream(stream), "idsrv3test");
}
}

private static byte[] ReadStream(Stream input)
{
var buffer = new byte[16 * 1024];
using (var ms = new MemoryStream())
{
int read;
while ((read = input.Read(buffer, 0, buffer.Length)) > 0)
{
ms.Write(buffer, 0, read);
}
return ms.ToArray();
}
}
}
}
322 changes: 322 additions & 0 deletions source/WebHost (Windows Auth All-in-One)/WebHost/Configuration/Clients.cs
View file

Large diffs are not rendered by default.

75 changes: 75 additions & 0 deletions source/WebHost (Windows Auth All-in-One)/WebHost/Configuration/Scopes.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
/*
* Copyright 2014 Dominick Baier, Brock Allen
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
using System.Collections.Generic;
using IdentityServer3.Core;
using IdentityServer3.Core.Models;

namespace Configuration
{
public class Scopes
{
public static IEnumerable<Scope> Get()
{
return new[]
{
////////////////////////
// identity scopes
////////////////////////

StandardScopes.OpenId,
StandardScopes.Profile,
StandardScopes.Email,
StandardScopes.Address,
StandardScopes.OfflineAccess,
StandardScopes.RolesAlwaysInclude,
StandardScopes.AllClaims,

////////////////////////
// resource scopes
////////////////////////

new Scope
{
Name = "read",
DisplayName = "Read data",
Type = ScopeType.Resource,
Emphasize = false,
},
new Scope
{
Name = "write",
DisplayName = "Write data",
Type = ScopeType.Resource,
Emphasize = true,
},
new Scope
{
Name = "idmgr",
DisplayName = "IdentityManager",
Type = ScopeType.Resource,
Emphasize = true,
ShowInDiscoveryDocument = false,

Claims = new List<ScopeClaim>
{
new ScopeClaim(Constants.ClaimTypes.Name),
new ScopeClaim(Constants.ClaimTypes.Role)
}
}
};
}
}
}
Binary file added source/WebHost (Windows Auth All-in-One)/WebHost/Configuration/idsrv3test.pfx
View file
Binary file not shown.
62 changes: 62 additions & 0 deletions source/WebHost (Windows Auth All-in-One)/WebHost/ExternalRegistrationUserService.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using IdentityServer3.Core;
using IdentityServer3.Core.Extensions;
using IdentityServer3.Core.Models;
using IdentityServer3.Core.Services.Default;

namespace WebHost
{
public class ExternalRegistrationUserService : UserServiceBase
{
public class CustomUser
{
public string Subject { get; set; }
public string Provider { get; set; }
public string ProviderID { get; set; }
public List<Claim> Claims { get; set; }
}

public static List<CustomUser> Users = new List<CustomUser>();

public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
{
// look for the user in our local identity system from the external identifiers
var user = Users.SingleOrDefault(x => x.Provider == context.ExternalIdentity.Provider && x.ProviderID == context.ExternalIdentity.ProviderId);
string name = "Unknown";
if (user == null)
{
// new user, so add them here
var nameClaim = context.ExternalIdentity.Claims.First(x => x.Type == Constants.ClaimTypes.Name);
if (nameClaim != null) name = nameClaim.Value;

user = new CustomUser {
Subject = Guid.NewGuid().ToString(),
Provider = context.ExternalIdentity.Provider,
ProviderID = context.ExternalIdentity.ProviderId,
Claims = new List<Claim> { new Claim(Constants.ClaimTypes.Name, name) }
};
Users.Add(user);
}

name = user.Claims.First(x => x.Type == Constants.ClaimTypes.Name).Value;
context.AuthenticateResult = new AuthenticateResult(user.Subject, name, identityProvider:user.Provider);
return Task.FromResult(0);
}

public override Task GetProfileDataAsync(ProfileDataRequestContext context)
{
// issue the claims for the user
var user = Users.SingleOrDefault(x => x.Subject == context.Subject.GetSubjectId());
if (user != null)
{
context.IssuedClaims = user.Claims.Where(x => context.RequestedClaimTypes.Contains(x.Type));
}

return Task.FromResult(0);
}
}
}
35 changes: 35 additions & 0 deletions source/WebHost (Windows Auth All-in-One)/WebHost/Properties/AssemblyInfo.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;

// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("WebHost")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("WebHost")]
[assembly: AssemblyCopyright("Copyright © 2015")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]

// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]

// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("f70846fe-c33e-4deb-be44-2f470c0bf2d4")]

// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Revision and Build Numbers
// by using the '*' as shown below:
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
67 changes: 67 additions & 0 deletions source/WebHost (Windows Auth All-in-One)/WebHost/Startup.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
using Microsoft.Owin;
using Owin;
using Configuration;
using IdentityServer.WindowsAuthentication.Configuration;
using IdentityServer3.Core.Configuration;
using IdentityServer3.Core.Services;
using Microsoft.Owin.Security.WsFederation;
using Serilog;

[assembly: OwinStartup(typeof(WebHost.Startup))]

namespace WebHost
{
public class Startup
{
public void Configuration(IAppBuilder appBuilder)
{
Log.Logger = new LoggerConfiguration()
.WriteTo.Trace(outputTemplate: "{Timestamp} [{Level}] ({Name}){NewLine} {Message}{NewLine}{Exception}")
.CreateLogger();

appBuilder.Map("/windows", ConfigureWindowsTokenProvider);

var factory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get());
factory.UserService = new Registration<IUserService>(typeof(ExternalRegistrationUserService));

var options = new IdentityServerOptions
{
SigningCertificate = Certificate.Load(),
Factory = factory,
AuthenticationOptions = new AuthenticationOptions
{
EnableLocalLogin = false,
IdentityProviders = ConfigureIdentityProviders
}
};

appBuilder.UseIdentityServer(options);
}

private static void ConfigureWindowsTokenProvider(IAppBuilder app)
{
app.UseWindowsAuthenticationService(new WindowsAuthenticationOptions
{
IdpReplyUrl = "https://localhost:44333/was",
SigningCertificate = Certificate.Load(),
EnableOAuth2Endpoint = false
});
}

private void ConfigureIdentityProviders(IAppBuilder app, string signInAsType)
{
var wsFederation = new WsFederationAuthenticationOptions
{
AuthenticationType = "windows",
Caption = "Windows",
SignInAsAuthenticationType = signInAsType,

MetadataAddress = "https://localhost:44333/windows",
Wtrealm = "urn:idsrv3"
};
app.UseWsFederationAuthentication(wsFederation);
}
}
}
30 changes: 30 additions & 0 deletions source/WebHost (Windows Auth All-in-One)/WebHost/Web.Debug.config
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<?xml version="1.0" encoding="utf-8"?>

<!-- For more information on using web.config transformation visit http://go.microsoft.com/fwlink/?LinkId=125889 -->

<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<!--
In the example below, the "SetAttributes" transform will change the value of
"connectionString" to use "ReleaseSQLServer" only when the "Match" locator
finds an attribute "name" that has a value of "MyDB".
<connectionStrings>
<add name="MyDB"
connectionString="Data Source=ReleaseSQLServer;Initial Catalog=MyReleaseDB;Integrated Security=True"
xdt:Transform="SetAttributes" xdt:Locator="Match(name)"/>
</connectionStrings>
-->
<system.web>
<!--
In the example below, the "Replace" transform will replace the entire
<customErrors> section of your web.config file.
Note that because there is only one customErrors section under the
<system.web> node, there is no need to use the "xdt:Locator" attribute.
<customErrors defaultRedirect="GenericError.htm"
mode="RemoteOnly" xdt:Transform="Replace">
<error statusCode="500" redirect="InternalError.htm"/>
</customErrors>
-->
</system.web>
</configuration>
Loading

0 comments on commit 49f6a27

Please sign in to comment.