-
Notifications
You must be signed in to change notification settings - Fork 5
/
OwinMiddlewares.cs
101 lines (79 loc) · 4.23 KB
/
OwinMiddlewares.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
using System.Collections.Generic;
using System.Globalization;
using System.IdentityModel.Tokens;
using System.Security.Claims;
using System.Web.Helpers;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.ActiveDirectory;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.DataProtection;
using Microsoft.Owin.Security.OpenIdConnect;
using Orchard.ContentManagement;
using Orchard.Logging;
using Orchard.Owin;
using Orchard.Settings;
using Owin;
using RadioSystems.AzureAuthentication.Models;
using RadioSystems.AzureAuthentication.Security;
namespace RadioSystems.AzureAuthentication {
public class OwinMiddlewares : IOwinMiddlewareProvider {
public ILogger Logger { get; set; }
private readonly string _azureClientId;
private readonly string _azureTenant;
private readonly string _azureADInstance;
private readonly string _logoutRedirectUri;
private readonly string _azureAppName;
private readonly bool _sslEnabled;
private readonly bool _azureWebSiteProtectionEnabled;
public OwinMiddlewares(ISiteService siteService) {
Logger = NullLogger.Instance;
var site = siteService.GetSiteSettings();
var azureSettings = site.As<AzureSettingsPart>();
_azureClientId = ((azureSettings.ClientId == null) || (azureSettings.ClientId == string.Empty)) ?
"[example: 82692da5-a86f-44c9-9d53-2f88d52b478b]" : azureSettings.ClientId;
_azureTenant = ((azureSettings.Tenant == null) || (azureSettings.Tenant == string.Empty)) ?
"faketenant.com" : azureSettings.Tenant;
_azureADInstance = ((azureSettings.ADInstance == null) || (azureSettings.ADInstance == string.Empty)) ?
"https://login.microsoft.com/{0}" : azureSettings.ADInstance;
_logoutRedirectUri = ((azureSettings.LogoutRedirectUri == null) || (azureSettings.LogoutRedirectUri == string.Empty)) ?
site.BaseUrl : azureSettings.LogoutRedirectUri;
_azureAppName = ((azureSettings.AppName == null) || (azureSettings.AppName == string.Empty)) ?
"[example: MyAppName]" : azureSettings.AppName;
_sslEnabled = azureSettings.SSLEnabled;
_azureWebSiteProtectionEnabled = azureSettings.AzureWebSiteProtectionEnabled;
}
public IEnumerable<OwinMiddlewareRegistration> GetOwinMiddlewares() {
var middlewares = new List<OwinMiddlewareRegistration>();
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
var openIdOptions = new OpenIdConnectAuthenticationOptions {
ClientId = _azureClientId,
Authority = string.Format(CultureInfo.InvariantCulture, _azureADInstance, _azureTenant),
PostLogoutRedirectUri = _logoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications ()
};
var cookieOptions = new CookieAuthenticationOptions();
var bearerAuthOptions = new WindowsAzureActiveDirectoryBearerAuthenticationOptions {
TokenValidationParameters = new TokenValidationParameters {
ValidAudience = string.Format(_sslEnabled ? "https://{0}/{1}" : "http://{0}/{1}", _azureTenant, _azureAppName)
}
};
if (_azureWebSiteProtectionEnabled) {
middlewares.Add(new OwinMiddlewareRegistration {
Priority = "9",
Configure = app => { app.SetDataProtectionProvider(new MachineKeyProtectionProvider()); }
});
}
middlewares.Add(new OwinMiddlewareRegistration {
Priority = "10",
Configure = app => {
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(cookieOptions);
app.UseOpenIdConnectAuthentication(openIdOptions);
//This is throwing an XML DTD is prohibited error?
//app.UseWindowsAzureActiveDirectoryBearerAuthentication(bearerAuthOptions);
}
});
return middlewares;
}
}
}