Skip to content
This repository has been archived by the owner on Feb 15, 2018. It is now read-only.

Security Configuration

Jump to bottom
Brock Allen edited this page Apr 11, 2015 · 7 revisions

Security Configuration

IdentityManager defines a SecurityConfiguration base class to configure how a user is to be authenticated. There are two main approaches:

LocalhostSecurityConfiguration

The LocalhostSecurityConfiguration is the default security configuration and allows users that are accessing IdentityManager from the same machine (localhost). This is for the scenario where a developer or administrator does not need or want remote access to IdentityManager. Another use case is for when the identity database is empty and need to be initialized with the initial users (such as the initial administrator account).

HostSecurityConfiguration

HostSecurityConfiguration is designed to allow the hosting application to authenticate the user using any means it needs to (e.g. cookies). IdentityManager will simply use the host-based authentication to identify the user.

The HostSecurityConfiguration contains:

  • HostAuthenticationType : The type of Katana authentication middleware to consult to identify the identity of the user.
  • TokenExpiration : The duration a user will remain logged into IdentityManager. Once this time is expired, then IdentityManager will consult the HostAuthenticationType again to authenticate the user. This defaults to 10 hours.
  • NameClaimType : The claim type from the HostAuthenticationType that indicates the user's display name. Defaults to name.
  • RoleClaimType : The claim type from the HostAuthenticationType that indicates the user's role. Defaults to role.
  • AdminRoleName : The role that the user must be in to use IdentityManager. Defaults to IdentityManagerAdministrator.

Here is an example of using the Katana cookie authentication middleware as the means by which to authenticate the user:

public void Configuration(IAppBuilder app)
{
    app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
    {
        AuthenticationType = "Cookies"
    });
            
    var factory = new IdentityManagerServiceFactory();

    appUseIdentityManager(new IdentityManagerOptions
    {
        Factory = factory,
        SecurityConfiguration = new HostSecurityConfiguration
        {
            HostAuthenticationType = "Cookies"
        }
    });
}
Clone this wiki locally