-
Notifications
You must be signed in to change notification settings - Fork 231
Security Configuration
IdentityManager defines a SecurityConfiguration
base class to configure how a user is to be authenticated. There are two main approaches:
The LocalhostSecurityConfiguration
is the default security configuration and allows users that are accessing IdentityManager from the same machine (localhost). This is for the scenario where a developer or administrator does not need or want remote access to IdentityManager. Another use case is for when the identity database is empty and need to be initialized with the initial users (such as the initial administrator account).
HostSecurityConfiguration
is designed to allow the hosting application to authenticate the user using any means it needs to (e.g. cookies). IdentityManager will simply use the host-based authentication to identify the user.
The HostSecurityConfiguration
contains:
-
HostAuthenticationType
: The type of Katana authentication middleware to consult to identify the identity of the user. -
TokenExpiration
: The duration a user will remain logged into IdentityManager. Once this time is expired, then IdentityManager will consult theHostAuthenticationType
again to authenticate the user. This defaults to10
hours. -
NameClaimType
: The claim type from theHostAuthenticationType
that indicates the user's display name. Defaults toname
. -
RoleClaimType
: The claim type from theHostAuthenticationType
that indicates the user's role. Defaults torole
. -
AdminRoleName
: The role that the user must be in to use IdentityManager. Defaults toIdentityManagerAdministrator
.
Here is an example of using the Katana cookie authentication middleware as the means by which to authenticate the user:
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
var factory = new IdentityManagerServiceFactory();
appUseIdentityManager(new IdentityManagerOptions
{
Factory = factory,
SecurityConfiguration = new HostSecurityConfiguration
{
HostAuthenticationType = "Cookies"
}
});
}