Created
June 18, 2016 18:09
-
-
Save omkarkhair/f28b13910d59b55e4a9099bcd82e0a6e to your computer and use it in GitHub Desktop.
OWIN Open ID Connect
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using Owin; | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Web; | |
| using Microsoft.Owin.Security.Cookies; | |
| using Microsoft.Owin.Security; | |
| using Microsoft.Owin.Security.OpenIdConnect; | |
| using System.IdentityModel.Claims; | |
| using System.Threading.Tasks; | |
| using System.Configuration; | |
| using Microsoft.IdentityModel.Clients.ActiveDirectory; | |
| namespace PUGWebApp | |
| { | |
| public partial class Startup | |
| { | |
| public void ConfigureAuth(IAppBuilder app) | |
| { | |
| // Pick up Client ID and Client Secret from Web.config | |
| string clientId = ConfigurationManager.AppSettings["ida:ClientID"]; | |
| string appKey = ConfigurationManager.AppSettings["ida:Password"]; | |
| string graphResourceID = "https://graph.windows.net"; | |
| // address for multitenant apps in the public cloud | |
| string Authority = "https://login.microsoftonline.com/common/"; | |
| app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); | |
| app.UseCookieAuthentication(new CookieAuthenticationOptions { }); | |
| app.UseOpenIdConnectAuthentication( | |
| new OpenIdConnectAuthenticationOptions | |
| { | |
| ClientId = clientId, | |
| Authority = Authority, | |
| TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters | |
| { | |
| ValidateIssuer = false, | |
| }, | |
| Notifications = new OpenIdConnectAuthenticationNotifications() | |
| { | |
| // Auth code received from Authority | |
| AuthorizationCodeReceived = async (context) => | |
| { | |
| var code = context.Code; | |
| ClientCredential credential = new ClientCredential(clientId, appKey); | |
| string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; | |
| string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; | |
| AuthenticationContext authContext = new AuthenticationContext(string.Format("https://login.microsoftonline.com/{0}", tenantID), new TokenCache()); | |
| AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync( | |
| code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceID); | |
| HttpContext.Current.Session.Add("TokenCache", authContext.TokenCache.Serialize()); | |
| }, | |
| RedirectToIdentityProvider = (context) => | |
| { | |
| // This ensures that the address used for sign in and sign out is picked up dynamically from the request | |
| // this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings | |
| // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand. | |
| string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase; | |
| context.ProtocolMessage.RedirectUri = appBaseUrl + "/"; | |
| context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl; | |
| return Task.FromResult(0); | |
| }, | |
| AuthenticationFailed = (context) => | |
| { | |
| context.OwinContext.Response.Redirect("/Home/Error"); | |
| context.HandleResponse(); // Suppress the exception | |
| return Task.FromResult(0); | |
| } | |
| } | |
| }); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment