-
-
Save htuomola/f549fac719563b04ca00 to your computer and use it in GitHub Desktop.
Owin app OIDC initialization
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
private void ConfigureAuth(IAppBuilder app) | |
{ | |
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); | |
app.UseCookieAuthentication(new CookieAuthenticationOptions()); | |
app.UseOpenIdConnectAuthentication( | |
new OpenIdConnectAuthenticationOptions | |
{ | |
ClientId = _appSettings.AzureAdPortalClientID, | |
Authority = _authority, | |
PostLogoutRedirectUri = _appSettings.PortalUrl, | |
RedirectUri = _appSettings.PortalUrl, | |
Notifications = new OpenIdConnectAuthenticationNotifications() | |
{ | |
AuthorizationCodeReceived = ctx => | |
{ | |
this.TransformClaims(ctx.AuthenticationTicket.Identity); | |
return Task.FromResult(0); | |
}, | |
RedirectToIdentityProvider = (ctx) => | |
{ | |
ctx.ProtocolMessage.DomainHint = _appSettings.AzureAdTenant; | |
return System.Threading.Tasks.Task.FromResult(0); | |
} | |
} | |
}); | |
// This is needed so Anti-forgery tokens work with claims authentication | |
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier; | |
} | |
private void TransformClaims(ClaimsIdentity identity) | |
{ | |
if (!identity.IsAuthenticated) return; | |
// inject e-mail claim | |
// add role claim if user is in role | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment