Adding a Start up class for OpenIdConnect authentication

2015-01-15 13:12:56 -08:00 · 2015-01-15 13:12:56 -08:00 · 0f9173ecb0
parent b46bec1a7e
commit 0f9173ecb0
7 changed files with 207 additions and 47 deletions
--- a/NuGet.Config
+++ b/NuGet.Config
@ -3,5 +3,6 @@
  <packageSources>
    <add key="AspNetVNext" value="https://www.myget.org/F/aspnetvnext/api/v2" />
    <add key="NuGet.org" value="https://nuget.org/api/v2/" />
+    <add key="AzureADNighty" value="http://www.myget.org/F/azureadwebstacknightly"/>
  </packageSources>
 </configuration>
--- a/README.md
+++ b/README.md
@ -29,3 +29,6 @@ This project is part of ASP.NET 5.0. You can find samples, documentation and get

 ###NTLM authentication
 More information at src/MusicStore/StartupNtlmAuthentication.cs.
+
+###OpenIdConnect authentication
+More information at src/MusicStore/StartupOpenIdConnect.cs.
--- a/src/MusicStore/Controllers/AccountController.cs
+++ b/src/MusicStore/Controllers/AccountController.cs
@ -2,9 +2,11 @@
 using System.Security.Claims;
 using System.Security.Principal;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Hosting;
 using Microsoft.AspNet.Identity;
 using Microsoft.AspNet.Mvc;
 using Microsoft.AspNet.Mvc.Rendering;
+using Microsoft.Framework.DependencyInjection;
 using MusicStore.Models;

 namespace MusicStore.Controllers
@ -431,6 +433,15 @@ namespace MusicStore.Controllers
        public IActionResult LogOff()
        {
            SignInManager.SignOut();
+
+            // TODO: Currently SignInManager.SignOut does not sign out OpenIdc and does not have a way to pass in a specific
+            // AuthType to sign out.
+            var appEnv = Context.RequestServices.GetService<IHostingEnvironment>();
+            if (appEnv.EnvironmentName == "OpenIdConnect")
+            {
+                Response.SignOut("OpenIdConnect");
+            }
+
            return RedirectToAction("Index", "Home");
        }

--- a/src/MusicStore/MusicStore.kproj
+++ b/src/MusicStore/MusicStore.kproj
@ -15,4 +15,9 @@
    <DevelopmentServerPort>5001</DevelopmentServerPort>
  </PropertyGroup>
  <Import Project="$(VSToolsPath)\AspNet\Microsoft.Web.AspNet.targets" Condition="'$(VSToolsPath)' != ''" />
+  <ProjectExtensions>
+    <VisualStudio>
+      <UserProperties project_1json__JSONSchema="http://www.asp.net/media/4878834/project.json" />
+    </VisualStudio>
+  </ProjectExtensions>
 </Project>
--- a/src/MusicStore/StartupNtlmAuthentication.cs
+++ b/src/MusicStore/StartupNtlmAuthentication.cs
@ -18,7 +18,7 @@ namespace MusicStore
 {
    /// <summary>
    /// To make runtime to load an environment based startup class, specify the environment by the following ways: 
-    /// 1. Drop a Microsoft.AspNet.Hosting.ini file in the application folder
+    /// 1. Drop a Microsoft.AspNet.Hosting.ini file in the wwwroot folder
    /// 2. Add a setting in the ini file named 'ASPNET_ENV' with value of the format 'Startup[EnvironmentName]'. For example: To load a Startup class named
    /// 'StartupNtlmAuthentication' the value of the env should be 'NtlmAuthentication' (eg. ASPNET_ENV=NtlmAuthentication). Runtime adds a 'Startup' prefix to this and loads 'StartupNtlmAuthentication'. 
    /// If no environment name is specified the default startup class loaded is 'Startup'. 
--- a/src/MusicStore/StartupOpenIdConnect.cs
+++ b/src/MusicStore/StartupOpenIdConnect.cs
@ -0,0 +1,139 @@
+using System;
+using Microsoft.AspNet.Builder;
+using Microsoft.AspNet.Diagnostics;
+using Microsoft.AspNet.Diagnostics.Entity;
+using Microsoft.AspNet.Identity;
+using Microsoft.AspNet.Routing;
+using Microsoft.Framework.Cache.Memory;
+using Microsoft.Framework.ConfigurationModel;
+using Microsoft.Framework.DependencyInjection;
+using Microsoft.Framework.Logging;
+using Microsoft.Framework.Logging.Console;
+using MusicStore.Models;
+
+namespace MusicStore
+{
+    /// <summary>
+    /// To make runtime to load an environment based startup class, specify the environment by the following ways: 
+    /// 1. Drop a Microsoft.AspNet.Hosting.ini file in the wwwroot folder
+    /// 2. Add a setting in the ini file named 'ASPNET_ENV' with value of the format 'Startup[EnvironmentName]'. For example: To load a Startup class named
+    /// 'StartupOpenIdConnect' the value of the env should be 'OpenIdConnect' (eg. ASPNET_ENV=OpenIdConnect). Runtime adds a 'Startup' prefix to this and loads 'StartupOpenIdConnect'. 
+    /// If no environment name is specified the default startup class loaded is 'Startup'. 
+    /// Alternative ways to specify environment are:
+    /// 1. Set the environment variable named SET ASPNET_ENV=OpenIdConnect
+    /// 2. For selfhost based servers pass in a command line variable named --env with this value. Eg:
+    /// "commands": {
+    ///    "web": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.WebListener --server.urls http://localhost:5002 --ASPNET_ENV OpenIdConnect",
+    ///  },
+    /// </summary>
+    public class StartupOpenIdConnect
+    {
+        public StartupOpenIdConnect()
+        {
+            //Below code demonstrates usage of multiple configuration sources. For instance a setting say 'setting1' is found in both the registered sources, 
+            //then the later source will win. By this way a Local config can be overridden by a different setting while deployed remotely.
+            Configuration = new Configuration()
+                        .AddJsonFile("config.json")
+                        .AddEnvironmentVariables(); //All environment variables in the process's context flow in as configuration values.
+        }
+
+        public IConfiguration Configuration { get; private set; }
+
+        public void ConfigureServices(IServiceCollection services)
+        {
+            //Sql client not available on mono
+            var useInMemoryStore = Type.GetType("Mono.Runtime") != null;
+
+            // Add EF services to the services container
+            if (useInMemoryStore)
+            {
+                services.AddEntityFramework(Configuration)
+                        .AddInMemoryStore()
+                        .AddDbContext<MusicStoreContext>();
+            }
+            else
+            {
+                services.AddEntityFramework(Configuration)
+                        .AddSqlServer()
+                        .AddDbContext<MusicStoreContext>();
+            }
+
+            // Add Identity services to the services container
+            services.AddIdentity<ApplicationUser, IdentityRole>(Configuration)
+                    .AddEntityFrameworkStores<MusicStoreContext>()
+                    .AddDefaultTokenProviders()
+                    .AddMessageProvider<EmailMessageProvider>()
+                    .AddMessageProvider<SmsMessageProvider>();
+
+            // Add MVC services to the services container
+            services.AddMvc();
+
+            //Add all SignalR related services to IoC.
+            services.AddSignalR();
+
+            //Add InMemoryCache
+            services.AddSingleton<IMemoryCache, MemoryCache>();
+        }
+
+        //This method is invoked when ASPNET_ENV is 'Development' or is not defined
+        //The allowed values are Development,Staging and Production
+        public void ConfigureDevelopment(IApplicationBuilder app, ILoggerFactory loggerFactory)
+        {
+            loggerFactory.AddConsole();
+
+            //Display custom error page in production when error occurs
+            //During development use the ErrorPage middleware to display error information in the browser
+            app.UseErrorPage(ErrorPageOptions.ShowAll);
+
+            app.UseDatabaseErrorPage(DatabaseErrorPageOptions.ShowAll);
+
+            // Add the runtime information page that can be used by developers
+            // to see what packages are used by the application
+            // default path is: /runtimeinfo
+            app.UseRuntimeInfoPage();
+
+            Configure(app);
+        }
+
+        public void Configure(IApplicationBuilder app)
+        {
+            //Configure SignalR
+            app.UseSignalR();
+
+            // Add static files to the request pipeline
+            app.UseStaticFiles();
+
+            // Add cookie-based authentication to the request pipeline
+            app.UseIdentity();
+
+            // Create an Azure Active directory application and copy paste the following
+            // https://github.com/aspnet/Security/issues/113
+            app.UseOpenIdConnectAuthentication(options =>
+            {
+                options.Authority = "https://login.windows.net/[tenantName].onmicrosoft.com";
+                options.ClientId = "[ClientId]";
+            });
+
+            // Add MVC to the request pipeline
+            app.UseMvc(routes =>
+            {
+                routes.MapRoute(
+                    name: "areaRoute",
+                    template: "{area:exists}/{controller}/{action}",
+                    defaults: new { action = "Index" });
+
+                routes.MapRoute(
+                    name: "default",
+                    template: "{controller}/{action}/{id?}",
+                    defaults: new { controller = "Home", action = "Index" });
+
+                routes.MapRoute(
+                    name: "api",
+                    template: "{controller}/{id?}");
+            });
+
+            //Populates the MusicStore sample data
+            SampleData.InitializeMusicStoreDatabaseAsync(app.ApplicationServices).Wait();
+        }
+    }
+}
--- a/src/MusicStore/project.json
+++ b/src/MusicStore/project.json
@ -23,6 +23,7 @@
 		"Microsoft.AspNet.Security.Facebook": "1.0.0-*",
 		"Microsoft.AspNet.Security.Google": "1.0.0-*",
 		"Microsoft.AspNet.Security.MicrosoftAccount": "1.0.0-*",
+		"Microsoft.AspNet.Security.OpenIdConnect": "1.0.0-*",
 		"Microsoft.AspNet.Security.Twitter": "1.0.0-*",
 		"Microsoft.AspNet.Server.IIS": "1.0.0-*",
 		"Microsoft.AspNet.Server.WebListener": "1.0.0-*",