FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. ethalacker
    3. Best
    E
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 4
    • Best 1
    • Controversial 0
    • Groups 0

    Best posts made by ethalacker

    • RE: MVC Application that routes to different (fusion auth) tenants

      But but that doesn't have access to the request.. or at least not that I saw/could figure out.

      Instead I did something like this:

      Startup.cs

      // app is Owin.IAppBuilder
app.Use<MyCustomAuthMiddleware>(app, FusionAuthHelper.MakeOptions());

      MyCustomAuthMiddleware

      public class MyCustomAuthMiddleware : OpenIdConnectAuthenticationMiddleware
{
    public MyCustomAuthMiddleware(OwinMiddleware next, IAppBuilder app, OpenIdConnectAuthenticationOptions options) : base(next, app, options)
    {
    }

    public override Task Invoke(IOwinContext context)
    {
        // can do something like this if you want a service of something
        // var session = DependencyResolver.Current.GetService<ISession>();

        if (context.Request.Host.Value.Contains("clientname"))
        {
            Options.ClientId = "clientNames_clientId";
            Options.RedirectUri = "clientNames_RedirectUri";
            Options.ClientSecret = "clientNames_ClientSecret";
            Options.TokenValidationParameters.ValidAudience = "clientNames_clientId";
            Options.ConfigurationManager = new DynamicConfigurationManager("clientNames_clientId", "clientNames_tenantId");
        }
        else
        {
            Options.ClientId = "mySite_clientId";
            Options.RedirectUri = "mySite_redirectUri";
            Options.ClientSecret = "mySite_clientSecret";
            Options.TokenValidationParameters.ValidAudience = "mySite_clientId";
            Options.ConfigurationManager = new DynamicConfigurationManager("mySite_clientId", "mySite_tenantId");
        }
       // could continue this pattern for "anotherClient"

        return base.Invoke(context);
    }
}

      FusionAuthHelper

      public static class FusionAuthHelper
{
    public static OpenIdConnectAuthenticationOptions MakeOptions()
    {
        return new OpenIdConnectAuthenticationOptions {
            AuthenticationType = OpenIdConnectAuthenticationDefaults.AuthenticationType,
            SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
            ResponseType = OpenIdConnectResponseType.Code,

            CallbackPath = new PathString("/oauth/callback"),

            Scope = OpenIdConnectScope.OpenId,
            RequireHttpsMetadata = false,

            Authority = "http://localhost:9011",

            SaveTokens = true,
            RedeemCode = true,
            Notifications = new OpenIdConnectAuthenticationNotifications {
                SecurityTokenValidated = OnSecurityTokenValidated
            }
        };
    }

    private static Task OnSecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification)
    {
        var userId = new Guid(notification.AuthenticationTicket.Identity.GetUserId());
        var userRepository = DependencyResolver.Current.GetService<IUserRepository>();
        var user = userRepository.Query().Where(u => u.IsActive)
                .Where(u => u.Guid == userId)
                .Select(u => new
                {
                  //stuff
                })
                .SingleOrDefault();
        if (user == null)
        {
            //do soemthing if the user isn't found
        }
        else
        {
            notification.AuthenticationTicket.Identity.AddClaim(new Claim("MyCoolClaim", user.Soemthing.ToString()));
        }
        return Task.CompletedTask;
    }
}

      DynamicConfigurationManager

      public class DynamicConfigurationManager : IConfigurationManager<OpenIdConnectConfiguration>
{
    private string clientId;
    private string tenantId;

    public DynamicConfigurationManager(string clientId, string tenantId)
    {
        this.clientId = clientId;
        this.tenantId = tenantId;
    }

    public async Task<OpenIdConnectConfiguration> GetConfigurationAsync(CancellationToken cancel)
    {
        var authority = "http://localhost:9011";
        var stsDiscoveryEndpoint = string.Format("{0}/.well-known/openid-configuration/{1}", authority, this.tenantId);
        ConfigurationManager<OpenIdConnectConfiguration> configManager
            = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint
            , new OpenIdConnectConfigurationRetriever()
            , new HttpDocumentRetriever() { RequireHttps = false });


        var config = await configManager.GetConfigurationAsync(cancel);

        config.EndSessionEndpoint = config.EndSessionEndpoint + "?client_id=" + this.clientId;
        return config;
    }

    public void RequestRefresh()
    {

    }
}

      here are my usings in case you wonder what packages I was using

      using Microsoft.AspNet.Identity;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.Notifications;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;
using System;
using System.Linq;
using System.Security.Claims;
using System.Threading;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;

      I'm not sure if this will create 1, or 2 options instances in the middleware.. So that might be an issue. I haven't tested it enough. Might just need to put all the FusionAuthHelper options into the middleware class.

      Also, I think this will only work for MVC .Net Framework. Still need to come up with solution for .NET Core

      posted in Q&A
      E
      ethalacker