HTTP Error 403.14 - Forbidden
The Web server is configured to not list the contents of this directory.
I'm currently using IdentityManager together with MembershipReboot and IdentityServer.
I wan't to use Active Directory to login to IdentityManager.
The IdentityServer must use local MembershipReboot, Facebook and my Active Directory.
I cannot get the active directory working on both (IdSrv and IdMgr) at the same time, only one at a time. How do I need to configure my startup.cs
?
My current startup.cs
:
public void Configuration(IAppBuilder app)
{
LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider());
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.WriteTo.Trace()
.CreateLogger();
var connectionString = "MembershipReboot";
app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
});
app.UseWsFederationAuthentication(new Microsoft.Owin.Security.WsFederation.WsFederationAuthenticationOptions
{
AuthenticationType = "aadfs",
Caption = "AD",
SignInAsAuthenticationType = "Cookies",
MetadataAddress = "<meta-address>",
Wtrealm = "spn:<client-id>",
});
app.Map("/admin", adminApp =>
{
var factory = new IdentityManagerServiceFactory();
factory.Configure(connectionString);
adminApp.UseIdentityManager(new IdentityManagerOptions()
{
Factory = factory,
SecurityConfiguration = new HostSecurityConfiguration()
{
HostAuthenticationType = "Cookies",
NameClaimType = System.Security.Claims.ClaimTypes.Name,
RoleClaimType = System.Security.Claims.ClaimTypes.Role,
AdminRoleName = "administrator",
}
});
});
app.Map("/core", core =>
{
var idSvrFactory = Factory.Configure();
idSvrFactory.ConfigureCustomUserService(connectionString);
var options = new IdentityServerOptions
{
SiteName = "IdentityServer3 - UserService-MembershipReboot",
SigningCertificate = Certificate.Get(),
Factory = idSvrFactory,
AuthenticationOptions = new AuthenticationOptions
{
IdentityProviders = ConfigureAdditionalIdentityProviders,
}
};
core.UseIdentityServer(options);
});
}
public static void ConfigureAdditionalIdentityProviders(IAppBuilder app, string signInAsType)
{
app.UseWsFederationAuthentication(new Microsoft.Owin.Security.WsFederation.WsFederationAuthenticationOptions
{
AuthenticationType = "aadfs",
Caption = "AD",
SignInAsAuthenticationType = signInAsType,
MetadataAddress = "<meta-address>",
Wtrealm = "spn:<client-id>",
});
}
Do you guys know how to configure it? I've also got 2 times the "AD" login option (i couldn't get it working with only one).
Following the video here I had no problem creating a bootstrap auth for the admin to IdentityManager. However, I can't get the dang session cookie to go away when the browser closes. Relevant code is below.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
LoginPath = new PathString("/home/Login"),
});
.....
adminApp.UseIdentityManager(new IdentityManagerOptions
{
Factory = factory,
SecurityConfiguration = new HostSecurityConfiguration()
{
HostAuthenticationType = "Cookies",
NameClaimType = Constants.ClaimTypes.Name,
RoleClaimType = Constants.ClaimTypes.Role,
AdminRoleName = "SynectUserAdmin",
}
});
[HttpPost]
public ActionResult Login(string username, string password, string returnUrl)
{
var synectUserAdminName = ConfigurationManager.AppSettings["SynectUserAdminName"];
;
var synectUserAdminPassword = ConfigurationManager.AppSettings["SynectUserAdminPassword"];
if (string.Equals(username, synectUserAdminName, StringComparison.OrdinalIgnoreCase) &&
password == synectUserAdminPassword)
{
var authentication = Request.GetOwinContext().Authentication;
var claims = new[]
{
new Claim("email", "SynectUserAdmin@synectmedia.com"),
new Claim("role", "SynectUserAdmin")
};
var id = new ClaimsIdentity(claims, "Cookies");
authentication.AuthenticationResponseGrant =
new AuthenticationResponseGrant(id, new AuthenticationProperties
{
IsPersistent = false,
});
authentication.SignIn(id);
}
return View();
}
What I found is that there are three different places the token winds up. In the Set-Cookie header first. This gets copies to .Asp.Cookies. Then it gets copied into an auth header somehow and keeps showing up even when the session has been closed. I found I could actually delete that header on start to force the session to expire but that is really hacky.
I could see what was happenening when I replaced the cookieprovider with a custom pass through and checked the Request and Response during startup and login.
Another thing I wish I had more guidance on was customizing the UI. I'd like to control how properties are displayed. For instance some properties like Tenant would be nice to display as read only during development. Also having combo boxes or radio buttons through attribute usage would be nice. Is there anyway to at least add custom validators? We'd like to skin the IM UI too.
Speaking of skinning I did it for the login from IdentityManager for the user admin and also for regular users in IdentityServer3 but the two flows are so different. IdentityManager I did a controller while IdentityServer3 I used a custom IViewService. It would be great if those two things could be done in a common way.
I created that JS Graph JPG of the angular code for IdentityManager if your interested in adding it to your Wiki Brock, go for it? It took me a bit to get it arranged, using Chrome's AngularJS Graph, but it makes it a bit clearer when trying to debug into the functionality.
Also I noticed when trying to debug I had to go out and hunt down the non min oidc-token-manager.js, at https://github.com/IdentityModel/oidc-token-manager and then when trying to bundle in this on VS2015 the new WebEsentials had taken out the "Bundler Minifier" and changed it to it's own extension. Wondering if your interested in getting the new bundler file's/method attached to the project? If I understand what happened correctly.
Anyways I finally got a new non min token manager and making progress. Still have token.expired but I am making progress.
Author: Mads Kristensen - Bundler & Minifier