Auth 2.0 using OptionsFactory (named options)

.travis.yml

@@ -14,12 +14,10 @@ env:
   global:
     - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
     - DOTNET_CLI_TELEMETRY_OPTOUT: 1
-mono:
-  - 4.0.5
+mono: none
 os:
   - linux
   - osx
-osx_image: xcode7.3
 branches:
   only:
     - master
@@ -29,4 +27,4 @@ branches:
 before_install:
   - if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/; fi
 script:
-  - ./build.sh --quiet verify
+  - ./build.sh

appveyor.yml

@@ -7,9 +7,8 @@ branches:
     - dev
     - /^(.*\/)?ci-.*$/
 build_script:
-  - build.cmd verify
+  - ps: .\build.ps1
 clone_depth: 1
 test: off
 deploy: off
-# Required for dotnet-test to work
-os: Visual Studio 2015
+os: Visual Studio 2017

build.ps1

@@ -1,6 +1,6 @@
 $ErrorActionPreference = "Stop"
 
-function DownloadWithRetry([string] $url, [string] $downloadLocation, [int] $retries) 
+function DownloadWithRetry([string] $url, [string] $downloadLocation, [int] $retries)
 {
     while($true)
     {
@@ -19,7 +19,7 @@ function DownloadWithRetry([string] $url, [string] $downloadLocation, [int] $ret
                 Start-Sleep -Seconds 10
 
             }
-            else 
+            else
             {
                 $exception = $_.Exception
                 throw $exception
@@ -33,7 +33,7 @@ cd $PSScriptRoot
 $repoFolder = $PSScriptRoot
 $env:REPO_FOLDER = $repoFolder
 
-$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/feature/msbuild.zip"
+$koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
 if ($env:KOREBUILD_ZIP)
 {
     $koreBuildZip=$env:KOREBUILD_ZIP
@@ -43,18 +43,18 @@ $buildFolder = ".build"
 $buildFile="$buildFolder\KoreBuild.ps1"
 
 if (!(Test-Path $buildFolder)) {
-    Write-Host "Downloading KoreBuild from $koreBuildZip"    
-    
+    Write-Host "Downloading KoreBuild from $koreBuildZip"
+
     $tempFolder=$env:TEMP + "\KoreBuild-" + [guid]::NewGuid()
     New-Item -Path "$tempFolder" -Type directory | Out-Null
 
     $localZipFile="$tempFolder\korebuild.zip"
-    
+
     DownloadWithRetry -url $koreBuildZip -downloadLocation $localZipFile -retries 6
 
     Add-Type -AssemblyName System.IO.Compression.FileSystem
     [System.IO.Compression.ZipFile]::ExtractToDirectory($localZipFile, $tempFolder)
-    
+
     New-Item -Path "$buildFolder" -Type directory | Out-Null
     copy-item "$tempFolder\**\build\*" $buildFolder -Recurse
 
@@ -64,4 +64,4 @@ if (!(Test-Path $buildFolder)) {
     }
 }
 
-&"$buildFile" $args
+&"$buildFile" @args

build.sh

@@ -2,7 +2,7 @@
 repoFolder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $repoFolder
 
-koreBuildZip="https://github.com/aspnet/KoreBuild/archive/feature/msbuild.zip"
+koreBuildZip="https://github.com/aspnet/KoreBuild/archive/dev.zip"
 if [ ! -z $KOREBUILD_ZIP ]; then
     koreBuildZip=$KOREBUILD_ZIP
 fi
@@ -12,12 +12,12 @@ buildFile="$buildFolder/KoreBuild.sh"
 
 if test ! -d $buildFolder; then
     echo "Downloading KoreBuild from $koreBuildZip"
-    
-    tempFolder="/tmp/KoreBuild-$(uuidgen)"    
+
+    tempFolder="/tmp/KoreBuild-$(uuidgen)"
     mkdir $tempFolder
-    
+
     localZipFile="$tempFolder/korebuild.zip"
-    
+
     retries=6
     until (wget -O $localZipFile $koreBuildZip 2>/dev/null || curl -o $localZipFile --location $koreBuildZip 2>/dev/null)
     do
@@ -29,18 +29,18 @@ if test ! -d $buildFolder; then
         echo "Waiting 10 seconds before retrying. Retries left: $retries"
         sleep 10s
     done
-    
+
     unzip -q -d $tempFolder $localZipFile
-  
+
     mkdir $buildFolder
     cp -r $tempFolder/**/build/** $buildFolder
-    
+
     chmod +x $buildFile
-    
+
     # Cleanup
     if test -d $tempFolder; then
-        rm -rf $tempFolder  
+        rm -rf $tempFolder
     fi
 fi
 
-$buildFile -r $repoFolder "$@"
+$buildFile -r $repoFolder "$@"

samples/CookieSample/Startup.cs

@@ -1,5 +1,6 @@
 using System.Linq;
 using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -13,24 +14,21 @@ public class Startup
     {
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddAuthentication();
+            services.AddCookieAuthentication();
         }
 
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
-            app.UseCookieAuthentication(new CookieAuthenticationOptions
-            {
-                AutomaticAuthenticate = true
-            });
+            app.UseAuthentication();
 
             app.Run(async context =>
             {
                 if (!context.User.Identities.Any(identity => identity.IsAuthenticated))
                 {
                     var user = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bob") }, CookieAuthenticationDefaults.AuthenticationScheme));
-                    await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
+                    await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
 
                     context.Response.ContentType = "text/plain";
                     await context.Response.WriteAsync("Hello First timer");

samples/CookieSessionSample/Startup.cs

@@ -4,6 +4,7 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -14,18 +15,14 @@ public class Startup
     {
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddAuthentication();
+            services.AddCookieAuthentication(o => o.SessionStore = new MemoryCacheTicketStore());
         }
 
         public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
         {
             loggerfactory.AddConsole(LogLevel.Information);
 
-            app.UseCookieAuthentication(new CookieAuthenticationOptions
-            {
-                AutomaticAuthenticate = true,
-                SessionStore = new MemoryCacheTicketStore()
-            });
+            app.UseAuthentication();
 
             app.Run(async context =>
             {
@@ -39,7 +36,7 @@ public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
                         claims.Add(new Claim(ClaimTypes.Role, "SomeRandomGroup" + i, ClaimValueTypes.String, "IssuedByBob", "OriginalIssuerJoe"));
                     }
 
-                    await context.Authentication.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
+                    await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
                         new ClaimsPrincipal(new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme)));
 
                     context.Response.ContentType = "text/plain";

samples/JwtBearerSample/Startup.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -42,7 +43,28 @@ public Startup(IHostingEnvironment env)
         // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddAuthentication();
+            services.AddJwtBearerAuthentication(o =>
+            {
+                // You also need to update /wwwroot/app/scripts/app.js
+                o.Authority = Configuration["jwt:authority"];
+                o.Audience = Configuration["jwt:audience"];
+                o.Events = new JwtBearerEvents()
+                {
+                    OnAuthenticationFailed = c =>
+                    {
+                        c.HandleResponse();
+
+                        c.Response.StatusCode = 500;
+                        c.Response.ContentType = "text/plain";
+                        if (Environment.IsDevelopment())
+                        {
+                            // Debug only, in production do not share exceptions with the remote host.
+                            return c.Response.WriteAsync(c.Exception.ToString());
+                        }
+                        return c.Response.WriteAsync("An error occurred processing your authentication.");
+                    }
+                };
+            });
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@@ -69,44 +91,22 @@ public void Configure(IApplicationBuilder app)
             app.UseDefaultFiles();
             app.UseStaticFiles();
 
-            app.UseJwtBearerAuthentication(new JwtBearerOptions
-            {
-                // You also need to update /wwwroot/app/scripts/app.js
-                Authority = Configuration["jwt:authority"],
-                Audience = Configuration["jwt:audience"],
-                Events = new JwtBearerEvents()
-                {
-                    OnAuthenticationFailed = c =>
-                    {
-                        c.HandleResponse();
-
-                        c.Response.StatusCode = 500;
-                        c.Response.ContentType = "text/plain";
-                        if (Environment.IsDevelopment())
-                        {
-                            // Debug only, in production do not share exceptions with the remote host.
-                            return c.Response.WriteAsync(c.Exception.ToString());
-                        }
-                        return c.Response.WriteAsync("An error occurred processing your authentication.");
-                    }
-                }
-            });
+            app.UseAuthentication();
 
             // [Authorize] would usually handle this
             app.Use(async (context, next) =>
             {
-                // Use this if options.AutomaticAuthenticate = false
+                // Use this if there are multiple authentication schemes
                 // var user = await context.Authentication.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
 
-                var user = context.User; // We can do this because of  options.AutomaticAuthenticate = true;
+                var user = context.User; // We can do this because of there's only a single authentication scheme
                 if (user?.Identity?.IsAuthenticated ?? false)
                 {
                     await next();
                 }
                 else
                 {
-                    // We can do this because of options.AutomaticChallenge = true;
-                    await context.Authentication.ChallengeAsync();
+                    await context.ChallengeAsync(JwtBearerDefaults.AuthenticationScheme);
                 }
             });
 

samples/OpenIdConnect.AzureAdSample/AuthPropertiesTokenCache.cs

@@ -1,9 +1,8 @@
 using System;
 using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Authentication;
-using Microsoft.AspNetCore.Http.Features.Authentication;
 using Microsoft.IdentityModel.Clients.ActiveDirectory;
 
 namespace OpenIdConnect.AzureAdSample
@@ -58,10 +57,9 @@ private void BeforeAccessNotificationWithProperties(TokenCacheNotificationArgs a
         private void BeforeAccessNotificationWithContext(TokenCacheNotificationArgs args)
         {
             // Retrieve the auth session with the cached tokens
-             var authenticateContext = new AuthenticateContext(_signInScheme);
-            _httpContext.Authentication.AuthenticateAsync(authenticateContext).Wait();
-            _authProperties = new AuthenticationProperties(authenticateContext.Properties);
-            _principal = authenticateContext.Principal;
+            var result = _httpContext.AuthenticateAsync(_signInScheme).Result;
+            _authProperties = result.Ticket.Properties;
+            _principal = result.Ticket.Principal;
 
             BeforeAccessNotificationWithProperties(args);
         }
@@ -87,7 +85,7 @@ private void AfterAccessNotificationWithContext(TokenCacheNotificationArgs args)
                 var cachedTokens = Serialize();
                 var cachedTokensText = Convert.ToBase64String(cachedTokens);
                 _authProperties.Items[TokenCacheKey] = cachedTokensText;
-                _httpContext.Authentication.SignInAsync(_signInScheme, _principal, _authProperties).Wait();
+                _httpContext.SignInAsync(_signInScheme, _principal, _authProperties).Wait();
             }
         }
 

samples/OpenIdConnect.AzureAdSample/OpenIdConnect.AzureAdSample.csproj

@@ -15,6 +15,6 @@
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="1.2.0-*" />
     <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="3.13.8" />
-    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.0.0-msbuild*" />
+    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" Version="1.2.0-*" />
   </ItemGroup>
 </Project>