Installation | Dynamic Authentication Schemes

Adding a Dynamic Authentication Scheme

This quickstart will walk you through a typical installation of the Dynamic Authentication Providers product. You can find completed source code on GitHub.

This component requires a license which you can get by signing up for a demo or purchasing via sales@identityserver.com.

Nuget Installation

The core package contains both required dependencies and OpenID Connect support:

install-package Rsk.DynamicAuthenticationProviders

SAML and WS-Federation support is included in external package:

install-package Rsk.DynamicAuthenticationProviders.Saml
install-package Rsk.DynamicAuthenticationProviders.WsFederation

Initial Configuration

The Dynamic Authentication Scheme component requires the AddDynamicProviders registration in your IServiceCollection. This will modify ASP.NET Core's registration of IAuthenticationSchemeProvider and IOptionsMonitorCache<T> to support authentication providers loaded from an external store.

Once the core authentication plumbing is ready, you can then add support for different authentication providers, such as OpenID Connect and SAML 2.0. These only need to be registered once.

A typical implementation would look something like:

public class Startup
{
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc();

        services.AddAuthentication("cookie")
            .AddCookie("cookie");

        services.AddDynamicProviders(options =>
                {
                    options.Licensee = "";
                    options.LicenseKey = "";
                }) // Component setup
            .AddJsonStore(options => options.Path = "schemes.json") // Basic JSON store for auth schemes
            .AddOpenIdConnect() // Add OIDC support
            .AddSaml(); // Add SAML support
    }

    public void Configure(IApplicationBuilder app)
    {
        app.UseAuthentication();
        app.UseMvcWithDefaultRoute();
    }
}

Authentication Options Storage

Authentication options are retrieved using IAuthenticationSchemeStore. In the example above we used a JSON implementation registered using AddJsonStore. An Entity Framework implementation is also available and is recommended to take full advantage of this component. Check out the Entity Framework quickstart to learn how to configure this.

To get started with the component, try using the following JSON, to add OpenID Connect integration with demo.identityserver.com. This file will need to be accessbile by your site.

[
  {
    "Name": "openid-1",
    "DisplayName": "OpenID",
    "HandlerType": "Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler, Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=2.1.2.0, Culture=neutral, PublicKeyToken=adb9793829ddae60",
    "Options": {
      "Authority": "https://demo.identityserver.com",
      "ClientId": "dynamicauth-quickstart",
      "ResponseType": "id_token token",
      "Scope": [ "openid", "profile", "api1" ],
      "CallbackPath": "/signin/dynamic/openid-1" ,
      "SignInScheme": "cookie"
    }
  }
]

Note that every registered provider must have a unique scheme name and paths (e.g. callback path or metadata path).

With a provider now stored in our data store, we can start using it. If you create a controller action like the following, you should now be able to see the "openid-1" auth scheme trigger:

[HttpGet]
public IActionResult TestChallenge()
{
    return Challenge("openid-1");
}

Augmenting Options

There are some options that may be the same for all of your authentication schemes or of a type that cannot be easily stored. For handling these, we allow for the registration of an Action of the type of options for that authentication provider. This action will be invoked on the loaded options from the database and is your last chance to programmatically modify the authentication scheme's options.

The provider support offered by Rock Solid Knowledge support this approach out of the box:

services.AddDynamicProviders()
    .AddJsonStore(options => options.Path = "schemes.json")
    .AddOpenIdConnect()
    .AddSaml(optionsAugmentor => {
        optionsAugmentor.Licensee = "Demo";
        optionsAugmentor.LicenseKey = "<your license key>";
    });

We recommend this approach for values such as events and license keys, where the license key is loaded from an external secret store.

Implementations of IPostConfigureOptions are also supported for authentication option types. Note that without caching, these implementations may be called multiple times per request with a new options object.

Options Parsing

Options are parsed using the following order of precedence:

IAuthenticationSchemeStore
Options augmentor
IPostConfigureOptions

Previous Next