Extend Insite Identity Server

The first step to extend Insite would be to extend the IdentityUserManager. Specifically, we will need to override the VeriyPasswordAsync method.

namespace InsiteCommerce.Web.BL
{
    public class CustomUserManager : IdentityUserManager
    {
        public CustomUserManager(IdentityUserStore userStore) : base(userStore)
        {

        }

        protected async override Task<bool> VerifyPasswordAsync(IUserPasswordStore<IdentityUser, string> store, IdentityUser user, string password)
        {
		}
}

The logic will be created so that it will only verify if the user name starts with external. If the user account belongs to the external domain the password will be ExternalPassword. All other accounts will validate the password against the Insite database.

protected async override Task<bool> VerifyPasswordAsync(IUserPasswordStore<IdentityUser, string> store, IdentityUser user, string password)
{
	if (user.UserName.StartsWith(@"external\"))
	{
		if(password == "foo")
		{
			return true;
		} else
		{
			return false;
		}
	}

	var result =  await base.VerifyPasswordAsync(store, user, password);

	return result;
}

The next step is is to update the configuration to use the new IdentityManager. To do this we will add a static class that returns the CustomIdentityUserManager.

        public static IdentityUserManager CreateLdap(IdentityFactoryOptions<IdentityUserManager> options, IOwinContext context)
        {
            LdapUserManager manager = new LdapUserManager(new IdentityUserStore(context.Get<Insite.IdentityServer.AspNetIdentity.IdentityDbContext>()));
            IDataProtectionProvider dataProtectionProvider = options.DataProtectionProvider;
            if (dataProtectionProvider != null)
            {
                manager.UserTokenProvider = new DataProtectorTokenProvider<IdentityUser>(dataProtectionProvider.Create(new string[] { "ASP.NET Identity" }));
            }
            return manager;
        }

The next step is to create a static function that returns a IdentityServerServiceFactory with the UserManager registered to use the CustomUserManager.

        public static IdentityServerServiceFactory Configure(string connectionString)
        {
            var factory = Insite.IdentityServer.Factory.Configure(connectionString);
            
            factory.Register<LdapUserManager>(new Registration<LdapUserManager>());
            
            return factory;
        }

Finally, we need to update the /App_Config/Startup.Auth.cs to call the custom Configure function.

                Factory = LdapFactory.Configure(ConnectionStringProvider.Current.ConnectionStringName),

The full call to configure the identity server is below.

            // Configure Identity Server
            SecurityOptions.IdentityServerOptions = new IdentityServerOptions
            {
                SiteName = "Insite Commerce - Identity Server",
                IssuerUri = ConfigurationManager.AppSettings["IdentityServerUrl"],
                // TODO: Consider enabling CSP but need to determine what settings we want and will likely need to refactor _MainLayout.cshtml
                CspOptions = new CspOptions { Enabled = false },
                SigningCertificate = Certificate.Get(),
                Factory = LdapFactory.Configure(ConnectionStringProvider.Current.ConnectionStringName),
                AuthenticationOptions = new AuthenticationOptions
                {
                    IdentityProviders = ConfigureIdentityProviders
                },
                RequireSsl = requireSsl,
                EnableWelcomePage = true
            };

After making the above changes the user password is now authenticated against against a external system through Insite. This will allow you to authenticate user passwords with a 3rd party application.