re-enalbe authentication using winodws credentials

3e89accb · Nithish Reddy Billa · f23faf79 · 3e89accb · 3e89accb · 3e89accb
Commit 3e89accb authored Nov 01, 2018 by Nithish Reddy Billa
Showing with 291 additions and 130 deletions
Mobile.WYSIWYG/App_Start/Startup.Auth.cs
Mobile.WYSIWYG/Controllers/AccountController.cs
Mobile.WYSIWYG/Helpers/RequestHelper.cs
Mobile.WYSIWYG/Mobile.WYSIWYG.csproj
Mobile.WYSIWYG/Views/Shared/_LoginPartial.cshtml
Mobile.WYSIWYG/Web.config
Mobile.WYSIWYG/packages.config
--- a/Mobile.WYSIWYG/App_Start/Startup.Auth.cs
+++ b/Mobile.WYSIWYG/App_Start/Startup.Auth.cs
 using System;
-using Microsoft.AspNet.Identity;
+using System.Collections.Generic;
-using Microsoft.AspNet.Identity.Owin;
+using System.Configuration;
-using Microsoft.Owin;
+using System.Globalization;
+using System.IdentityModel.Claims;
+using System.Linq;
+using System.Threading.Tasks;
+using System.Web;
+using Microsoft.Owin.Security;
 using Microsoft.Owin.Security.Cookies;
-using Microsoft.Owin.Security.Google;
+using Microsoft.Owin.Security.OpenIdConnect;
+using Microsoft.IdentityModel.Clients.ActiveDirectory;
 using Owin;
-using Mobile.Search.Web.Models;
+using Microsoft.IdentityModel.Protocols;
 namespace Mobile.Search.Web
 {
    public partial class Startup
    {
-        // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
+        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
-        public void ConfigureAuth(IAppBuilder app)
+            private static string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
-        {
+            private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
-            // Configure the db context, user manager and signin manager to use a single instance per request
+            private static string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
-            app.CreatePerOwinContext(ApplicationDbContext.Create);
+            private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
-            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
-            app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
+            public static readonly string Authority = aadInstance + tenantId;
-            // Enable the application to use a cookie to store information for the signed in user
+            public void ConfigureAuth(IAppBuilder app)
-            // and to use a cookie to temporarily store information about a user logging in with a third party login provider
-            // Configure the sign in cookie
-            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
-                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
-                LoginPath = new PathString("/Account/Login"),
-                Provider = new CookieAuthenticationProvider
+                app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
+                app.UseCookieAuthentication(new CookieAuthenticationOptions());
+                var auth = new OpenIdConnectAuthenticationOptions
                {
-                    // Enables the application to validate the security stamp when the user logs in.
+                    ClientId = clientId,
-                    // This is a security feature which is used when you change a password or add an external login to your account.  
+                    Authority = Authority,
-                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
+                    PostLogoutRedirectUri = postLogoutRedirectUri,
-                        validateInterval: TimeSpan.FromMinutes(30),
+                    RedirectUri = postLogoutRedirectUri,
-                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
-                }
+                    ProtocolValidator = new OpenIdConnectProtocolValidator() { NonceLifetime = new TimeSpan(1, 0, 0, 0) },
-            });            
-            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
+                    Notifications = new OpenIdConnectAuthenticationNotifications()
-            // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
+                    {
-            app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
+                        AuthenticationFailed = context =>
+                        {
-            // Enables the application to remember the second login verification factor such as phone or email.
+                            if (context.Exception is OpenIdConnectProtocolInvalidNonceException && context.Exception.Message.Contains("IDX10316"))
-            // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
+                            {
-            // This is similar to the RememberMe option when you log in.
-            app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
+                                context.HandleResponse();
+                                // Redirect to the originally requested URL
-            // Uncomment the following lines to enable logging in with third party login providers
+                                context.Response.Redirect(context.Request.Uri.PathAndQuery);
-            //app.UseMicrosoftAccountAuthentication(
+                            }
-            //    clientId: "",
-            //    clientSecret: "");
+                            context.HandleResponse();
+                            context.Response.Redirect("/RaiseError?message=" + context.Exception.Message);
-            //app.UseTwitterAuthentication(
+                            return Task.FromResult(0);
-            //   consumerKey: "",
+                        }
-            //   consumerSecret: "");
+                    }
+                };
-            //app.UseFacebookAuthentication(
-            //   appId: "",
+                app.UseOpenIdConnectAuthentication(auth);
-            //   appSecret: "");
-            //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
+            }
-            //{
-            //    ClientId = "",
-            //    ClientSecret = ""
-            //});
        }
    }
-}
\ No newline at end of file
\ No newline at end of file
--- a/Mobile.WYSIWYG/Controllers/AccountController.cs
+++ b/Mobile.WYSIWYG/Controllers/AccountController.cs
-using System;
+using Microsoft.AspNet.Identity;
+using Microsoft.Owin.Security;
+using Microsoft.Owin.Security.Cookies;
+using Microsoft.Owin.Security.OpenIdConnect;
+using Mobile.Search.Web.Helpers;
+using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
+using System.Security.Claims;
 using System.Web;
 using System.Web.Mvc;
 using System.Web.Security;
@@ -10,64 +16,89 @@ namespace Mobile.Search.Web.Controllers
 {
    public class AccountController : Controller
    {
-        [AllowAnonymous]
-        public ActionResult Login(string returnUrl)
+        public void SignIn()
        {
-            ViewBag.ReturnUrl = returnUrl;
+            // Send an OpenID Connect sign-in request.
-            return View();
+            if (!Request.IsAuthenticated)
+            {
+                HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/home" },
+                    OpenIdConnectAuthenticationDefaults.AuthenticationType);
+            }
        }
-        //
+        public ActionResult LogIn()
-        // POST: /Account/Login
+        {
+            return View();
+        }
        [HttpPost]
-        [AllowAnonymous]
+        public ActionResult Login(string username, string password)
-        [ValidateAntiForgeryToken]
-        public ActionResult Login(LoginModel model, string returnUrl)
        {
-            //if (Membership.ValidateUser(model.UserName, model.Password))
+            if ((username == "Partner" && password == "ReachMoney!"))
-            //{
-            //    FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
-            //    return RedirectToLocal(returnUrl);
-            //}
-            //temporary hard-coded way 
-            if (FormsAuthentication.Authenticate(model.UserName, model.Password))
            {
-                FormsAuthentication.SetAuthCookie(model.UserName, false);
+                HttpContext.GetOwinContext().Authentication
-                return RedirectToLocal(returnUrl);
+                  .SignOut(DefaultAuthenticationTypes.ExternalCookie);
+                Claim claim1 = new Claim(ClaimTypes.Name, username);
+                Claim[] claims = new Claim[] { claim1 };
+                ClaimsIdentity claimsIdentity =
+                  new ClaimsIdentity(claims,
+                    DefaultAuthenticationTypes.ApplicationCookie);
+                HttpContext.GetOwinContext().Authentication
+                 .SignIn(new AuthenticationProperties() { IsPersistent = false }, claimsIdentity);
+                var returnUrl = "/Home";
+                return Redirect(returnUrl);
+            }
+            else
+            {
+                ModelState.AddModelError("",
+                 "Invalid username or password.");
            }
-            // If we got this far, something failed, redisplay form
-            ModelState.AddModelError("", "The user name or password provided is incorrect.");
-            return View(model);
+            return View();
        }
-        private ActionResult RedirectToLocal(string returnUrl)
+        public ActionResult Logout()
        {
-            if (Url.IsLocalUrl(returnUrl))
+            HttpContext.GetOwinContext().Authentication
+               .SignOut();
+            return RedirectToAction("Index", "Home");
+        }
+        public void SignOut()
+        {
+            //partner sign out
+            if (RequestHelper.GetUserName(User).ToString().Equals("Partner"))
            {
-                return Redirect(returnUrl);
+                HttpContext.GetOwinContext().Authentication
+              .SignOut();
+                RedirectToAction("Index", "Home");
            }
            else
            {
-                return RedirectToAction("Index", "Home");
+                string callbackUrl = Url.Action("SignOutCallback", "Account", routeValues: null, protocol: Request.Url.Scheme);
+                HttpContext.GetOwinContext().Authentication.SignOut(
+                    new AuthenticationProperties { RedirectUri = callbackUrl },
+                    OpenIdConnectAuthenticationDefaults.AuthenticationType, CookieAuthenticationDefaults.AuthenticationType);
            }
        }
-    }
-    public class LoginModel
+        public ActionResult SignOutCallback()
-    {
+        {
-        [Required]
+            if (Request.IsAuthenticated)
-        [Display(Name = "User name")]
+            {
-        public string UserName { get; set; }
+                // Redirect to home page if the user is authenticated.
+                return RedirectToAction("Index", "Home");
+            }
-        [Required]
+            return View();
-        [DataType(DataType.Password)]
+        }
-        [Display(Name = "Password")]
-        public string Password { get; set; }
-        [Display(Name = "Remember me?")]
-        public bool RememberMe { get; set; }
    }
 }
\ No newline at end of file
--- a/Mobile.WYSIWYG/Helpers/RequestHelper.cs
+++ b/Mobile.WYSIWYG/Helpers/RequestHelper.cs
 using System;
 using System.Collections.Generic;
 using System.Collections.Specialized;
+using System.Configuration;
 using System.Linq;
+using System.Security.Claims;
+using System.Security.Principal;
+using System.Text.RegularExpressions;
 using System.Web;
 namespace Mobile.Search.Web.Helpers
 {
    public class RequestHelper
    {
+        private const string TenantIdClaimType = "http://schemas.microsoft.com/identity/claims/tenantid";
+        private static readonly string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
+        private static readonly string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
+        private static readonly string graphResourceId = ConfigurationManager.AppSettings["ida:GraphUrl"];
+        private static readonly string graphUserUrl = "https://graph.windows.net/{0}/me?api-version=" +
+                                               ConfigurationManager.AppSettings["ida:GraphApiVersion"];
+        public static string GetUserName(IPrincipal user)
+        {
+            string name = null;
+            if (user != null && user.Identity.IsAuthenticated)
+            {
+                name = user.Identity.Name;
+                try
+                {
+                    var cp = ClaimsPrincipal.Current;
+                    var fname = cp.FindFirst(ClaimTypes.GivenName).Value;
+                    var lname = cp.FindFirst(ClaimTypes.Surname).Value;
+                    if (!string.IsNullOrEmpty(fname) && !string.IsNullOrEmpty(lname))
+                        switch (fname.ToLower())
+                        {
+                            case "chris":
+                                {
+                                    name = $"{fname} {lname.Substring(0, 1)}";
+                                    break;
+                                }
+                            case "rebecca":
+                                {
+                                    if (string.Equals(lname, "percell", StringComparison.CurrentCultureIgnoreCase))
+                                    {
+                                        name = "Becky";
+                                    }
+                                    else
+                                    {
+                                        name = fname;
+                                    }
+                                    break;
+                                }
+                            case "matt":
+                                {
+                                    if (string.Equals(lname, "hoggatt", StringComparison.CurrentCultureIgnoreCase))
+                                    {
+                                        name = "Boss Hoggatt";
+                                    }
+                                    else
+                                    {
+                                        name = fname;
+                                    }
+                                    break;
+                                }
+                            default:
+                                {
+                                    name = fname;
+                                    break;
+                                }
+                        }
+                }
+                catch (Exception)
+                {
+                }
+            }
+            return name;
+        }
+        public static bool IsMobile(string useragent)
+        {
+            if (!string.IsNullOrEmpty(useragent))
+            {
+                return Regex.Match(useragent, "andriod|iphone|ipad|ipod", RegexOptions.IgnoreCase).Success;
+            }
+            return false;
+        }
        private static string GetXForwardedForIp(string iplist)
        {
            if (string.IsNullOrEmpty(iplist))

--- a/Mobile.WYSIWYG/Mobile.WYSIWYG.csproj
+++ b/Mobile.WYSIWYG/Mobile.WYSIWYG.csproj
@@ -44,10 +44,6 @@
    <WarningLevel>4</WarningLevel>
  </PropertyGroup>
  <ItemGroup>
-    <Reference Include="ADKMembershipProvider, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
-      <HintPath>..\packages\ADKMembershipProvider.0.0.8\lib\net461\ADKMembershipProvider.dll</HintPath>
-      <Private>True</Private>
-    </Reference>
    <Reference Include="Antlr3.Runtime, Version=3.5.0.2, Culture=neutral, PublicKeyToken=eb42632606e9261f, processorArchitecture=MSIL">
      <HintPath>..\packages\Antlr.3.5.0.2\lib\Antlr3.Runtime.dll</HintPath>
      <Private>True</Private>
@@ -100,17 +96,30 @@
      <Private>True</Private>
    </Reference>
    <Reference Include="Microsoft.CSharp" />
-    <Reference Include="Microsoft.Owin, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+    <Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory, Version=3.17.2.31801, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Owin.3.0.1\lib\net45\Microsoft.Owin.dll</HintPath>
+      <HintPath>..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.17.2\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.dll</HintPath>
-      <Private>True</Private>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Clients.ActiveDirectory.Platform, Version=3.17.2.31801, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.17.2\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Logging, Version=1.1.5.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Logging.1.1.5\lib\net451\Microsoft.IdentityModel.Logging.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocol.Extensions, Version=1.0.40306.1554, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.4.403061554\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Tokens, Version=5.1.5.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.5.1.5\lib\net451\Microsoft.IdentityModel.Tokens.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Owin, Version=3.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.3.1.0\lib\net45\Microsoft.Owin.dll</HintPath>
    </Reference>
    <Reference Include="Microsoft.Owin.Host.SystemWeb, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.Owin.Host.SystemWeb.3.0.1\lib\net45\Microsoft.Owin.Host.SystemWeb.dll</HintPath>
      <Private>True</Private>
    </Reference>
-    <Reference Include="Microsoft.Owin.Security, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+    <Reference Include="Microsoft.Owin.Security, Version=3.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.Owin.Security.3.0.1\lib\net45\Microsoft.Owin.Security.dll</HintPath>
+      <HintPath>..\packages\Microsoft.Owin.Security.3.1.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
-      <Private>True</Private>
    </Reference>
    <Reference Include="Microsoft.Owin.Security.Cookies, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.Owin.Security.Cookies.3.0.1\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
@@ -132,6 +141,9 @@
      <HintPath>..\packages\Microsoft.Owin.Security.OAuth.3.0.1\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
      <Private>True</Private>
    </Reference>
+    <Reference Include="Microsoft.Owin.Security.OpenIdConnect, Version=3.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.Security.OpenIdConnect.3.1.0\lib\net45\Microsoft.Owin.Security.OpenIdConnect.dll</HintPath>
+    </Reference>
    <Reference Include="Microsoft.Owin.Security.Twitter, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.Owin.Security.Twitter.3.0.1\lib\net45\Microsoft.Owin.Security.Twitter.dll</HintPath>
      <Private>True</Private>
@@ -215,6 +227,10 @@
    <Reference Include="System.Data" />
    <Reference Include="System.Data.DataSetExtensions" />
    <Reference Include="System.Drawing" />
+    <Reference Include="System.IdentityModel" />
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=4.0.40306.1554, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.4.0.4.403061554\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    </Reference>
    <Reference Include="System.IO.Compression" />
    <Reference Include="System.Reactive.Core, Version=2.2.5.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
      <HintPath>..\packages\Rx-Core.2.2.5\lib\net45\System.Reactive.Core.dll</HintPath>

--- a/Mobile.WYSIWYG/Views/Shared/_LoginPartial.cshtml
+++ b/Mobile.WYSIWYG/Views/Shared/_LoginPartial.cshtml
-@using Microsoft.AspNet.Identity
+@using Mobile.Search.Web.Helpers;
 @if (Request.IsAuthenticated)
 {
-    using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm", @class = "navbar-right" }))
+    <text>
-    {
+        <ul class="nav navbar-nav navbar-right ">
-    @Html.AntiForgeryToken()
+            <li class="nav-item">
+                @*@Html.ActionLink("Hello " + User.Identity.Name + "!", "Index", "UserProfile", routeValues: null, htmlAttributes: null)*@
-    <ul class="nav navbar-nav navbar-right">
+                @Html.ActionLink("Hello " + RequestHelper.GetUserName(User).ToString() + "!", "Index", "UserProfile", routeValues: null, htmlAttributes: new { @class = "nav-link" })
-        <li>
+            </li>
-            @Html.ActionLink("Hello " + User.Identity.GetUserName() + "!", "Index", "Manage", routeValues: null, htmlAttributes: new { title = "Manage" })
+            <li class="nav-item">
-        </li>
+                @Html.ActionLink("Sign out", "SignOut", "Account", null, new { @class = "nav-link" })
-        <li><a href="javascript:document.getElementById('logoutForm').submit()">Log off</a></li>
+            </li>
-    </ul>
+        </ul>
-    }
+    </text>
 }
 else
 {
    <ul class="nav navbar-nav navbar-right">
-        <li>@Html.ActionLink("Register", "Register", "Account", routeValues: null, htmlAttributes: new { id = "registerLink" })</li>
+        <li class="nav-item">@Html.ActionLink("Sign in", "SignIn", "Account", routeValues: null, htmlAttributes: new { id = "loginLink", @class = "nav-link" })</li>
-        <li>@Html.ActionLink("Log in", "Login", "Account", routeValues: null, htmlAttributes: new { id = "loginLink" })</li>
    </ul>
 }
--- a/Mobile.WYSIWYG/Web.config
+++ b/Mobile.WYSIWYG/Web.config
@@ -39,6 +39,15 @@
    <add key="SMTPSendGridPass" value="Sh0w me the money!" />    
    <add key="Port" value="587" />
    <add key="FromMailAddress" value="offers@minbox.email" />
+    <!--Auth-->
+    <add key="ida:ClientId" value="4d71ec23-1e04-4e62-aa45-2bab5b5e62f2" />
+    <add key="ida:AADInstance" value="https://login.microsoftonline.com/" />
+    <!--<add key="ida:ClientSecret" value="TXAor72O9rxPivJqYr+JnvNgy4yha5wR+BGVGHpKXBg=" />-->
+    <add key="ida:ClientSecret" value="eXpHGB+mMuO0uQwk6EK1+BTB/1EIXwqnY79/IRPq5vE=" />
+    <add key="ida:Domain" value="adknowledge.com" />
+    <add key="ida:TenantId" value="6181d0a9-cbc0-4d7b-aefd-dcbb43fb05f8" />
+    <!--<add key="ida:PostLogoutRedirectUri" value="http://editor.rm-mobile.com" />-->
+    <add key="ida:PostLogoutRedirectUri" value="http://localhost:64292" />
    <!-- temp for stats d counters -->
    <!-- this is using the bidder graphite server -->
    <add key="StatsDServer" value="ec2-52-6-110-37.compute-1.amazonaws.com" />
@@ -72,7 +81,7 @@ that is bundled with the nuget package under the tools folder.
    </compilation>
    <httpRuntime targetFramework="4.5" requestValidationMode="2.0" maxQueryStringLength="32768" maxUrlLength="65536" maxRequestLength="65536" requestPathInvalidCharacters="*,%,:,\" />
    <customErrors mode="RemoteOnly" />
-    <membership defaultProvider="ADMembershipProvider">
+    <!--<membership defaultProvider="ADMembershipProvider">
      <providers>
        <clear />
        <add name="ADMembershipProvider" type="ADKMembershipProvider.AdkMembershipProvider" />
@@ -84,8 +93,8 @@ that is bundled with the nuget package under the tools folder.
          <user name="Admin" password="Show me the m0ney!"/>
        </credentials>
      </forms>
-      <!--<forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="9440" slidingExpiration="false" protection="All" />-->
+      --><!--<forms name=".ADAuthCookie" loginUrl="~/Account/Login" timeout="9440" slidingExpiration="false" protection="All" />--><!--
-    </authentication>
+    </authentication>-->
    <machineKey validationKey="9D917A96D5FCB1E02CB44567C415E175D54FB9352ED0F3F76C42F59149DECA28E1029A3F69080A4E876357974F5ED39E75FA50498A162CD2C8B62F7701531471" decryptionKey="3F660F6419346F1C477AC77ABF3B14E65BBBAC1FA3DBCEE48EDB0DD303033735" validation="SHA1" decryption="AES" />
  </system.web>
  <system.webServer>
@@ -107,7 +116,7 @@ that is bundled with the nuget package under the tools folder.
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
+        <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" />
@@ -119,7 +128,7 @@ that is bundled with the nuget package under the tools folder.
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
+        <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
@@ -161,6 +170,14 @@ that is bundled with the nuget package under the tools folder.
        <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.0.40306.1554" newVersion="4.0.40306.1554" />
+      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.Protocol.Extensions" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-1.0.40306.1554" newVersion="1.0.40306.1554" />
+      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <entityFramework>

--- a/Mobile.WYSIWYG/packages.config
+++ b/Mobile.WYSIWYG/packages.config
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="ADKMembershipProvider" version="0.0.8" targetFramework="net461" />
  <package id="Antlr" version="3.5.0.2" targetFramework="net461" />
  <package id="AWSSDK" version="2.3.55.2" targetFramework="net461" />
  <package id="AWSSDK.Core" version="3.3.21.16" targetFramework="net461" />
@@ -28,15 +27,20 @@
  <package id="Microsoft.AspNet.Razor" version="3.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNet.Web.Optimization" version="1.1.3" targetFramework="net45" />
  <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net461" />
+  <package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.17.2" targetFramework="net461" />
+  <package id="Microsoft.IdentityModel.Logging" version="1.1.5" targetFramework="net461" />
+  <package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.4.403061554" targetFramework="net461" />
+  <package id="Microsoft.IdentityModel.Tokens" version="5.1.5" targetFramework="net461" />
  <package id="Microsoft.jQuery.Unobtrusive.Validation" version="3.2.3" targetFramework="net461" />
-  <package id="Microsoft.Owin" version="3.0.1" targetFramework="net461" />
+  <package id="Microsoft.Owin" version="3.1.0" targetFramework="net461" />
  <package id="Microsoft.Owin.Host.SystemWeb" version="3.0.1" targetFramework="net461" />
-  <package id="Microsoft.Owin.Security" version="3.0.1" targetFramework="net461" />
+  <package id="Microsoft.Owin.Security" version="3.1.0" targetFramework="net461" />
  <package id="Microsoft.Owin.Security.Cookies" version="3.0.1" targetFramework="net461" />
  <package id="Microsoft.Owin.Security.Facebook" version="3.0.1" targetFramework="net461" />
  <package id="Microsoft.Owin.Security.Google" version="3.0.1" targetFramework="net461" />
  <package id="Microsoft.Owin.Security.MicrosoftAccount" version="3.0.1" targetFramework="net461" />
  <package id="Microsoft.Owin.Security.OAuth" version="3.0.1" targetFramework="net461" />
+  <package id="Microsoft.Owin.Security.OpenIdConnect" version="3.1.0" targetFramework="net461" />
  <package id="Microsoft.Owin.Security.Twitter" version="3.0.1" targetFramework="net461" />
  <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
  <package id="Modernizr" version="2.8.3" targetFramework="net461" />
@@ -63,5 +67,6 @@
  <package id="ServiceStack.Text" version="4.5.4" targetFramework="net461" />
  <package id="StackExchange.Redis" version="1.1.608" targetFramework="net461" />
  <package id="StatsdClient" version="1.4.51" targetFramework="net461" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="4.0.4.403061554" targetFramework="net461" />
  <package id="WebGrease" version="1.6.0" targetFramework="net461" />
 </packages>
\ No newline at end of file