protected override void OnModelCreating(DbModelBuilder modelBuilder)
{
base.OnModelCreating(modelBuilder);
NeedConventions.Mapp(modelBuilder);
NeedConfigurations.Map(modelBuilder);
IdentityConfigurations.Map(modelBuilder);
}
public static IServiceCollection AddPersistence(this IServiceCollection services, IConfiguration configuration, IWebHostEnvironment environment)
{
services.AddDbContext <FuhoIdentityDbContext>
(options => options.UseSqlServer(configuration.GetConnectionString(DbConfiguration.ConnectionStringName)));
services.AddIdentity <AppUser, IdentityRole>()
.AddEntityFrameworkStores <FuhoIdentityDbContext>()
.AddDefaultTokenProviders();
var identityServiceBuilder = services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseSuccessEvents = true;
});
identityServiceBuilder.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder => builder.UseSqlServer(configuration.GetConnectionString(DbConfiguration.ConnectionStringName));
// Clean unuse token from Db
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 30; // interval in seconds
});
identityServiceBuilder.AddInMemoryPersistedGrants();
identityServiceBuilder.AddInMemoryIdentityResources(IdentityConfigurations.GetIdentityResources());
identityServiceBuilder.AddInMemoryApiResources(IdentityConfigurations.GetApiResources());
identityServiceBuilder.AddInMemoryClients(IdentityConfigurations.GetClients());
identityServiceBuilder.AddAspNetIdentity <AppUser>();
if (environment.IsDevelopment())
{
identityServiceBuilder.AddDeveloperSigningCredential();
}
else
{
//path: Root/certificates/.pfx
var certificatePath = Path.GetFullPath(Path.Combine(environment.ContentRootPath, configuration["Certificate:CertFolder"], configuration["Certificate:FileName"]));
services.AddIdentityServer()
.AddSigningCredential(new X509Certificate2(certificatePath), configuration["Certificate:Password"]);
}
return(services);
}
/// <summary>
/// Método para obtenção da chave de assinatura do token provida pela autoridade de identificação.
/// </summary>
/// <param name="settings">Objeto referenciado</param>
/// <param name="token">Token de autenticação</param>
/// <returns>Chave de segurança provida pela autoridade de identificação.</returns>
private static async Task <SecurityKey> GetSigningKeyAsync(this IdentityConfigurations settings, JwtSecurityToken token)
{
var client = new HttpClient();
try
{
var discovery = await client.GetDiscoveryDocumentAsync(settings.Authority);
var kid = token.Header.Kid;
var key = discovery.KeySet.Keys.Where(x => x.Kid == kid).FirstOrDefault();
var json = JsonConvert.SerializeObject(key);
var result = JsonWebKey.Create(json);
//var keys = client.GetRequest(".well-known/openid-configuration/jwks").ExecuteAsync<IdentityKeySet>().Result;
return(result);
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Extensão que faz a validação de um token.
/// </summary>
/// <param name="token">Objeto referenciado</param>
/// <param name="settings">Configurações de autoridade</param>
/// <returns>Resultado da validação do token</returns>
public static async Task <TokenValidationResult> ValidateAsync(this JwtSecurityToken token, IdentityConfigurations settings)
{
TokenValidationResult result;
try
{
var tokenDecoder = new JwtSecurityTokenHandler();
var parameters = await settings.GetTokenParametesAsync(token);
var principal = tokenDecoder.ValidateToken(token.RawData, parameters, out SecurityToken validatedToken);
result = new TokenValidationResult(TokenValidation.Valid)
{
Principal = principal,
SecurityToken = validatedToken
};
}
catch (SecurityTokenExpiredException ex)
{
result = new TokenValidationResult(TokenValidation.Expired, ex.Message);
}
catch (SecurityTokenInvalidAudienceException ex)
{
result = new TokenValidationResult(TokenValidation.InvalidAudience, ex.Message);
}
catch (SecurityTokenInvalidLifetimeException ex)
{
result = new TokenValidationResult(TokenValidation.InvalidLifetime, ex.Message);
}
catch (SecurityTokenInvalidSignatureException ex)
{
result = new TokenValidationResult(TokenValidation.InvalidSignature, ex.Message);
}
catch (SecurityTokenNoExpirationException ex)
{
result = new TokenValidationResult(TokenValidation.NoExpiration, ex.Message);
}
catch (SecurityTokenNotYetValidException ex)
{
result = new TokenValidationResult(TokenValidation.NotYetValid, ex.Message);
}
catch (SecurityTokenReplayAddFailedException ex)
{
result = new TokenValidationResult(TokenValidation.ReplayAdd, ex.Message);
}
catch (SecurityTokenReplayDetectedException ex)
{
result = new TokenValidationResult(TokenValidation.ReplayDetected, ex.Message);
}
catch (Exception ex)
{
result = new TokenValidationResult(TokenValidation.Error, ex.Message);
}
return(result);
}
/// <summary>
/// Método que busca as claims do usuário atual.
/// </summary>
/// <param name="context"></param>
/// <param name="configurations">Configurações do provedor de identidade.</param>
/// <returns>Enumeração de claims do usuário atual.</returns>
public static async Task <IEnumerable <Claim> > GetCurrentUserClaims(this AuthorizationFilterContext context, IdentityConfigurations configurations)
{
var token = context.GetAuthorizationToken("Bearer");
var client = new HttpClient();
var userInfo = await client.GetUserInfoAsync(configurations.Authority, token);
var claims = userInfo.ToClaims();
return(claims);
}
/// <summary>
/// Extensão que retorna os parâmetros de validação de token OAuth.
/// </summary>
/// <param name="settings">Objeto referenciado</param>
/// <param name="token">Token de autenticação</param>
/// <returns>Parâmetros de validação do Token. Veja <see cref="TokenValidationParameters"/></returns>
internal static async Task <TokenValidationParameters> GetTokenParametesAsync(this IdentityConfigurations settings, JwtSecurityToken token)
{
try
{
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = settings.ValidateIssuerSigningKey,
IssuerSigningKey = await settings.GetSigningKeyAsync(token),
ValidateIssuer = settings.ValidateIssuer,
ValidateAudience = settings.ValidateAudience,
ValidateLifetime = settings.ValidateLifetime,
ClockSkew = TimeSpan.Zero
};
return(tokenValidationParameters);
}
catch
{
return(null);
}
}
public static ApplicationUserManager Create(IdentityFactoryOptions <ApplicationUserManager> options,
IOwinContext context)
{
var manager = new ApplicationUserManager(new UserStore <ApplicationUser>(context.Get <ApplicationDbContext>()));
var configurations = new IdentityConfigurations();
#region UserValidator
// Configurando validator para nome de usuario
manager.UserValidator = new UserValidator <ApplicationUser>(manager)
{
AllowOnlyAlphanumericUserNames = configurations.UserValidator.AllowOnlyAlphanumericUserNames,
RequireUniqueEmail = configurations.UserValidator.RequireUniqueEmail
};
#endregion
#region PasswordValidator
// Logica de validação e complexidade de senha
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = configurations.PasswordValidator.RequiredLength,
RequireNonLetterOrDigit = configurations.PasswordValidator.RequireNonLetterOrDigit,
RequireDigit = configurations.PasswordValidator.RequireDigit,
RequireLowercase = configurations.PasswordValidator.RequireLowercase,
RequireUppercase = configurations.PasswordValidator.RequireUppercase
};
#endregion
#region Lockout
// Configuração de Lockout
manager.UserLockoutEnabledByDefault = configurations.Lockout.UserLockoutEnabledByDefault;
manager.DefaultAccountLockoutTimeSpan = configurations.Lockout.DefaultAccountLockoutTimeSpan;
manager.MaxFailedAccessAttemptsBeforeLockout = configurations.Lockout.MaxFailedAccessAttemptsBeforeLockout;
#endregion
#region Two Factor
// Registrando os providers para Two Factor.
manager.RegisterTwoFactorProvider(configurations.TwoFactor.Sms.Name, new PhoneNumberTokenProvider <ApplicationUser>
{
MessageFormat = configurations.TwoFactor.Sms.Message
});
manager.RegisterTwoFactorProvider(configurations.TwoFactor.Email.Name, new EmailTokenProvider <ApplicationUser>
{
Subject = configurations.TwoFactor.Email.Subject,
BodyFormat = configurations.TwoFactor.Email.Message
});
#endregion
// Definindo a classe de serviço de e-mail
manager.EmailService = new EmailService();
// Definindo a classe de serviço de SMS
manager.SmsService = new SmsService();
#region UserTokenProvider
var dataProtectionProvider = options.DataProtectionProvider;
if (dataProtectionProvider != null)
{
var userTokenProvider = dataProtectionProvider.Create(configurations.UserTokenProvider);
manager.UserTokenProvider = new DataProtectorTokenProvider <ApplicationUser>(userTokenProvider);
}
#endregion
return(manager);
}
