/*
* 1) In Startup.ConfigureServices invoke before services.AddMvc():
* services.AddJwtBearerAuthentication();
*
* 2) Also in Startup.Configure invoke app.UseAuthentication() before app.UseMvc():
* app.UseAuthentication();
*/
public static void AddJwtBearerAuthentication(this IServiceCollection services)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = AuthJwtTokenManager.Issuer,
ValidateAudience = true,
ValidAudience = AuthJwtTokenManager.Audience,
ValidateLifetime = true,
IssuerSigningKey = AuthJwtTokenManager.GetSecurityKey(),
ValidateIssuerSigningKey = true
};
});
services.AddSingleton <IAuthorizationHandler, ValidSubdomainHandler>();
services.AddAuthorization(options =>
{
options.AddPolicy(AuthJwtTokenManager.ValidSubdomainPolicy,
policy => policy.RequireClaim(AuthJwtTokenManager.ClaimSubdomainKey)
.AddRequirements(new ValidSubdomainRequirement(AuthJwtTokenManager.ClaimSubdomainKey)));
});
}
public static string GetJwtToken(this ClaimsIdentity idenitity)
{
var credentials = AuthJwtTokenManager.GetSigningCredentials();
var token = new JwtSecurityToken(
issuer: AuthJwtTokenManager.Issuer,
audience: AuthJwtTokenManager.Audience,
notBefore: DateTime.UtcNow,
claims: idenitity.Claims,
expires: DateTime.UtcNow.AddDays(AuthJwtTokenManager.ExpireDays),
signingCredentials: credentials);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
