public async void Subscribe_OnTokenValidatedDefault_CompletesSuccessfully() { _jwtEvents = _jwtDiagnostics.Subscribe(_jwtEvents); await _jwtEvents.TokenValidated(new TokenValidatedContext(_httpContext, _authScheme, _jwtOptions)).ConfigureAwait(false); AssertSuccess(false); }
internal JwtBearerEvents JwtEvent() { var bearer = new JwtBearerEvents(); return(new JwtBearerEvents() { OnMessageReceived = e => { e.Token = InternalTokenRetriever(e.Request); return bearer.MessageReceived(e); }, OnTokenValidated = e => bearer.TokenValidated(e), OnAuthenticationFailed = e => bearer.AuthenticationFailed(e), OnChallenge = e => bearer.Challenge(e) }); }
internal void ConfigureJwtBearer(JwtBearerOptions jwtOptions) { jwtOptions.Authority = Authority; jwtOptions.RequireHttpsMetadata = RequireHttpsMetadata; jwtOptions.BackchannelTimeout = BackChannelTimeouts; jwtOptions.RefreshOnIssuerKeyNotFound = true; jwtOptions.SaveToken = SaveToken; jwtOptions.Events = new JwtBearerEvents { OnMessageReceived = e => { e.Token = InternalTokenRetriever(e.Request); return(JwtBearerEvents.MessageReceived(e)); }, OnTokenValidated = e => JwtBearerEvents.TokenValidated(e), OnAuthenticationFailed = e => JwtBearerEvents.AuthenticationFailed(e), OnChallenge = e => JwtBearerEvents.Challenge(e) }; if (DiscoveryDocumentRefreshInterval.HasValue) { var parsedUrl = DiscoveryEndpoint.ParseUrl(Authority); var httpClient = new HttpClient(JwtBackChannelHandler ?? new HttpClientHandler()) { Timeout = BackChannelTimeouts, MaxResponseContentBufferSize = 1024 * 1024 * 10 // 10 MB }; var manager = new ConfigurationManager <OpenIdConnectConfiguration>( parsedUrl.Url, new OpenIdConnectConfigurationRetriever(), new HttpDocumentRetriever(httpClient) { RequireHttps = RequireHttpsMetadata }) { AutomaticRefreshInterval = DiscoveryDocumentRefreshInterval.Value }; jwtOptions.ConfigurationManager = manager; } if (JwtBackChannelHandler != null) { jwtOptions.BackchannelHttpHandler = JwtBackChannelHandler; } // if API name is set, do a strict audience check for if (!string.IsNullOrWhiteSpace(ApiName) && !LegacyAudienceValidation) { jwtOptions.Audience = ApiName; } else { // no audience validation, rely on scope checks only jwtOptions.TokenValidationParameters.ValidateAudience = false; } jwtOptions.TokenValidationParameters.NameClaimType = NameClaimType; jwtOptions.TokenValidationParameters.RoleClaimType = RoleClaimType; if (JwtValidationClockSkew.HasValue) { jwtOptions.TokenValidationParameters.ClockSkew = JwtValidationClockSkew.Value; } if (InboundJwtClaimTypeMap != null) { var handler = new JwtSecurityTokenHandler { InboundClaimTypeMap = InboundJwtClaimTypeMap }; jwtOptions.SecurityTokenValidators.Clear(); jwtOptions.SecurityTokenValidators.Add(handler); } }
/// <summary> /// 使用 JWT 认证。 /// </summary> /// <param name="app">项目构建器。</param> /// <param name="events">认证配置。</param> /// <returns></returns> public static IApplicationBuilder UseJwtBearer(this IApplicationBuilder app, JwtBearerEvents events) { if (events is null) { throw new ArgumentNullException(nameof(events)); } return(app.Use(next => { return context => { var receivedContext = new MessageReceivedContext(context); events.MessageReceived(receivedContext); if (string.IsNullOrEmpty(receivedContext.Token)) { #if NET40 next.Invoke(context); return; #else return next.Invoke(context); #endif } var tokenValidateContext = new TokenValidateContext(receivedContext); events.TokenValidate(tokenValidateContext); if (tokenValidateContext.UserData is null || tokenValidateContext.UserData.Count == 0) { #if NET40 next.Invoke(context); return; #else return next.Invoke(context); #endif } var tokenValidatedContext = new TokenValidatedContext(tokenValidateContext); events.TokenValidated(tokenValidatedContext); if (tokenValidatedContext.User?.Identity?.IsAuthenticated ?? false) { context.User = tokenValidatedContext.User; #if NET40 Thread.CurrentPrincipal = tokenValidatedContext.User; #endif } #if NET40 next.Invoke(context); return; #else return next.Invoke(context); #endif }; })); }
internal void ConfigureJwtBearer(JwtBearerOptions jwtOptions) { jwtOptions.Authority = Authority; jwtOptions.RequireHttpsMetadata = RequireHttpsMetadata; jwtOptions.BackchannelTimeout = BackChannelTimeouts; jwtOptions.RefreshOnIssuerKeyNotFound = true; jwtOptions.SaveToken = SaveToken; jwtOptions.Events = new JwtBearerEvents { OnMessageReceived = e => { e.Token = InternalTokenRetriever(e.Request); return(JwtBearerEvents.MessageReceived(e)); }, OnTokenValidated = e => JwtBearerEvents.TokenValidated(e), OnAuthenticationFailed = e => JwtBearerEvents.AuthenticationFailed(e), OnChallenge = e => JwtBearerEvents.Challenge(e) }; if (DiscoveryDocumentRefreshInterval.HasValue) { var parsedUrl = DiscoveryClient.ParseUrl(Authority); var httpClient = new HttpClient(JwtBackChannelHandler ?? new HttpClientHandler()) { Timeout = BackChannelTimeouts, MaxResponseContentBufferSize = 1024 * 1024 * 10 // 10 MB }; var manager = new ConfigurationManager <OpenIdConnectConfiguration>( parsedUrl.Url, new OpenIdConnectConfigurationRetriever(), new HttpDocumentRetriever(httpClient) { RequireHttps = RequireHttpsMetadata }) { AutomaticRefreshInterval = DiscoveryDocumentRefreshInterval.Value }; jwtOptions.ConfigurationManager = manager; } if (JwtBackChannelHandler != null) { jwtOptions.BackchannelHttpHandler = JwtBackChannelHandler; } // if API name is set, do a strict audience check for if (!string.IsNullOrWhiteSpace(ApiName) && !LegacyAudienceValidation) { jwtOptions.Audience = ApiName; } else { // no audience validation, rely on scope checks only jwtOptions.TokenValidationParameters.ValidateAudience = false; } jwtOptions.TokenValidationParameters.NameClaimType = NameClaimType; jwtOptions.TokenValidationParameters.RoleClaimType = RoleClaimType; if (TokenDecryptionKey != null) { jwtOptions.TokenValidationParameters.TokenDecryptionKey = TokenDecryptionKey; } else if (!string.IsNullOrWhiteSpace(CertificateThumbprint)) { var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine); certStore.Open(OpenFlags.ReadOnly); var certCollection = certStore.Certificates.Find(X509FindType.FindByThumbprint, CertificateThumbprint, true); if (certCollection.Count == 0) { throw new Exception("CertificateNotFound"); } var certificate = certCollection[0]; jwtOptions.TokenValidationParameters.TokenDecryptionKey = new X509SecurityKey(certificate); } jwtOptions.TokenValidationParameters.RequireSignedTokens = RequireSignedTokens; jwtOptions.TokenValidationParameters.ValidateIssuer = ValidateIssuer; if (JwtValidationClockSkew.HasValue) { jwtOptions.TokenValidationParameters.ClockSkew = JwtValidationClockSkew.Value; } if (InboundJwtClaimTypeMap != null) { var handler = new JwtSecurityTokenHandler { InboundClaimTypeMap = InboundJwtClaimTypeMap }; jwtOptions.SecurityTokenValidators.Clear(); jwtOptions.SecurityTokenValidators.Add(handler); } }