public AccountsController(
IIdentityBusiness identityBusiness,
IOptions <JwtConfigOptions> jwtOptionsSnapshot)
{
_identityBusiness = identityBusiness;
_jwtOptions = jwtOptionsSnapshot.Value;
}
public JwtTokenService(SecurityTokenHandler tokenHandler, SecurityTokenDescriptor tokenDescriptor, IOptions <AppSettingsOptions> appSettings, IOptions <JwtConfigOptions> jwtConfig)
{
_tokenHandler = tokenHandler;
_tokenDescriptor = tokenDescriptor;
_appSettings = appSettings.Value;
_jwtConfig = jwtConfig.Value;
}
private void AddJwt(IServiceCollection services)
{
IConfigurationSection jwtConfigSection = Configuration.GetSection("JWT");
services.Configure <JwtConfigOptions>(jwtConfigSection);
ServiceProvider serviceProvider = services.BuildServiceProvider();
JwtConfigOptions jwtOptions = serviceProvider.GetService <IOptions <JwtConfigOptions> >().Value;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = jwtOptions.Issuer,
ValidAudience = jwtOptions.Audience,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtOptions.SecurityKey))
};
});
}
public AuthService(
UserManager <IdentityUser> userManager,
JwtConfigOptions jwtConfigOptions,
TokenValidationParameters tokenValidationParameters,
DataContext dataContext,
IDateTime dateTime)
{
_userManager = userManager;
_jwtConfigOptions = jwtConfigOptions;
_tokenValidationParameters = tokenValidationParameters;
_dataContext = dataContext;
_dateTime = dateTime;
}
public AuthenticateResolver(IUserManager <ApplicationUser> userManager, ILoginManager <ApplicationUser> loginManager,
IEmailProvider emailSender, IOptions <AppSettings> appSettings,
IOptions <ResetPasswordSettings> resetPasswordSettings, IJwtHelper jwtHelper, IOptions <JwtConfigOptions> jwtConfigOptions,
IHttpContextAccessor httpContextAccessor)
: base()
{
_userManager = userManager;
_loginManager = loginManager;
_appSettings = appSettings.Value;
_resetPasswordSettings = resetPasswordSettings.Value;
_emailSender = emailSender;
_jwtHelper = jwtHelper;
_jwtConfigOptions = jwtConfigOptions.Value;
_httpContextAccessor = httpContextAccessor;
}
public ApplicationUserStore(IdentityErrorDescriber describer, IUserService userService,
IAuthenticationService authenticationService, IUserRoleService userRoleService, IRoleService roleService,
IAuthorizationPolicyService authorizationPolicyService,
IUserAuthorizationPolicyService userAuthorizationPolicyService, ITextEncryption textCrypter,
IMapper mapper, IOptions <CrypterSettings> crypterSettings, IOptions <JwtConfigOptions> jwtConfigOptions)
: base(describer)
{
_crypterSettings = crypterSettings.Value;
_userService = userService;
_authenticationService = authenticationService;
_userRoleService = userRoleService;
_roleService = roleService;
_authorizationPolicyService = authorizationPolicyService;
_userAuthorizationPolicyService = userAuthorizationPolicyService;
_mapper = mapper;
_textCrypter = textCrypter;
_jwtConfigOptions = jwtConfigOptions.Value;
}
public JwtHelper(IOptions <JwtConfigOptions> jwtConfigOptions, IUserManager <ApplicationUser> userManager)
{
_jwtConfigOptions = jwtConfigOptions.Value;
_userManager = userManager;
}
public void InstallServices(IServiceCollection services, IConfiguration configuration)
{
//JWT Parameters
var jwtConfigOptions = new JwtConfigOptions();
configuration.Bind(nameof(JwtConfigOptions), jwtConfigOptions);
services.AddSingleton(jwtConfigOptions); //Make it accessible wherever its requested
var tokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtConfigOptions.Secret)),
ValidateIssuer = false,
ValidateAudience = false,
RequireExpirationTime = true,
ValidateLifetime = true
};
services.AddSingleton(tokenValidationParameters);
//AUTHENTICATION
services.AddAuthentication(options =>
{
options.DefaultScheme =
options.DefaultChallengeScheme =
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
})
//JWT
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.TokenValidationParameters = tokenValidationParameters;
});
//AUTHORIZATION POLICIES
services.AddAuthorization(
options =>
{
//Claims-based policy - only authenticated users containing the "tag.view" claim in user token is allowed to access TagsController.Get() GET method
options.AddPolicy(ResourcePolicies.ViewTagPermissionPolicy, policy => policy.RequireClaim(ResourcePolicies.TryGetPolicyMetaname(ResourcePolicies.ViewTagPermissionPolicy)));
//Role-based policy
//With the line of code below, you can configure some Role-based policy using [Authorize(Policy=ResourcePolicies.ViewTagPermissionPolicy)] or you can just keep using [Authorize(Roles="a,b...n")] statements, both in controller or action method level :) It is up to you
//options.AddPolicy(ResourcePolicies.ViewTagPermissionPolicy, policy => policy.RequireRole(ResourcePolicies.TryGetPolicyMetaname(ResourcePolicies.DeletePostPermissionPolicy)));
//Requirement-based (custom logic for a more dynamic approach) policy
options.AddPolicy(ResourcePolicies.InternalEmployeePermissionPolicy, policy =>
{
policy.AddRequirements(new UserWorksForCompanyRequirement("MYCOMPANY.COM.BR"));
});
//Requirement-based (information ownership) policy
options.AddPolicy(ResourcePolicies.InformationOwnershipPermissionPolicy, policy =>
{
policy.AddRequirements(new InformationOwnershipRequirement());
});
});
services.AddSingleton <IAuthorizationHandler, UserWorksForCompanyAuthorizationHandler>();
services.AddSingleton <IAuthorizationHandler, UserIsInformationOwnerAuthorizationHandler>();
//AUTHENTICATION SERVICE DEPENDENCY
services.AddScoped <IAuthService, AuthService>();
}
public MfaService(UserManager <User> userManager, IOptions <JwtConfigOptions> jwtConfig)
{
_userManager = userManager;
_jwtConfig = jwtConfig.Value;
}