private static void Validate(NancyContext context, JwtBearerAuthenticationConfiguration configuration)
{
//get the token from request header
var jwtToken = context.Request.Headers["Authorization"].FirstOrDefault() ?? string.Empty;
//whether the token value start with the challenge from configuration
if (jwtToken.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
{
jwtToken = jwtToken.Substring("Bearer ".Length);
}
else
{
return;
}
//verify the token
if (!string.IsNullOrWhiteSpace(jwtToken))
{
try
{
SecurityToken validatedToken;
var tokenHandler = new JwtSecurityTokenHandler();
var validatedClaims = tokenHandler.ValidateToken(jwtToken, configuration.TokenValidationParameters, out validatedToken);
//var jwtSecurityToken = validatedToken as JwtSecurityToken;
context.CurrentUser = validatedClaims;
}
catch (Exception)
{
}
}
}
private static Func <NancyContext, Response> GetLoadAuthenticationHook(JwtBearerAuthenticationConfiguration configuration)
{
return(context =>
{
Validate(context, configuration);
return null;
});
}
private static Action <NancyContext> GetAuthenticationPromptHook(JwtBearerAuthenticationConfiguration configuration)
{
return(context =>
{
if (context.Response.StatusCode == HttpStatusCode.Unauthorized)
{
//add a response header
context.Response.WithHeader(JwtBearerDefaults.WWWAuthenticate, configuration.Challenge);
}
});
}
/// <summary>
/// Enables JwtBearer authentication for the application
/// </summary>
/// <param name="pipelines">Pipelines to add handlers to (usually "this")</param>
/// <param name="configuration">JwtBearer authentication configuration</param>
public static void Enable(IPipelines pipelines, JwtBearerAuthenticationConfiguration configuration)
{
if (pipelines == null)
{
throw new ArgumentNullException("pipelines");
}
if (configuration == null)
{
throw new ArgumentNullException("configuration");
}
pipelines.BeforeRequest.AddItemToStartOfPipeline(GetLoadAuthenticationHook(configuration));
pipelines.AfterRequest.AddItemToEndOfPipeline(GetAuthenticationPromptHook(configuration));
}
/// <summary>
/// Enables JwtBearer authentication for a module
/// </summary>
/// <param name="module">Module to add handlers to (usually "this")</param>
/// <param name="configuration">JwtBearer authentication configuration</param>
public static void Enable(INancyModule module, JwtBearerAuthenticationConfiguration configuration)
{
if (module == null)
{
throw new ArgumentNullException("module");
}
if (configuration == null)
{
throw new ArgumentNullException("configuration");
}
module.RequiresAuthentication();
module.Before.AddItemToStartOfPipeline(GetLoadAuthenticationHook(configuration));
module.After.AddItemToEndOfPipeline(GetAuthenticationPromptHook(configuration));
}
/// <summary>
/// Module requires JwtBearer authentication
/// </summary>
/// <param name="pipeline">Bootstrapper to enable</param>
/// <param name="configuration">JwtBearer authentication configuration</param>
public static void EnableJwtBearerAuthentication(this IPipelines pipeline, JwtBearerAuthenticationConfiguration configuration)
{
JwtBearerAuthentication.Enable(pipeline, configuration);
}
/// <summary>
/// Module requires JwtBearer authentication
/// </summary>
/// <param name="module">Module to enable</param>
/// <param name="configuration">JwtBearer authentication configuration</param>
public static void EnableJwtBearerAuthentication(this INancyModule module, JwtBearerAuthenticationConfiguration configuration)
{
JwtBearerAuthentication.Enable(module, configuration);
}
