C# (CSharp) IApplicationBuilder.UseAldeloAuthentication Examples

Example #1

File: Startup.cs Project: yao-bin/TinyMVC6

        public void Configure(IApplicationBuilder app)
        {
            app.UseCors(builder =>
            {
                builder.AllowAnyHeader();
                builder.AllowAnyMethod();
                builder.AllowAnyOrigin();
                builder.AllowCredentials();
            });

            // use custom middleware
            app.UseRequestLogger();

            app.UseAldeloAuthentication(configureOptions: option =>
            {
                // if false, you have to explicitly point out what AuthenticationScheme in [Authorize]
                // like '[Authorize(ActiveAuthenticationSchemes ="Bearer")]'
                option.AutomaticAuthenticate = true;

                // Challenge will be shown in request header, as default 'WWW-Authenticate: Aldelo.Passport'
                // if false, cannot enter AldeloAuthenticationHandler code, will return 401 directly
                option.AutomaticChallenge = true;

                // if you want to validate below:
                // security key (for signature), lifetime, audience and issuer
                // these 4 field default value is true
                option.TokenValidationParameters.RequireSignedTokens = true;
                option.TokenValidationParameters.ValidateSignature = true;
                option.TokenValidationParameters.IssuerSigningKey = Utils.SecurityKey;

                option.TokenValidationParameters.ValidateLifetime = true;

                option.TokenValidationParameters.ValidateIssuer = true;
                option.TokenValidationParameters.ValidIssuer = "isu:aldelo.security";

                option.TokenValidationParameters.ValidateAudience = true;
                option.TokenValidationParameters.ValidAudience = "aud:aldelo.cloud";
                /* custom the audience validator
                option.TokenValidationParameters.AudienceValidator = (audi, security, vp) =>
                {
                    foreach (var s in audi)
                    {
                        if (s == "aud:aldelo.cloud")
                        {
                            return true;
                        }
                    }

                    return false;
                };
                */

                // process events
                option.Events = new JwtBearerEvents()
                {
                    OnChallenge = (context) =>
                    {
                        return Task.FromResult(false);
                    },
                    OnReceivedToken = (context) =>
                    {
                        return Task.FromResult(false);
                    },
                    OnValidatedToken = (context) =>
                    {
                        // give him 'BossClaim' for authorization policy
                        //context.AuthenticationTicket.Principal.AddIdentity(new ClaimsIdentity(new List<Claim> { new Claim("BossClaim", "I'm boss") }));

                        return Task.FromResult(false);
                    },
                    OnAuthenticationFailed = (context) =>
                    {
                        return Task.FromResult(false);
                    }
                };

                // if we want a validator instead of default one
                //option.SecurityTokenValidators = new List<ISecurityTokenValidator>() { new BlobTokenValidator() };
            });

            app.UseMvc();
        }