public AccountRules(UserManager <User> userManager, SignInManager <User> signInManager,
IOptions <JwtOptions> jwtOptions, ILoggerFactory loggerFactory, JwtTokenCache tokenCache)
{
_userManager = userManager;
_signInManager = signInManager;
_tokenCache = tokenCache;
_jwtOptions = jwtOptions.Value;
_logger = loggerFactory.CreateLogger <AccountRules> ();
ThrowIfInvalidOptions(_jwtOptions);
}
private void ConfigIdentity(IServiceCollection services, IHostingEnvironment hostingEnv)
{
var jwtOptions = new JwtOptions();
Configuration.GetSection(nameof(JwtOptions)).Bind(jwtOptions);
SymmetricSecurityKey signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtOptions.SecretKey));
// ConfigureMaps JwtIssuerOptions
services.Configure <JwtOptions> (options =>
{
options.Issuer = jwtOptions.Issuer;
options.Audience = jwtOptions.Audience;
options.InstanceClaimName = jwtOptions.InstanceClaimName;
options.SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
});
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = jwtOptions.Issuer,
ValidateAudience = true,
ValidAudience = jwtOptions.Audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
RequireExpirationTime = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
var tokenCache = new JwtTokenCache();
services.AddSingleton(tokenCache);
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = tokenValidationParameters;
options.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = OnRedirectToLogin
};
});
var identityOptions = new CustomIdentityOptions();
Configuration.GetSection(nameof(CustomIdentityOptions)).Bind(identityOptions);
IdentityBuilder builder = services.AddIdentityCore <User> (options =>
{
options.User.RequireUniqueEmail = identityOptions.UserRequireUniqueEmail;
options.Password.RequiredLength = identityOptions.PasswordRequiredLength;
options.Password.RequireDigit = identityOptions.PasswordRequireDigit;
options.Password.RequireLowercase = identityOptions.PasswordRequireLowercase;
options.Password.RequireNonAlphanumeric = identityOptions.PasswordRequireNonAlphanumeric;
options.Password.RequireUppercase = identityOptions.PasswordRequireUppercase;
options.Lockout.MaxFailedAccessAttempts = identityOptions.LockoutMaxFailedAccessAttempts;
});
builder = new IdentityBuilder(builder.UserType, typeof(IdentityRole), builder.Services)
.AddEntityFrameworkStores <AdminContext> ()
.AddDefaultTokenProviders();
builder.AddRoleValidator <RoleValidator <IdentityRole> > ();
builder.AddRoleManager <RoleManager <IdentityRole> > ();
builder.AddSignInManager <SignInManager <User> > ();
builder.AddUserValidator <UserValidator <User> > ();
}