protected void ConfigJWTToken(IServiceCollection services, IConfiguration Configuration) { services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.RequireHttpsMetadata = false; options.SaveToken = true; options.TokenValidationParameters = new TokenValidationParameters { ClockSkew = TimeSpan.Zero,//.FromMinutes(MixService.GetAuthConfig<int>("ClockSkew")), //x minute tolerance for the expiration date ValidateIssuer = MixService.GetAuthConfig <bool>("ValidateIssuer"), ValidateAudience = MixService.GetAuthConfig <bool>("ValidateAudience"), ValidateLifetime = MixService.GetAuthConfig <bool>("ValidateLifetime"), ValidateIssuerSigningKey = MixService.GetAuthConfig <bool>("ValidateIssuerSigningKey"), ValidIssuer = MixService.GetAuthConfig <string>("Issuer"), ValidAudience = MixService.GetAuthConfig <string>("Audience"), IssuerSigningKey = JwtSecurityKey.Create(MixService.GetAuthConfig <string>("SecretKey")) }; options.Events = new JwtBearerEvents { OnAuthenticationFailed = context => { Console.WriteLine("OnAuthenticationFailed: " + context.Exception.Message); return(Task.CompletedTask); }, OnTokenValidated = context => { Console.WriteLine("OnTokenValidated: " + context.SecurityToken); return(Task.CompletedTask); }, }; }); }
protected void ConfigCookieAuth(IServiceCollection services, IConfiguration Configuration) { services.ConfigureApplicationCookie(options => { options.Cookie.HttpOnly = true; options.Cookie.MaxAge = TimeSpan.FromMinutes(MixService.GetAuthConfig <int>("CookieExpiration")); options.Cookie.Expiration = TimeSpan.FromMinutes(MixService.GetAuthConfig <int>("CookieExpiration")); options.LoginPath = "/security/login"; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login options.LogoutPath = "/"; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout options.AccessDeniedPath = "/security/login"; // If the MixConstants.Default.DefaultCulture is not set here, ASP.NET Core will default to /Account/AccessDenied options.SlidingExpiration = true; }); }
private async Task <AccessTokenViewModel> GenerateAccessTokenAsync(ApplicationUser user, bool isRemember) { var dtIssued = DateTime.UtcNow; var dtExpired = dtIssued.AddMinutes(MixService.GetAuthConfig <int>("CookieExpiration")); var dtRefreshTokenExpired = dtIssued.AddMinutes(MixService.GetAuthConfig <int>("RefreshTokenExpiration")); string refreshTokenId = string.Empty; string refreshToken = string.Empty; if (isRemember) { refreshToken = Guid.NewGuid().ToString(); RefreshTokenViewModel vmRefreshToken = new RefreshTokenViewModel( new RefreshTokens() { Id = refreshToken, Email = user.Email, IssuedUtc = dtIssued, ClientId = MixService.GetAuthConfig <string>("Audience"), Username = user.UserName, //Subject = SWCmsConstants.AuthConfiguration.Audience, ExpiresUtc = dtRefreshTokenExpired }); var saveRefreshTokenResult = await vmRefreshToken.SaveModelAsync(); refreshTokenId = saveRefreshTokenResult.Data?.Id; } AccessTokenViewModel token = new AccessTokenViewModel() { Access_token = await GenerateTokenAsync(user, dtExpired, refreshToken), Refresh_token = refreshTokenId, Token_type = MixService.GetAuthConfig <string>("TokenType"), Expires_in = MixService.GetAuthConfig <int>("CookieExpiration"), //UserData = user, Issued = dtIssued, Expires = dtExpired, LastUpdateConfiguration = MixService.GetConfig <DateTime?>("LastUpdateConfiguration") }; return(token); }
private async Task <string> GenerateTokenAsync(ApplicationUser user, DateTime expires, string refreshToken) { List <Claim> claims = await GetClaimsAsync(user); claims.AddRange(new[] { new Claim("Id", user.Id.ToString()), new Claim("Username", user.UserName), new Claim("RefreshToken", refreshToken) }); JwtSecurityToken jwtSecurityToken = new JwtSecurityToken( issuer: MixService.GetAuthConfig <string>("Issuer"), audience: MixService.GetAuthConfig <string>("Audience"), notBefore: DateTime.UtcNow, claims: claims, // our token will live 1 hour, but you can change you token lifetime here expires: expires, signingCredentials: new SigningCredentials(JwtSecurityKey.Create(MixService.GetAuthConfig <string>("SecretKey")), SecurityAlgorithms.HmacSha256)); return(new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken)); }
protected void ConfigCookieAuth(IServiceCollection services, IConfiguration Configuration) { services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie( options => { // Cookie settings options.Cookie.HttpOnly = true; options.Cookie.MaxAge = TimeSpan.FromMinutes(MixService.GetAuthConfig <int>("CookieExpiration")); options.Cookie.Expiration = TimeSpan.FromMinutes(MixService.GetAuthConfig <int>("CookieExpiration")); options.LoginPath = "/" + MixService.GetConfig <string>(MixConstants.ConfigurationKeyword.DefaultCulture) + "/Portal/Auth/Login"; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login options.LogoutPath = "/" + MixService.GetConfig <string>(MixConstants.ConfigurationKeyword.DefaultCulture) + "/Portal/Auth/Logout"; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout options.AccessDeniedPath = "/"; // If the MixConstants.Default.DefaultCulture is not set here, ASP.NET Core will default to /Account/AccessDenied options.SlidingExpiration = true; options.Events = new CookieAuthenticationEvents() { OnValidatePrincipal = CookieValidator.ValidateAsync }; } ); }
private ClaimsPrincipal GetPrincipalFromExpiredToken(string token) { var tokenValidationParameters = new TokenValidationParameters { ValidateIssuer = MixService.GetAuthConfig <bool>("ValidateIssuer"), ValidateAudience = MixService.GetAuthConfig <bool>("ValidateAudience"), ValidateLifetime = MixService.GetAuthConfig <bool>("ValidateLifetime"), ValidateIssuerSigningKey = MixService.GetAuthConfig <bool>("ValidateIssuerSigningKey"), IssuerSigningKey = JwtSecurityKey.Create(MixService.GetAuthConfig <string>("SecretKey")) }; var tokenHandler = new JwtSecurityTokenHandler(); SecurityToken securityToken; var principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out securityToken); var jwtSecurityToken = securityToken as JwtSecurityToken; if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase)) { throw new SecurityTokenException("Invalid token"); } return(principal); }
public static IServiceCollection AddMixAuthorize(this IServiceCollection services, IConfiguration Configuration) { PasswordOptions pOpt = new PasswordOptions() { RequireDigit = false, RequiredLength = 6, RequireLowercase = false, RequireNonAlphanumeric = false, RequireUppercase = false }; services.AddIdentity <ApplicationUser, IdentityRole>(options => { options.Password = pOpt; }) .AddEntityFrameworkStores <MixDbContext>() .AddDefaultTokenProviders() .AddUserManager <UserManager <ApplicationUser> >() ; services.AddAuthorization(); services.AddAuthentication("Bearer") .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => { options.RequireHttpsMetadata = false; options.SaveToken = true; options.TokenValidationParameters = new TokenValidationParameters { ClockSkew = TimeSpan.Zero,//.FromMinutes(MixService.GetAuthConfig<int>("ClockSkew")), //x minute tolerance for the expiration date ValidateIssuer = MixService.GetAuthConfig <bool>("ValidateIssuer"), ValidateAudience = MixService.GetAuthConfig <bool>("ValidateAudience"), ValidateLifetime = MixService.GetAuthConfig <bool>("ValidateLifetime"), ValidateIssuerSigningKey = MixService.GetAuthConfig <bool>("ValidateIssuerSigningKey"), //ValidIssuer = MixService.GetAuthConfig<string>("Issuer"), //ValidAudience = MixService.GetAuthConfig<string>("Audience"), ValidIssuers = MixService.GetAuthConfig <string>("Issuers").Split(','), ValidAudiences = MixService.GetAuthConfig <string>("Audiences").Split(','), IssuerSigningKey = JwtSecurityKey.Create(MixService.GetAuthConfig <string>("SecretKey")) }; // TODO Handle Custom Auth //options.Events = new JwtBearerEvents //{ // OnAuthenticationFailed = context => // { // Console.WriteLine("OnAuthenticationFailed: " + context.Exception.Message); // return Task.CompletedTask; // }, // OnTokenValidated = context => // { // Console.WriteLine("OnTokenValidated: " + context.SecurityToken); // return Task.CompletedTask; // }, //}; }); services.ConfigureApplicationCookie(options => { options.Cookie.HttpOnly = true; options.Cookie.MaxAge = TimeSpan.FromMinutes(MixService.GetAuthConfig <int>("CookieExpiration")); options.ExpireTimeSpan = TimeSpan.FromMinutes(MixService.GetAuthConfig <int>("CookieExpiration")); //options.Cookie.Expiration = TimeSpan.FromMinutes(MixService.GetAuthConfig<int>("CookieExpiration")); options.LoginPath = "/security/login"; // If the LoginPath is not set here, ASP.NET Core will default to /Account/Login options.LogoutPath = "/"; // If the LogoutPath is not set here, ASP.NET Core will default to /Account/Logout options.AccessDeniedPath = "/security/login"; // If the MixConstants.Default.DefaultCulture is not set here, ASP.NET Core will default to /Account/AccessDenied options.SlidingExpiration = true; }); return(services); }