public JwtBearerTokenAuthenticationOptions(JwtOptions jwtOptions)
{
if (jwtOptions == null)
{
throw new ArgumentNullException("jwtOptions");
}
byte[] symmetricKeyBytes = Encoding.UTF8.GetBytes(jwtOptions.JwtSigningKeyAsUtf8);
string symmetricKeyAsBase64 = Convert.ToBase64String(symmetricKeyBytes);
var symmetricKeyIssuerSecurityTokenProvider = new SymmetricKeyIssuerSecurityTokenProvider(
jwtOptions.Issuer, symmetricKeyAsBase64);
var providers = new IIssuerSecurityTokenProvider[]
{
symmetricKeyIssuerSecurityTokenProvider
};
_jwtBearerOptions = new JwtBearerAuthenticationOptions
{
AllowedAudiences = new List <string> {
jwtOptions.Audience
},
IssuerSecurityTokenProviders = providers
};
_jwtOptions = jwtOptions;
}
//TODO: Need to follow more of this for http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/ dealing with AudienceStores
//another interesting one https://blog.jayway.com/2014/09/25/securing-asp-net-web-api-endpoints-using-owin-oauth-2-0-and-claims/
/// <summary>
/// Configures Umbraco to issue and process authentication tokens
/// </summary>
/// <param name="app"></param>
/// <param name="authServerProviderOptions"></param>
/// <remarks>
/// This is a very simple implementation of token authentication, the expiry below is for a single day and with
/// this implementation there is no way to force expire tokens on the server however given the code below and the additional
/// callbacks that can be registered for the BackOfficeAuthServerProvider these types of things could be implemented. Additionally the
/// BackOfficeAuthServerProvider could be overridden to include this functionality instead of coding the logic into the callbacks.
/// </remarks>
/// <example>
///
/// An example of using this implementation is to use the UmbracoStandardOwinSetup and execute this extension method as follows:
///
/// <![CDATA[
///
/// public override void Configuration(IAppBuilder app)
/// {
/// //ensure the default options are configured
/// base.Configuration(app);
///
/// //configure token auth
/// app.UseUmbracoBackOfficeTokenAuth();
/// }
///
/// ]]>
///
/// Then be sure to read the details in UmbracoStandardOwinSetup on how to configure Owin to startup using it.
/// </example>
public static void UseUmbracoTokenAuthentication(this IAppBuilder app, UmbracoAuthorizationServerProviderOptions authServerProviderOptions = null)
{
authServerProviderOptions = authServerProviderOptions ?? new UmbracoAuthorizationServerProviderOptions();
//if a secret is supplied then
var base64Key = Convert.ToBase64String(
Encoding.UTF8.GetBytes(
authServerProviderOptions.Secret));
var tokenProvider = new SymmetricKeyIssuerSecurityTokenProvider(
AuthorizationPolicies.UmbracoRestApiIssuer,
base64Key);
var oAuthServerOptions = new OAuthAuthorizationServerOptions()
{
//generally you wouldn't allow this unless on SSL!
AllowInsecureHttp = authServerProviderOptions.AllowInsecureHttp,
TokenEndpointPath = new PathString(authServerProviderOptions.AuthEndpoint),
AuthenticationType = AuthorizationPolicies.UmbracoRestApiTokenAuthenticationType,
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new UmbracoAuthorizationServerProvider(authServerProviderOptions)
};
oAuthServerOptions.AccessTokenFormat = new JwtFormatWriter(
oAuthServerOptions,
tokenProvider.Issuer,
authServerProviderOptions.Audience,
base64Key);
// Token Generation
app.UseOAuthAuthorizationServer(oAuthServerOptions);
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
AllowedAudiences = new[] { authServerProviderOptions.Audience },
IssuerSecurityTokenProviders = new[] { tokenProvider },
Provider = new OAuthBearerAuthenticationProvider
{
OnApplyChallenge = context => { return(Task.FromResult(0)); },
OnRequestToken = context => { return(Task.FromResult(0)); },
OnValidateIdentity = context =>
{
//ensure that the rest api claim is added to the ticket if everything is validated
if (context.IsValidated)
{
context.Ticket.Identity.AddClaim(new Claim(AuthorizationPolicies.UmbracoRestApiClaimType, "true", ClaimValueTypes.Boolean, AuthorizationPolicies.UmbracoRestApiIssuer));
}
return(Task.FromResult(0));
}
}
});
}
