// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDataProtection();
services.AddControllers();
services.AddSingleton(s =>
{
ApplicationConfigurationInfo appConfigInfo = new ApplicationConfigurationInfo()
{
AWSRegion = _protector.Unprotect(Configuration["AWSCognito:Region"]),
AWSPoolId = _protector.Unprotect(Configuration["AWSCognito:PoolId"]),
AWSAppClientId = _protector.Unprotect(Configuration["AWSCognito:AppClientId"]),
AWSAccessKeyId = _protector.Unprotect(Configuration["AWSCognito:AccessKeyId"]),
AWSAccessSecretKey = _protector.Unprotect(Configuration["AWSCognito:AccessSecretKey"])
};
return(appConfigInfo);
});
services.AddSingleton <IIdentityProviderService, AwsIdentityProviderService>();
services.AddScoped <ISecurityService, SecurityService>();
services.AddScoped <IUserManagerService, UserManagerService>();
var jwtTokenInfo = Configuration.GetSection("JwtTokenInfo");
JwtSettings jwtSettings = new JwtSettings();
jwtTokenInfo.Bind(jwtSettings);
services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKeyResolver = (s, securityToken, identifier, parameters) =>
{
// Get JsonWebKeySet from AWS
var json = new WebClient().DownloadString(jwtSettings.JWTKeyEndpoint);
// Serialize the result
return(JsonConvert.DeserializeObject <JsonWebKeySet>(json).Keys);
},
ValidateIssuer = jwtSettings.ValidateIssuer,
ValidIssuer = jwtSettings.Issuer,
ValidateLifetime = true,
LifetimeValidator = (before, expires, token, param) => expires > DateTime.UtcNow,
ValidateAudience = jwtSettings.ValidateAudience,
ValidAudience = jwtSettings.Audience,
};
});
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo {
Title = "CcsSso.Security.Api", Version = "v1"
});
});
}
public AwsIdentityProviderService(ApplicationConfigurationInfo appConfigInfo)
{
_appConfigInfo = appConfigInfo;
var credentials = new BasicAWSCredentials(appConfigInfo.AWSAccessKeyId, appConfigInfo.AWSAccessSecretKey);
_provider = new AmazonCognitoIdentityProviderClient(credentials, RegionEndpoint.GetBySystemName(appConfigInfo.AWSRegion));
_userPool = new CognitoUserPool(appConfigInfo.AWSPoolId, appConfigInfo.AWSAppClientId, _provider);
}
