public AuthClientConfig GetClientConfig(string baseUri)
{
string query = @"SELECT *
FROM [TaskTracker].[dbo].[AuthClientConfigs]
WHERE BaseUri = @baseUri";
AuthClientConfig config = null;
using (var sqlConnection = new SqlConnection(_connectionString))
{
SqlCommand command = new SqlCommand(query, sqlConnection);
command.Parameters.AddWithValue("@baseUri", baseUri);
sqlConnection.Open();
SqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
config = new AuthClientConfig()
{
Id = (int)reader[0],
BaseUri = (string)reader[1],
Salt = (string)reader[2],
ConsumerKey = (string)reader[3],
ConsumerSecret = (string)reader[4],
Digest = (string)reader[5]
};
break;
}
reader.Close();
}
return config;
}
public AppAuthApiService(AuthClientConfig authConfig, IAppAuthClient client, EncryptionSettingsModel encryptionSettings, ILogger <AppAuthApiService> logger)
{
_logger = logger;
_encryptionService = new EncryptionService(encryptionSettings);
_client = client;
_authConfig = authConfig;
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthClient"/> class.
/// </summary>
/// <param name="baseAddress">The base address.</param>
/// <param name="authConfig">The authentication configuration.</param>
public AuthClient(string baseAddress, AuthClientConfig authConfig)
{
if (string.IsNullOrEmpty(baseAddress))
{
throw new ArgumentNullException("Invalid base address.");
}
if (authConfig == null)
{
throw new ArgumentNullException("Invalid AuthClientConfig.");
}
_authConfig = authConfig;
_baseUri = new Uri(baseAddress.EndsWith("/") ? baseAddress : baseAddress + "/");
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthClient"/> class.
/// </summary>
/// <param name="baseUri">The base URI.</param>
/// <param name="authConfig">The authentication configuration.</param>
public AuthClient(Uri baseUri, AuthClientConfig authConfig)
{
if (baseUri == null)
{
throw new ArgumentNullException("Invalid base uri.");
}
if (authConfig == null)
{
throw new ArgumentNullException("Invalid AuthClientConfig.");
}
_authConfig = authConfig;
_baseUri = baseUri;
}
public static AuthClientConfig GetEnvVariablesForAppAuthApi(IConfiguration config)
{
var conf = new AuthClientConfig
{
ApiName = EnvironmentConstants.AppAuthApiName,
BaseAddress = GetSingleEnvVariable(EnvironmentConstants.AppAuthApiBaseAddress, config),
HeaderDefinitions = new Dictionary <string, string>()
{
{ "Accept", "application/json" }
},
BaseRef = GetSingleEnvVariable(EnvironmentConstants.PathBase, config),
AppName = "<%= namespaceName %>",
AppSecret = GetSingleEnvVariable(EnvironmentConstants.AppSecret, config)
};
return(conf);
}
public AppAuthClient(AuthClientConfig appAuthConfig, ILogger <Startup> logger)
{
_client = new HttpClient();
_logger = logger;
_logger.LogInformation($"App Auth API Config Values:{Environment.NewLine}{appAuthConfig.ToString()}");
_client.BaseAddress = new Uri(appAuthConfig.BaseAddress);
if (appAuthConfig.HeaderDefinitions != null)
{
foreach (KeyValuePair <string, string> h in appAuthConfig.HeaderDefinitions)
{
_client.DefaultRequestHeaders.Add(h.Key, h.Value);
}
}
_client.DefaultRequestHeaders.TransferEncodingChunked = false;
//Default to application/json if no header type is specified
if (_client.DefaultRequestHeaders.Accept.Count == 0)
{
_client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
}
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(options => options.Filters.Add <ExceptionFilter>());
var authClientSection = Configuration.GetSection("AuthClient");
AuthClientConfig authClientConfig = authClientSection.Get <AuthClientConfig>();
services.Configure <AuthClientConfig>(authClientSection);
services.AddSingleton <IAuthClient, AuthClient>();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = authClientConfig.Authority;
options.RequireHttpsMetadata = false;
options.ApiSecret = authClientConfig.ClientSecret;
options.ApiName = authClientConfig.DefaultScope;
});
services.AddMemoryCache();
}
/// <summary>
/// Initializes the SCA Documents wrapper using a provided SCA base address and a authentication configuration.
/// </summary>
/// <param name="baseUri">The SCA platform base address in uri format</param>
/// <param name="authConfig">An authentication configuration</param>
public ApiClient(Uri baseUri, AuthClientConfig authConfig) : base(baseUri, authConfig)
{
}
/// <summary>
/// Initializes the SCA Documents wrapper using a provided SCA base address and a authentication configuration.
/// </summary>
/// <param name="baseAddress">The SCA platform base address in string format</param>
/// <param name="authConfig">An authentication configuration</param>
public ApiClient(string baseAddress, AuthClientConfig authConfig) : base(baseAddress, authConfig)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthClient"/> class.
/// authParameters[0] - basic or cert or jwt or ...
/// authParameters[1] - baseAddress
/// authParameters[2] - username or certThumbprint or encodedTokenString or ...
/// authParameters[3] - password or ...
/// ...
/// </summary>
/// <param name="authParameters">The authentication parameters.</param>
/// <exception cref="System.Exception">Invalid configurations: basic or cert or jwt auth only are accepted.</exception>
public AuthClient(params string[] authParameters)
{
if (authParameters != null && authParameters.Length > 0)
{
if (authParameters.Any(s => string.IsNullOrEmpty(s)))
{
throw new Exception("Invalid configurations: all the arguments must be not null and not empty");
}
if (authParameters.Length < 3)
{
throw new Exception("Invalid configurations: all configurations needs at least 3 arguments");
}
_baseUri = new Uri(authParameters[1].EndsWith("/") ? authParameters[1] : authParameters[1] + "/");
switch (authParameters[0])
{
case "basic":
if (authParameters.Length < 4)
{
throw new Exception("Invalid configurations: basic configuration needs at least 3 arguments");
}
_authConfig = new BasicAuthConfig(authParameters[2], authParameters[3]);
break;
case "cert":
_authConfig = new CertAuthConfig(authParameters[2]);
break;
case "jwt":
_authConfig = new JWTAuthConfig(authParameters[2]);
break;
default:
throw new Exception("Invalid configurations: basic or cert or jwt auth only are accepted.");
}
}
else
{
var baseAddress = SecuriboxCloudAgentsConfiguration.Current.BaseAddress;
if (string.IsNullOrEmpty(baseAddress))
{
throw new NullReferenceException("BaseAddress is null or empty.");
}
_baseUri = new Uri(baseAddress.EndsWith("/") ? baseAddress : baseAddress + "/");
if (SecuriboxCloudAgentsConfiguration.Current.AuthMode == "basic")
{
_authConfig = new BasicAuthConfig(SecuriboxCloudAgentsConfiguration.Current.Username, SecuriboxCloudAgentsConfiguration.Current.Password);
}
else if (SecuriboxCloudAgentsConfiguration.Current.AuthMode == "cert")
{
_authConfig = new CertAuthConfig(SecuriboxCloudAgentsConfiguration.Current.CertThumbprint);
}
else if (SecuriboxCloudAgentsConfiguration.Current.AuthMode == "jwt")
{
var tokenString = SecuriboxCloudAgentsConfiguration.Current.EncodedTokenString;
if (!string.IsNullOrEmpty(tokenString))
{
_authConfig = new JWTAuthConfig(tokenString);
}
else
{
var certThumbprint = SecuriboxCloudAgentsConfiguration.Current.CertThumbprint;
if (string.IsNullOrEmpty(certThumbprint))
{
throw new Exception("Invalid configurations: either certThumbprint or encodedTokenString must be provided for jwt authentication.");
}
var cert = Utils.GetCertificate(certThumbprint);
_authConfig = new JWTAuthConfig(cert);
}
}
else
{
throw new Exception("Invalid configurations: basic, cert or jwt auth only are accepted.");
}
}
}
