public void InjectServices(IConfiguration configuration, IServiceCollection services)
{
JWTBearerAuthConfig jwtBearerAuthConfig = new JWTBearerAuthConfig();
configuration.GetSection(nameof(JWTBearerAuthConfig)).Bind(jwtBearerAuthConfig);
//JWT Bearer for personal authentication
var symmetricSecurityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(jwtBearerAuthConfig.Secret));
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = symmetricSecurityKey,
ValidateIssuer = false,
ValidateAudience = false,
RequireExpirationTime = false,
ValidateLifetime = true
};
services.AddAuthentication(options => {
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options => {
options.SaveToken = true;
options.TokenValidationParameters = tokenValidationParameters;
});
services.AddAuthorization(options => {
options.AddPolicy(InternalPolicies.AdminPolicy, builder => builder.RequireClaim(InternalPolicies.AdminClaim, "true"));
});
var signingCredentials = new SigningCredentials(symmetricSecurityKey, SecurityAlgorithms.HmacSha256Signature);
var tokenDescriptor = new SecurityTokenDescriptor()
{
// SecurityTokenDescriptor takes in an array of Claims wrapped in Claims Identity in its Subject field
// This is how we specify exactly what the token must include, each rule is defined as a new Claim
// Each Claim is matched against a registered Claim Name or custom "string".
Expires = DateTime.UtcNow.Add(jwtBearerAuthConfig.TokenLifetime),
SigningCredentials = signingCredentials
};
services.AddSingleton <JWTBearerAuthConfig>(jwtBearerAuthConfig);
services.AddSingleton <TokenValidationParameters>(tokenValidationParameters);
services.AddSingleton <SymmetricSecurityKey>(symmetricSecurityKey);
services.AddSingleton <JwtSecurityTokenHandler>();
services.AddSingleton <SigningCredentials>(signingCredentials);
services.AddSingleton <SecurityTokenDescriptor>(tokenDescriptor);
}
public TokenService(JwtSecurityTokenHandler jwtSecurityTokenHandler,
IUnitOfWork unitOfWork,
JWTBearerAuthConfig jwtConfig,
UserManager <User> userManager,
SigningCredentials signingCredentials,
TokenValidationParameters tokenValidationParameters,
SecurityTokenDescriptor securityTokenDescriptor
)
{
_jwtSecurityTokenHandler = jwtSecurityTokenHandler;
_unitOfWork = unitOfWork;
_jwtConfig = jwtConfig;
_userManager = userManager;
_signingCredentials = signingCredentials;
_tokenValidationParameters = tokenValidationParameters;
_securityTokenDescriptor = securityTokenDescriptor;
}
