/// <summary> /// Configure message handlers to use JwtBasedSecurityMessageHandler as /// SecurityMessageHandler for all the requests /// </summary> /// <param name="config">The config</param> /// <param name="options">The jwt validation options</param> /// <param name="forceAuthentication">Indicates whether or not authentication must be enforced</param> public static void UseJwtAuthentication( this HttpConfiguration config, JwtValidationOptions options, bool forceAuthentication = false) { config.MessageHandlers.Add( new JwtBasedSecurityMessageHandler(options, forceAuthentication)); }
private static bool TryValidateToken( string securityToken, JwtValidationOptions options) { IPrincipal principal; return new JwtSecurityTokenHandler() .TryValidateToken(securityToken, options, out principal); }
/// <summary> /// Constructor /// </summary> /// <param name="options">Options to validate then token when presents</param> /// <param name="forceAuthentication">Indicates whether or not the token must be present to process the request</param> public JwtBasedSecurityMessageHandler( JwtValidationOptions options, bool forceAuthentication = false) { options.NotNull(nameof(options)); Options = options; ForceAuthentication = forceAuthentication; }
private static Task <HttpResponseMessage> SendAsync( JwtSecurityTokenHandler tokenHandler, JwtValidationOptions options = null, Action <HttpRequestMessage, IPrincipal> assignPrincipalAction = null) { return(new HttpMessageInvoker( CreateSubjectUnderTest(false, null, tokenHandler, options ?? new JwtValidationOptions(), assignPrincipalAction)) .SendAsync( GetHttpRequestMessage(ObjectMother.Create <string>()), It.IsAny <CancellationToken>())); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddControllers(); // symmetric // services.Configure<SymmetricOptions>(Configuration.GetSection("Jwt:Symmetric")); // services.AddSingleton<IJwtManager, SymmetricJwtManager>(); // asymmetric services.Configure <AsymmetricOptions>(Configuration.GetSection("Jwt:Asymmetric")); services.AddSingleton <IJwtManager, AsymmetricJwtManager>(); // jwt validation options, we do not need different implementation for this one var jwtOptions = new JwtValidationOptions(); Configuration.GetSection("JwtValidation").Bind(jwtOptions); // setup jwt bearer authentication service services.AddJwtBearerAuthentication(jwtOptions); }
private static JwtBasedSecurityMessageHandler CreateSubjectUnderTest( bool forceAuthentication, HttpResponseMessage response, JwtSecurityTokenHandler tokenHandler, JwtValidationOptions options = null, Action <HttpRequestMessage, IPrincipal> assignPrincipalAction = null) { IPrincipal principal; if (assignPrincipalAction.IsNull()) { assignPrincipalAction = (r, p) => principal = p; } var sut = new JwtBasedSecurityMessageHandler( options ?? new JwtValidationOptions(), forceAuthentication); sut.InnerHandler = new TestHandler(response); sut.SetSecurityTokenHandlerFactory(() => tokenHandler); sut.SetAssignPrincipalFactory(assignPrincipalAction); return(sut); }