/// <summary>
 /// Configure message handlers to use JwtBasedSecurityMessageHandler as
 /// SecurityMessageHandler for all the requests
 /// </summary>
 /// <param name="config">The config</param>
 /// <param name="options">The jwt validation options</param>
 /// <param name="forceAuthentication">Indicates whether or not authentication must be enforced</param>
 public static void UseJwtAuthentication(
     this HttpConfiguration config,
     JwtValidationOptions options,
     bool forceAuthentication = false)
 {
     config.MessageHandlers.Add(
         new JwtBasedSecurityMessageHandler(options, forceAuthentication));
 }
 private static bool TryValidateToken(
     string securityToken,
     JwtValidationOptions options)
 {
     IPrincipal principal;
     return new JwtSecurityTokenHandler()
         .TryValidateToken(securityToken, options, out principal);
 }
        /// <summary>
        /// Constructor
        /// </summary>
        /// <param name="options">Options to validate then token when presents</param>
        /// <param name="forceAuthentication">Indicates whether or not the token must be present to process the request</param>
        public JwtBasedSecurityMessageHandler(
            JwtValidationOptions options,
            bool forceAuthentication = false)
        {
            options.NotNull(nameof(options));

            Options             = options;
            ForceAuthentication = forceAuthentication;
        }
Exemple #4
0
 private static Task <HttpResponseMessage> SendAsync(
     JwtSecurityTokenHandler tokenHandler,
     JwtValidationOptions options = null,
     Action <HttpRequestMessage, IPrincipal> assignPrincipalAction = null)
 {
     return(new HttpMessageInvoker(
                CreateSubjectUnderTest(false, null, tokenHandler, options ?? new JwtValidationOptions(), assignPrincipalAction))
            .SendAsync(
                GetHttpRequestMessage(ObjectMother.Create <string>()),
                It.IsAny <CancellationToken>()));
 }
Exemple #5
0
        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllers();

            // symmetric
            // services.Configure<SymmetricOptions>(Configuration.GetSection("Jwt:Symmetric"));
            // services.AddSingleton<IJwtManager, SymmetricJwtManager>();

            // asymmetric
            services.Configure <AsymmetricOptions>(Configuration.GetSection("Jwt:Asymmetric"));
            services.AddSingleton <IJwtManager, AsymmetricJwtManager>();

            // jwt validation options, we do not need different implementation for this one
            var jwtOptions = new JwtValidationOptions();

            Configuration.GetSection("JwtValidation").Bind(jwtOptions);

            // setup jwt bearer authentication service
            services.AddJwtBearerAuthentication(jwtOptions);
        }
Exemple #6
0
            private static JwtBasedSecurityMessageHandler CreateSubjectUnderTest(
                bool forceAuthentication,
                HttpResponseMessage response,
                JwtSecurityTokenHandler tokenHandler,
                JwtValidationOptions options = null,
                Action <HttpRequestMessage, IPrincipal> assignPrincipalAction = null)
            {
                IPrincipal principal;

                if (assignPrincipalAction.IsNull())
                {
                    assignPrincipalAction = (r, p) => principal = p;
                }

                var sut = new JwtBasedSecurityMessageHandler(
                    options ?? new JwtValidationOptions(), forceAuthentication);

                sut.InnerHandler = new TestHandler(response);
                sut.SetSecurityTokenHandlerFactory(() => tokenHandler);
                sut.SetAssignPrincipalFactory(assignPrincipalAction);

                return(sut);
            }