/// <summary>
/// Encrypt using RSA public key of certificate.
/// </summary>
/// <param name="text"></param>
public string Encrypt(string text)
{
var cert = Cert.Get();
var rsaPublicKey = cert.GetRSAPublicKey();
var encryptedArray = rsaPublicKey.Encrypt(Encoding.ASCII.GetBytes(text), RSAEncryptionPadding.OaepSHA512);
return(Convert.ToBase64String(encryptedArray));
}
/// <summary>
/// Decrypt using RSA private key of certificate.
/// </summary>
/// <param name="encryptedText">The encrypted message.</param>
public string Decrypt(string encryptedText)
{
var cert = Cert.Get();
var rsaPrivateKey = cert.GetRSAPrivateKey();
var decryptedArray = rsaPrivateKey.Decrypt(Convert.FromBase64String(encryptedText), RSAEncryptionPadding.OaepSHA512);
return(Encoding.ASCII.GetString(decryptedArray));
}
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy", builder => builder.WithOrigins("https://localhost:55555")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
.SetIsOriginAllowed((host) => true));
});
services.AddIdentityServer(options =>
{
options.Events.RaiseErrorEvents = true;
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseInformationEvents = true;
})
.AddClientStore <CustomClientStore>()
.AddInMemoryClients(Config.GetClients())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryApiScopes(Config.GetApiScopes())
.AddResourceOwnerValidator <ResourceOwnerPasswordValidator>()
.AddSigningCredential(Cert.Get());
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = "https://localhost:7001/";
IdentityModelEventSource.ShowPII = true;
options.RequireHttpsMetadata = true;
options.Audience = "hermes";
options.BackchannelHttpHandler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback =
delegate { return(true); }
};
});
services.AddSingleton <IClientStore, CustomClientStore>();
services.AddScoped <ClaimsHelper>();
services.AddSingleton <CryptoHelper>();
services.AddSingleton <UsersManagers>();
services.AddGrpc(options =>
{
options.EnableDetailedErrors = true;
});
services.AddAuthorization(options =>
{
options.AddPolicy("secureHermes", policy =>
{
policy.RequireClaim("scope", "hermes");
});
});
services.AddHttpContextAccessor();
services.AddControllers();
}