/// <summary>
/// ASP.Net authentication & authorization, used by APIs and can be used
/// by Services as well (for example, by SignalR hosts), but not by
/// self-hosted services (e.g. with some custom TCP implementation).
/// </summary>
/// <returns></returns>
public static IServiceCollection UseAspNetAuthentication(
this IServiceCollection services,
IAuthenticationInformationProvider authenticationInformationProvider)
{
services.AddTransient <RealtimeAuthenticationClient>();
var profileAuthentication = authenticationInformationProvider.GetProfileAuthenticationInformation();
var serviceAuthentication = authenticationInformationProvider.GetServiceAuthenticationInformation();
var additionalProfileAuthentications = authenticationInformationProvider.GetAdditionalProfileAuthenticationInformations();
if (profileAuthentication.TokenValidationParameters.ValidAudiences?.FirstOrDefault() == null ||
(serviceAuthentication != null && serviceAuthentication.TokenValidationParameters.ValidAudiences?.FirstOrDefault() == null) ||
additionalProfileAuthentications.Any(x => x.TokenValidationParameters.ValidAudiences?.FirstOrDefault() == null))
{
throw new InvalidOperationException("Call UseSomeProvider method on AuthenticationInformationBuilder before calling this method, so that ValidAudiences parameter is set up.");
}
var authenticationSchemes = new List <string>
{
profileAuthentication.SchemeName ?? throw new InvalidOperationException("Scheme name is empty.")
};
var authenticationBuilder = services
.AddAuthentication(TyrAuthenticationSchemes.ProfileAuthenticationScheme) // Sets default authentication scheme.
.AddJwtBearer(profileAuthentication.SchemeName, options => ConfigureOptions(options, profileAuthentication));
foreach (var additionalAuthentication in additionalProfileAuthentications)
{
authenticationSchemes.Add(additionalAuthentication.SchemeName ?? throw new InvalidOperationException("Scheme name is empty."));
authenticationBuilder.AddJwtBearer(additionalAuthentication.SchemeName, options => ConfigureOptions(options, additionalAuthentication));
}
if (serviceAuthentication != null)
{
authenticationSchemes.Add(serviceAuthentication.SchemeName ?? throw new InvalidOperationException("Scheme name is empty."));
authenticationBuilder.AddJwtBearer(serviceAuthentication.SchemeName, options => ConfigureOptions(options, serviceAuthentication));
}
if (authenticationSchemes.Distinct().Count() != authenticationSchemes.Count)
{
throw new InvalidOperationException("Duplicate authentication schemes found.");
}
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes(authenticationSchemes.ToArray())
.Build();
});
services.AddTransient <IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient <IProfileTokenService, HttpContextProfileTokenService>();
return(services);
}
public ServiceTokenService(IAuthenticationInformationProvider authenticationInformationProvider)
{
_authenticationInformationProvider = authenticationInformationProvider;
}
