// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { var signingConfigurations = new SigningConfigurationsRSA(); services.AddSingleton(signingConfigurations); var tokenConfigurations = new TokenConfigurations(); new ConfigureFromConfigurationOptions <TokenConfigurations>( Configuration.GetSection("TokenConfigurations")) .Configure(tokenConfigurations); services.AddSingleton(tokenConfigurations); services.AddAuthentication(authOptions => { authOptions.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; authOptions.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(bearerOptions => { var paramsValidation = bearerOptions.TokenValidationParameters; paramsValidation.IssuerSigningKey = signingConfigurations.Key; paramsValidation.ValidAudience = tokenConfigurations.Audience; paramsValidation.ValidIssuer = tokenConfigurations.Issuer; // Valida a assinatura de um token recebido paramsValidation.ValidateIssuerSigningKey = true; // Verifica se um token recebido ainda é válido paramsValidation.ValidateLifetime = true; // Tempo de tolerância para a expiração de um token (utilizado // caso haja problemas de sincronismo de horário entre diferentes // computadores envolvidos no processo de comunicação) paramsValidation.ClockSkew = TimeSpan.Zero; }); // Ativa o uso do token como forma de autorizar o acesso // a recursos deste projeto services.AddAuthorization(auth => { auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder() .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme) .RequireAuthenticatedUser().Build()); }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); }
public object Post( [FromBody] User usuario, [FromServices] SigningConfigurationsRSA signingConfigurations, [FromServices] TokenConfigurations tokenConfigurations) { bool credenciaisValidas = false; if (usuario != null && !String.IsNullOrWhiteSpace(usuario.UserID)) { var usuarioBase = new User { UserID = "tiago", AccessKey = "123" }; credenciaisValidas = (usuarioBase != null && usuario.UserID == usuarioBase.UserID && usuario.AccessKey == usuarioBase.AccessKey); } if (credenciaisValidas) { ClaimsIdentity identity = new ClaimsIdentity( new GenericIdentity(usuario.UserID, "Login"), new[] { new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")), new Claim(JwtRegisteredClaimNames.UniqueName, usuario.UserID) } ); DateTime dataCriacao = DateTime.Now; DateTime dataExpiracao = dataCriacao + TimeSpan.FromSeconds(tokenConfigurations.Seconds); var handler = new JwtSecurityTokenHandler(); var securityToken = handler.CreateToken(new SecurityTokenDescriptor { Issuer = tokenConfigurations.Issuer, Audience = tokenConfigurations.Audience, SigningCredentials = signingConfigurations.SigningCredentials, Subject = identity, NotBefore = dataCriacao, Expires = dataExpiracao }); var token = handler.WriteToken(securityToken); return(new { authenticated = true, created = dataCriacao.ToString("yyyy-MM-dd HH:mm:ss"), expiration = dataExpiracao.ToString("yyyy-MM-dd HH:mm:ss"), accessToken = token, message = "OK" }); } else { return(new { authenticated = false, message = "Falha ao autenticar" }); } }