public void ConfigureServices(IServiceCollection services)
{
services.AddAuthorization(auth =>
{
auth.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser().Build();
});
_RSAKey = new RsaSecurityKey(RSAKeyUtils.GetRandomKey());
_tokenOptions = new TokenAuthenticationOptions
(
Audience: "QuizUsers",
Issuer: "QuizApp",
SigningCredentials: new SigningCredentials(_RSAKey, SecurityAlgorithms.RsaSha256Signature)
);
services.AddDbContext <QuizDbContext>(options => options.UseSqlServer((Config["IsDev"] == "True") ? Config["ConnectionStrings:LocalConnection"] : Config["ConnectionStrings:ServerConnection"]));
services.AddSingleton <TokenAuthenticationOptions>(_tokenOptions);
services.AddSingleton <JwtTokenProvider>();
services.AddSingleton <IConfiguration>(Config);
services.AddScoped <QuizDbRepo>();
services.AddScoped <QuestionRepository>();
services.AddScoped <AnswerRepository>();
services.AddScoped <TeamRepository>();
services.AddMvc().AddJsonOptions(options => {
options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
});
}
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthorization(auth =>
{
auth.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser().Build();
auth.AddPolicy("Admin", new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser().RequireClaim("IsAdmin", new[] { "True" }).Build());
});
_RSAKey = new RsaSecurityKey(RSAKeyUtils.GetRandomKey());
_tokenOptions = new TokenAuthenticationOptions
(
Audience: "EvidencijaUsers",
Issuer: "EvidencijaWebService",
SigningCredentials: new SigningCredentials(_RSAKey, SecurityAlgorithms.RsaSha256Signature)
);
services.AddSignalR(options => {
options.Hubs.EnableDetailedErrors = true;
});
services.AddDbContext <EvidencijaDbContext>(options => {
options.UseSqlServer(Config["ConnectionString"]);
});
services.AddScoped <IDbContextBinder, DbContextBinder>();
services.AddSingleton <UserCollection>();
services.AddSingleton <TokenAuthenticationOptions>(_tokenOptions);
services.AddSingleton <JwtTokenProvider>();
services.AddMvc();
}
private static SymmetricSecurityKey CreateSymmetricSecurityKey(TokenAuthenticationOptions options)
{
var signingKey =
new SymmetricSecurityKey(
Encoding.ASCII.GetBytes(options.SecretKey));
return(signingKey);
}
public static void UseJwtTokenGenerator(this IServiceCollection services, TokenAuthenticationOptions options)
{
var signingKey = CreateSymmetricSecurityKey(options);
services.Configure <TokenProviderOptions>(x =>
{
x.Path = options.TokenPath;
x.Audience = options.Audience;
x.Issuer = options.Issuer;
x.SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
});
}
public async Task Invoke(HttpContext context)
{
var scheme = CookieAuthenticationDefaults.AuthenticationScheme;
if (TokenAuthenticationOptions.IsRequestCanidate(context))
{
scheme = TokenAuthenticationOptions.AuthenticationScheme;
}
var result = await context.AuthenticateAsync(scheme);
if (result.Succeeded)
{
context.User = result.Principal;
}
await _next(context);
}
public static void SetupJwtTokenGenerator(this IApplicationBuilder app, TokenAuthenticationOptions options)
{
var signingKey = CreateSymmetricSecurityKey(options);
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateIssuer = true,
ValidIssuer = options.Issuer,
ValidateAudience = true,
ValidAudience = options.Audience,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters,
RequireHttpsMetadata = true
});
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc()
.AddJsonOptions(options =>
{
options.SerializerSettings.Converters.Add(new StringEnumConverter());
options.SerializerSettings.NullValueHandling = NullValueHandling.Ignore;
options.SerializerSettings.DateTimeZoneHandling = DateTimeZoneHandling.Utc;
options.SerializerSettings.DateFormatHandling = DateFormatHandling.IsoDateFormat;
options.SerializerSettings.DateParseHandling = DateParseHandling.DateTimeOffset;
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddCors();
// TODO: DataBase 설정 관련 간소화 작업 (DB설정 내부에 쿼리 설정 포함)
services.AddLeafDataAccess(options =>
{
var databases = new List <DatabaseInformationOptions>();
var queries = new QueryDirectoryOptions();
Configuration.GetSection("databases").Bind(databases);
Configuration.GetSection("queries").Bind(queries);
options.Databases = databases;
options.Queries = queries;
});
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options => // TODO: 자체 JwtBearer 설정을 하는 확장메서드 생성
{
var tokenOptions = new TokenAuthenticationOptions();
Configuration.GetSection("authentication").Bind(tokenOptions);
// TODO: TokenValidationParameters 정보를 중앙 관리하도록 리팩토링
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateIssuerSigningKey = true,
ValidIssuer = tokenOptions.Issuer,
ValidAudience = tokenOptions.Audience,
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(tokenOptions.Secret))
};
options.Events = new JwtBearerEvents()
{
OnChallenge = (context) =>
{
// Skip the default logic.
context.HandleResponse();
// WWW-Authenticate →Bearer error="invalid_token", error_description="The token is expired"
context.Response.Headers.Add("WWW-Authenticate",
$"Bearer error=\"{context.Error}\", error_description=\"{context.ErrorDescription}\"");
context.Response.Headers.Add("Content-Type", "application/json; charset=utf-8");
var payload = new JObject
{
["message"] = context.ErrorDescription,
["error"] = context.Error,
["error_uri"] = context.ErrorUri
};
return(context.Response.WriteAsync(payload.ToString()));
}
};
});
services.AddSingleton <IConfiguration>(Configuration);
services.AddSingleton <IEnvironmentProvider, EnvironmentProvider>();
services.AddSingleton <JwtTokenProvider>();
services.AddSingleton <AuthenticationService>();
services.AddSingleton <AccountRepository>();
services.AddScoped <ObjectResultExceptionFilterAttribute>();
services.AddLeafModules(new LeafModulesOptions
{
BasePath = Path.Combine(HostingEnvironment.ContentRootPath, "Modules"),
Shutdown = Program.Shutdown
});
}
public static IApplicationBuilder UseTokenAuthentication(this IApplicationBuilder app, TokenAuthenticationOptions options)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
return(app.UseMiddleware <TokenAuthenticationMiddleware>(Options.Create(options)));
}
