// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddDataProtection(); services.AddControllers(); services.AddSingleton(s => { ApplicationConfigurationInfo appConfigInfo = new ApplicationConfigurationInfo() { AWSRegion = _protector.Unprotect(Configuration["AWSCognito:Region"]), AWSPoolId = _protector.Unprotect(Configuration["AWSCognito:PoolId"]), AWSAppClientId = _protector.Unprotect(Configuration["AWSCognito:AppClientId"]), AWSAccessKeyId = _protector.Unprotect(Configuration["AWSCognito:AccessKeyId"]), AWSAccessSecretKey = _protector.Unprotect(Configuration["AWSCognito:AccessSecretKey"]) }; return(appConfigInfo); }); services.AddSingleton <IIdentityProviderService, AwsIdentityProviderService>(); services.AddScoped <ISecurityService, SecurityService>(); services.AddScoped <IUserManagerService, UserManagerService>(); var jwtTokenInfo = Configuration.GetSection("JwtTokenInfo"); JwtSettings jwtSettings = new JwtSettings(); jwtTokenInfo.Bind(jwtSettings); services .AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.SaveToken = true; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKeyResolver = (s, securityToken, identifier, parameters) => { // Get JsonWebKeySet from AWS var json = new WebClient().DownloadString(jwtSettings.JWTKeyEndpoint); // Serialize the result return(JsonConvert.DeserializeObject <JsonWebKeySet>(json).Keys); }, ValidateIssuer = jwtSettings.ValidateIssuer, ValidIssuer = jwtSettings.Issuer, ValidateLifetime = true, LifetimeValidator = (before, expires, token, param) => expires > DateTime.UtcNow, ValidateAudience = jwtSettings.ValidateAudience, ValidAudience = jwtSettings.Audience, }; }); services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new OpenApiInfo { Title = "CcsSso.Security.Api", Version = "v1" }); }); }
public AwsIdentityProviderService(ApplicationConfigurationInfo appConfigInfo) { _appConfigInfo = appConfigInfo; var credentials = new BasicAWSCredentials(appConfigInfo.AWSAccessKeyId, appConfigInfo.AWSAccessSecretKey); _provider = new AmazonCognitoIdentityProviderClient(credentials, RegionEndpoint.GetBySystemName(appConfigInfo.AWSRegion)); _userPool = new CognitoUserPool(appConfigInfo.AWSPoolId, appConfigInfo.AWSAppClientId, _provider); }