private static JwtAuthTicketFormat TicketFormat(
TokenOptions tokenOptions = null)
{
if (tokenOptions == null)
{
tokenOptions = new TokenOptions(
"Token.WebApp.Clients",
"Token.WebApp",
SecurityKey());
}
var ticketFormat = new JwtAuthTicketFormat(
new TokenValidationParameters
{
ClockSkew = TimeSpan.Zero,
ValidateAudience = true,
ValidAudience = tokenOptions.Audience,
ValidateIssuer = true,
ValidIssuer = tokenOptions.Issuer,
IssuerSigningKey = tokenOptions.SigningKey,
ValidateIssuerSigningKey = true,
RequireExpirationTime = true,
ValidateLifetime = true
},
new TicketSerializer(),
GetDataProtector());
return(ticketFormat);
}
private static JwtAuthTicketFormat createAuthTicketFormat(IHostEnvironment hostEnv, IDataProtectionProvider?dataProtectionProvider, IConfiguration config)
{
var xtiAuthOptions = config.GetSection(XtiAuthenticationOptions.XtiAuthentication).Get <XtiAuthenticationOptions>();
var key = Encoding.ASCII.GetBytes(xtiAuthOptions.JwtSecret);
var dataSerializer = new TicketSerializer();
if (dataProtectionProvider == null)
{
var xtiFolder = new XtiFolder(hostEnv);
var keyDirPath = xtiFolder.SharedAppDataFolder()
.WithSubFolder("Keys")
.Path();
dataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(keyDirPath));
}
var dataProtector = dataProtectionProvider.CreateProtector(new[] { "XTI_Apps_Auth1" });
var authTicketFormat = new JwtAuthTicketFormat
(
new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
},
dataSerializer,
dataProtector
);
return(authTicketFormat);
}
public static void RegisterAuthentication(this IServiceCollection services, string appDiscriminator,
IConfiguration configuration)
{
var jwtConfig = configuration.GetSection("jwtConfig").Get <JwtConfig>();
services.AddDataProtection(options =>
options.ApplicationDiscriminator = appDiscriminator)
.SetApplicationName(appDiscriminator);
services.AddScoped <IDataSerializer <AuthenticationTicket>, TicketSerializer>();
services.AddScoped(sp => new JwtGenerator(jwtConfig));
var serviceProvider = services.BuildServiceProvider();
var serializer = serviceProvider.GetService <IDataSerializer <AuthenticationTicket> >();
var dataProtector = serviceProvider.GetDataProtector(new[]
{
$"{appDiscriminator}-Auth1"
});
services.Configure <CookiePolicyOptions>(opt =>
{
opt.Secure = CookieSecurePolicy.SameAsRequest;
opt.CheckConsentNeeded = context => true;
opt.HttpOnly = HttpOnlyPolicy.Always;
opt.MinimumSameSitePolicy = SameSiteMode.Lax;
});
services.AddAuthentication(opt =>
{
opt.DefaultAuthenticateScheme =
CookieAuthenticationDefaults.AuthenticationScheme;
opt.DefaultSignInScheme =
CookieAuthenticationDefaults.AuthenticationScheme;
opt.DefaultChallengeScheme =
CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(opt =>
{
opt.TicketDataFormat = JwtAuthTicketFormat.Create(jwtConfig, serializer, dataProtector);
opt.LoginPath = "/pmfst/login";
opt.LogoutPath = "/pmfst/logout";
opt.AccessDeniedPath = "/pmfst/login";
opt.ReturnUrlParameter = "returnUrl";
opt.ExpireTimeSpan = TimeSpan.FromMinutes(20);
opt.Cookie.Name = ".pma.vj12.jwt.Cookie";
// For some reason, Cookies is not generated with code below
// opt.Cookie = new CookieBuilder
// {
// Name = ".pma.vj12.Cookie",
// HttpOnly = true,
// Path = "/jwt",
// SameSite = SameSiteMode.Lax,
// SecurePolicy = CookieSecurePolicy.SameAsRequest
// };
});
}
private static JwtAuthTicketFormat TicketFormat()
{
var ticketFormat = new JwtAuthTicketFormat(
new TokenValidationParameters
{
ClockSkew = TimeSpan.Zero,
ValidateAudience = true,
ValidAudience = "Token.WebApp.Clients",
ValidateIssuer = true,
ValidIssuer = "Token.WebApp",
IssuerSigningKey = SecurityKey(),
ValidateIssuerSigningKey = true,
RequireExpirationTime = true,
ValidateLifetime = true
},
new TicketSerializer(),
GetDataProtector());
return(ticketFormat);
}
public async Task InvokeAsync(HttpContext context, RequestDelegate next)
{
var authenticationCookieName = ".AspNetCore.Cookies";
var authenticationCookieName1 = ".Token.jwt";
var cookie = context.Request.Cookies[authenticationCookieName];
var cookie1 = context.Request.Cookies[authenticationCookieName1];
// var y = secureDataFormat;
var services = context.RequestServices;//.GetRequiredService<IServiceScopeFactory>().CreateScope())
if (cookie != null)
{
//services.GetService<IConfigurationSection>();
//Microsoft.Extensions.Configuration.IConfigurationSection appSettingsSection = services.GetRequiredService<IConfigurationSection>().GetSection("AppSettings");
//var key = Encoding.ASCII.GetBytes(services.GetRequiredService<AppSettings>().Secret);
var key = Encoding.ASCII.GetBytes("OfED+KgbZ44xtu4e4+JSQWdtSgTnsuNixKy1nMVAf4Ewws8QL3IN33XusJhrz9HXmIrdyX2F41xJHG4fuj5/2Dzv3xjYYvqxexmg3X3X5TOf3WoMs1VNloJ7UnbqUJOiEjgK8sRdJntgfomO4U8s67cpysk0h9rc0He4xRspEjOapFfDg+VG8igidcNgbNDSSaV4491Fo3sq2aGSCtYvekzs7JwXJnNAyvDSJjfK/7M8MpxSMnm1vMscBXyiYFXhGC4wqWlYBE828/5DNyw3QZW5EjD7hvDrY5OlYd4smCTa53helNnJz5NT9HQaDbE2sMwIDAQABAoIBAEs63TvT94njrPDP3A/sfCEXg1F2y0D/PjzUhM1aJGcRiOUXnGlYdViGhLnnJoNZTZm9qI1LT0NWcDA5NmBN6gcrk2EApyTt1D1i4AQ66rYoTF9iEC4Wye28v245BYESA6IIelgIxXGsVyllERsbTkaphzib44bYfHmvwMxkn135Zfzd/NOXl/O32vYIomzrNEP+tN2444WXhhG8c8+iZ8PErBV3CqrYogYy97d2CeQbXcpd5unPiU4TK0nnzeBAXdgeYuJHFC45YHl9UvShRoe6CHR47ceIGp6WMc5BTyyTkZpctuYJTwaChdj/QuRSkTYmn6jFL+MRfYQJ8VVwSVo5DbkECgYEA4/YIMKcwObYcSuHzgkMwH645CRDoy9M98eptAoNLdJBHYz23U5IbGL1+qHDDCPXx123Ks9ZG7EEqyWezq4qwe2eoFoebLA5O6/xrYXoaeIb0!@#$94dbCF4D932hAkgAaAZkZVsSiWDCjYSV+444JoWX4NVBcIL9yyHRhaaPVULsdfTRbPsZQWq9+hMCgYEA48j4RGO7CaVpgUVobYasJnkGSdhkSCd1VwgvHH3vtuk7/JGUBRaZc0WZGcXkAJXnLh7QnDHOzWASdaxVgnuviaDi4CIkmTCfRqPesgDR2Iu35iQsH7P2/o1pzhpXQS/Ct6J7/GwJTqcXCvp4tfZDbFxS8oewzp4RstILj+pDyWECgYByQAbOy5xB8GGxrhjrOl1OI3V2c8EZFqA/NKy5y6/vlbgRpwbQnbNy7NYj+Y/mV80tFYqldEzQsiQrlei78Uu5YruGgZogL3ccj+izUPMgmP4f6+9XnSuN9rQ3jhy4k4zQP1BXRcim2YJSxhnGV+1hReLknTX2IwmrQxXfUW4xfQKBgAHZW8qSVK5bXWPjQFnDQhp92QM4cnfzegxe0KMWkp+VfRsrw1vXNx");
var validationParams = new TokenValidationParameters
{
ClockSkew = TimeSpan.Zero,
ValidateAudience = true,
//ValidAudience = Configuration["Token:Audience"],
ValidAudience = "http://localhost:44330/",
ValidateIssuer = true,
// ValidIssuer = Configuration["Token:Issuer"],
ValidIssuer = "http://localhost:44330/",
// IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Token:SigningKey"])),
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuerSigningKey = true,
RequireExpirationTime = true,
ValidateLifetime = true
};
var hostingEnvironment = services.GetRequiredService <IHostingEnvironment>();
var ticket = new JwtAuthTicketFormat(validationParams,
services.GetRequiredService <IDataSerializer <AuthenticationTicket> >(),
services.GetDataProtector(new[]
{
$"{hostingEnvironment.ApplicationName}-Auth1"
}));
AuthenticationTicket t = ticket.Unprotect(cookie);
if (t != null)
{
var dt = DateTime.Now;
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
var token = jwtSecurityTokenHandler.ReadJwtToken(t.Properties.Items[".Token.jwt"]);
var to = token.Claims.ToList();
var mail = to.Find(x => x.Type == ClaimTypes.Name).Value;
if ((token.ValidTo.AddHours(1) - dt).TotalSeconds > 0 && (token.ValidTo.AddHours(1) - dt).TotalSeconds < 300)
{
var accessTokenResult = tokenGenerator.GenerateAccessTokenWithClaimsPrincipal(
mail,
token.Claims);
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
JwtSecurityToken tt = handler.ReadToken(accessTokenResult.AccessToken) as JwtSecurityToken;
await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
await context.SignInAsync(accessTokenResult.ClaimsPrincipal,
accessTokenResult.AuthProperties);
}
//var yyyyyy = context.User?.FindFirst(ClaimTypes.GivenName).Value;
}
}
if (true)
{
await next(context);
return;
}
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
}
