private static JwtAuthTicketFormat TicketFormat( TokenOptions tokenOptions = null) { if (tokenOptions == null) { tokenOptions = new TokenOptions( "Token.WebApp.Clients", "Token.WebApp", SecurityKey()); } var ticketFormat = new JwtAuthTicketFormat( new TokenValidationParameters { ClockSkew = TimeSpan.Zero, ValidateAudience = true, ValidAudience = tokenOptions.Audience, ValidateIssuer = true, ValidIssuer = tokenOptions.Issuer, IssuerSigningKey = tokenOptions.SigningKey, ValidateIssuerSigningKey = true, RequireExpirationTime = true, ValidateLifetime = true }, new TicketSerializer(), GetDataProtector()); return(ticketFormat); }
private static JwtAuthTicketFormat createAuthTicketFormat(IHostEnvironment hostEnv, IDataProtectionProvider?dataProtectionProvider, IConfiguration config) { var xtiAuthOptions = config.GetSection(XtiAuthenticationOptions.XtiAuthentication).Get <XtiAuthenticationOptions>(); var key = Encoding.ASCII.GetBytes(xtiAuthOptions.JwtSecret); var dataSerializer = new TicketSerializer(); if (dataProtectionProvider == null) { var xtiFolder = new XtiFolder(hostEnv); var keyDirPath = xtiFolder.SharedAppDataFolder() .WithSubFolder("Keys") .Path(); dataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(keyDirPath)); } var dataProtector = dataProtectionProvider.CreateProtector(new[] { "XTI_Apps_Auth1" }); var authTicketFormat = new JwtAuthTicketFormat ( new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false }, dataSerializer, dataProtector ); return(authTicketFormat); }
public static void RegisterAuthentication(this IServiceCollection services, string appDiscriminator, IConfiguration configuration) { var jwtConfig = configuration.GetSection("jwtConfig").Get <JwtConfig>(); services.AddDataProtection(options => options.ApplicationDiscriminator = appDiscriminator) .SetApplicationName(appDiscriminator); services.AddScoped <IDataSerializer <AuthenticationTicket>, TicketSerializer>(); services.AddScoped(sp => new JwtGenerator(jwtConfig)); var serviceProvider = services.BuildServiceProvider(); var serializer = serviceProvider.GetService <IDataSerializer <AuthenticationTicket> >(); var dataProtector = serviceProvider.GetDataProtector(new[] { $"{appDiscriminator}-Auth1" }); services.Configure <CookiePolicyOptions>(opt => { opt.Secure = CookieSecurePolicy.SameAsRequest; opt.CheckConsentNeeded = context => true; opt.HttpOnly = HttpOnlyPolicy.Always; opt.MinimumSameSitePolicy = SameSiteMode.Lax; }); services.AddAuthentication(opt => { opt.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; opt.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; opt.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie(opt => { opt.TicketDataFormat = JwtAuthTicketFormat.Create(jwtConfig, serializer, dataProtector); opt.LoginPath = "/pmfst/login"; opt.LogoutPath = "/pmfst/logout"; opt.AccessDeniedPath = "/pmfst/login"; opt.ReturnUrlParameter = "returnUrl"; opt.ExpireTimeSpan = TimeSpan.FromMinutes(20); opt.Cookie.Name = ".pma.vj12.jwt.Cookie"; // For some reason, Cookies is not generated with code below // opt.Cookie = new CookieBuilder // { // Name = ".pma.vj12.Cookie", // HttpOnly = true, // Path = "/jwt", // SameSite = SameSiteMode.Lax, // SecurePolicy = CookieSecurePolicy.SameAsRequest // }; }); }
private static JwtAuthTicketFormat TicketFormat() { var ticketFormat = new JwtAuthTicketFormat( new TokenValidationParameters { ClockSkew = TimeSpan.Zero, ValidateAudience = true, ValidAudience = "Token.WebApp.Clients", ValidateIssuer = true, ValidIssuer = "Token.WebApp", IssuerSigningKey = SecurityKey(), ValidateIssuerSigningKey = true, RequireExpirationTime = true, ValidateLifetime = true }, new TicketSerializer(), GetDataProtector()); return(ticketFormat); }
public async Task InvokeAsync(HttpContext context, RequestDelegate next) { var authenticationCookieName = ".AspNetCore.Cookies"; var authenticationCookieName1 = ".Token.jwt"; var cookie = context.Request.Cookies[authenticationCookieName]; var cookie1 = context.Request.Cookies[authenticationCookieName1]; // var y = secureDataFormat; var services = context.RequestServices;//.GetRequiredService<IServiceScopeFactory>().CreateScope()) if (cookie != null) { //services.GetService<IConfigurationSection>(); //Microsoft.Extensions.Configuration.IConfigurationSection appSettingsSection = services.GetRequiredService<IConfigurationSection>().GetSection("AppSettings"); //var key = Encoding.ASCII.GetBytes(services.GetRequiredService<AppSettings>().Secret); var key = Encoding.ASCII.GetBytes("OfED+KgbZ44xtu4e4+JSQWdtSgTnsuNixKy1nMVAf4Ewws8QL3IN33XusJhrz9HXmIrdyX2F41xJHG4fuj5/2Dzv3xjYYvqxexmg3X3X5TOf3WoMs1VNloJ7UnbqUJOiEjgK8sRdJntgfomO4U8s67cpysk0h9rc0He4xRspEjOapFfDg+VG8igidcNgbNDSSaV4491Fo3sq2aGSCtYvekzs7JwXJnNAyvDSJjfK/7M8MpxSMnm1vMscBXyiYFXhGC4wqWlYBE828/5DNyw3QZW5EjD7hvDrY5OlYd4smCTa53helNnJz5NT9HQaDbE2sMwIDAQABAoIBAEs63TvT94njrPDP3A/sfCEXg1F2y0D/PjzUhM1aJGcRiOUXnGlYdViGhLnnJoNZTZm9qI1LT0NWcDA5NmBN6gcrk2EApyTt1D1i4AQ66rYoTF9iEC4Wye28v245BYESA6IIelgIxXGsVyllERsbTkaphzib44bYfHmvwMxkn135Zfzd/NOXl/O32vYIomzrNEP+tN2444WXhhG8c8+iZ8PErBV3CqrYogYy97d2CeQbXcpd5unPiU4TK0nnzeBAXdgeYuJHFC45YHl9UvShRoe6CHR47ceIGp6WMc5BTyyTkZpctuYJTwaChdj/QuRSkTYmn6jFL+MRfYQJ8VVwSVo5DbkECgYEA4/YIMKcwObYcSuHzgkMwH645CRDoy9M98eptAoNLdJBHYz23U5IbGL1+qHDDCPXx123Ks9ZG7EEqyWezq4qwe2eoFoebLA5O6/xrYXoaeIb0!@#$94dbCF4D932hAkgAaAZkZVsSiWDCjYSV+444JoWX4NVBcIL9yyHRhaaPVULsdfTRbPsZQWq9+hMCgYEA48j4RGO7CaVpgUVobYasJnkGSdhkSCd1VwgvHH3vtuk7/JGUBRaZc0WZGcXkAJXnLh7QnDHOzWASdaxVgnuviaDi4CIkmTCfRqPesgDR2Iu35iQsH7P2/o1pzhpXQS/Ct6J7/GwJTqcXCvp4tfZDbFxS8oewzp4RstILj+pDyWECgYByQAbOy5xB8GGxrhjrOl1OI3V2c8EZFqA/NKy5y6/vlbgRpwbQnbNy7NYj+Y/mV80tFYqldEzQsiQrlei78Uu5YruGgZogL3ccj+izUPMgmP4f6+9XnSuN9rQ3jhy4k4zQP1BXRcim2YJSxhnGV+1hReLknTX2IwmrQxXfUW4xfQKBgAHZW8qSVK5bXWPjQFnDQhp92QM4cnfzegxe0KMWkp+VfRsrw1vXNx"); var validationParams = new TokenValidationParameters { ClockSkew = TimeSpan.Zero, ValidateAudience = true, //ValidAudience = Configuration["Token:Audience"], ValidAudience = "http://localhost:44330/", ValidateIssuer = true, // ValidIssuer = Configuration["Token:Issuer"], ValidIssuer = "http://localhost:44330/", // IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Token:SigningKey"])), IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuerSigningKey = true, RequireExpirationTime = true, ValidateLifetime = true }; var hostingEnvironment = services.GetRequiredService <IHostingEnvironment>(); var ticket = new JwtAuthTicketFormat(validationParams, services.GetRequiredService <IDataSerializer <AuthenticationTicket> >(), services.GetDataProtector(new[] { $"{hostingEnvironment.ApplicationName}-Auth1" })); AuthenticationTicket t = ticket.Unprotect(cookie); if (t != null) { var dt = DateTime.Now; var jwtSecurityTokenHandler = new JwtSecurityTokenHandler(); var token = jwtSecurityTokenHandler.ReadJwtToken(t.Properties.Items[".Token.jwt"]); var to = token.Claims.ToList(); var mail = to.Find(x => x.Type == ClaimTypes.Name).Value; if ((token.ValidTo.AddHours(1) - dt).TotalSeconds > 0 && (token.ValidTo.AddHours(1) - dt).TotalSeconds < 300) { var accessTokenResult = tokenGenerator.GenerateAccessTokenWithClaimsPrincipal( mail, token.Claims); JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); JwtSecurityToken tt = handler.ReadToken(accessTokenResult.AccessToken) as JwtSecurityToken; await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); await context.SignInAsync(accessTokenResult.ClaimsPrincipal, accessTokenResult.AuthProperties); } //var yyyyyy = context.User?.FindFirst(ClaimTypes.GivenName).Value; } } if (true) { await next(context); return; } context.Response.StatusCode = (int)HttpStatusCode.Unauthorized; }