// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
securityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));
tokenOptions = new TokenProviderOptions
{
Audience = "ExampleAudience",
Issuer = "ExampleIssuer",
SigningCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256),
};
services.AddSingleton <TokenProviderOptions>(tokenOptions);
services.AddAuthorization(auth =>
{
auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build());
});
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
// Add framework services.
services.AddMvc();
}
/// <summary>
/// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
/// </summary>
/// <param name="app"></param>
/// <param name="env"></param>
/// <param name="loggerFactory"></param>
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
//add NLog to ASP.NET Core
loggerFactory.AddNLog();
//needed for non-NETSTANDARD platforms: configure nlog.config in your project root
//env.ConfigureNLog("nlog.config");
app.UseDefaultFiles();
app.UseStaticFiles();
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
//Add CORS middleware before MVC
app.UseCors("CorsPolicy");
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_secretKey));
var tokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = AppSettings.Issuer,
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = AppSettings.Audience,
// Validate the token expiry
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here:
ClockSkew = TimeSpan.Zero
};
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters,
SaveToken = true
});
var options = new TokenProviderOptions
{
Issuer = AppSettings.Issuer,
Audience = AppSettings.Audience,
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256),
WorkingDirectory = _workingDirectory
};
app.UseMiddleware <TokenProviderMiddleware>(Options.Create(options));
app.UseMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
// Consumption
TokenOAuthConsumption(app);
var secretKey = Configuration["Auth:Secret"];
// Add JWT generation endpoint:
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));
var options = new TokenProviderOptions
{
Audience = Configuration["Auth:Audience"],
Issuer = Configuration["Auth:Issuer"],
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256),
};
app.UseMiddleware <TokenProviderMiddleware>(Options.Create(options));
app.UseMvc();
app.UseDeveloperExceptionPage();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
}
app.UseStaticFiles();
app.UseAuthentication();
// Add JWT generation endpoint:
var jwtOptions = new TokenProviderOptions
{
Audience = audience,
Issuer = issuer,
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)
};
app.UseJWTTokenProviderMiddleware(Options.Create(jwtOptions));
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
}
public Exception GetExceptionWhenInvalid(TokenProviderOptions options)
{
if (string.IsNullOrEmpty(options.Path))
{
return(new ArgumentNullException(nameof(TokenProviderOptions.Path)));
}
if (string.IsNullOrEmpty(options.Issuer))
{
return(new ArgumentNullException(nameof(TokenProviderOptions.Issuer)));
}
if (string.IsNullOrEmpty(options.Audience))
{
return(new ArgumentNullException(nameof(TokenProviderOptions.Audience)));
}
if (options.Expiration == TimeSpan.Zero)
{
return(new ArgumentException("Must be a non-zero TimeSpan.", nameof(TokenProviderOptions.Expiration)));
}
if (options.SigningCredentials == null)
{
return(new ArgumentNullException(nameof(TokenProviderOptions.SigningCredentials)));
}
if (options.NonceGenerator == null)
{
return(new ArgumentNullException(nameof(TokenProviderOptions.NonceGenerator)));
}
return(null);
}
public async Task <IActionResult> Login([FromForm] ApiLoginModel model)
{
var result = await _signInManager.PasswordSignInAsync(model.Name, model.Pwd, true, false);
if (result.Succeeded)
{
var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_settings.Value.SecretKey));
var options = new TokenProviderOptions()
{
Issuer = "EntityAbstract",
Audience = "EntityAbstractAudience",
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)
};
var tpm = new TokenProvider(options);
var token = await tpm.GenerateToken(model.Name, model.Pwd);
var user = await _userManager.FindByNameAsync(model.Name);
return(token != null ? (IActionResult)Json(token) : BadRequest());
}
if (result.IsLockedOut)
{
return(BadRequest("Lockout"));
}
return(BadRequest("Invalid login attempt"));
}
public Startup(IConfiguration configuration)
{
Configuration = configuration;
_signingKey =
new SymmetricSecurityKey(
Encoding.ASCII.GetBytes(Configuration.GetSection("TokenAuthentication:SecretKey").Value));
_tokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = _signingKey,
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = Configuration.GetSection("TokenAuthentication:Audience").Value,
// Validate the token expiry
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here:
ClockSkew = TimeSpan.Zero
};
_tokenProviderOptions = new TokenProviderOptions
{
Path = Configuration.GetSection("TokenAuthentication:TokenPath").Value,
Audience = Configuration.GetSection("TokenAuthentication:Audience").Value,
Issuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
SigningCredentials = new SigningCredentials(_signingKey, SecurityAlgorithms.HmacSha256)
};
}
private void ConfigureAuth(IApplicationBuilder app)
{
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration.GetSection("TokenAuthentication:SecretKey").Value));
var tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateIssuer = true,
ValidIssuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
ValidateAudience = true,
ValidAudience = Configuration.GetSection("TokenAuthentication:Audience").Value,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
var tokenProviderOptions = new TokenProviderOptions
{
Path = Configuration.GetSection("TokenAuthentication:TokenPath").Value,
Audience = Configuration.GetSection("TokenAuthentication:Audience").Value,
Issuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)
};
app.UseMiddleware <TokenProviderMiddleware>(Options.Create(tokenProviderOptions));
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters
});
}
private IReadOnlyKernel RegisterApplicationComponents(IApplicationBuilder app, ILoggerFactory loggerFactory, TokenValidationParameters tokenParams)
{
IKernelConfiguration config = new KernelConfiguration();
// Add JWT generation endpoint:
var secretKey = Configuration["secret"];
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));
var options = new TokenProviderOptions
{
Audience = tokenParams.ValidAudience,
Issuer = tokenParams.ValidIssuer,
SigningCredentials = new SigningCredentials(tokenParams.IssuerSigningKey, SecurityAlgorithms.HmacSha256)
};
config.Bind <TokenProviderOptions>().ToConstant(options).InSingletonScope();
// Register application services
//config.Bind(app.GetControllerTypes()).ToSelf().InScope(RequestScope);//todo fix
config.Bind <HomeController>().ToSelf().InScope(RequestScope);
config.Bind <BooksController>().ToSelf().InScope(RequestScope);
var dataContext = new DataContext(Configuration.GetConnectionString("DefaultConnection"));
//config.Bind<IUserService>().To<AspNetUserService>().InScope(RequestScope);
config.Bind <IDataContext>().ToConstant(dataContext).InSingletonScope();
config.Bind <IUserRepository>().ToConstant(dataContext.Users).InSingletonScope();
config.Bind <IBookRepository>().ToConstant(dataContext.Books).InSingletonScope();
//config.Bind<CustomMiddleware>().ToSelf();
// Cross-wire required framework services
config.BindToMethod(app.GetRequestService <IViewBufferScope>);
config.Bind <ILoggerFactory>().ToConstant(loggerFactory);
return(config.BuildReadonlyKernel());
}
public TokenProvider(ApplicationDbContext dbcontext, SigningConfigurations signingConfigurations, IPasswordHasher passwordHaser, IOptions <TokenProviderOptions> tokenOptionsSnapshot)
{
_tokenOptions = tokenOptionsSnapshot.Value;
_passwordHaser = passwordHaser;
_signingConfigurations = signingConfigurations;
_dbContext = dbcontext;
}
private void ConfigureAuth(IApplicationBuilder app)
{
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration.GetSection("TokenAuthentication:SecretKey").Value));
var tokenProviderOptions = new TokenProviderOptions
{
Path = Configuration.GetSection("TokenAuthentication:TokenPath").Value,
Audience = Configuration.GetSection("TokenAuthentication:Audience").Value,
Issuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256),
IdentityResolver = GetIdentity
};
var tokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = Configuration.GetSection("TokenAuthentication:Audience").Value,
// Validate the token expiry
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here:
ClockSkew = TimeSpan.Zero
};
var jwtBearerOptions = new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme,
TokenValidationParameters = tokenValidationParameters
};
////jwtBearerOptions.SecurityTokenValidators.Clear();
////jwtBearerOptions.SecurityTokenValidators.Add(new TicketDataFormatTokenValidator());
app.UseJwtBearerAuthentication(jwtBearerOptions);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
AuthenticationScheme = "Cookie",
CookieName = Configuration.GetSection("TokenAuthentication:CookieName").Value,
TicketDataFormat = new CustomJwtDataFormat(
SecurityAlgorithms.HmacSha256,
tokenValidationParameters)
});
app.UseMiddleware <TokenProviderMiddleware>(Options.Create(tokenProviderOptions));
}
/// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
IConfigurationSection auth = this.Configuration.GetSection("Authentication");
TokenProviderOptions jwtOptions = new TokenProviderOptions
{
Audience = auth["Audience"],
Issuer = auth["Issuer"],
SigningCredentials = new SigningCredentials(this.SigningKey, SecurityAlgorithms.HmacSha256)
};
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseStatusCodePagesWithReExecute("/");
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseAuthentication();
app.UseCors("DefaultPolicy");
app.UseMvc();
app.UseMiddleware <TokenProviderMiddleware>(Options.Create(jwtOptions));
Console.WriteLine("Set up all app features");
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseStaticFiles();
////ILogger - log to local file
//loggerFactory.AddConsole(Configuration.GetSection("Logging"));
//loggerFactory.AddDebug();
//loggerFactory.AddFile("C:/Logs/NTS-{Date}.txt");
// Add JWT generation endpoint:
var signingKey = new SymmetricSecurityKey(secretKey);
var options = new TokenProviderOptions
{
Audience = "ExampleAudience",
Issuer = "ExampleIssuer",
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256),
};
app.UseMiddleware <ApplicationServices.ExceptionHandler.ExceptionMiddleware>();
app.UseMiddleware <TokenProviderMiddleware>(Options.Create(options));
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
public TokenProviderMiddleware(
RequestDelegate next,
IOptions <TokenProviderOptions> options)
{
_next = next;
_options = options.Value;
}
private static void ThrowIfInvalidOptions(TokenProviderOptions options)
{
if (string.IsNullOrEmpty(options.Path))
{
throw new ArgumentNullException(nameof(TokenProviderOptions.Path));
}
if (string.IsNullOrEmpty(options.Issuer))
{
throw new ArgumentNullException(nameof(TokenProviderOptions.Issuer));
}
if (string.IsNullOrEmpty(options.Audience))
{
throw new ArgumentNullException(nameof(TokenProviderOptions.Audience));
}
if (options.Expiration == TimeSpan.Zero)
{
throw new ArgumentException("Must be a non-zero TimeSpan.", nameof(TokenProviderOptions.Expiration));
}
if (options.SigningCredentials == null)
{
throw new ArgumentNullException(nameof(TokenProviderOptions.SigningCredentials));
}
if (options.NonceGenerator == null)
{
throw new ArgumentNullException(nameof(TokenProviderOptions.NonceGenerator));
}
}
public TokenProviderMiddleware(
RequestDelegate next,
IOptions <TokenProviderOptions> options,
ILogger <TokenProviderMiddleware> log,
JwtTokenGenerator tokenGenerator,
TokenProviderOptionsValidator validator)
{
this.next = next;
this.log = log;
this.tokenGenerator = tokenGenerator;
this.options = options.Value;
var exception = validator.GetExceptionWhenInvalid(this.options);
if (exception != null)
{
throw exception;
}
serializerSettings = new JsonSerializerSettings
{
Formatting = Formatting.Indented
};
}
public TokenProvider(ITokenInfoStorage tokenInfoStorage, IDataProtectionFactory dataProtectionFactory,
IOptions <TokenProviderOptions> tokenProviderOptions)
{
_tokenInfoStorage = tokenInfoStorage ?? throw new ArgumentNullException(nameof(tokenInfoStorage));
_dataProtectionFactory = dataProtectionFactory ?? throw new ArgumentNullException(nameof(dataProtectionFactory));
_tokenProviderOptions = tokenProviderOptions.Value ?? throw new ArgumentNullException(nameof(tokenProviderOptions));
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
connString = Configuration.GetConnectionString("SQLSERVERDB");
signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["Keys:UserAuthSecretKey"]));
apiURL = Configuration["Keys:APIURL"];
emailUserName = Configuration["EmailSettings:UserName"];
emailPassword = Configuration["EmailSettings:Passwrod"];
userTokenOptions = new TokenProviderOptions
{
Audience = "ConsumerUser",
Issuer = "Backend",
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256),
};
services.AddDbContext <ContactContext>(options =>
options.UseSqlServer(connString));
services.AddDbContext <PostContext>(options =>
options.UseSqlServer(connString));
services.Configure <EmailSettings>(Configuration.GetSection("EmailSettings"));
services.AddMvc();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info {
Title = "Andmap WebAPI", Version = "v1"
});
});
services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN");
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseCors("CorsPolicy");
// Add JWT generation endpoint:
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration.GetSection("SecretKey").Value));
var options = new TokenProviderOptions
{
Audience = "ShoppingApiAudience",
Issuer = "ShoppingApiIssuer",
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256),
};
app.UseMiddleware <TokenProviderMiddleware>(Options.Create(options));
var tokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = "ShoppingApiIssuer",
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = "ShoppingApiAudience",
// Validate the token expiry
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here:
ClockSkew = TimeSpan.Zero
};
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters
});
app.UseSwagger().UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My ShoppingCartApi V1");
});
var context = (ShoppingCartContext)app
.ApplicationServices.GetService(typeof(ShoppingCartContext));
WaitForSqlAvailabilityAsync(context, loggerFactory, app, env).Wait();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
public TokenProviderMiddleware(IAuth oo,
RequestDelegate next, IOptions <TokenProviderOptions> options)
{
_next = next;
_options = options.Value;
db = oo;// options.Value.Auth;
}
private void ConfigAuth(IServiceCollection services)
{
// *** CHANGE THIS FOR PRODUCTION USE ***
// Here, we're generating a random key to sign tokens - obviously this means
// that each time the app is started the key will change, and multiple servers
// all have different keys. This should be changed to load a key from a file
// securely delivered to your application, controlled by configuration.
//
// See the RSAKeyUtils.GetKeyParameters method for an examle of loading from
// a JSON file.
var keyParams = RSAKeyUtils.GetKeyParameters(".config/rsaparams.json");
// Create the key, and a set of token options to record signing credentials
// using that key, along with the other parameters we will need in the
// token controlller.
_signingKey = new RsaSecurityKey(keyParams);
_tokenOptions = new TokenProviderOptions
{
Audience = AppSettings.Auth.TokenAudience,
Issuer = AppSettings.Auth.TokenIssuer,
SigningCredentials = new SigningCredentials(_signingKey, SecurityAlgorithms.RsaSha256Signature),
IdentityResolver = GetIdentity
};
// Save the token options into an instance so they're accessible to the
services.AddSingleton(typeof(TokenProviderOptions), _tokenOptions);
// Enable Dual Authentication
services.AddAuthentication()
.AddCookie(cfg => cfg.SlidingExpiration = true)
.AddJwtBearer(cfg =>
{
cfg.RequireHttpsMetadata = false;
cfg.SaveToken = true;
cfg.TokenValidationParameters = new TokenValidationParameters()
{
ValidIssuer = AppSettings.Auth.TokenIssuer,
ValidAudience = AppSettings.Auth.TokenAudience,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Tokens:Key"]))
};
});
//services.AddAuthentication(options =>
//{
// options.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
//});
// Enable the use of an [Authorize("Bearer")] attribute on methods and classes to protect.
services.AddAuthorization(options =>
{
options.AddPolicy(AuthSchema, policy =>
{
policy.AuthenticationSchemes.Add(AuthSchema);
policy.RequireAuthenticatedUser().Build();
});
});
}
private void RegisterToken(IServiceCollection services)
{
string secretKey = Configuration["Tokens:Key"];
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));
var options = new TokenProviderOptions
{
Audience = Configuration["Tokens:Issuer"],
Issuer = Configuration["Tokens:Issuer"],
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256),
Expiration = TimeSpan.FromDays(1),
CookieName = Configuration["Tokens:CookieName"]
};
services.AddSingleton <IOptions <TokenProviderOptions> >(Options.Create(options));
services.AddTransient <ITokenProvider, TokenProvider>();
var tokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidIssuer = Configuration["Tokens:Issuer"],
ValidateAudience = true,
ValidAudience = Configuration["Tokens:Issuer"],
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Tokens:Key"])),
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
};
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(opt =>
{
opt.Events.OnRedirectToLogin = (context) =>
{
context.Response.StatusCode = 401;
return(Task.CompletedTask);
};
});
//services.AddAuthentication(cfg =>
// {
// cfg.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
// cfg.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
// })
// .AddJwtBearer(cfg =>
// {
// cfg.RequireHttpsMetadata = false;
// cfg.SaveToken = true;
// cfg.TokenValidationParameters = tokenValidationParameters;
// })
// .AddCookie(cfg =>
// {
// cfg.LoginPath = "/User/SignIn";
// cfg.LogoutPath = "/User/SignOut";
// cfg.Cookie.Name = CookieAuthenticationDefaults.AuthenticationScheme;
// cfg.TicketDataFormat = new CustomJwtDataFormat(
// SecurityAlgorithms.HmacSha256,
// tokenValidationParameters);
// });
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
var secretKey = "mysupersecret_secretkey!123";
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));
var tokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = "ExampleIssuer",
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = "ExampleAudience",
// Validate the token expiry
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here:
ClockSkew = TimeSpan.Zero
};
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
AuthenticationScheme = "Cookie",
CookieName = "access_token",
TicketDataFormat = new CustomJwtDataFormat(
SecurityAlgorithms.HmacSha256,
tokenValidationParameters)
});
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters
});
// Add JWT generation endpoint:
var options = new TokenProviderOptions
{
Audience = "ExampleAudience",
Issuer = "ExampleIssuer",
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256),
};
app.UseMiddleware <TokenProviderMiddleware>(Options.Create(options));
app.UseMvc();
}
public TokenProviderMiddleware(RequestDelegate next,
IOptions <TokenProviderOptions> options,
IAccountRepository account, IRoleRepository role)
{
_next = next;
_options = options.Value;
_account = account;
_role = role;
}
public CustomJwtDataFormat(
string algorithm,
TokenValidationParameters validationParameters,
TokenProviderOptions options)
{
_algorithm = algorithm;
_validationParameters = validationParameters;
_options = options;
}
public TokenProviderMiddleware(
RequestDelegate next,
IOptions <TokenProviderOptions> options,
IIdentityProvider identityProvider)
{
_next = next;
_options = options.Value;
_identityProvider = identityProvider;
}
public TokenProviderMiddleware(
RequestDelegate next,
IOptions <TokenProviderOptions> options,
UserManager <AppUser> userManager)
{
_next = next;
_options = options.Value;
_userManager = userManager;
}
public void Register(IApplicationBuilder app)
{
string issuer = Configuration.GetSection("TokenAuthentication:Issuer").Value;
string audience = Configuration.GetSection("TokenAuthentication:Audience").Value;
var secret = Encoding.UTF8.GetBytes(Configuration.GetSection("TokenAuthentication:SecretKey").Value);
var tokenProviderOptions = new TokenProviderOptions
{
Path = Configuration.GetSection("TokenAuthentication:IntervieweeTokenPath").Value,
Audience = audience,
Issuer = issuer,
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(secret), SecurityAlgorithms.HmacSha256),
IdentityResolver = GetIdentity
};
var userTokenProvider = new TokenProviderOptions
{
Path = Configuration.GetSection("TokenAuthentication:UserTokenPath").Value,
Audience = audience,
Issuer = issuer,
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(secret), SecurityAlgorithms.HmacSha256),
IdentityResolver = GetUserIdentity
};
app.UseJwtBearerAuthentication(new JwtBearerOptions()
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
AuthenticationScheme = "Bearer",
TokenValidationParameters = new TokenValidationParameters()
{
ValidIssuer = issuer,
ValidAudience = audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(secret),
ValidateLifetime = true
}
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AutomaticAuthenticate = false,
AutomaticChallenge = false,
AuthenticationScheme = "Cookie",
CookieName = "access_token",
TicketDataFormat = new CustomTokenFormat(
SecurityAlgorithms.HmacSha256,
new TokenValidationParameters()
{
ValidIssuer = issuer,
ValidAudience = audience,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(secret),
ValidateLifetime = true
})
});
app.UseMiddleware <TokenProviderMiddleware>(Options.Create(tokenProviderOptions));
app.UseMiddleware <TokenProviderMiddleware>(Options.Create(userTokenProvider));
}
public AuthMiddleware(
RequestDelegate next,
IOptions <TokenProviderOptions> options,
DataContext db)
{
_next = next;
_options = options.Value;
_db = db;
}
public TokenCreatorMiddleware(
IServiceProvider serviceProvider,
RequestDelegate next,
IOptions <TokenProviderOptions> options)
{
this.serviceProvider = serviceProvider;
skip = next;
opts = options.Value;
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
var audienceConfig = Configuration.GetSection("Audience");
var symmetricKeyAsBase64 = audienceConfig["Secret"];
var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
var signingKey = new SymmetricSecurityKey(keyByteArray);
var options = new TokenProviderOptions
{
Audience = "ExampleAudience",
Issuer = "ExampleIssuer",
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256),
};
var tokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = options.Issuer,
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = options.Audience,
// Validate the token expiry
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here:
ClockSkew = TimeSpan.Zero
};
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = tokenValidationParameters,
});
app.UseMiddleware<CustomTokenProviderMiddleware>(Options.Create(options));
app.UseMvc();
}
public CustomTokenProviderMiddleware(RequestDelegate next, IOptions<TokenProviderOptions> options)
{
_next = next;
_options = options.Value;
}
