예제 #1
0
        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllersWithViews();

            var tokenValidationParameters = new TokenValidationParameters()
            {
                NameClaimType      = OpenIdConnectConstants.Claims.Name,
                RoleClaimType      = OpenIdConnectConstants.Claims.Role,
                ValidateAudience   = false,
                ValidateIssuer     = false,
                TokenDecryptionKey = new X509SecurityKey(AuthenticationExtensionMethods.TokenEncryptionCertificate()),
                IssuerSigningKey   = new X509SecurityKey(AuthenticationExtensionMethods.TokenSigningCertificate())
            };

            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) //same as "Bearer"
            .AddJwtBearer(options =>
            {
                options.RequireHttpsMetadata      = true;
                options.IncludeErrorDetails       = true;
                options.TokenValidationParameters = tokenValidationParameters;
            });


            services.AddOpenIddict().AddValidation(
                options =>
            {
                options.SetTokenValidationParameters(config => config = tokenValidationParameters);
                options.UseAspNetCore();
            });
        }
예제 #2
0
        public string ParseJWE(string jwe)
        {
            var key    = new X509SecurityKey(AuthenticationExtensionMethods.TokenEncryptionCertificate());
            var sigkey = new X509SecurityKey(AuthenticationExtensionMethods.TokenSigningCertificate());

            var handler         = new JwtSecurityTokenHandler();
            var claimsPrincipal = handler.ValidateToken(
                jwe,
                new TokenValidationParameters
            {
                //ValidAudience = "abc123",
                NameClaimType       = OpenIdConnectConstants.Claims.Name,
                RoleClaimType       = OpenIdConnectConstants.Claims.Role,
                ValidIssuer         = "https://localhost:44365/",
                RequireSignedTokens = true,
                TokenDecryptionKey  = key,
                IssuerSigningKey    = sigkey,
                ValidateAudience    = false
            },
                out SecurityToken securityToken);
            var result = new
            {
                Principal = new
                {
                    Name     = claimsPrincipal.Identity.Name,
                    AuthType = claimsPrincipal.Identity.AuthenticationType
                },
                Token = securityToken
            };

            return(JsonConvert.SerializeObject(result, Formatting.Indented));
        }
예제 #3
0
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddCors();
            services.AddControllers();

            services.AddIdentity <ApplicationUser, IdentityRole>(options =>
            {
                options.Password.RequireDigit            = false;
                options.Password.RequireNonAlphanumeric  = false;
                options.Password.RequireUppercase        = false;
                options.Password.RequireLowercase        = false;
                options.ClaimsIdentity.UserNameClaimType = Claims.Name;
                options.ClaimsIdentity.UserIdClaimType   = Claims.Subject;
                options.ClaimsIdentity.RoleClaimType     = Claims.Role;
            })
            .AddEntityFrameworkStores <ApplicationDbContext>()
            .AddDefaultTokenProviders();

            services.AddOpenIddict()
            .AddCore(options =>
            {
                options.UseEntityFrameworkCore().UseDbContext <ApplicationDbContext>();
            })
            .AddServer(options =>
            {
                options.SetTokenEndpointUris("/connect/token");
                options.AllowPasswordFlow();
                options.AcceptAnonymousClients();
                options.AddEncryptionCertificate(AuthenticationExtensionMethods.TokenEncryptionCertificate());
                options.AddSigningCertificate(AuthenticationExtensionMethods.TokenSigningCertificate());
                options.UseAspNetCore().EnableTokenEndpointPassthrough();
            });

            services.AddDbContext <ApplicationDbContext>(options =>
            {
                options.UseSqlServer(connectionString);
                options.UseOpenIddict();
            });
        }