// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
var tokenValidationParameters = new TokenValidationParameters()
{
NameClaimType = OpenIdConnectConstants.Claims.Name,
RoleClaimType = OpenIdConnectConstants.Claims.Role,
ValidateAudience = false,
ValidateIssuer = false,
TokenDecryptionKey = new X509SecurityKey(AuthenticationExtensionMethods.TokenEncryptionCertificate()),
IssuerSigningKey = new X509SecurityKey(AuthenticationExtensionMethods.TokenSigningCertificate())
};
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) //same as "Bearer"
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = true;
options.IncludeErrorDetails = true;
options.TokenValidationParameters = tokenValidationParameters;
});
services.AddOpenIddict().AddValidation(
options =>
{
options.SetTokenValidationParameters(config => config = tokenValidationParameters);
options.UseAspNetCore();
});
}
public string ParseJWE(string jwe)
{
var key = new X509SecurityKey(AuthenticationExtensionMethods.TokenEncryptionCertificate());
var sigkey = new X509SecurityKey(AuthenticationExtensionMethods.TokenSigningCertificate());
var handler = new JwtSecurityTokenHandler();
var claimsPrincipal = handler.ValidateToken(
jwe,
new TokenValidationParameters
{
//ValidAudience = "abc123",
NameClaimType = OpenIdConnectConstants.Claims.Name,
RoleClaimType = OpenIdConnectConstants.Claims.Role,
ValidIssuer = "https://localhost:44365/",
RequireSignedTokens = true,
TokenDecryptionKey = key,
IssuerSigningKey = sigkey,
ValidateAudience = false
},
out SecurityToken securityToken);
var result = new
{
Principal = new
{
Name = claimsPrincipal.Identity.Name,
AuthType = claimsPrincipal.Identity.AuthenticationType
},
Token = securityToken
};
return(JsonConvert.SerializeObject(result, Formatting.Indented));
}
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddControllers();
services.AddIdentity <ApplicationUser, IdentityRole>(options =>
{
options.Password.RequireDigit = false;
options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false;
options.Password.RequireLowercase = false;
options.ClaimsIdentity.UserNameClaimType = Claims.Name;
options.ClaimsIdentity.UserIdClaimType = Claims.Subject;
options.ClaimsIdentity.RoleClaimType = Claims.Role;
})
.AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddOpenIddict()
.AddCore(options =>
{
options.UseEntityFrameworkCore().UseDbContext <ApplicationDbContext>();
})
.AddServer(options =>
{
options.SetTokenEndpointUris("/connect/token");
options.AllowPasswordFlow();
options.AcceptAnonymousClients();
options.AddEncryptionCertificate(AuthenticationExtensionMethods.TokenEncryptionCertificate());
options.AddSigningCertificate(AuthenticationExtensionMethods.TokenSigningCertificate());
options.UseAspNetCore().EnableTokenEndpointPassthrough();
});
services.AddDbContext <ApplicationDbContext>(options =>
{
options.UseSqlServer(connectionString);
options.UseOpenIddict();
});
}