private static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup <Startup>()
.ConfigureAppConfiguration((hostContext, config) =>
{
config
.AddEnvironmentVariables()
.AddJsonFile("settings.json", optional: true, reloadOnChange: true);
})
.UseContentRoot(Directory.GetCurrentDirectory())
.UseKestrel(options =>
{
options.Limits.MaxConcurrentConnections = 25;
options.Limits.MaxConcurrentUpgradedConnections = 25;
options.Limits.MaxRequestBodySize = 10 * 1024;
options.Limits.MinRequestBodyDataRate =
new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
options.Limits.MinResponseDataRate =
new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
options.Listen(IPAddress.Any, 443, listenOptions =>
{
listenOptions.UseHttps(CertsProviderService.GetCertificatePath(),
CertsProviderService.GetCertificatePassphrase());
});
});
/// <summary>
/// Add Jwt bearer through ServiceCollection interface
/// </summary>
/// <param name="services">Services collection</param>
/// <param name="configuration">Configuration</param>
/// <returns>Services collection</returns>
public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services,
IConfiguration configuration)
{
var publicKey = new X509Certificate2(
CertsProviderService.GetCertificatePath(),
CertsProviderService.GetCertificatePassphrase()).GetRSAPublicKey();
services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new RsaSecurityKey(publicKey),
ValidateIssuer = true,
ValidIssuer = configuration.GetSection("Jwt:Issuer").Value,
ValidateAudience = true,
ValidAudience = configuration.GetSection("Jwt:Audience").Value,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
});
return(services);
}
public async Task <bool> Handle(ValidateTokenCommand request, CancellationToken cancellationToken)
{
var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
var publicKey = new X509Certificate2(
CertsProviderService.GetCertificatePath(),
CertsProviderService.GetCertificatePassphrase()).GetRSAPublicKey();
var principal = jwtSecurityTokenHandler.ValidateToken(
request.Token,
new TokenValidationParameters()
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new RsaSecurityKey(publicKey),
ValidateIssuer = true,
ValidIssuer = _configuration.GetSection("Jwt:Issuer").Value,
ValidateAudience = true,
ValidAudience = _configuration.GetSection("Jwt:Audience").Value,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
},
out _);
// Implicit validated
return(true);
}
public static IApplicationBuilder UseJwtProvider(this IApplicationBuilder builder, IServiceProvider services,
IConfiguration configuration)
{
// Get the private key
var privateKey = new X509Certificate2(
CertsProviderService.GetCertificatePath(),
CertsProviderService.GetCertificatePassphrase()).GetRSAPrivateKey();
// Use authentication middleware
builder.UseAuthentication();
// Setup Token provider
var tokenProviderOptions = new TokenProviderOptions()
{
Issuer = configuration.GetSection("Jwt:Issuer").Value,
Audience = configuration.GetSection("Jwt:Audience").Value,
SigningCredentials = new SigningCredentials(new RsaSecurityKey(privateKey), SecurityAlgorithms.RsaSha256),
IdentityResolver = UserRepository.GetIdentityAsync
};
builder.Map(
new PathString("/api/token"),
a => a.UseMiddleware <JwtProviderMiddleware>(Options.Create(tokenProviderOptions))
);
return(builder.Map(
new PathString("/api/tokenrenew"),
a => a.UseMiddleware <JwtRenewMiddleware>(Options.Create(tokenProviderOptions))
));
}
