public string GetToken(User user) { if (user.Permissions == null) { throw new ArgumentNullException(nameof(user.Permissions)); } var authConfig = _configResolver.Resolve <AuthenticationConfig>(); var symmetricKey = Convert.FromBase64String(authConfig.Secret); var tokenHandler = new JwtSecurityTokenHandler(); var claims = new List <Claim>() { new Claim(Consts.SecurityLevelClaimType, SecurityLevel.Application.GetHashCode().ToString()) }; claims.AddRange(user.Permissions.Select(role => new Claim(Consts.ApplicationLevelClaimType, role.PermissionCode))); var now = DateTime.UtcNow; var tokenDescriptor = new SecurityTokenDescriptor { Issuer = "MyCommerce.Authentication", IssuedAt = now, Subject = new ClaimsIdentity(claims), Expires = now.AddMinutes(60), NotBefore = now, SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(symmetricKey), SecurityAlgorithms.HmacSha256), }; var securityToken = tokenHandler.CreateToken(tokenDescriptor); var token = tokenHandler.WriteToken(securityToken); return(token); }
public string GetToken() { var authConfig = _configResolver.Resolve <AuthenticationConfig>(); var symmetricKey = Convert.FromBase64String(authConfig.Secret); var tokenHandler = new JwtSecurityTokenHandler(); var roles = new List <string>() { "A", "B", "C" }; var claims = new List <Claim>(); claims.Add(new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString())); claims.Add(new Claim(ClaimTypes.GivenName, "Fatih")); claims.Add(new Claim(ClaimTypes.Surname, "Ceritli")); claims.Add(new Claim(ClaimTypes.Email, "*****@*****.**")); claims.AddRange(roles.Select(c => new Claim(ClaimTypes.Role, c))); var now = DateTime.Now; var tokenDescriptor = new SecurityTokenDescriptor { Issuer = "JWTExample", IssuedAt = now, Subject = new ClaimsIdentity(claims), Expires = now.AddMinutes(authConfig.ExpireMinutes), NotBefore = now, SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(symmetricKey), SecurityAlgorithms.HmacSha256), }; var securityToken = tokenHandler.CreateToken(tokenDescriptor); var token = tokenHandler.WriteToken(securityToken); return(token); }
public static IServiceCollection AddSecurity(this IServiceCollection services, IConfigResolver configResolver) { AuthenticationConfig configuration = null; configuration = configResolver.Resolve <AuthenticationConfig>(); if (configuration == null) { throw new ArgumentNullException(nameof(configuration), "Authentication configuration is missing"); } services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; } ) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { RequireExpirationTime = true, ValidateLifetime = true, ClockSkew = TimeSpan.Zero, ValidateIssuer = true, ValidIssuer = "MyCommerce.Authentication", ValidateAudience = false, RequireSignedTokens = true, IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(configuration.Secret)) }; options.Events = new JwtBearerEvents { OnTokenValidated = ctx => { return(Task.CompletedTask); }, OnChallenge = ctx => { return(Task.CompletedTask); }, OnAuthenticationFailed = ctx => { if (ctx.Exception.GetType() == typeof(SecurityTokenExpiredException)) { ctx.Response.Headers.Add("Token-Expired", true.ToString().ToLower()); } ctx.Fail("Not Authorized"); return(Task.CompletedTask); } }; }); return(services); }
public static IServiceCollection AddSecurity(this IServiceCollection services, IConfigResolver configResolver) { AuthenticationConfig configuration = null; configuration = configResolver.Resolve <AuthenticationConfig>(); if (configuration == null) { throw new ArgumentNullException(nameof(configuration), "Authentication configuration is missing"); } var principalAccessor = new PrincipalAccessor(); services.AddScoped <IPrincipalAccessor>(c => principalAccessor); services.AddScoped(typeof(IDomainPrincipal), typeof(DomainPrincipal)); services.AddScoped <IAuthorizedUserResolver, AuthorizedUserResolver>(); services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultForbidScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { RequireExpirationTime = true, ValidateLifetime = true, ClockSkew = TimeSpan.Zero, ValidateIssuer = true, ValidIssuer = "JWTExample", ValidateAudience = false, RequireSignedTokens = true, IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(configuration.Secret)) }; options.Events = new JwtBearerEvents { OnTokenValidated = ctx => { ClaimsPrincipal identity = ctx.Principal as ClaimsPrincipal; if (identity != null) { principalAccessor.CurrentPrincipal = identity; } return(Task.CompletedTask); }, OnChallenge = ctx => { return(Task.CompletedTask); }, OnAuthenticationFailed = ctx => { if (ctx.Exception.GetType() == typeof(SecurityTokenExpiredException)) { ctx.Response.Headers.Add("Token-Expired", true.ToString().ToLower()); } ctx.Fail("Not Authorized"); return(Task.CompletedTask); } }; }); return(services); }
public UrlCreator(IConfigResolver configResolver) { _urlConfig = configResolver.Resolve <UrlConfig>(); }