예제 #1
        private string resolveTokens(string stringWithTokens)
            string resolvedString = stringWithTokens;

            #region Resolve From Config
            MatchCollection matchedConfigTokens = Regex.Matches(resolvedString, configPattern, RegexOptions.None);

            foreach (Match match in matchedConfigTokens)
                string token      = match.Value.Replace("$Config.", "").Replace("$", "");
                string tokenValue = _config["APIProxySettings:clientSettings:" + token];
                Console.WriteLine("token : {0} value : {1}", match.Value, tokenValue);
                resolvedString = resolvedString.Replace(match.Value, tokenValue);


            #region Resolve From Server
            MatchCollection matchedServerTokens = Regex.Matches(resolvedString, serverPattern, RegexOptions.None);

            foreach (Match match in matchedServerTokens)
                string token      = match.Value.Replace("$Server.", "").Replace("$", "");
                string tokenValue = null;
                switch (token.ToLower().Trim())
                case "datetime":
                    tokenValue = DateTime.Now.ToString();

                    throw new Exception(string.Format("Unrecognized server token {0}", match.Value));
                Console.WriteLine("token : {0} value : {1}", match.Value, tokenValue);
                resolvedString = resolvedString.Replace(match.Value, tokenValue);


            #region Resolve From JWT
            MatchCollection matchedJwtTokens = Regex.Matches(resolvedString, jwtPattern, RegexOptions.None);

            if (!_isAuthenticatedSession)
                throw new Exception("Request needs an authenticated session for token replacement");
                foreach (Match match in matchedJwtTokens)
                    string token = match.Value.Replace("$Jwt.", "").Replace("$", "");

                    Claim requestedClaim = _JWTHelper.getClaim(token);
                    if (requestedClaim != null)
                        string tokenValue = requestedClaim.Value;
                        Console.WriteLine("token : {0} value : {1}", match.Value, tokenValue);
                        resolvedString = resolvedString.Replace(match.Value, tokenValue);
                        throw new Exception(string.Format("Request needs an authenticated session with valid claim name for token replacement. Claim name {0}", token));


예제 #2
        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
            .AddJwtBearer(options =>
                options.TokenValidationParameters = new TokenValidationParameters
                    ValidateIssuer           = true,
                    ValidateAudience         = true,
                    ValidateLifetime         = true,
                    ValidateIssuerSigningKey = true,
                    ValidIssuer      = Configuration["Jwt:Issuer"],
                    ValidAudience    = Configuration["Jwt:Issuer"],
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))

                options.Events = new JwtBearerEvents
                    // Decrypt the JWT so it can be processed by Authorize logic.
                    OnMessageReceived = context =>
                        string jwt    = String.Empty;
                        string hdrJWT = String.Empty;
                        ICryptoHelper _cryptoHelper = context.HttpContext.GetInstanceFromContext <ICryptoHelper>();
                        IJWTHelper _JWTHelper       = context.HttpContext.GetInstanceFromContext <IJWTHelper>();

                            hdrJWT        = _JWTHelper.getBearerHeaderValue(context.Request.Headers);
                            jwt           = _cryptoHelper.decrypt(hdrJWT);
                            context.Token = jwt;
                        catch (Exception ex)
                            string msg = $"ERROR: Missing or invalid JWT. EXCEPTION: {ex.Message} JWT: {hdrJWT} DECRYPTED: {jwt}";
                            Console.WriteLine("USER AUTHENTICATION", "Startup.cs", "ConfigureServices.OnMessageReceived", msg, ex);

                    // On valid token received, this fires. Useful for debugging purposes.
                    OnTokenValidated = context =>
                        string plainTextJWT = context.SecurityToken.ToString();

                    // On authentication failures, redirect to the public login page
                    OnChallenge = context =>
                        ICryptoHelper _cryptoHelper = context.HttpContext.GetInstanceFromContext <ICryptoHelper>();
                        IJWTHelper _JWTHelper       = context.HttpContext.GetInstanceFromContext <IJWTHelper>();

                        // If no path was requested, get the default landing page. Otherwise
                        // use the requested path ensuring the correct context root is included.
                        PathString currenturi = context.Request.Path == null
                                    ? new PathString(Configuration["AppSettings:homePageUrl"])
                                    : new PathString(Configuration["AppSettings:appRootPath"] + context.Request.Path);

                        // Pass the originally requested page as a querystring parm preserving its querystring if present
                        string q = context.HttpContext.Request.QueryString.HasValue
                                    ? WebUtility.UrlEncode(context.HttpContext.Request.QueryString.ToString())
                                    : String.Empty;

                        string redirectUrl = Configuration["AppSettings:loginUrl"] + QueryString.Create("ReturnUrl", currenturi) + q;

                        // Save the originally requested page in a cookie
                        context.Response.Cookies.Append("requestedurl", currenturi);

                        string hdrJWT    = string.Empty;
                        string jwtDetail = string.Empty;
                            hdrJWT = _JWTHelper.getBearerHeaderValue(context.Request.Headers);
                            if (!String.IsNullOrEmpty(hdrJWT))
                                string format       = "yyyy-MM-dd HH:mm:ss:fffffff";
                                string currentUTC   = DateTime.UtcNow.ToString(format);
                                string detailMsg    = context.AuthenticateFailure.Message;
                                string jwtEXP       = _JWTHelper.getClaim(JwtRegisteredClaimNames.Exp.ToString()).Value;
                                string jwtExpAsDate = (new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).AddSeconds(Convert.ToDouble(jwtEXP)).ToString(format);
                                jwtDetail           = $"JWT Expires: {jwtExpAsDate} JWT EXP: {jwtEXP} Current Time: {currentUTC} Auth Error: {detailMsg} ";
                        catch (Exception ex)
                            string setBreakPointHere = ex.Message;

                        string msg      = String.IsNullOrEmpty(context.ErrorDescription) ? String.Empty : $"EXCEPTION: {context.Error} - {context.ErrorDescription}";
                        string errorMsg = $"ERROR: Missing or invalid JWT. {msg} JWT: {hdrJWT} DETAIL: {jwtDetail}";
                        Console.WriteLine("USER AUTHENTICATION", "Startup.cs", "ConfigureServices.OnChallenge", errorMsg);

            services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>();
            services.AddSingleton <ICryptoHelper, CryptoHelper>();
            services.AddScoped <ICookieHelper, CookieHelper>();
            services.AddScoped <IJWTHelper, JWTHelper>();
            services.AddScoped <IProxyHelper, ProxyHelper>();

            // Convert all generated URLs to lowercase.
            services.AddRouting(options =>
                options.LowercaseUrls = true;

            // Default all controller actions to require authentication unless adorned with [AllowAnonymous].
            services.AddMvc(config =>
                var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
                config.Filters.Add(new AuthorizeFilter(policy));