protected override void OnModelCreating(DbModelBuilder modelBuilder) { base.OnModelCreating(modelBuilder); NeedConventions.Mapp(modelBuilder); NeedConfigurations.Map(modelBuilder); IdentityConfigurations.Map(modelBuilder); }
public static IServiceCollection AddPersistence(this IServiceCollection services, IConfiguration configuration, IWebHostEnvironment environment) { services.AddDbContext <FuhoIdentityDbContext> (options => options.UseSqlServer(configuration.GetConnectionString(DbConfiguration.ConnectionStringName))); services.AddIdentity <AppUser, IdentityRole>() .AddEntityFrameworkStores <FuhoIdentityDbContext>() .AddDefaultTokenProviders(); var identityServiceBuilder = services.AddIdentityServer(options => { options.Events.RaiseErrorEvents = true; options.Events.RaiseInformationEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseSuccessEvents = true; }); identityServiceBuilder.AddOperationalStore(options => { options.ConfigureDbContext = builder => builder.UseSqlServer(configuration.GetConnectionString(DbConfiguration.ConnectionStringName)); // Clean unuse token from Db options.EnableTokenCleanup = true; options.TokenCleanupInterval = 30; // interval in seconds }); identityServiceBuilder.AddInMemoryPersistedGrants(); identityServiceBuilder.AddInMemoryIdentityResources(IdentityConfigurations.GetIdentityResources()); identityServiceBuilder.AddInMemoryApiResources(IdentityConfigurations.GetApiResources()); identityServiceBuilder.AddInMemoryClients(IdentityConfigurations.GetClients()); identityServiceBuilder.AddAspNetIdentity <AppUser>(); if (environment.IsDevelopment()) { identityServiceBuilder.AddDeveloperSigningCredential(); } else { //path: Root/certificates/.pfx var certificatePath = Path.GetFullPath(Path.Combine(environment.ContentRootPath, configuration["Certificate:CertFolder"], configuration["Certificate:FileName"])); services.AddIdentityServer() .AddSigningCredential(new X509Certificate2(certificatePath), configuration["Certificate:Password"]); } return(services); }
/// <summary> /// Método para obtenção da chave de assinatura do token provida pela autoridade de identificação. /// </summary> /// <param name="settings">Objeto referenciado</param> /// <param name="token">Token de autenticação</param> /// <returns>Chave de segurança provida pela autoridade de identificação.</returns> private static async Task <SecurityKey> GetSigningKeyAsync(this IdentityConfigurations settings, JwtSecurityToken token) { var client = new HttpClient(); try { var discovery = await client.GetDiscoveryDocumentAsync(settings.Authority); var kid = token.Header.Kid; var key = discovery.KeySet.Keys.Where(x => x.Kid == kid).FirstOrDefault(); var json = JsonConvert.SerializeObject(key); var result = JsonWebKey.Create(json); //var keys = client.GetRequest(".well-known/openid-configuration/jwks").ExecuteAsync<IdentityKeySet>().Result; return(result); } catch (Exception ex) { throw ex; } }
/// <summary> /// Extensão que faz a validação de um token. /// </summary> /// <param name="token">Objeto referenciado</param> /// <param name="settings">Configurações de autoridade</param> /// <returns>Resultado da validação do token</returns> public static async Task <TokenValidationResult> ValidateAsync(this JwtSecurityToken token, IdentityConfigurations settings) { TokenValidationResult result; try { var tokenDecoder = new JwtSecurityTokenHandler(); var parameters = await settings.GetTokenParametesAsync(token); var principal = tokenDecoder.ValidateToken(token.RawData, parameters, out SecurityToken validatedToken); result = new TokenValidationResult(TokenValidation.Valid) { Principal = principal, SecurityToken = validatedToken }; } catch (SecurityTokenExpiredException ex) { result = new TokenValidationResult(TokenValidation.Expired, ex.Message); } catch (SecurityTokenInvalidAudienceException ex) { result = new TokenValidationResult(TokenValidation.InvalidAudience, ex.Message); } catch (SecurityTokenInvalidLifetimeException ex) { result = new TokenValidationResult(TokenValidation.InvalidLifetime, ex.Message); } catch (SecurityTokenInvalidSignatureException ex) { result = new TokenValidationResult(TokenValidation.InvalidSignature, ex.Message); } catch (SecurityTokenNoExpirationException ex) { result = new TokenValidationResult(TokenValidation.NoExpiration, ex.Message); } catch (SecurityTokenNotYetValidException ex) { result = new TokenValidationResult(TokenValidation.NotYetValid, ex.Message); } catch (SecurityTokenReplayAddFailedException ex) { result = new TokenValidationResult(TokenValidation.ReplayAdd, ex.Message); } catch (SecurityTokenReplayDetectedException ex) { result = new TokenValidationResult(TokenValidation.ReplayDetected, ex.Message); } catch (Exception ex) { result = new TokenValidationResult(TokenValidation.Error, ex.Message); } return(result); }
/// <summary> /// Método que busca as claims do usuário atual. /// </summary> /// <param name="context"></param> /// <param name="configurations">Configurações do provedor de identidade.</param> /// <returns>Enumeração de claims do usuário atual.</returns> public static async Task <IEnumerable <Claim> > GetCurrentUserClaims(this AuthorizationFilterContext context, IdentityConfigurations configurations) { var token = context.GetAuthorizationToken("Bearer"); var client = new HttpClient(); var userInfo = await client.GetUserInfoAsync(configurations.Authority, token); var claims = userInfo.ToClaims(); return(claims); }
/// <summary> /// Extensão que retorna os parâmetros de validação de token OAuth. /// </summary> /// <param name="settings">Objeto referenciado</param> /// <param name="token">Token de autenticação</param> /// <returns>Parâmetros de validação do Token. Veja <see cref="TokenValidationParameters"/></returns> internal static async Task <TokenValidationParameters> GetTokenParametesAsync(this IdentityConfigurations settings, JwtSecurityToken token) { try { var tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = settings.ValidateIssuerSigningKey, IssuerSigningKey = await settings.GetSigningKeyAsync(token), ValidateIssuer = settings.ValidateIssuer, ValidateAudience = settings.ValidateAudience, ValidateLifetime = settings.ValidateLifetime, ClockSkew = TimeSpan.Zero }; return(tokenValidationParameters); } catch { return(null); } }
public static ApplicationUserManager Create(IdentityFactoryOptions <ApplicationUserManager> options, IOwinContext context) { var manager = new ApplicationUserManager(new UserStore <ApplicationUser>(context.Get <ApplicationDbContext>())); var configurations = new IdentityConfigurations(); #region UserValidator // Configurando validator para nome de usuario manager.UserValidator = new UserValidator <ApplicationUser>(manager) { AllowOnlyAlphanumericUserNames = configurations.UserValidator.AllowOnlyAlphanumericUserNames, RequireUniqueEmail = configurations.UserValidator.RequireUniqueEmail }; #endregion #region PasswordValidator // Logica de validação e complexidade de senha manager.PasswordValidator = new PasswordValidator { RequiredLength = configurations.PasswordValidator.RequiredLength, RequireNonLetterOrDigit = configurations.PasswordValidator.RequireNonLetterOrDigit, RequireDigit = configurations.PasswordValidator.RequireDigit, RequireLowercase = configurations.PasswordValidator.RequireLowercase, RequireUppercase = configurations.PasswordValidator.RequireUppercase }; #endregion #region Lockout // Configuração de Lockout manager.UserLockoutEnabledByDefault = configurations.Lockout.UserLockoutEnabledByDefault; manager.DefaultAccountLockoutTimeSpan = configurations.Lockout.DefaultAccountLockoutTimeSpan; manager.MaxFailedAccessAttemptsBeforeLockout = configurations.Lockout.MaxFailedAccessAttemptsBeforeLockout; #endregion #region Two Factor // Registrando os providers para Two Factor. manager.RegisterTwoFactorProvider(configurations.TwoFactor.Sms.Name, new PhoneNumberTokenProvider <ApplicationUser> { MessageFormat = configurations.TwoFactor.Sms.Message }); manager.RegisterTwoFactorProvider(configurations.TwoFactor.Email.Name, new EmailTokenProvider <ApplicationUser> { Subject = configurations.TwoFactor.Email.Subject, BodyFormat = configurations.TwoFactor.Email.Message }); #endregion // Definindo a classe de serviço de e-mail manager.EmailService = new EmailService(); // Definindo a classe de serviço de SMS manager.SmsService = new SmsService(); #region UserTokenProvider var dataProtectionProvider = options.DataProtectionProvider; if (dataProtectionProvider != null) { var userTokenProvider = dataProtectionProvider.Create(configurations.UserTokenProvider); manager.UserTokenProvider = new DataProtectorTokenProvider <ApplicationUser>(userTokenProvider); } #endregion return(manager); }