public IActionResult Login([FromBody] Login body) { if (string.IsNullOrEmpty(body.Password) || body.Password.Length < 8) { return(StatusCode(401)); } UserInfo user = _userService.Login(body.Email, body.Password); if (user == null) { return(StatusCode(401)); } var accessToken = JwtIssuer.Issue( user.Id, user.DisplayName, user.Email, user.Level == UserLevel.Administrator); return(Ok(new LoginResponse { AccessToken = accessToken, Expires = (int)JwtSettings.Expiration.TotalSeconds })); }
private IJwtIssuer ConfigureSecurity(IServiceCollection services) { var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["securitySettings:tokenKey"])); services .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, ValidateAudience = false, ValidateIssuerSigningKey = true, ValidateLifetime = true, IssuerSigningKey = key }); services .AddAuthorization(options => { options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme) .RequireAuthenticatedUser().Build(); }); var jwtIssuer = new JwtIssuer(key, TimeSpan.FromMinutes(Configuration.GetValue <int>("securitySettings:tokenLifeMinutes"))); return(jwtIssuer); }
private static int Execute(IReporter reporter, string projectPath, string id, bool showFull) { if (!DevJwtCliHelpers.GetProjectAndSecretsId(projectPath, reporter, out var _, out var userSecretsId)) { return(1); } var jwtStore = new JwtStore(userSecretsId); if (!jwtStore.Jwts.TryGetValue(id, out var jwt)) { reporter.Output(Resources.FormatPrintCommand_NoJwtFound(id)); return(1); } reporter.Output(Resources.FormatPrintCommand_Confirmed(id)); JwtSecurityToken fullToken; if (showFull) { fullToken = JwtIssuer.Extract(jwt.Token); DevJwtCliHelpers.PrintJwt(reporter, jwt, fullToken); } return(0); }
public UsersController( UserService svc, JwtIssuer jwtIssuer, UserRepository users) { _svc = svc; _jwtIssuer = jwtIssuer; _users = users; }
public AuthController( IGoogleService googleService, IUserService userService, JwtIssuer jwtIssuer) { this.googleService = googleService; this.userService = userService; this.jwtIssuer = jwtIssuer; }
public AuthController( ExternalLoginProvider externalLoginProvider, IAccountSerivce accountService, JwtIssuer jwtIssuer, AppSettings appSettings) { this.externalLoginProvider = externalLoginProvider; this.accountService = accountService; this.jwtIssuer = jwtIssuer; this.appSettings = appSettings; }
public void UserIdMustBeEqualsUserIdEncryptedInToken() { var securitySettings = new SecuritySettings("lod-misis.ru", "asdasfsagfhjkgflsdakjfb.jgglg[jnfjjnrjbvajk", TimeSpan.Parse("720:00:00"), null, TimeSpan.Zero); var jwtIssuer = new JwtIssuer(securitySettings); var userId = "test"; var token = jwtIssuer.IssueAccessJwt(userId); var handler = new JwtSecurityTokenHandler(); var dycryptedUserId = handler.ReadJwtToken(token).Claims.First(c => c.Type == "UserId").Value; Assert.AreEqual(userId, dycryptedUserId); }
public void SaveConfiguration() { Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None); config.AppSettings.Settings[nameof(Configured)].Value = Configured.ToString(); config.AppSettings.Settings[nameof(ConnectionString)].Value = ConnectionString.ToString(); config.AppSettings.Settings[nameof(JwtIssuer)].Value = JwtIssuer.ToString(); config.AppSettings.Settings[nameof(JwtAudience)].Value = JwtAudience.ToString(); config.AppSettings.Settings[nameof(JwtExpiryInDays)].Value = JwtExpiryInDays.ToString(); config.AppSettings.Settings[nameof(JwtSecurityKey)].Value = JwtSecurityKey.ToString(); //config.AppSettings.Settings[nameof(ExtendsClassApi)].Value = ExtendsClassApi.ToString(); config.Save(ConfigurationSaveMode.Modified); ConfigurationManager.RefreshSection(config.AppSettings.SectionInformation.Name); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { ConfigureLogging(); services.AddMvc(options => { options.Filters.Add(new ActionFilter()); options.Filters.Add(new ExceptionFilter()); }); var securityConfiguration = Configuration.GetSection("Security"); var emailCredentialsConfiguration = Configuration.GetSection("EmailCredatials"); var emailCredatials = new NetworkCredential(emailCredentialsConfiguration["Address"], emailCredentialsConfiguration["Password"]); var userRepository = new UserRepository(); var userService = new UserService(userRepository); var smsRepository = new SMSRepository(); var emailRepository = new EmailRepository(); var messageService = new MessageService(emailRepository, smsRepository, emailCredatials); services.AddSingleton <IUserService>(userService); services.AddSingleton <IMessageService>(messageService); services.AddSingleton <ExceptionFilter>(new ExceptionFilter()); services.AddSingleton <ActionFilter>(new ActionFilter()); var securitySettings = new SecuritySettings(securityConfiguration["EncryptionKey"], securityConfiguration["Issue"], securityConfiguration.GetValue <TimeSpan>("ExpirationPeriod")); var jwtIssuer = new JwtIssuer(securitySettings); services.AddSingleton <IJwtIssuer>(jwtIssuer); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, ValidateAudience = false, ValidateLifetime = true, ValidateIssuerSigningKey = true, ClockSkew = TimeSpan.Zero, IssuerSigningKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(securitySettings.EncryptionKey)) }; }); StartSendingMessage(messageService); }
public static IServiceCollection AddJwtIssuerAndBearer(this IServiceCollection services, JwtIssuerOptions options) { var jwtIssuer = new JwtIssuer(options); services.AddSingleton(jwtIssuer); services .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(jwtOptions => { jwtOptions.TokenValidationParameters = jwtIssuer.TokenValidationParameters; }); return(services); }
protected Task <IPrincipal> AuthenticateJwtToken(string token, JwtIssuer jwtProvider) { if (this.ValidateToken(jwtProvider, token, out var claimsPrincipal)) { // based on username to get more information from database in order to build local identity var claims = claimsPrincipal.Claims; var identity = new ClaimsIdentity(claims, "Jwt"); IPrincipal user = new ClaimsPrincipal(identity); return(Task.FromResult(user)); } return(Task.FromResult <IPrincipal>(null)); }
private void ConfigureSecurity(IServiceCollection services) { var sercurityConfiguration = Configuration.GetSection("Security"); var securitySetting = new SecuritySettings( sercurityConfiguration["Issuer"], sercurityConfiguration.GetValue <TimeSpan>("ExpirationPeriod"), Credentials.FromRawData(sercurityConfiguration["AdminEmail"], sercurityConfiguration["AdminPassword"]), sercurityConfiguration["EncryptionKey"] ); var jwtIssuer = new JwtIssuer(securitySetting); services.AddSingleton(securitySetting); services.AddSingleton <IJwIssuer>(jwtIssuer); }
public void Encode() { var privateKeyId = "keys/private/test.pem"; var claims = new Claims() { ExpireData = DateTime.Now.AddMinutes(1), Payload = new Dictionary <string, object>() { { "hello", "world" } } }; var jwt = JwtIssuer.Encode(claims, privateKeyId); Assert.IsNotNull(jwt); }
private void ConfigureSecurity(IServiceCollection services) { var securityConfiguration = Configuration.GetSection("Security"); var securitySettings = new SecuritySettings( securityConfiguration["EncryptionKey"], securityConfiguration["Issue"], securityConfiguration.GetValue <TimeSpan>("ExpirationPeriod")); var jwtIssuer = new JwtIssuer(securitySettings); services.AddSingleton(securitySettings); services.AddSingleton <IJwtIssuer>(jwtIssuer); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, ValidateAudience = false, ValidateLifetime = true, ValidateIssuerSigningKey = true, ClockSkew = TimeSpan.Zero, IssuerSigningKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(securitySettings.EncryptionKey)) }; }); services .AddAuthorization(options => { options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme) .RequireAuthenticatedUser().Build(); options.AddPolicy("AdminOnly", new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme) .RequireClaim(Claims.Roles.RoleClaim, Claims.Roles.Admin).Build()); options.AddPolicy("ModeratorsOnly", new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme) .RequireClaim(Claims.Roles.RoleClaim, Claims.Roles.Moderator).Build()); options.AddPolicy("AdminAndModeratorsOnly", new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme) .RequireClaim(Claims.Roles.RoleClaim, Claims.Roles.Admin, Claims.Roles.Moderator).Build()); }); }
private bool ValidateToken(JwtIssuer jwtIssuer, string token, out ClaimsPrincipal claimsPrincipal) { claimsPrincipal = jwtIssuer.GetPrincipal(token); var identity = claimsPrincipal?.Identity as ClaimsIdentity; if (identity == null) { return(false); } if (!identity.IsAuthenticated) { return(false); } return(true); }
private static void RegisterDI(HttpConfiguration config) { var builder = new ContainerBuilder(); builder.RegisterApiControllers(Assembly.GetExecutingAssembly()); var jwtIssuer = new JwtIssuer(options => { options.Audience = "https://localhost:44309/"; options.Issuer = "https://localhost:44309/"; options.SecurityKey = "PUT-YOUR-KEY-HERE"; }); builder.RegisterInstance(jwtIssuer); var container = builder.Build(); config.DependencyResolver = new AutofacWebApiDependencyResolver(container); }
public void DecodeTest_ExpireNotSet() { var privateKeyId = "keys/private/test.pem"; var publicKeyId = "keys/public/test.pem"; var claims = new Claims() { Payload = new Dictionary <string, object>() { { "hello", "world" } } }; var jwt = JwtIssuer.Encode(claims, privateKeyId); Assert.IsNotNull(jwt); var payload = JwtIssuer.Decode(jwt, publicKeyId); Assert.AreEqual("world", payload["hello"]); }
/// <summary> /// Load your modules or register your services here! /// </summary> /// <param name="kernel">The kernel.</param> private static void RegisterServices(IKernel kernel) { kernel.Bind <NLog.ILogger>().To <NLog.Logger>(); /*kernel.Bind<Core.ILogger>().ToMethod(x => * { * var scope = x.Request.ParentRequest != null * ? x.Request.ParentRequest.Service.FullName * : x.Request.Service.FullName; * var log = (Core.ILogger) LogManager.GetLogger(scope, typeof(LoggerService)); * return log; * });*/ kernel.Bind <IAuthenticateService>().To <JwtTokenAuthenticationService>(); kernel.Bind <IAreaService>().To <AreaService>(); kernel.Bind <IDocumentTypeService>().To <DocumentTypeService>(); kernel.Bind <IEventTypeService>().To <EventTypeService>(); kernel.Bind <IUserService>().To <UserService>(); kernel.Bind <IDocumentService>().To <DocumentService>(); kernel.Bind <IEventService>().To <EventService>(); kernel.Bind <IQueryService>().To <QueryService>(); kernel.Bind <IFtpService>().To <FtpService>(); kernel.Bind <IFileCacheService>().To <FileCacheService>(); kernel.Bind <IPopupService>().To <PopupService>(); kernel.Bind <IConfigurationProvider>().To <ConfigurationProvider>().InSingletonScope(); kernel.Bind <FileCacheProvder>().ToSelf().InSingletonScope(); var configProvider = kernel.Get <IConfigurationProvider>(); var jwtIssuer = new JwtIssuer(options => { options.Audience = configProvider.JwtSettings.Audience; options.Issuer = configProvider.JwtSettings.Issuer; options.ExpireSeconds = configProvider.JwtSettings.AccessExpirationSeconds; options.SecurityKey = Guid.NewGuid().ToString(); }); kernel.Bind <JwtIssuer>().ToConstant(jwtIssuer); }
public async Task <CrossroadsDecodedToken> DecodeAndValidateToken(string token, IOIDConfigurationService configService) { JwtSecurityToken decodedToken = DecodeToken(token); // Get updated configurations for auth servers var mpConfiguration = await configService.GetMpConfigAsync(); var oktaConfiguration = await configService.GetOktaConfigAsync(); JwtIssuer issuer = GetAndValidateIssuer(decodedToken, mpConfiguration, oktaConfiguration); ValidateToken(token, issuer.configuration); CrossroadsDecodedToken crossroadsDecodedToken = new CrossroadsDecodedToken { decodedToken = decodedToken, authProvider = issuer.authProvider }; return(crossroadsDecodedToken); }
private JwtIssuer GetAndValidateIssuer(JwtSecurityToken decodedToken, OpenIdConnectConfiguration mpConfiguration, OpenIdConnectConfiguration oktaConfiguration) { JwtIssuer issuer = new JwtIssuer(); if (decodedToken.Issuer == mpConfiguration.Issuer) { issuer.authProvider = AuthConstants.AUTH_PROVIDER_MP; issuer.configuration = mpConfiguration; } else if (decodedToken.Issuer == oktaConfiguration.Issuer) { issuer.authProvider = AuthConstants.AUTH_PROVIDER_OKTA; issuer.configuration = oktaConfiguration; } else { string exceptionMessage = $"The token issuer: {decodedToken.Issuer} was invalid"; _logger.Warn(exceptionMessage); throw new SecurityTokenInvalidIssuerException(exceptionMessage); } return(issuer); }
public UserActions(JwtIssuer jwtIssuer) { _jwtIssuer = jwtIssuer; }
public UserActions(UserManager <AppUser> userManager, JwtIssuer issuer) { this.userManager = userManager; this.issuer = issuer; }
public TestController(JwtIssuer jwtIssuer) { this.jwtIssuer = jwtIssuer; }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { // CONFIGURATION SETTINGS var applicationConfiguration = Configuration.GetSection("Application"); var applicationSettings = new ApplicationSettings( applicationConfiguration["DefaultNickname"], applicationConfiguration.GetValue <double>("RadiusAround"), applicationConfiguration["UploadsFolderName"]); services.AddSingleton(applicationSettings); var securityConfiguration = Configuration.GetSection("Security"); var securitySettings = new SecuritySettings( securityConfiguration["EncryptionKey"], securityConfiguration["Issue"], securityConfiguration.GetValue <TimeSpan>("ExpirationPeriod")); services.AddSingleton(securitySettings); // REPOSITORIES IShyneesRepository shyneesRepository; if (Configuration.GetValue <bool>("Database:IsInMemory")) { shyneesRepository = new InMemoryShyneesRepository(); } else { var dbConfiguration = Configuration.GetSection("Database:MongoDB"); var dbSettings = new DbSettings( dbConfiguration["ConnectionString"], dbConfiguration["Database"]); services.AddSingleton(dbSettings); var dbMapper = new DbMapper(); var dbContext = new DbContext(dbSettings); shyneesRepository = new ShyneesRepository(dbContext); } // SERVICES var shyneesService = new ShyneesService(shyneesRepository, applicationSettings); var assetsService = new AssetsService(applicationSettings); services.AddSingleton <IShyneesService>(shyneesService); services.AddSingleton <IAssetsService>(assetsService); // OTHER DEPENDENCIES services.AddScoped <ModelValidationAttribute>(); var jwtIssuer = new JwtIssuer(securitySettings); services.AddSingleton <IJwtIssuer>(jwtIssuer); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, ValidateAudience = false, ValidateLifetime = true, ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(securitySettings.EncryptionKey)) }; }); services .AddAuthorization(options => { options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme) .RequireAuthenticatedUser().Build(); }); services.AddCors(options => { options.AddPolicy("EnableCORS", builder => { builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials().Build(); }); }); services.AddMvc(config => { config.ReturnHttpNotAcceptable = true; }); services.AddSwaggerGen(options => { options.SwaggerDoc("v1", new Info { Title = Configuration["Swagger:Title"], Version = Configuration["Swagger:Version"], Description = Configuration["Swagger:Description"] }); options.AddSecurityDefinition("Bearer", new ApiKeyScheme { Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"", Name = "Authorization", In = "header", Type = "apiKey" }); options.IncludeXmlComments(string.Format(@"{0}/ShyneeBackend.Application.xml", AppDomain.CurrentDomain.BaseDirectory)); options.IncludeXmlComments(string.Format(@"{0}/ShyneeBackend.Domain.xml", AppDomain.CurrentDomain.BaseDirectory)); options.DescribeAllEnumsAsStrings(); }); }
public AccountController(UserManager <AppUser> userManager, RoleManager <IdentityRole> roleManager, JwtIssuer issuer) { this.userManager = userManager; this.roleManager = roleManager; this.issuer = issuer; }
public JwtService(JwtIssuer jwtIssuer) { this.jwtIssuer = jwtIssuer; }
public JwtTokenAuthenticationService(IUserService userService, JwtIssuer jwtIssuer) { this.userService = userService; this.jwtIssuer = jwtIssuer; }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { StartLogging(); var connectionString = "mongodb://localhost"; var client = new MongoClient(connectionString); var db = client.GetDatabase("ItHappenedDB"); services.AddOptions(); services.AddMemoryCache(); services.Configure <IpRateLimitOptions>(Configuration.GetSection("IpRateLimiting")); services.Configure <IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies")); services.AddSingleton <IIpPolicyStore, MemoryCacheIpPolicyStore>(); services.AddSingleton <IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>(); var securityConfiguration = Configuration.GetSection("Security"); var securitySettings = new SecuritySettings(securityConfiguration["Issue"], securityConfiguration["AccessEncryptionKey"], securityConfiguration.GetValue <TimeSpan>("AccessExpirationPeriod"), securityConfiguration["RefreshEncryptionKey"], securityConfiguration.GetValue <TimeSpan>("RefreshExpirationPeriod")); var jwtIssuer = new JwtIssuer(securitySettings); services.AddSingleton(securitySettings); services.AddSingleton <IJwtIssuer>(jwtIssuer); var accessTokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, ValidateAudience = false, ValidateLifetime = true, ValidateIssuerSigningKey = true, ClockSkew = TimeSpan.Zero, IssuerSigningKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(securitySettings.AccessEncryptionKey)) }; services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = accessTokenValidationParameters; }); services .AddAuthorization(options => { options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme) .RequireAuthenticatedUser().Build(); }); var accessFilter = new AccessFilter(accessTokenValidationParameters); var refreshTokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, ValidateAudience = false, ValidateLifetime = true, ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(securitySettings.RefreshEncryptionKey)), ClockSkew = TimeSpan.Zero }; var refreshFilter = new RefreshTokenFilter(refreshTokenValidationParameters); services.AddSingleton(refreshFilter); services.AddSingleton(accessFilter); var userRepository = new UserRepository(db); var trackingManager = new TrackingManager(userRepository); services.AddSingleton <ITrackingManager>(trackingManager); services.AddMvc(o => { o.Filters.Add(new ActionFilter()); o.Filters.Add(new ExceptionFilter()); }); }