예제 #1
0
        private string GetSecurityToken()
        {
            string issuer     = ConfigurationManager.AppSettings["issuer"];
            string audience   = ConfigurationManager.AppSettings["audience"];
            string signingKey = ConfigurationManager.AppSettings["signingKey"];

            List <Claim> claims = new List <Claim>();

            claims.Add(new Claim("http://pegasusmission.io/claims/name", Guid.NewGuid().ToString()));
            claims.Add(new Claim("http://pegasusmission.io/claims/role", "gateway"));
            return(JwtSecurityTokenBuilder.Create(issuer, audience, claims, 2000, signingKey));
        }
예제 #2
0
        private void SetupJwtTokenAuthentication(IServiceCollection services, IConfiguration configuration)
        {
            var jwtPrivateKeyEnvironmentVariable = configuration["Authentication:Jwt:PrivateKeyEnvironmentVariable"];
            SymmetricSecurityKey privateKey;

            try
            {
                privateKey = new SymmetricSecurityKey(Convert.FromBase64String(Secrets.Get(jwtPrivateKeyEnvironmentVariable)));
            }
            catch (KeyNotFoundException)
            {
                using var rng = new RNGCryptoServiceProvider();
                var bytes = new byte[32];
                rng.GetBytes(bytes);
                privateKey = new SymmetricSecurityKey(bytes);
                Console.WriteLine(
                    $"JWT private key candidate: {Convert.ToBase64String(bytes)}. Store this as environment variable '{jwtPrivateKeyEnvironmentVariable}'.");
            }

            services.AddAuthentication(
                x =>
            {
                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme    = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(
                options =>
            {
                options.SaveToken = true;
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey         = privateKey,
                    ValidateIssuer           = false, // TODO Change after move to production environment
                    ValidateAudience         = false  // TODO Change after move to production environment
                };
            });
            var jwtTokenBuilder = new JwtSecurityTokenBuilder(privateKey, TimeSpan.FromMinutes(60));

            services.AddSingleton <ISecurityTokenBuilder>(jwtTokenBuilder);
        }