// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IOptions <LoggingConfiguration> loggingConfiguration)
{
mainModule.Run(app.ApplicationServices);
RegisterLogger(env, loggerFactory, loggingConfiguration.Value);
//app.Use(async (context, next) =>
// {
// // here all requests can be monitored
// // context.Request
// await next.Invoke();
// });
app.UseCors("CorsPolicy");
//app.UseIISPlatformHandler(options => options.AuthenticationDescriptions.Clear());
app.UseJwtBearerAuthentication(
new JwtBearerOptions
{
TokenValidationParameters = QLAuthenticationOptions.GetTokenValidationParameters()
});
app.UseExceptionHandlerMiddleware();
app.UseMvc();
}
public async Task <TokenResponse> CreateJwtTokenAsync([FromBody] TokenRequest request)
{
if (request == null)
{
throw new ArgumentException(nameof(TokenRequest));
}
TokenResponse response;
try
{
DateTime expireDateTimeUtc = DateTime.UtcNow.AddMilliseconds(QLAuthenticationOptions.TokenLifetimeMS);
ClaimsIdentityBox identityBox = await GetUserIdentityAsync(request.Login, request.Password, request.GrantType);
if (identityBox != null)
{
JwtSecurityToken token = JwtTokenHandler
.CreateJwtSecurityToken(
subject: identityBox.ClaimsIdentity,
signingCredentials: QLAuthenticationOptions.GetSigningCredentials(),
audience: QLAuthenticationOptions.Audience,
issuer: QLAuthenticationOptions.Issuer,
expires: expireDateTimeUtc);
response = new TokenResponse(
token.Issuer, token.Audiences.ToList(), JwtTokenHandler.WriteToken(token), TokenType, identityBox.Sub, expireDateTimeUtc,
await ParseIdentityInfoFromIdentityClaimsAsync(identityBox.ClaimsIdentity.Claims.ToDictionary((item) => item.Type, (item) => item.Value)));
}
else
{
throw new AuthorizationException("Login or password is incorrect.");
}
}
catch (AuthorizationException)
{
Response.StatusCode = (int)HttpStatusCode.Unauthorized;
response = null;
}
return(response);
}