public JwtProvider(
IOptions <JwtSigningOptions> signingOpts,
IOptions <AuthenticationOptions> authOpts,
IOptions <LeafVersionOptions> versionOpts,
IFederatedIdentityProvider identityService,
IFederatedEntitlementProvider entitlementService
)
{
jwtOptions = signingOpts.Value;
authenticationOptions = authOpts.Value;
versionOptions = versionOpts.Value;
this.idProvider = identityService;
this.entitlementService = entitlementService;
}
private static void ConfigureJwtOptions(IServiceCollection services, IConfiguration configuration)
{
IConfigurationSection jwtConfigurationSection = configuration.GetSection(nameof(JwtOptions));
JwtOptions jwtOptions = new JwtOptions();
if (!jwtConfigurationSection.Exists())
{
throw new InvalidOperationException($"Missing {nameof(JwtOptions)} Configuration section");
}
ConfigureFromConfigurationOptions <JwtOptions> jwtConfigure =
new ConfigureFromConfigurationOptions <JwtOptions>(jwtConfigurationSection);
jwtConfigure.Configure(jwtOptions);
IJwtSigningOptions jwtSigningOptions = new JwtSigningOptions(jwtOptions);
services.AddSingleton <IJwtOptions>(jwtOptions);
services.AddSingleton(jwtSigningOptions);
services.AddSingleton <IWebSocketManager, WebSocketManager>();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = jwtOptions.Audience,
ValidIssuer = jwtOptions.Issuer,
ValidateAudience = true,
ValidateIssuer = true,
ClockSkew = TimeSpan.Zero,
IssuerSigningKey = jwtSigningOptions.SigningCredentials.Key
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
var accessToken = context.Request.Query["access_token"];
var path = context.HttpContext.Request.Path;
if (!string.IsNullOrEmpty(accessToken) && path.StartsWithSegments("/ws"))
{
context.Token = accessToken;
}
return(Task.CompletedTask);
}
};
});
services.AddAuthorization(auth =>
{
var policy = new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
auth.AddPolicy(JwtBearerDefaults.AuthenticationScheme, policy);
});
services.AddControllers(options =>
{
AuthorizationPolicy policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
})
.AddNewtonsoftJson(options =>
{
options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
options.SerializerSettings.NullValueHandling = NullValueHandling.Ignore;
});
services
.AddSignalR(options => options.EnableDetailedErrors = true)
.AddJsonProtocol();
services.AddHttpContextAccessor();
}
