// /Api/Admin/{action}
/// <summary>
/// Constructor
/// </summary>
/// <param name="environment"></param>
/// <param name="tokenValidationSettings"></param>
/// <param name="tokenService"></param>
/// <param name="frontendSettingsOptions"></param>
/// <param name="avatarSettingsOptions"></param>
/// <param name="userService"></param>
/// <param name="adminUserService"></param>
/// <param name="notificationService"></param>
/// <param name="permissionService"></param>
/// <param name="groupService"></param>
/// <param name="roleService"></param>
/// <param name="bulletinService"></param>
/// <param name="userActionLogService"></param>
/// <param name="moduleMetaDataProviders"></param>
/// <param name="menuProviders"></param>
/// <param name="logger"></param>
public AdminController(
IHostingEnvironment environment,
TokenValidationSettings tokenValidationSettings,
ITokenService tokenService,
IOptions <FrontendSettings> frontendSettingsOptions,
IOptions <AvatarSettings> avatarSettingsOptions,
IUserService userService,
IAdminUserService adminUserService,
INotificationService notificationService,
IPermissionService permissionService,
IGroupService groupService,
IRoleService roleService,
IBulletinService bulletinService,
IUserActionLogService userActionLogService,
IEnumerable <IModuleMetaDataProvider> moduleMetaDataProviders,
IEnumerable <IMenuProvider> menuProviders,
ILogger <AdminController> logger)
{
_environment = environment;
_tokenValidationSettings = tokenValidationSettings;
_tokenService = tokenService;
_frontendSettings = frontendSettingsOptions.Value;
_avatarSettings = avatarSettingsOptions.Value;
_userService = userService;
_adminUserService = adminUserService;
_notificationService = notificationService;
_permissionService = permissionService;
_groupService = groupService;
_roleService = roleService;
_bulletinService = bulletinService;
_userActionLogService = userActionLogService;
_moduleMetaDataProviders = moduleMetaDataProviders;
_menuProviders = menuProviders;
_logger = logger;
}
// /Api/Admin/{action}
/// <summary>
/// 构造函数
/// </summary>
/// <param name="tokenValidationSettings"></param>
/// <param name="frontendSettingsOptions"></param>
/// <param name="userService"></param>
/// <param name="adminUserService"></param>
/// <param name="notificationService"></param>
/// <param name="permissionService"></param>
/// <param name="groupService"></param>
/// <param name="roleService"></param>
/// <param name="bulletinService"></param>
/// <param name="permissionProviders"></param>
/// <param name="menuProviders"></param>
public AdminController(
TokenValidationSettings tokenValidationSettings,
IOptions <FrontendSettings> frontendSettingsOptions,
IUserService userService,
IAdminUserService adminUserService,
INotificationService notificationService,
IPermissionService permissionService,
IGroupService groupService,
IRoleService roleService,
IBulletinService bulletinService,
IEnumerable <IPermissionProvider> permissionProviders,
IEnumerable <IMenuProvider> menuProviders)
{
_tokenValidationSettings = tokenValidationSettings;
_frontendSettings = frontendSettingsOptions.Value;
_userService = userService;
_adminUserService = adminUserService;
_notificationService = notificationService;
_permissionService = permissionService;
_groupService = groupService;
_roleService = roleService;
_bulletinService = bulletinService;
_permissionProviders = permissionProviders;
_menuProviders = menuProviders;
}
/// <summary>
/// 构造函数
/// </summary>
/// <param name="tokenValidationSettings"></param>
/// <param name="cache"></param>
public TokenService(
TokenValidationSettings tokenValidationSettings,
IDistributedCache cache
)
{
_tokenValidationSettings = tokenValidationSettings;
_cache = cache;
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="tokenValidationSettings"></param>
/// <param name="cache"></param>
/// <param name="logger"></param>
public TokenService(
TokenValidationSettings tokenValidationSettings,
IDistributedCache cache,
ILogger <TokenService> logger
)
{
_tokenValidationSettings = tokenValidationSettings;
_cache = cache;
_logger = logger;
}
private static CloudBornWebConfiguration CreateConfiguration(IConfiguration configuration)
{
ServiceEnvironmentSettings serviceEnvironmentSettings = configuration.GetSection("ServiceEnvironment").Get <ServiceEnvironmentSettings>();
var environmentSettings = EnvironmentSettingsLoader.Load(serviceEnvironmentSettings.EnvironmentSettingsResourceName);
TokenValidationSettings tokenValidationSettings = configuration.GetSection("TokenValidation").Get <TokenValidationSettings>();
var authorizedResources = configuration.GetSection("AuthorizedResources").Get <AuthorizedResources>();
return(new CloudBornWebConfiguration(serviceEnvironmentSettings, environmentSettings, tokenValidationSettings, authorizedResources));
}
public CloudBornWebConfiguration(
ServiceEnvironmentSettings serviceEnvironmentSettings,
EnvironmentSettings environmentSettings,
TokenValidationSettings tokenValidationSettings,
AuthorizedResources authorizedResources)
{
this.ServiceEnvironmentSettings = serviceEnvironmentSettings;
this.EnvironmentSettings = environmentSettings;
this.TokenValidationSettings = tokenValidationSettings;
this.AuthorizedResources = authorizedResources;
}
public AuthenticationController(
IOptions <AuthenticationSettings> authenticationSettingsOptions,
TokenValidationSettings tokenValidationSettings,
IUserService userService,
IMobileUserService mobileUserService,
IWeixinUserService weixinUserService
)
{
_authenticationSettings = authenticationSettingsOptions.Value;
_tokenValidationSettings = tokenValidationSettings;
_userService = userService;
_mobileUserService = mobileUserService;
_weixinUserService = weixinUserService;
}
private static StatelessAuthenticationConfiguration BuildAuthConfiguration(TokenValidationSettings settings)
{
var configuration = new StatelessAuthenticationConfiguration(
ctx =>
{
try
{
var authorization = ctx.Request.Headers.Authorization;
if (string.IsNullOrWhiteSpace(authorization))
{
return(null);
}
if (!authorization.StartsWith(TokenPrefix, StringComparison.OrdinalIgnoreCase))
{
return(null);
}
var jwtToken = authorization.Remove(0, TokenPrefix.Length);
var handler = new JwtSecurityTokenHandler {
SetDefaultTimesOnTokenCreation = false
};
var principal = handler.ValidateToken(
jwtToken,
settings.BuildTokenValidationParameters(),
out _);
ParsePermissions(principal, jwtToken);
return(principal);
}
catch (Exception)
{
return(null);
}
});
return(configuration);
}
private static TokenValidationSettings BuildDefaultTokenValidationSettings()
{
var settings = new TokenValidationSettings
{
Audience = "*",
Issuer = "Issuer",
ValidateLifetime = false,
Keys = new[]
{
new KeyInfo
{
Alg = SecurityAlgorithms.HmacSha256,
Key = "kiHLSfGebYvXGTDx0vWb53JhyUpnw6HvgRwOJ6h/hUs="
},
new KeyInfo
{
Alg = SecurityAlgorithms.RsaSha256,
Key = "PFJTQUtleVZhbHVlPjxNb2R1bHVzPng1Y2tLak5NQzUvVTRETnZ2ZEhTRnkzc1ZoUDgxRmZrZ1lmZ3o5RjRXK05mUVpXK3k2Mk43NmZwRjRMOGh0cVNoSjFRcjJuRUtFNjdPZ2V0R3FjZWJ6dlppaXU3UXlpTFlzN1VJK2sxUGhiN1B1WDFTNUFBelpkY2tRSDdiNXZiV2lXVmdyUG9xYjM3M1BnRTJDai8vNFZmYUR4TEhWOThBbCtXbTV5VEd3WjhPWk45MVFSSmdmQkVseXB0ZEw1MDVRbkVzZGQ3aEZUU0VkUTdlUDRaOE1JK1REaVk5VU10WFh4cU1haUY0UWw1RFR5bUMvUWpiSi9aaVZLbXZXeCtFRkZFSHdUTFZYSHNxZUp5bTg5SzNma3Zvdm11NHNhOGN3ZUovWlRwUnJDM0R0M2YrZnd0NFFBRTNEOGxZNjBmNjhEQkdteWNQVDVtRDliUzlYYWxoUT09PC9Nb2R1bHVzPjxFeHBvbmVudD5BUUFCPC9FeHBvbmVudD48L1JTQUtleVZhbHVlPg =="
}
}
};
return settings;
}
public static void AddDomain0Auth(this IPipelines pipelines, TokenValidationSettings settings)
{
StatelessAuthentication.Enable(
pipelines,
BuildAuthConfiguration(settings));
}
public static void AddDomain0Auth(this IServiceCollection services, TokenValidationSettings settings)
{
var defaultPolicy = new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
services.AddAuthorizationCore(opt => opt.AddPolicy(Domain0Auth.Policy, defaultPolicy));
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
// Automatically disable the HTTPS requirement for development scenarios.
options.RequireHttpsMetadata = false; //!env.IsDevelopment();
options.ConfigurationManager = null;
options.MetadataAddress = null;
options.Authority = null;
options.TokenValidationParameters = settings.BuildTokenValidationParameters();
options.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context => Task.FromResult(0),
OnTokenValidated = context =>
{
//TODO use constants
var claimsIdentity = (ClaimsIdentity)context.Principal.Identity;
claimsIdentity.AddClaim(new Claim("id_token",
context.Request.Headers["Authorization"][0].Substring(
context.Scheme.Name.Length + 1)));
foreach (var role in context.Principal.FindAll("permissions").ToList())
{
foreach (var permission in JsonConvert.DeserializeObject <string[]>(role.Value))
{
claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, permission));
}
}
var subClaim = context.Principal.FindFirst(
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier");
if (subClaim != null)
{
claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, subClaim.Value));
}
return(Task.FromResult(0));
},
OnChallenge = context =>
{
//TODO replace
if (string.Compare(context.Request.Method, "OPTIONS", StringComparison.OrdinalIgnoreCase) != 0)
{
return(Task.FromResult(0));
}
context.Response.StatusCode = 200;
context.Response.Headers.Add("Access-Control-Allow-Origin",
context.Request.Headers["Origin"][0]);
context.Response.Headers.Add("Access-Control-Allow-Credentials", "true");
context.Response.Headers.Add("Access-Control-Allow-Headers",
context.Request.Headers["Access-Control-Request-Headers"][0]);
return(Task.FromResult(0));
}
};
});
}
