private static RSACryptoServiceProvider GetPrivateKey(JwtAuthenticationSettings settings) { var certificateFetcher = settings.RelativeFileCertificate != null ? new FileCertificateFetcher(settings.RelativeFileCertificate) : settings.StoreCertificate != null ? new StoreByThumbprintCertificateFetcher(settings.StoreCertificate) : null as ICertificateFetcher; RSACryptoServiceProvider privateKey = null; if (certificateFetcher != null) { var certificate = certificateFetcher.Fetch(); if (certificate == null) { throw new InvalidOperationException(Messages.Exception_UseJwtAuthentication_CertificateNotFound); } privateKey = certificate.PrivateKey as RSACryptoServiceProvider; if (privateKey == null) { throw new InvalidOperationException(Messages.Exception_UseJwtAuthentication_NoPrivateKey); } } return(privateKey); }
/// <summary> /// Initializes a new instance of the <see cref="JoseJwtFormat" /> class. /// </summary> /// <param name="settings">The settings.</param> /// <param name="privateKey">The private key.</param> /// <exception cref="System.ArgumentNullException">If settings is null.</exception> public JoseJwtFormat(JwtAuthenticationSettings settings, RSACryptoServiceProvider privateKey) { if (settings == null) { throw new ArgumentNullException(nameof(settings)); } this.settings = settings; this.privateKey = privateKey; }
public static IAppBuilder UseJwtAuthentication( this IAppBuilder app, JwtAuthenticationSettings settings = null) { if (app == null) { throw new ArgumentNullException(nameof(app)); } var s = settings ?? app.GetInstance <JwtAuthenticationSettings>(); if (s == null) { throw new InvalidOperationException(Messages.Exception_UseJwtAuthentication_NoSettingsProvided); } if (s.RelativeFileCertificate != null && s.StoreCertificate != null) { throw new InvalidOperationException(Messages.Exception_UseJwtAuthentication_MultipleOptionsProvided); } var privateKey = GetPrivateKey(s); // Try decoding each secret so it will throw an exception early if there is a configuration problem s.AllowedServers.ToList().ForEach(server => TextEncodings.Base64Url.Decode(server.Secret)); var authenticationOptions = new OAuthBearerAuthenticationOptions { AccessTokenFormat = new JoseJwtFormat(s, privateKey), AuthenticationType = "Bearer", Provider = new OAuthBearerAuthenticationProvider { OnRequestToken = async context => await RequestToken(context, s), }, }; return(app.UseOAuthBearerAuthentication(authenticationOptions)); }
private static async Task RequestToken(OAuthRequestTokenContext requestTokenContext, JwtAuthenticationSettings settings) { var originalToken = requestTokenContext.Token; if (!string.IsNullOrWhiteSpace(settings.AuthorizationKey)) { requestTokenContext.Token = null; // Late bound to capture originalToken Func <OAuthRequestTokenContext, string, Task> useHeader = (context, _) => { if (!string.IsNullOrWhiteSpace(originalToken)) { context.Token = originalToken; } return(Task.FromResult <object>(null)); }; var setTokenLookup = new Dictionary <AuthorizationSource, Func <OAuthRequestTokenContext, string, Task> > { { AuthorizationSource.Header, useHeader }, { AuthorizationSource.Form, UseForm }, { AuthorizationSource.QueryString, UseQueryString }, }; var authorizationPriority = (settings.AuthorizationPriority.Count > 0) ? settings.AuthorizationPriority : new[] { AuthorizationSource.Header, AuthorizationSource.Form, AuthorizationSource.QueryString }; // Apply them last to first so that first gets highest priority when setting value var setTokens = authorizationPriority.Reverse().Select(a => setTokenLookup[a]); foreach (var setToken in setTokens) { await setToken(requestTokenContext, settings.AuthorizationKey); } } }