public string GetToken(User user)
{
if (user.Permissions == null)
{
throw new ArgumentNullException(nameof(user.Permissions));
}
var authConfig = _configResolver.Resolve <AuthenticationConfig>();
var symmetricKey = Convert.FromBase64String(authConfig.Secret);
var tokenHandler = new JwtSecurityTokenHandler();
var claims = new List <Claim>()
{
new Claim(Consts.SecurityLevelClaimType, SecurityLevel.Application.GetHashCode().ToString())
};
claims.AddRange(user.Permissions.Select(role => new Claim(Consts.ApplicationLevelClaimType, role.PermissionCode)));
var now = DateTime.UtcNow;
var tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = "MyCommerce.Authentication",
IssuedAt = now,
Subject = new ClaimsIdentity(claims),
Expires = now.AddMinutes(60),
NotBefore = now,
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(symmetricKey), SecurityAlgorithms.HmacSha256),
};
var securityToken = tokenHandler.CreateToken(tokenDescriptor);
var token = tokenHandler.WriteToken(securityToken);
return(token);
}
public string GetToken()
{
var authConfig = _configResolver.Resolve <AuthenticationConfig>();
var symmetricKey = Convert.FromBase64String(authConfig.Secret);
var tokenHandler = new JwtSecurityTokenHandler();
var roles = new List <string>()
{
"A", "B", "C"
};
var claims = new List <Claim>();
claims.Add(new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString()));
claims.Add(new Claim(ClaimTypes.GivenName, "Fatih"));
claims.Add(new Claim(ClaimTypes.Surname, "Ceritli"));
claims.Add(new Claim(ClaimTypes.Email, "*****@*****.**"));
claims.AddRange(roles.Select(c => new Claim(ClaimTypes.Role, c)));
var now = DateTime.Now;
var tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = "JWTExample",
IssuedAt = now,
Subject = new ClaimsIdentity(claims),
Expires = now.AddMinutes(authConfig.ExpireMinutes),
NotBefore = now,
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(symmetricKey), SecurityAlgorithms.HmacSha256),
};
var securityToken = tokenHandler.CreateToken(tokenDescriptor);
var token = tokenHandler.WriteToken(securityToken);
return(token);
}
public static IServiceCollection AddSecurity(this IServiceCollection services, IConfigResolver configResolver)
{
AuthenticationConfig configuration = null;
configuration = configResolver.Resolve <AuthenticationConfig>();
if (configuration == null)
{
throw new ArgumentNullException(nameof(configuration), "Authentication configuration is missing");
}
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}
)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
RequireExpirationTime = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
ValidateIssuer = true,
ValidIssuer = "MyCommerce.Authentication",
ValidateAudience = false,
RequireSignedTokens = true,
IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(configuration.Secret))
};
options.Events = new JwtBearerEvents
{
OnTokenValidated = ctx =>
{
return(Task.CompletedTask);
},
OnChallenge = ctx =>
{
return(Task.CompletedTask);
},
OnAuthenticationFailed = ctx =>
{
if (ctx.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
ctx.Response.Headers.Add("Token-Expired", true.ToString().ToLower());
}
ctx.Fail("Not Authorized");
return(Task.CompletedTask);
}
};
});
return(services);
}
public static IServiceCollection AddSecurity(this IServiceCollection services, IConfigResolver configResolver)
{
AuthenticationConfig configuration = null;
configuration = configResolver.Resolve <AuthenticationConfig>();
if (configuration == null)
{
throw new ArgumentNullException(nameof(configuration), "Authentication configuration is missing");
}
var principalAccessor = new PrincipalAccessor();
services.AddScoped <IPrincipalAccessor>(c => principalAccessor);
services.AddScoped(typeof(IDomainPrincipal), typeof(DomainPrincipal));
services.AddScoped <IAuthorizedUserResolver, AuthorizedUserResolver>();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultForbidScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
RequireExpirationTime = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
ValidateIssuer = true,
ValidIssuer = "JWTExample",
ValidateAudience = false,
RequireSignedTokens = true,
IssuerSigningKey = new SymmetricSecurityKey(Convert.FromBase64String(configuration.Secret))
};
options.Events = new JwtBearerEvents
{
OnTokenValidated = ctx =>
{
ClaimsPrincipal identity = ctx.Principal as ClaimsPrincipal;
if (identity != null)
{
principalAccessor.CurrentPrincipal = identity;
}
return(Task.CompletedTask);
},
OnChallenge = ctx =>
{
return(Task.CompletedTask);
},
OnAuthenticationFailed = ctx =>
{
if (ctx.Exception.GetType() == typeof(SecurityTokenExpiredException))
{
ctx.Response.Headers.Add("Token-Expired", true.ToString().ToLower());
}
ctx.Fail("Not Authorized");
return(Task.CompletedTask);
}
};
});
return(services);
}
public UrlCreator(IConfigResolver configResolver)
{
_urlConfig = configResolver.Resolve <UrlConfig>();
}
