public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// Configure JWT authentication
services.Configure <TokenPayload>(Configuration.GetSection("tokenPayload"));
TokenPayload tokenPayload = Configuration.GetSection("tokenPayload").Get <TokenPayload>();
// Overwrite dummy secret value in appsettings.json with actual value from Azure Key Vault
const string issuerSigningKeyId = "https://extriviaganza-vault.vault.azure.net/secrets/QbQuestionsIssuerSigningKey";
tokenPayload.Secret = _secretManagementService.GetKeyVaultSecret(issuerSigningKeyId).Result;
services
.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters =
new TokenValidationParameters()
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(tokenPayload.Secret)),
ValidIssuer = tokenPayload.Issuer,
ValidAudience = tokenPayload.Audience,
ValidateIssuer = false,
ValidateAudience = false
};
});
// Connect to database
const string connectionStringId = "https://extriviaganza-vault.vault.azure.net/secrets/QbQuestionsDbConnectionString";
string connectionString = _secretManagementService.GetKeyVaultSecret(connectionStringId).Result;
services.AddDbContext <AppDbContext>(options => options.UseSqlServer(connectionString));
// Configure service lifetimes
services.AddScoped <IQbQuestionRepository, QbQuestionRepository>();
services.AddScoped <IUnitOfWork, UnitOfWork>();
services.AddScoped <IUserRepository, UserRepository>();
services.AddScoped <IQbQuestionService, QbQuestionService>();
services.AddScoped <IAuthenticateService, AuthenticateService>();
services.AddScoped <IUserService, UserService>();
services.AddAutoMapper(
Assembly.GetAssembly(typeof(ModelToResourceProfile)),
Assembly.GetAssembly(typeof(ResourceToModelProfile))
);
}
public void IsAuthenticatedSuccessTest()
{
// Arrange
IUserService userService = Substitute.For <IUserService>();
userService.IsValidUser(Arg.Any <User>()).Returns(true);
ISecretManagementService secretManagementService = Substitute.For <ISecretManagementService>();
secretManagementService.GetKeyVaultSecret(Arg.Any <string>()).Returns(Task.FromResult("very_long_token_secret"));
IOptions <TokenPayload> options = Options.Create(new TokenPayload {
Secret = string.Empty,
Issuer = string.Empty,
Audience = string.Empty,
AccessExpiration = 1,
RefreshExpiration = 1
});
IAuthenticateService authenticateService = new AuthenticateService(userService, secretManagementService, options);
User user = new User {
Username = "******"
};
string token;
// Act
bool success = authenticateService.IsAuthenticated(user, out token);
// Assert
success.Should().Be(true);
}
public bool IsAuthenticated(User user, out string token)
{
token = string.Empty;
if (!_userService.IsValidUser(user))
{
return(false);
}
Claim[] claim = new[]
{
new Claim(ClaimTypes.Name, user.Username)
};
const string issuerSigningKeyId = "https://extriviaganza-vault.vault.azure.net/secrets/QbQuestionsIssuerSigningKey";
_tokenPayload.Secret = _secretManagementService.GetKeyVaultSecret(issuerSigningKeyId).Result;
SymmetricSecurityKey key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_tokenPayload.Secret));
SigningCredentials credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
JwtSecurityToken jwtToken = new JwtSecurityToken(
_tokenPayload.Issuer,
_tokenPayload.Audience,
claim,
expires: DateTime.Now.AddSeconds(_tokenPayload.AccessExpiration),
signingCredentials: credentials
);
token = new JwtSecurityTokenHandler().WriteToken(jwtToken);
return(true);
}