private static void RegisterTokenAuthorizationOptions(IServiceCollection services) { //in production keep RSACryptoServiceProvider in save place RSACryptoServiceProvider keyService = new RSACryptoServiceProvider(2048); var xmlString = String.Empty; var path = @"C:\Users\marcianno\Documents\Key\RsaProvider.txt"; using (StreamReader sw = new StreamReader(path)) { xmlString = sw.ReadToEnd(); } keyService.FromXmlString(xmlString); RsaSecurityKey key = new RsaSecurityKey(keyService.ExportParameters(true)); var tokenOptions = new TokenAuthorizationOptions { Audience = "MobileSecondHandApp", Issuer = "MarcinSzyszka", SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature) }; services.AddSingleton<TokenAuthorizationOptions>(tokenOptions); }
public void CanValidateRS256() { const string token = "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"; var n = Base64Url.DeserializeBytes("ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddxHmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMsD1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSHSXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdVMTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ", "n"); var e = Base64Url.DeserializeBytes("AQAB", "e"); var key = new RsaSecurityKey(new RSAParameters { Exponent = e, Modulus = n }); IdentityModelEventSource.ShowPII = true; var result = new JsonWebTokenHandler().ValidateToken(token, new TokenValidationParameters { IssuerSigningKey = key, ClockSkew = TimeSpan.FromDays(4000), ValidIssuer = "joe", ValidateAudience = false }); result.IsValid.ShouldBeTrue(); }
/// <summary> /// 向容器注入Jupiter Token检查服务 /// </summary> /// <param name="services"></param> /// <param name="Configuration"></param> /// <returns></returns> public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, IConfiguration Configuration) { var appSettingSection = Configuration.GetSection("AppSetting"); services.Configure <JupiterKeys>(appSettingSection); var keys = appSettingSection.Get <JupiterKeys>(); if (!TryGetKeyParameters(keys, out RSAParameters keyParams)) { throw new UnauthorizeException(); } var key = new RsaSecurityKey(keyParams); services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddCookie(cfg => cfg.SlidingExpiration = true) .AddJwtBearer(x => { x.RequireHttpsMetadata = true; x.SaveToken = true; x.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = key, ValidateIssuer = true, ValidIssuer = "Jupiter", ValidateAudience = false, }; }); services.AddHttpClient(); return(services); }
private SecurityKey GetAsymmetricSecurityKey(string keyPairId) { if (_publicKeyStore == null) { _logger.LogError("Public Key store not available"); return(null); } // get key by keyPairId or latest var key = _publicKeyStore.GetKey(keyPairId); if (key == null) { _logger.LogError("Couldn't retrieve public key"); return(null); } var securityKey = new RsaSecurityKey(new OpenSSLPublicKeyDecoder().DecodeParameters(key)); _logger.LogError("Created security key {SecurityKeyId}", securityKey.KeyId); return(securityKey); }
public ActionResult <string> Login([FromBody] LoginDto dto) { if (!dto.UserName.Equals(dto.Password)) { return(string.Empty); } var user = new User { Id = 1, Name = dto.UserName, Email = "*****@*****.**", Birthday = DateTime.Now.AddYears(-10), PhoneNumber = "18888888888" }; var tokenHandler = new JwtSecurityTokenHandler(); var rsaPrivateKey = System.IO.File.ReadAllText(Path.Combine(_env.ContentRootPath, "private.key")); var rSAParameters = JsonConvert.DeserializeObject <RSAParameters>(rsaPrivateKey); var rsaSecurityKey = new RsaSecurityKey(rSAParameters); var tokenDescriptor = new SecurityTokenDescriptor() { Subject = new ClaimsIdentity(new Claim[] { new Claim(JwtClaimTypes.Id, user.Id.ToString()), new Claim(JwtClaimTypes.Name, user.Name), new Claim(JwtClaimTypes.Email, user.Email), new Claim(JwtClaimTypes.PhoneNumber, user.PhoneNumber), }), Expires = DateTime.UtcNow.AddMinutes(15), SigningCredentials = new SigningCredentials(rsaSecurityKey, SecurityAlgorithms.RsaSha256Signature), Audience = "aspnetcoreweb", Issuer = "jjj", }; var token = tokenHandler.CreateEncodedJwt(tokenDescriptor); return(token); }
/// <summary> /// Creates a new RSA security key. /// </summary> /// <returns></returns> public static RsaSecurityKey CreateRsaSecurityKey() { var rsa = RSA.Create(); RsaSecurityKey key; if (rsa is RSACryptoServiceProvider) { rsa.Dispose(); var cng = new RSACng(2048); var parameters = cng.ExportParameters(includePrivateParameters: true); key = new RsaSecurityKey(parameters); } else { rsa.KeySize = 2048; key = new RsaSecurityKey(rsa); } //key.KeyId = CryptoRandom.CreateUniqueId(16); return(key); }
public void ConfigureServices(IServiceCollection services) { var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; var json = File.ReadAllText("oauth_puk.txt"); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); var rsaParameters = new RSAParameters { Modulus = dic.TryGet(RSAFields.Modulus), Exponent = dic.TryGet(RSAFields.Exponent) }; var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters); services.AddMvc(); services.AddLogging(); services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy()); services.AddAuthentication(SCIMConstants.AuthenticationScheme) .AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg => { cfg.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = "http://localhost:60000", ValidAudiences = new List <string> { "scimClient" }, ValidateIssuerSigningKey = true, IssuerSigningKey = oauthRsaSecurityKey }; }); services.AddSIDScim(_ => { _.IgnoreUnsupportedCanonicalValues = false; }); services.AddScimStoreEF(options => { options.UseSqlServer(Configuration.GetConnectionString("db"), o => o.MigrationsAssembly(migrationsAssembly)); }); }
internal static License ValidateKey(string licenseKey) { if (!String.IsNullOrWhiteSpace(licenseKey)) { var handler = new JwtSecurityTokenHandler(); try { var rsa = new RSAParameters { Exponent = Convert.FromBase64String("AQAB"), Modulus = Convert.FromBase64String("tAHAfvtmGBng322TqUXF/Aar7726jFELj73lywuCvpGsh3JTpImuoSYsJxy5GZCRF7ppIIbsJBmWwSiesYfxWxBsfnpOmAHU3OTMDt383mf0USdqq/F0yFxBL9IQuDdvhlPfFcTrWEL0U2JsAzUjt9AfsPHNQbiEkOXlIwtNkqMP2naynW8y4WbaGG1n2NohyN6nfNb42KoNSR83nlbBJSwcc3heE3muTt3ZvbpguanyfFXeoP6yyqatnymWp/C0aQBEI5kDahOU641aDiSagG7zX1WaF9+hwfWCbkMDKYxeSWUkQOUOdfUQ89CQS5wrLpcU0D0xf7/SrRdY2TRHvQ=="), }; var key = new RsaSecurityKey(rsa) { KeyId = "IdentityServerLicensekey/7ceadbb78130469e8806891025414f16" }; var parms = new TokenValidationParameters { ValidIssuer = "https://duendesoftware.com", ValidAudience = "IdentityServer", IssuerSigningKey = key, ValidateLifetime = false }; var validateResult = handler.ValidateToken(licenseKey, parms, out _); return(new License(validateResult)); } catch (Exception ex) { _logger.LogCritical(ex, "Error validating Duende IdentityServer license key"); } } return(null); }
public async Task ResolveAuthorityAndKeysAsync_SetsUpAuthorityAndKeysOnTheTokenValidationParametersAsync() { // Arrange var localApiDescriptor = new Mock <IIdentityServerJwtDescriptor>(); localApiDescriptor.Setup(lad => lad.GetResourceDefinitions()) .Returns(new Dictionary <string, ResourceDefinition> { ["TestAPI"] = new ResourceDefinition { Profile = ApplicationProfiles.IdentityServerJwt } }); var credentialsStore = new Mock <ISigningCredentialStore>(); var key = new RsaSecurityKey(RSA.Create()); credentialsStore.Setup(cs => cs.GetSigningCredentialsAsync()) .ReturnsAsync(new SigningCredentials(key, "RS256")); var context = new DefaultHttpContext(); context.Request.Scheme = "https"; context.Request.Host = new HostString("localhost"); context.RequestServices = new ServiceCollection() .AddSingleton(new IdentityServerOptions()) .AddSingleton(credentialsStore.Object) .BuildServiceProvider(); var options = new JwtBearerOptions(); var args = new MessageReceivedContext(context, new AuthenticationScheme("TestAPI", null, Mock.Of <IAuthenticationHandler>().GetType()), options); // Act await IdentityServerJwtBearerOptionsConfiguration.ResolveAuthorityAndKeysAsync(args); // Assert Assert.Equal("https://localhost", options.TokenValidationParameters.ValidIssuer); Assert.Equal(key, options.TokenValidationParameters.IssuerSigningKey); }
public void ConfigureServices(IServiceCollection services) { // *** CHANGE THIS FOR PRODUCTION USE *** // Here, we're generating a random key to sign tokens - obviously this means // that each time the app is started the key will change, and multiple servers // all have different keys. This should be changed to load a key from a file // securely delivered to your application, controlled by configuration. // // See the RSAKeyUtils.GetKeyParameters method for an examle of loading from // a JSON file. RSAParameters keyParams = RSAKeyUtils.GetRandomKey(); // Create the key, and a set of token options to record signing credentials // using that key, along with the other parameters we will need in the // token controlller. key = new RsaSecurityKey(keyParams); tokenOptions = new TokenAuthOptions() { Audience = TokenAudience, Issuer = TokenIssuer, SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest) }; // Save the token options into an instance so they're accessible to the // controller. services.AddInstance <TokenAuthOptions>(tokenOptions); // Enable the use of an [Authorize("Bearer")] attribute on methods and classes to protect. services.AddAuthorization(auth => { auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder() .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme) .RequireAuthenticatedUser().Build()); }); services.AddMvc(); }
internal static void GetPublicKey() { while (true) { try { if (ServerUrl.EndsWith("/") == false) { ServerUrl += "/"; } var serverContnt = Way.Lib.HttpClient.GetContent($"{ServerUrl}.well-known/openid-configuration", 8000).FromJson <Dictionary <string, object> >(); var keyContent = Way.Lib.HttpClient.GetContent(serverContnt["jwks_uri"].ToString(), 8000); JsonWebKeySet exampleJWKS = new JsonWebKeySet(keyContent); JsonWebKey exampleJWK = exampleJWKS.Keys.First(); /* Create RSA from Elements in JWK */ RSAParameters rsap = new RSAParameters { Modulus = WebEncoders.Base64UrlDecode(exampleJWK.N), Exponent = WebEncoders.Base64UrlDecode(exampleJWK.E), }; System.Security.Cryptography.RSA rsa = System.Security.Cryptography.RSA.Create(); rsa.ImportParameters(rsap); rsaSecurityKey = new RsaSecurityKey(rsa); Thread.Sleep(RefreshPublicKeySeconds * 1000); } catch (Exception ex) { _logger?.LogError(ex, ""); Thread.Sleep(1000); continue; } } }
public ActionResult <string> Login() { var user = new User { Id = 1, Name = "jjj", Email = "*****@*****.**", Birthday = DateTime.Now.AddYears(-10), Password = "******", PhoneNumber = "18888888888" }; var tokenHandler = new Saml2SecurityTokenHandler(); var privateKey = System.IO.File.ReadAllText(Path.Combine(_env.ContentRootPath, "private.key")); var rsaParameters = JsonConvert.DeserializeObject <RSAParameters>(privateKey); var rsaSecurityKey = new RsaSecurityKey(rsaParameters); var tokenDescriptor = new SecurityTokenDescriptor() { Issuer = "https://www.jjj.me", Audience = "https://api.jjj.me", NotBefore = DateTime.Now, Expires = DateTime.UtcNow.AddMinutes(15), SigningCredentials = new SigningCredentials(rsaSecurityKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest), Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), new Claim(ClaimTypes.Name, user.Name), new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.MobilePhone, user.PhoneNumber), new Claim(ClaimTypes.Role, "Manager") }) }; var token = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor)); return(token); }
static void Main(string[] args) { String privateKeyPath = @"E:\dev\java\intellijws\e2e-microservice\demo\demo\target\test-classes\privateKey.pem"; using (var rsa = PrivateKeyFromPemFile(privateKeyPath)) { RsaSecurityKey rsaSecurityKey = new RsaSecurityKey(rsa); ClaimsIdentity subject = new ClaimsIdentity(); subject.AddClaim(new Claim("a", "b")); SigningCredentials rsaSigningCredentials = new SigningCredentials( rsaSecurityKey, SecurityAlgorithms.RsaSha256, SecurityAlgorithms.Sha256Digest); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); //var token = tokenHandler.CreateEncodedJwt(issuer: "abc", // audience: "default", // subject: subject, // notBefore: DateTime.UnixEpoch, // expires: DateTime.UnixEpoch + TimeSpan.FromHours(1), // issuedAt: DateTime.UnixEpoch, // signingCredentials: rsaSigningCredentials); //Console.WriteLine(token); JwtSecurityToken jwt = tokenHandler.CreateJwtSecurityToken( issuer: "abc", audience: "default", subject: subject, notBefore: DateTime.UnixEpoch, expires: DateTime.UnixEpoch + TimeSpan.FromHours(1), signingCredentials: rsaSigningCredentials); Console.WriteLine(tokenHandler.WriteToken(jwt)); //Console.WriteLine(jwt.RawData); } Console.ReadLine(); }
public SigningConfigurations() { using (var provider = new RSACryptoServiceProvider(2048)) { /* * var pubKey = provider.ExportParameters(true); * * string pubKeyString; * { * //we need some buffer * var sw = new System.IO.StringWriter(); * //we need a serializer * var xs = new System.Xml.Serialization.XmlSerializer(typeof(RSAParameters)); * //serialize the key into the stream * xs.Serialize(sw, pubKey); * //get the string from the stream * pubKeyString = sw.ToString(); * } * * Console.WriteLine(pubKeyString);*/ var signKey = File.ReadAllText("Configuration/signkey.xml"); RSAParameters pubKey; //converting it back { //get a stream from the string var sr = new System.IO.StringReader(signKey); //we need a deserializer var xs = new System.Xml.Serialization.XmlSerializer(typeof(RSAParameters)); //get the object back from the stream pubKey = (RSAParameters)xs.Deserialize(sr); } Key = new RsaSecurityKey(pubKey); } SigningCredentials = new SigningCredentials( Key, SecurityAlgorithms.RsaSha256Signature); }
public string Build() { SigningCredentials signingCredentials; string? kid = null; if (PublicPrivateKey == null) { Certificate.Verify(nameof(Certificate)).IsNotNull(); var securityKey = new X509SecurityKey(Certificate); signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha512); } else { kid = PublicPrivateKey.Kid.ToString(); var privateSecurityKey = new RsaSecurityKey(PublicPrivateKey.GetPrivateKey()); signingCredentials = new SigningCredentials(privateSecurityKey, SecurityAlgorithms.RsaSha512); } var header = new JwtHeader(signingCredentials); header["kid"] = kid ?? header["kid"]; var addClaims = new List <Claim>(); if (!WebKey.IsEmpty()) { addClaims.Add(new Claim(JwtStandardClaimNames.WebKeyName, WebKey)); } ; var payload = new JwtPayload(Issuer, Audience, Claims.Concat(addClaims), NotBefore, Expires, IssuedAt); var jwtToken = new JwtSecurityToken(header, payload); var tokenHandler = new JwtSecurityTokenHandler(); return(tokenHandler.WriteToken(jwtToken)); }
public string GenerateToken(User user) { var tokenHandler = new JwtSecurityTokenHandler(); RsaSecurityKey securityKey = new RsaSecurityKey(RSACertificateExtensions.GetRSAPrivateKey(_certificate)); securityKey.KeyId = _tenantData.KeyID; var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim("sub", user.Subject), new Claim("subType", "user"), new Claim("name", user.DisplayName), new Claim("email", user.Email), new Claim("email_verified", "true", ClaimValueTypes.Boolean) }), Expires = DateTime.UtcNow.AddHours(3), Issuer = _tenantData.Issuer, Audience = "qlik.api/login/jwt-session", SigningCredentials = signingCredentials }; if (user.HasImageURL()) { tokenDescriptor.Subject.AddClaim(new Claim("picture", user.ImageURL)); } for (int i = 0; i < user.Groups.Length; i++) { tokenDescriptor.Subject.AddClaim(new Claim("groups", user.Groups[i])); } var token = tokenHandler.CreateToken(tokenDescriptor); string jwtToken = tokenHandler.WriteToken(token); return(jwtToken); }
/// <summary> /// Add JWT support on authentication /// </summary> /// <param name="services"></param> public static void AddAuth(this IServiceCollection services, bool hasIdentityServer) { config = LightConfigurator.Config <AuthConfiguration>("Auth"); var rsaConfig = LightConfigurator.Config <SigningCredentialsConfig>("SigningCredentials"); RSAParameters rsaParameters = new RSAParameters { D = Convert.FromBase64String(rsaConfig.D), DP = Convert.FromBase64String(rsaConfig.DP), DQ = Convert.FromBase64String(rsaConfig.DQ), Exponent = Convert.FromBase64String(rsaConfig.Exponent), InverseQ = Convert.FromBase64String(rsaConfig.InverseQ), Modulus = Convert.FromBase64String(rsaConfig.Modulus), P = Convert.FromBase64String(rsaConfig.P), Q = Convert.FromBase64String(rsaConfig.Q) }; SecurityKey key = new RsaSecurityKey(rsaParameters); key.KeyId = rsaConfig.KeyId; if (!hasIdentityServer) { services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(jwtOpt => { jwtOpt.Authority = config.Authority; jwtOpt.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidIssuer = config.Authority, ValidateAudience = true, ValidAudiences = config.Audiencies.Split(','), IssuerSigningKey = key }; jwtOpt.Events = new JwtBearerEvents(); jwtOpt.RequireHttpsMetadata = config.RequireHttpsMetadata; }); } }
public string GenerateJWT() { DateTime UnixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); // Provide proper private key string privateSecretKey = "OfED+KgbZxtu4e4+JSQWdtSgTnuNixKy1nMVAEww8QL3IN33XusJhrz9HXmIrdyX2F41xJHG4uj5/2Dzv3xjYYvqxexm3X3X5TOf3WoM1VNloJ7UnbqUJOiEjgK8sRdJntgfomO4U8s67cpysk0h9rc0He4xRspEjOapFfDg+VG8igidcNgbNDSSaV4491Fo3sq2aGSCtYvekzs7JwXJnNAyvDSJjfK/7M8MpxSMnm1vMscBXyiYFXhGC4wqWlYBE828/5DNyw3QZW5EjD7hvDrY5OlYd4smCTa53helNnJz5NT9HQaDbE2sMwIDAQABAoIBAEs63TvT94njrPDP3A/sfCEXg1F2y0D/PjzUhM1aJGcRiOUXnGlYdViGhLnnJoNZTZm9qI1LT0NWcDA5NmBN6gcrk2EApyTt1D1i4AQ66rYoTF9iEC4Wye28v245BYESA6IIelgIxXGsVyllERsbTkaphzibbYfHmvwMxkn135Zfzd/NOXl/O32vYIomzrNEP+tN2WXhhG8c8+iZ8PErBV3CqrYogYy97d2CeQbXcpd5unPiU4TK0nnzeBAXdgeYuJHFC45YHl9UvShRoe6CHR47ceIGp6WMc5BTyyTkZpctuYJTwaChdj/QuRSkTYmn6jFL+MRfYQJ8VVwSVo5DbkECgYEA4/YIMKcwObYcSuHzgkMwH645CRDoy9M98eptAoNLdJBHYz23U5IbGL1+qHDDCPXxKs9ZG7EEqyWezq42eoFoebLA5O6/xrYXoaeIb094dbCF4D932hAkgAaAZkZVsSiWDCjYSV+JoWX4NVBcIL9yyHRhaaPVULTRbPsZQWq9+hMCgYEA48j4RGO7CaVpgUVobYasJnkGSdhkSCd1VwgvHH3vtuk7/JGUBRaZc0WZGcXkAJXnLh7QnDHOzWASdaxVgnuviaDi4CIkmTCfRqPesgDR2Iu35iQsH7P2/o1pzhpXQS/Ct6J7/GwJTqcXCvp4tfZDbFxS8oewzp4RstILj+pDyWECgYByQAbOy5xB8GGxrhjrOl1OI3V2c8EZFqA/NKy5y6/vlbgRpwbQnbNy7NYj+Y/mV80tFYqldEzQsiQrlei78Uu5YruGgZogL3ccj+izUPMgmP4f6+9XnSuN9rQ3jhy4k4zQP1BXRcim2YJSxhnGV+1hReLknTX2IwmrQxXfUW4xfQKBgAHZW8qSVK5bXWPjQFnDQhp92QM4cnfzegxe0KMWkp+VfRsrw1vXNx"; rsa = DecodeRSAPrivateKey(FromBase64Url(privateSecretKey)); //convert to csp format var bytes = rsa.ExportCspBlob(false); var publicKey = Convert.ToBase64String(bytes); // RsaSecurityKey _signingKey = new RsaSecurityKey(rsa); Microsoft.IdentityModel.Tokens.SigningCredentials signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(_signingKey, SecurityAlgorithms.RsaSha256); JwtHeader head = new JwtHeader(signingCredentials); head.Add("kid", "lzo-firstpublickey"); string sNewGuid = Guid.NewGuid().ToString("n"); var claims = new[] { new Claim(JwtRegisteredClaimNames.Iss, "s6BhdRkqt3"), new Claim(JwtRegisteredClaimNames.Sub, "s6BhdRkqt3"), new Claim(JwtRegisteredClaimNames.Aud, "https://cis.ncrs/connect/token"), new Claim(JwtRegisteredClaimNames.Jti, sNewGuid), new Claim(JwtRegisteredClaimNames.Exp, ((Int64)DateTime.Now.AddMinutes(55).Subtract(UnixEpoch).TotalSeconds).ToString(System.Globalization.CultureInfo.InvariantCulture), ClaimValueTypes.Integer64), new Claim(JwtRegisteredClaimNames.Iat, ((Int64)DateTime.Now.Subtract(UnixEpoch).TotalSeconds).ToString(System.Globalization.CultureInfo.InvariantCulture), ClaimValueTypes.Integer64) }; JwtPayload payload = new JwtPayload(claims); JwtSecurityToken jwt = new JwtSecurityToken(head, payload); jwt.SigningKey = _signingKey; var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); return(encodedJwt); }
/// <summary> /// 生成Shop授权JWT /// </summary> private string GenerateShopAuthorizationJWT(string sid, string userName, string shopId, List <Operation> opList) { var claims = new List <Claim>(); claims.Add(new Claim("sid", sid)); claims.Add(new Claim("shopId", shopId)); string opData = string.Empty; if (opList != null && opList.Count > 0) { List <string> opStr = new List <string>(); foreach (var item in opList) { opStr.Add(item.Name); } opData = string.Join("_", opStr); } claims.Add(new Claim("opList", opData)); ClaimsIdentity identity = new ClaimsIdentity(new GenericIdentity(userName, "TokenAuth"), claims); RsaSecurityKey rsaSecurityKey = new RsaSecurityKey(AuthRSAUtils.Singleton.PrivateKeys); SigningCredentials creds = new SigningCredentials(rsaSecurityKey, SecurityAlgorithms.RsaSha256Signature); var authTime = DateTime.UtcNow; var expiresAt = authTime.AddMinutes(10); var token = new SecurityTokenDescriptor { Issuer = GalaxyAuthExtensions.Issuer, Audience = GalaxyAuthExtensions.Audience, SigningCredentials = creds, Subject = identity, Expires = expiresAt }; return(new JwtSecurityTokenHandler().CreateEncodedJwt(token)); }
public string CreateAccessToken(UserDetails userDetails) { var privateKeyBytes = Convert.FromBase64String(PrivateKey.Replace("-----BEGIN PRIVATE KEY-----", "").Replace("-----END PRIVATE KEY-----", "")); var rsa = RSA.Create(); rsa.ImportPkcs8PrivateKey(privateKeyBytes, out _); var key = new RsaSecurityKey(rsa); var handler = new JwtSecurityTokenHandler(); var now = DateTime.UtcNow; JwtSecurityToken jwtSecurityToken = new JwtSecurityToken( issuer: "me", audience: "you", notBefore: now, expires: now.AddMinutes(5), signingCredentials: new SigningCredentials(key, SecurityAlgorithms.RsaSha256), claims: GetClaims(userDetails) ); return(handler.WriteToken(jwtSecurityToken)); }
private void InitializeRsa() { RSA publicRsa = RSA.Create(); var publicKeyXml = File.ReadAllText(_settings.RsaPublicKeyXML); publicRsa.FromXmlString(publicKeyXml); _issuerSigningKey = new RsaSecurityKey(publicRsa); if (string.IsNullOrWhiteSpace(_settings.RsaPrivateKeyXML)) { return; } RSA privateRsa = RSA.Create(); var privateKeyXml = File.ReadAllText(_settings.RsaPrivateKeyXML); privateRsa.FromXmlString(privateKeyXml); var privateKey = new RsaSecurityKey(privateRsa); _signingCredentials = new SigningCredentials(privateKey, SecurityAlgorithms.RsaSha256); }
public static String Create(UserDTO User, String issuer) { var key = new RsaSecurityKey(CryptoHelper.Instance.Rsa); var claims = new Claim[] { new Claim("username", User.Username), new Claim("mail", User.Mail), new Claim("sn", User.Sn), new Claim("gn", User.Gn), new Claim("cn", User.Cn), new Claim("account_type", User.AccountType) }; var token = new JwtSecurityToken( issuer, issuer, claims, DateTime.UtcNow.AddMinutes(-1d), DateTime.UtcNow.AddHours(8), new SigningCredentials(key, SecurityAlgorithms.RsaSha256)); return(new JwtSecurityTokenHandler().WriteToken(token)); }
private void AttachUserToContext(HttpContext context, string token) { var tokenHandler = new JwtSecurityTokenHandler(); var rsa = RSA.Create(); var pemString = File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "Keys", _configuration["Jwt:PublicKey"])); rsa.ImportFromPem(pemString); var signingKey = new RsaSecurityKey(rsa); tokenHandler.ValidateToken(token, new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = signingKey, ValidateIssuer = true, ValidateAudience = true, ClockSkew = TimeSpan.Zero }, out var validatedToken); var jwtToken = (JwtSecurityToken)validatedToken; context.Items["UserToken"] = jwtToken; }
Task <D2LSecurityToken> IPrivateKeyProvider.GetSigningCredentialsAsync() { RSAParameters privateKey; using (var csp = new RSACryptoServiceProvider(Constants.GENERATED_RSA_KEY_SIZE) { PersistKeyInCsp = false }) { privateKey = csp.ExportParameters(includePrivateParameters: true); } D2LSecurityToken result = m_d2lSecurityTokenFactory.Create(() => { var csp = new RSACryptoServiceProvider() { PersistKeyInCsp = false }; csp.ImportParameters(privateKey); var key = new RsaSecurityKey(csp); return(new Tuple <AsymmetricSecurityKey, IDisposable>(key, csp)); }); return(Task.FromResult(result)); }
/// <summary> /// Retrieves the signing credential (override to load key from alternative locations) /// </summary> /// <returns>The signing credential</returns> protected virtual async Task <AzureKeyVaultSigningCredentials> GetSigningCredentialsAsync() { if (_keyVaultKeyExponent == null && _keyVaultKeyModulus == null) { var keyVaultClient = new KeyVaultClient(KeyVaultClientAuthenticationCallback); var keyBundle = await keyVaultClient.GetKeyAsync(_options.KeyIdentifier).ConfigureAwait(false); _keyVaultKeyExponent = keyBundle.Key.E; _keyVaultKeyModulus = keyBundle.Key.N; } var rsa = RSA.Create(); rsa.ImportParameters(new RSAParameters { Exponent = _keyVaultKeyExponent, Modulus = _keyVaultKeyModulus, }); var securityKey = new RsaSecurityKey(rsa); return(new AzureKeyVaultSigningCredentials(securityKey, SecurityAlgorithms.Sha256Digest)); }
public static SecurityToken ValidateToken(string token, string validIssuer, string validAudience) { var publicKey = RSAKeyGenerator.GetPublicKeyAsXml(); var test = RSA.Create(); test.FromXmlString(publicKey); var securityKey = new RsaSecurityKey(test.ExportParameters(false)); var handler = new JwtSecurityTokenHandler(); var validationParams = new TokenValidationParameters { RequireSignedTokens = true, IssuerSigningKey = securityKey, ValidAudience = validAudience, ValidIssuer = validIssuer }; var claimsPrincipal = handler.ValidateToken(token, validationParams, out var validatedToken); return(validatedToken); }
public void Configure(AuthenticationBuilder builder) { RsaSecurityKey signingKey = CryptoHelper.CreateRsaSecurityKey(); builder.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, jwt => { jwt.Audience = "nop_api"; jwt.TokenValidationParameters = new TokenValidationParameters { ValidateActor = false, ValidateIssuer = false, NameClaimType = JwtClaimTypes.Name, RoleClaimType = JwtClaimTypes.Role, // Uncomment this if you are using an certificate to sign your tokens. // IssuerSigningKey = new X509SecurityKey(cert), IssuerSigningKeyResolver = (string token, SecurityToken securityToken, string kid, TokenValidationParameters validationParameters) => new List <RsaSecurityKey> { signingKey } }; }); }
internal static SecurityKey CreateTestKey(string id = "Test") { var rsa = RSA.Create(); if (rsa.KeySize < 2048) { rsa.KeySize = 2048; if (rsa.KeySize < 2048 && rsa is RSACryptoServiceProvider) { rsa.Dispose(); rsa = new RSACryptoServiceProvider(2048); } } SecurityKey key; var parameters = rsa.ExportParameters(includePrivateParameters: true); rsa.Dispose(); key = new RsaSecurityKey(parameters); key.KeyId = id; return(key); }
private RsaSecurityKey GetRSAPrivateKey() { var physicalPath = PrivateKeySavePath.Replace("~", ServerRootPath); if (File.Exists(physicalPath)) { var content = File.ReadAllText(physicalPath); privateKey = content; RSAParameters rp = ((FrameDLRObject)FrameDLRObject.CreateInstance(content, FrameDLRFlags.SensitiveCase)).ToModel <RSAParameters>(Encoding.Unicode); privateSK = new RsaSecurityKey(rp); } else { GlobalCommon.Logger.WriteLog(LoggerLevel.INFO, $"Rest验证读取PrivateKey文件失败,原因是目录文件{PrivateKeySavePath}不存在,请给出正确的秘钥钥文件路径(请在验证的Logic中重载PrivateKeySavePath的get方法),没有密钥会导致token生成失败甚至出现异常"); } if (string.IsNullOrEmpty(privateKey)) { GlobalCommon.Logger.WriteLog(LoggerLevel.INFO, $"Rest创建token密钥不存在,没有密钥会导致创建失败甚至出现异常,如果本API服务提供生成Token的功能则请不要重载PublicKeySavePath和PrivateKeySavePath两个属性的get方法或在get时返回空串,如果不是则请提供正确的PrivateKeySavePath路径值"); } return(privateSK); }
//public object GetAuthToken(Usuario user) //{ // var token = GenerateToken(user); // return new // { // accessToken = token // }; //} public string GenerateToken(Usuario user) { ClaimsIdentity identity = new ClaimsIdentity( new GenericIdentity(user.NombreUsuario, "TokenAuth"), new[] { new Claim("NombreUsuario", user.NombreUsuario), new Claim("Contrasena", user.Contrasena), } ); RsaSecurityKey Key = new RsaSecurityKey(RSAKeyHelper.GenerateKey()); var securityToken = handler.CreateToken(new SecurityTokenDescriptor { Issuer = user.NombreUsuario, Audience = user.Contrasena, SigningCredentials = new SigningCredentials(Key, SecurityAlgorithms.RsaSha256Signature), Subject = identity }); return(handler.WriteToken(securityToken)); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.Configure <CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); var rsa = new RSACryptoServiceProvider(2048); var key = new RsaSecurityKey(rsa.ExportParameters(true)); services.AddSingleton <RsaSecurityKey>(key); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options => { options.TokenValidationParameters.ValidAudience = "api"; options.TokenValidationParameters.ValidIssuer = "http://localhost:5000"; options.TokenValidationParameters.IssuerSigningKey = key; }); var optionsMonitor = services.BuildServiceProvider().GetService <IOptionsMonitor <JwtBearerOptions> >(); var configuration = optionsMonitor.Get(JwtBearerDefaults.AuthenticationScheme); }
// For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { RSACryptoServiceProvider myRSA = new RSACryptoServiceProvider(2048); RSAParameters publicKey = myRSA.ExportParameters(true); key = new RsaSecurityKey(publicKey); tokenOptions = new TokenAuthOptions { Audience = "http://localhost:5000/", Issuer = "http://localhost:5000/", SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature) }; services.AddSingleton<TokenAuthOptions>(tokenOptions); services.AddAuthorization(auth => { auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder() .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme) .RequireAuthenticatedUser().Build()); }); services.Configure<MvcJsonOptions>(options => { if (_hostingEnv.IsDevelopment()) { options.SerializerSettings.Formatting = Formatting.Indented; } options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); }); services.Configure<MvcOptions>(options => { options.CacheProfiles.Add("IndexPage", new CacheProfile { Duration = 60 * 60 * 24 }); }); services .AddIdentity<User, string>() .AddEF() .AddDefaultTokenProviders(); services.AddCors(); services.AddMvc(); services.AddSingleton(_ => _configuration); services.AddEF(); services.AddScoped<ITrainingService, TrainingService>(); services.AddSingleton<IDateTimeService, DateTimeService>(); services.AddScoped<ITrainingWordProvider, TrainingWordProvider>(); services.AddScoped<ITrainingSessionFactory, TrainingSessionFactory>(); }