public JwtBearerTokenAuthenticationOptions(JwtOptions jwtOptions) { if (jwtOptions == null) { throw new ArgumentNullException("jwtOptions"); } byte[] symmetricKeyBytes = Encoding.UTF8.GetBytes(jwtOptions.JwtSigningKeyAsUtf8); string symmetricKeyAsBase64 = Convert.ToBase64String(symmetricKeyBytes); var symmetricKeyIssuerSecurityTokenProvider = new SymmetricKeyIssuerSecurityTokenProvider( jwtOptions.Issuer, symmetricKeyAsBase64); var providers = new IIssuerSecurityTokenProvider[] { symmetricKeyIssuerSecurityTokenProvider }; _jwtBearerOptions = new JwtBearerAuthenticationOptions { AllowedAudiences = new List <string> { jwtOptions.Audience }, IssuerSecurityTokenProviders = providers }; _jwtOptions = jwtOptions; }
//TODO: Need to follow more of this for http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/ dealing with AudienceStores //another interesting one https://blog.jayway.com/2014/09/25/securing-asp-net-web-api-endpoints-using-owin-oauth-2-0-and-claims/ /// <summary> /// Configures Umbraco to issue and process authentication tokens /// </summary> /// <param name="app"></param> /// <param name="authServerProviderOptions"></param> /// <remarks> /// This is a very simple implementation of token authentication, the expiry below is for a single day and with /// this implementation there is no way to force expire tokens on the server however given the code below and the additional /// callbacks that can be registered for the BackOfficeAuthServerProvider these types of things could be implemented. Additionally the /// BackOfficeAuthServerProvider could be overridden to include this functionality instead of coding the logic into the callbacks. /// </remarks> /// <example> /// /// An example of using this implementation is to use the UmbracoStandardOwinSetup and execute this extension method as follows: /// /// <![CDATA[ /// /// public override void Configuration(IAppBuilder app) /// { /// //ensure the default options are configured /// base.Configuration(app); /// /// //configure token auth /// app.UseUmbracoBackOfficeTokenAuth(); /// } /// /// ]]> /// /// Then be sure to read the details in UmbracoStandardOwinSetup on how to configure Owin to startup using it. /// </example> public static void UseUmbracoTokenAuthentication(this IAppBuilder app, UmbracoAuthorizationServerProviderOptions authServerProviderOptions = null) { authServerProviderOptions = authServerProviderOptions ?? new UmbracoAuthorizationServerProviderOptions(); //if a secret is supplied then var base64Key = Convert.ToBase64String( Encoding.UTF8.GetBytes( authServerProviderOptions.Secret)); var tokenProvider = new SymmetricKeyIssuerSecurityTokenProvider( AuthorizationPolicies.UmbracoRestApiIssuer, base64Key); var oAuthServerOptions = new OAuthAuthorizationServerOptions() { //generally you wouldn't allow this unless on SSL! AllowInsecureHttp = authServerProviderOptions.AllowInsecureHttp, TokenEndpointPath = new PathString(authServerProviderOptions.AuthEndpoint), AuthenticationType = AuthorizationPolicies.UmbracoRestApiTokenAuthenticationType, AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), Provider = new UmbracoAuthorizationServerProvider(authServerProviderOptions) }; oAuthServerOptions.AccessTokenFormat = new JwtFormatWriter( oAuthServerOptions, tokenProvider.Issuer, authServerProviderOptions.Audience, base64Key); // Token Generation app.UseOAuthAuthorizationServer(oAuthServerOptions); app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions { AllowedAudiences = new[] { authServerProviderOptions.Audience }, IssuerSecurityTokenProviders = new[] { tokenProvider }, Provider = new OAuthBearerAuthenticationProvider { OnApplyChallenge = context => { return(Task.FromResult(0)); }, OnRequestToken = context => { return(Task.FromResult(0)); }, OnValidateIdentity = context => { //ensure that the rest api claim is added to the ticket if everything is validated if (context.IsValidated) { context.Ticket.Identity.AddClaim(new Claim(AuthorizationPolicies.UmbracoRestApiClaimType, "true", ClaimValueTypes.Boolean, AuthorizationPolicies.UmbracoRestApiIssuer)); } return(Task.FromResult(0)); } } }); }