public JwtBearerTokenAuthenticationOptions(JwtOptions jwtOptions)
        {
            if (jwtOptions == null)
            {
                throw new ArgumentNullException("jwtOptions");
            }

            byte[] symmetricKeyBytes    = Encoding.UTF8.GetBytes(jwtOptions.JwtSigningKeyAsUtf8);
            string symmetricKeyAsBase64 = Convert.ToBase64String(symmetricKeyBytes);

            var symmetricKeyIssuerSecurityTokenProvider = new SymmetricKeyIssuerSecurityTokenProvider(
                jwtOptions.Issuer, symmetricKeyAsBase64);

            var providers = new IIssuerSecurityTokenProvider[]
            {
                symmetricKeyIssuerSecurityTokenProvider
            };

            _jwtBearerOptions = new JwtBearerAuthenticationOptions
            {
                AllowedAudiences = new List <string> {
                    jwtOptions.Audience
                },
                IssuerSecurityTokenProviders = providers
            };

            _jwtOptions = jwtOptions;
        }
Пример #2
0
        //TODO: Need to follow more of this for http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/ dealing with AudienceStores

        //another interesting one https://blog.jayway.com/2014/09/25/securing-asp-net-web-api-endpoints-using-owin-oauth-2-0-and-claims/

        /// <summary>
        /// Configures Umbraco to issue and process authentication tokens
        /// </summary>
        /// <param name="app"></param>
        /// <param name="authServerProviderOptions"></param>
        /// <remarks>
        /// This is a very simple implementation of token authentication, the expiry below is for a single day and with
        /// this implementation there is no way to force expire tokens on the server however given the code below and the additional
        /// callbacks that can be registered for the BackOfficeAuthServerProvider these types of things could be implemented. Additionally the
        /// BackOfficeAuthServerProvider could be overridden to include this functionality instead of coding the logic into the callbacks.
        /// </remarks>
        /// <example>
        ///
        /// An example of using this implementation is to use the UmbracoStandardOwinSetup and execute this extension method as follows:
        ///
        /// <![CDATA[
        ///
        ///   public override void Configuration(IAppBuilder app)
        ///   {
        ///       //ensure the default options are configured
        ///       base.Configuration(app);
        ///
        ///       //configure token auth
        ///       app.UseUmbracoBackOfficeTokenAuth();
        ///   }
        ///
        /// ]]>
        ///
        /// Then be sure to read the details in UmbracoStandardOwinSetup on how to configure Owin to startup using it.
        /// </example>
        public static void UseUmbracoTokenAuthentication(this IAppBuilder app, UmbracoAuthorizationServerProviderOptions authServerProviderOptions = null)
        {
            authServerProviderOptions = authServerProviderOptions ?? new UmbracoAuthorizationServerProviderOptions();

            //if a secret is supplied then
            var base64Key = Convert.ToBase64String(
                Encoding.UTF8.GetBytes(
                    authServerProviderOptions.Secret));

            var tokenProvider = new SymmetricKeyIssuerSecurityTokenProvider(
                AuthorizationPolicies.UmbracoRestApiIssuer,
                base64Key);

            var oAuthServerOptions = new OAuthAuthorizationServerOptions()
            {
                //generally you wouldn't allow this unless on SSL!
                AllowInsecureHttp         = authServerProviderOptions.AllowInsecureHttp,
                TokenEndpointPath         = new PathString(authServerProviderOptions.AuthEndpoint),
                AuthenticationType        = AuthorizationPolicies.UmbracoRestApiTokenAuthenticationType,
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                Provider = new UmbracoAuthorizationServerProvider(authServerProviderOptions)
            };

            oAuthServerOptions.AccessTokenFormat = new JwtFormatWriter(
                oAuthServerOptions,
                tokenProvider.Issuer,
                authServerProviderOptions.Audience,
                base64Key);

            // Token Generation
            app.UseOAuthAuthorizationServer(oAuthServerOptions);
            app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
            {
                AllowedAudiences             = new[] { authServerProviderOptions.Audience },
                IssuerSecurityTokenProviders = new[] { tokenProvider },

                Provider = new OAuthBearerAuthenticationProvider
                {
                    OnApplyChallenge   = context => { return(Task.FromResult(0)); },
                    OnRequestToken     = context => { return(Task.FromResult(0)); },
                    OnValidateIdentity = context =>
                    {
                        //ensure that the rest api claim is added to the ticket if everything is validated
                        if (context.IsValidated)
                        {
                            context.Ticket.Identity.AddClaim(new Claim(AuthorizationPolicies.UmbracoRestApiClaimType, "true", ClaimValueTypes.Boolean, AuthorizationPolicies.UmbracoRestApiIssuer));
                        }
                        return(Task.FromResult(0));
                    }
                }
            });
        }