public static string GenerateJwtBearer( string issuer = null, string audience = null, IEnumerable <Claim> claims = null, DateTime?expires = null, AccessKey signingKey = null, DateTime?issuedAt = null, DateTime?notBefore = null, AccessTokenAlgorithm algorithm = AccessTokenAlgorithm.HS256) { var subject = claims == null ? null : new ClaimsIdentity(claims); SigningCredentials credentials = null; if (signingKey != null) { // Refer: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/5.5.0 // From version 5.5.0, SignatureProvider caching is turned On by default, assign KeyId to enable correct cache for same SigningKey var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(signingKey.Value)) { KeyId = signingKey.Id }; credentials = new SigningCredentials(securityKey, GetSecurityAlgorithm(algorithm)); } var token = JwtTokenHandler.CreateJwtSecurityToken( issuer: issuer, audience: audience, subject: subject, notBefore: notBefore, expires: expires, issuedAt: issuedAt, signingCredentials: credentials); return(JwtTokenHandler.WriteToken(token)); }
public override async Task <string> GenerateAccessTokenAsync( string audience, IEnumerable <Claim> claims, TimeSpan lifetime, AccessTokenAlgorithm algorithm, CancellationToken ctoken = default) { var task = await Task.WhenAny(InitializedTask, ctoken.AsTask()); if (task == InitializedTask || InitializedTask.IsCompleted) { await task; if (Authorized) { return(await base.GenerateAccessTokenAsync(audience, claims, lifetime, algorithm)); } else { throw new AzureSignalRAccessTokenNotAuthorizedException("The given AzureAD identity don't have the permission to generate access token."); } } else { throw new TaskCanceledException("Timeout reached when authorizing AzureAD identity."); } }
public override async Task <string> GenerateAccessToken( string audience, IEnumerable <Claim> claims, TimeSpan lifetime, AccessTokenAlgorithm algorithm) { await AuthorizeTask; return(await base.GenerateAccessToken(audience, claims, lifetime, algorithm)); }
public virtual Task <string> GenerateAccessToken( string audience, IEnumerable <Claim> claims, TimeSpan lifetime, AccessTokenAlgorithm algorithm) { var token = AuthUtility.GenerateAccessToken(this, audience, claims, lifetime, algorithm); return(Task.FromResult(token)); }
public ServiceEndpointProvider( ServiceEndpoint endpoint, ServiceOptions serviceOptions) { _accessTokenLifetime = serviceOptions.AccessTokenLifetime; _accessKey = endpoint.AccessKey; _appName = serviceOptions.ApplicationName; _algorithm = serviceOptions.AccessTokenAlgorithm; Proxy = serviceOptions.Proxy; _generator = new DefaultServiceEndpointGenerator(endpoint); }
public async Task TestGenerateClientAccessTokenWithSpecifedAlgorithm(AccessTokenAlgorithm algorithm) { var connectionString = "Endpoint=http://localhost;AccessKey=ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789;Port=8080;Version=1.0"; var provider = new ServiceEndpointProvider(new ServiceEndpoint(connectionString), new ServiceOptions() { AccessTokenAlgorithm = algorithm }); var generatedToken = await provider.GenerateClientAccessTokenAsync("hub1"); var handler = new JwtSecurityTokenHandler(); var token = handler.ReadJwtToken(generatedToken); Assert.Equal(algorithm.ToString(), token.SignatureAlgorithm); }
public override async Task <string> GenerateAccessToken( string audience, IEnumerable <Claim> claims, TimeSpan lifetime, AccessTokenAlgorithm algorithm) { await InitializedTask; if (!Authorized) { throw new AzureSignalRAccessTokenNotAuthorizedException(); } return(await base.GenerateAccessToken(audience, claims, lifetime, algorithm)); }
public ServiceEndpointProvider(IServerNameProvider provider, ServiceEndpoint endpoint, ServiceOptions options) { _accessTokenLifetime = options.AccessTokenLifetime; // Version is ignored for aspnet signalr case _endpoint = endpoint.Endpoint; _accessKey = endpoint.AccessKey; _appName = options.ApplicationName; _port = endpoint.Port; _algorithm = options.AccessTokenAlgorithm; _provider = provider; Proxy = options.Proxy; }
public ServiceEndpointProvider( ServiceEndpoint endpoint, ServiceOptions options) { _accessTokenLifetime = options.AccessTokenLifetime; // Version is ignored for aspnet signalr case _audienceBaseUrl = endpoint.AudienceBaseUrl; _clientEndpoint = endpoint.ClientEndpoint; _serverEndpoint = endpoint.Endpoint; _accessKey = endpoint.AccessKey; _appName = options.ApplicationName; _algorithm = options.AccessTokenAlgorithm; Proxy = options.Proxy; }
public NegotiateMiddleware(OwinMiddleware next, HubConfiguration configuration, string appName, IServiceEndpointManager endpointManager, IEndpointRouter router, ServiceOptions options, IServerNameProvider serverNameProvider, IConnectionRequestIdProvider connectionRequestIdProvider, ILoggerFactory loggerFactory) : base(next) { _configuration = configuration; _provider = configuration.Resolver.Resolve <IUserIdProvider>(); _appName = appName ?? throw new ArgumentNullException(nameof(appName)); _claimsProvider = options?.ClaimsProvider; _endpointManager = endpointManager ?? throw new ArgumentNullException(nameof(endpointManager)); _router = router ?? throw new ArgumentNullException(nameof(router)); _connectionRequestIdProvider = connectionRequestIdProvider ?? throw new ArgumentNullException(nameof(connectionRequestIdProvider)); _logger = loggerFactory?.CreateLogger <NegotiateMiddleware>() ?? throw new ArgumentNullException(nameof(loggerFactory)); _serverName = serverNameProvider?.GetName(); _mode = options.ServerStickyMode; _enableDetailedErrors = configuration.EnableDetailedErrors; _endpointsCount = options.Endpoints.Length; _authAlgorithm = options.AccessTokenAlgorithm; }
public ServiceEndpointProvider( IServerNameProvider provider, ServiceEndpoint endpoint, ServiceOptions serviceOptions, ILoggerFactory loggerFactory = null ) { _accessTokenLifetime = serviceOptions.AccessTokenLifetime; _accessKey = endpoint.AccessKey; _appName = serviceOptions.ApplicationName; _algorithm = serviceOptions.AccessTokenAlgorithm; Proxy = serviceOptions.Proxy; _generator = new DefaultServiceEndpointGenerator(endpoint); _ = UpdateAccessKeyAsync(provider, endpoint, loggerFactory ?? NullLoggerFactory.Instance); }
public ServiceEndpointProvider(ServiceEndpoint endpoint, ServiceOptions options) { var connectionString = endpoint.ConnectionString; if (string.IsNullOrEmpty(connectionString)) { throw new ArgumentException(ConnectionStringNotFound); } _accessTokenLifetime = options.AccessTokenLifetime; // Version is ignored for aspnet signalr case _endpoint = endpoint.Endpoint; _accessKey = endpoint.AccessKey; _appName = options.ApplicationName; _port = endpoint.Port; _algorithm = options.AccessTokenAlgorithm; Proxy = options.Proxy; }
public ServiceEndpointProvider(ServiceEndpoint endpoint, ServiceOptions serviceOptions) { var connectionString = endpoint.ConnectionString; if (string.IsNullOrEmpty(connectionString)) { throw new ArgumentException(ConnectionStringNotFound); } _accessTokenLifetime = serviceOptions.AccessTokenLifetime; _accessKey = endpoint.AccessKey; _appName = serviceOptions.ApplicationName; _algorithm = serviceOptions.AccessTokenAlgorithm; Proxy = serviceOptions.Proxy; var port = endpoint.Port; var version = endpoint.Version; _generator = new DefaultServiceEndpointGenerator(endpoint.Endpoint, version, port); }
public ServiceEndpointProvider( IServerNameProvider provider, ServiceEndpoint endpoint, ServiceOptions serviceOptions, ILoggerFactory loggerFactory) { _accessTokenLifetime = serviceOptions.AccessTokenLifetime; _accessKey = endpoint.AccessKey; _appName = serviceOptions.ApplicationName; _algorithm = serviceOptions.AccessTokenAlgorithm; Proxy = serviceOptions.Proxy; _generator = new DefaultServiceEndpointGenerator(endpoint); if (endpoint.AccessKey is AadAccessKey key) { _ = key.UpdateAccessKeyAsync(provider, loggerFactory ?? throw new ArgumentNullException(nameof(loggerFactory))); } }
public ServiceEndpointProvider( IServerNameProvider provider, ServiceEndpoint endpoint, ServiceOptions options, ILoggerFactory loggerFactory) { _accessTokenLifetime = options.AccessTokenLifetime; // Version is ignored for aspnet signalr case _endpoint = endpoint.Endpoint; _clientEndpoint = endpoint.ClientEndpoint ?? endpoint.Endpoint; _accessKey = endpoint.AccessKey; _appName = options.ApplicationName; _port = endpoint.Port; _algorithm = options.AccessTokenAlgorithm; _provider = provider; Proxy = options.Proxy; if (endpoint.AccessKey is AadAccessKey key) { _ = key.UpdateAccessKeyAsync(provider, loggerFactory ?? throw new ArgumentNullException(nameof(loggerFactory))); } }
public static string GenerateAccessToken( AccessKey signingKey, string audience, IEnumerable <Claim> claims, TimeSpan lifetime, AccessTokenAlgorithm algorithm) { var expire = DateTime.UtcNow.Add(lifetime); var jwtToken = GenerateJwtBearer( audience: audience, claims: claims, expires: expire, signingKey: signingKey, algorithm: algorithm ); if (jwtToken.Length > MaxTokenLength) { throw new AzureSignalRAccessTokenTooLongException(); } return(jwtToken); }
private static string GetSecurityAlgorithm(AccessTokenAlgorithm algorithm) { return(algorithm == AccessTokenAlgorithm.HS256 ? SecurityAlgorithms.HmacSha256 : SecurityAlgorithms.HmacSha512); }