private static IWebHostBuilder CreateWebHostBuilder(string[] args) => WebHost.CreateDefaultBuilder(args) .UseStartup <Startup>() .ConfigureAppConfiguration((hostContext, config) => { config .AddEnvironmentVariables() .AddJsonFile("settings.json", optional: true, reloadOnChange: true); }) .UseContentRoot(Directory.GetCurrentDirectory()) .UseKestrel(options => { options.Limits.MaxConcurrentConnections = 25; options.Limits.MaxConcurrentUpgradedConnections = 25; options.Limits.MaxRequestBodySize = 10 * 1024; options.Limits.MinRequestBodyDataRate = new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10)); options.Limits.MinResponseDataRate = new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10)); options.Listen(IPAddress.Any, 443, listenOptions => { listenOptions.UseHttps(CertsProviderService.GetCertificatePath(), CertsProviderService.GetCertificatePassphrase()); }); });
/// <summary> /// Add Jwt bearer through ServiceCollection interface /// </summary> /// <param name="services">Services collection</param> /// <param name="configuration">Configuration</param> /// <returns>Services collection</returns> public static IServiceCollection AddJwtBearerAuthentication(this IServiceCollection services, IConfiguration configuration) { var publicKey = new X509Certificate2( CertsProviderService.GetCertificatePath(), CertsProviderService.GetCertificatePassphrase()).GetRSAPublicKey(); services .AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new RsaSecurityKey(publicKey), ValidateIssuer = true, ValidIssuer = configuration.GetSection("Jwt:Issuer").Value, ValidateAudience = true, ValidAudience = configuration.GetSection("Jwt:Audience").Value, ValidateLifetime = true, ClockSkew = TimeSpan.Zero }; }); return(services); }
public async Task <bool> Handle(ValidateTokenCommand request, CancellationToken cancellationToken) { var jwtSecurityTokenHandler = new JwtSecurityTokenHandler(); var publicKey = new X509Certificate2( CertsProviderService.GetCertificatePath(), CertsProviderService.GetCertificatePassphrase()).GetRSAPublicKey(); var principal = jwtSecurityTokenHandler.ValidateToken( request.Token, new TokenValidationParameters() { ValidateIssuerSigningKey = true, IssuerSigningKey = new RsaSecurityKey(publicKey), ValidateIssuer = true, ValidIssuer = _configuration.GetSection("Jwt:Issuer").Value, ValidateAudience = true, ValidAudience = _configuration.GetSection("Jwt:Audience").Value, ValidateLifetime = true, ClockSkew = TimeSpan.Zero }, out _); // Implicit validated return(true); }
public static IApplicationBuilder UseJwtProvider(this IApplicationBuilder builder, IServiceProvider services, IConfiguration configuration) { // Get the private key var privateKey = new X509Certificate2( CertsProviderService.GetCertificatePath(), CertsProviderService.GetCertificatePassphrase()).GetRSAPrivateKey(); // Use authentication middleware builder.UseAuthentication(); // Setup Token provider var tokenProviderOptions = new TokenProviderOptions() { Issuer = configuration.GetSection("Jwt:Issuer").Value, Audience = configuration.GetSection("Jwt:Audience").Value, SigningCredentials = new SigningCredentials(new RsaSecurityKey(privateKey), SecurityAlgorithms.RsaSha256), IdentityResolver = UserRepository.GetIdentityAsync }; builder.Map( new PathString("/api/token"), a => a.UseMiddleware <JwtProviderMiddleware>(Options.Create(tokenProviderOptions)) ); return(builder.Map( new PathString("/api/tokenrenew"), a => a.UseMiddleware <JwtRenewMiddleware>(Options.Create(tokenProviderOptions)) )); }