public async Task <ActionResult <TokenResponse> > Login([FromBody] LoginPasswordParameters loginPassword)
{
var appUser = await db.Users.FirstOrDefaultAsync(u => u.UserName == loginPassword.Login && !u.IsDeleted);
if (appUser == null)
{
return(Forbid());
}
var result = await userManager.CheckPasswordAsync(appUser, loginPassword.Password);
if (!result)
{
return(Forbid());
}
var key = JwtBearerHelpers.CreateSymmetricSecurityKey(configuration.Web.Authentication.Jwt.IssuerSigningKey);
var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expires = DateTime.Now.AddHours(configuration.Web.Authentication.Jwt.LifeTimeHours);
var token = new JwtSecurityToken(
configuration.Web.Authentication.Jwt.Issuer,
configuration.Web.Authentication.Jwt.Audience,
new[] { new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", appUser.Id), },
expires: expires,
signingCredentials: signingCredentials
);
var tokenString = new JwtSecurityTokenHandler().WriteToken(token);
return(new TokenResponse
{
Token = tokenString,
});
}
private TokenResponse GetTokenInternal(DateTime expires, IList <Claim> claims)
{
var key = JwtBearerHelpers.CreateSymmetricSecurityKey(configuration.Web.Authentication.Jwt.IssuerSigningKey);
var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
configuration.Web.Authentication.Jwt.Issuer,
configuration.Web.Authentication.Jwt.Audience,
claims,
expires: expires,
signingCredentials: signingCredentials
);
var tokenString = new JwtSecurityTokenHandler().WriteToken(token);
return(new TokenResponse
{
Token = tokenString,
});
}
public ActionResult <TokenResponse> Token()
{
var claims = User.Claims;
var key = JwtBearerHelpers.CreateSymmetricSecurityKey(configuration.Web.Authentication.Jwt.IssuerSigningKey);
var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expires = DateTime.Now.AddHours(configuration.Web.Authentication.Jwt.LifeTimeHours);
var token = new JwtSecurityToken(
configuration.Web.Authentication.Jwt.Issuer,
configuration.Web.Authentication.Jwt.Audience,
claims,
expires: expires,
signingCredentials: signingCredentials
);
var tokenString = new JwtSecurityTokenHandler().WriteToken(token);
return(new TokenResponse
{
Token = tokenString,
});
}
public void ConfigureAuthServices(IServiceCollection services, WebApiConfiguration configuration)
{
/* Configure sharing cookies between application.
* See https://docs.microsoft.com/en-us/aspnet/core/security/cookie-sharing?tabs=aspnetcore2x for details */
services.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(configuration.Web.CookieKeyRingDirectory))
.SetApplicationName("ulearn");
services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = configuration.Web.CookieName;
options.Cookie.Expiration = TimeSpan.FromDays(14);
options.Cookie.Domain = configuration.Web.CookieDomain;
options.LoginPath = "/users/login";
options.LogoutPath = "/users/logout";
options.Events.OnRedirectToLogin = context =>
{
/* Replace standard redirecting to LoginPath */
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return(Task.CompletedTask);
};
options.Events.OnRedirectToAccessDenied = context =>
{
/* Replace standard redirecting to AccessDenied */
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return(Task.CompletedTask);
};
});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = configuration.Web.Authentication.Jwt.Issuer,
ValidAudience = configuration.Web.Authentication.Jwt.Audience,
IssuerSigningKey = JwtBearerHelpers.CreateSymmetricSecurityKey(configuration.Web.Authentication.Jwt.IssuerSigningKey)
};
});
services.AddAuthorization(options =>
{
options.AddPolicy("Instructors", policy => policy.Requirements.Add(new CourseRoleRequirement(CourseRoleType.Instructor)));
options.AddPolicy("CourseAdmins", policy => policy.Requirements.Add(new CourseRoleRequirement(CourseRoleType.CourseAdmin)));
options.AddPolicy("SysAdmins", policy => policy.RequireRole(new List <string> {
LmsRoleType.SysAdmin.GetDisplayName()
}));
foreach (var courseAccessType in Enum.GetValues(typeof(CourseAccessType)).Cast <CourseAccessType>())
{
var policyName = courseAccessType.GetAuthorizationPolicyName();
options.AddPolicy(policyName, policy => policy.Requirements.Add(new CourseAccessRequirement(courseAccessType)));
}
});
}