public async Task <ActionResult <TokenResponse> > Login([FromBody] LoginPasswordParameters loginPassword) { var appUser = await db.Users.FirstOrDefaultAsync(u => u.UserName == loginPassword.Login && !u.IsDeleted); if (appUser == null) { return(Forbid()); } var result = await userManager.CheckPasswordAsync(appUser, loginPassword.Password); if (!result) { return(Forbid()); } var key = JwtBearerHelpers.CreateSymmetricSecurityKey(configuration.Web.Authentication.Jwt.IssuerSigningKey); var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var expires = DateTime.Now.AddHours(configuration.Web.Authentication.Jwt.LifeTimeHours); var token = new JwtSecurityToken( configuration.Web.Authentication.Jwt.Issuer, configuration.Web.Authentication.Jwt.Audience, new[] { new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", appUser.Id), }, expires: expires, signingCredentials: signingCredentials ); var tokenString = new JwtSecurityTokenHandler().WriteToken(token); return(new TokenResponse { Token = tokenString, }); }
private TokenResponse GetTokenInternal(DateTime expires, IList <Claim> claims) { var key = JwtBearerHelpers.CreateSymmetricSecurityKey(configuration.Web.Authentication.Jwt.IssuerSigningKey); var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( configuration.Web.Authentication.Jwt.Issuer, configuration.Web.Authentication.Jwt.Audience, claims, expires: expires, signingCredentials: signingCredentials ); var tokenString = new JwtSecurityTokenHandler().WriteToken(token); return(new TokenResponse { Token = tokenString, }); }
public ActionResult <TokenResponse> Token() { var claims = User.Claims; var key = JwtBearerHelpers.CreateSymmetricSecurityKey(configuration.Web.Authentication.Jwt.IssuerSigningKey); var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var expires = DateTime.Now.AddHours(configuration.Web.Authentication.Jwt.LifeTimeHours); var token = new JwtSecurityToken( configuration.Web.Authentication.Jwt.Issuer, configuration.Web.Authentication.Jwt.Audience, claims, expires: expires, signingCredentials: signingCredentials ); var tokenString = new JwtSecurityTokenHandler().WriteToken(token); return(new TokenResponse { Token = tokenString, }); }
public void ConfigureAuthServices(IServiceCollection services, WebApiConfiguration configuration) { /* Configure sharing cookies between application. * See https://docs.microsoft.com/en-us/aspnet/core/security/cookie-sharing?tabs=aspnetcore2x for details */ services.AddDataProtection() .PersistKeysToFileSystem(new DirectoryInfo(configuration.Web.CookieKeyRingDirectory)) .SetApplicationName("ulearn"); services.ConfigureApplicationCookie(options => { options.Cookie.Name = configuration.Web.CookieName; options.Cookie.Expiration = TimeSpan.FromDays(14); options.Cookie.Domain = configuration.Web.CookieDomain; options.LoginPath = "/users/login"; options.LogoutPath = "/users/logout"; options.Events.OnRedirectToLogin = context => { /* Replace standard redirecting to LoginPath */ context.Response.StatusCode = (int)HttpStatusCode.Unauthorized; return(Task.CompletedTask); }; options.Events.OnRedirectToAccessDenied = context => { /* Replace standard redirecting to AccessDenied */ context.Response.StatusCode = (int)HttpStatusCode.Forbidden; return(Task.CompletedTask); }; }); services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = configuration.Web.Authentication.Jwt.Issuer, ValidAudience = configuration.Web.Authentication.Jwt.Audience, IssuerSigningKey = JwtBearerHelpers.CreateSymmetricSecurityKey(configuration.Web.Authentication.Jwt.IssuerSigningKey) }; }); services.AddAuthorization(options => { options.AddPolicy("Instructors", policy => policy.Requirements.Add(new CourseRoleRequirement(CourseRoleType.Instructor))); options.AddPolicy("CourseAdmins", policy => policy.Requirements.Add(new CourseRoleRequirement(CourseRoleType.CourseAdmin))); options.AddPolicy("SysAdmins", policy => policy.RequireRole(new List <string> { LmsRoleType.SysAdmin.GetDisplayName() })); foreach (var courseAccessType in Enum.GetValues(typeof(CourseAccessType)).Cast <CourseAccessType>()) { var policyName = courseAccessType.GetAuthorizationPolicyName(); options.AddPolicy(policyName, policy => policy.Requirements.Add(new CourseAccessRequirement(courseAccessType))); } }); }