public static void ConfigureAuthentication(this IServiceCollection services, TokenProviderConfig cfg, string[] areas) { SymmetricSecurityKey signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(cfg.TokenSecurityKey)); var tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, // The signing key must match! IssuerSigningKey = signingKey, ValidateIssuer = true, // Validate the JWT Issuer (iss) claim ValidIssuer = cfg.TokenIssuer, ValidateAudience = true, // Validate the JWT Audience (aud) claim ValidAudience = cfg.TokenAudience, ValidateLifetime = true, // Validate the token expiry ClockSkew = TimeSpan.Zero // If you want to allow a certain amount of clock drift, set that here: }; services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.Events = new JwtBearerEvents { OnChallenge = (context) => { return(OnChallenge(context, areas)); } }; options.SaveToken = true; options.TokenValidationParameters = tokenValidationParameters; }) .AddCookie(options => { options.Cookie.Name = "access_token"; options.TicketDataFormat = new Model.TokenDataFormat(cfg.TokenSecurityAlgorithm, CookieAuthenticationDefaults.AuthenticationScheme, tokenValidationParameters); }); }
public TokenController(IOptions <TokenProviderConfig> options, UserManager <ApplicationUser> userManager, SignInManager <ApplicationUser> signInManager, IUserClaimsPrincipalFactory <ApplicationUser> userClaimsPrincipalFactory, ITraffkTenantFinder traffkTenantFinder, ILogger logger) : base(logger) { Options = options.Value; var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Options.SecretKey)); SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256); Requires.NonNull(Options.Issuer, nameof(Options.Issuer)); Requires.NonNull(Options.Audience, nameof(Options.Audience)); Requires.True(Options.Expiration > TimeSpan.Zero, nameof(Options.Expiration)); UserManager = userManager; SignInManager = signInManager; UserClaimsPrincipalFactory = userClaimsPrincipalFactory; TraffkTenantFinder = traffkTenantFinder; }
public static void UseTokenBasedAuthentication(this IApplicationBuilder app, TokenProviderConfig cfg, string[] areas) { SymmetricSecurityKey signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(cfg.TokenSecurityKey)); Func <JwtBearerChallengeContext, Task> onChallenge = (JwtBearerChallengeContext context) => { if (context.Response.StatusCode == 302) { Uri location = context.Response.GetTypedHeaders().Location; string referrer = context.Request.Headers[HeaderNames.Referer]; if (location != null && !string.IsNullOrEmpty(referrer)) { string locationUri = new UriBuilder(location.Scheme, location.Host, location.Port, "Login").ToString(); string returnUrl = CreateReturnUrl(referrer, areas); context.Response.Headers.Remove(HeaderNames.Location); locationUri = QueryHelpers.AddQueryString(locationUri, "returnUrl", returnUrl); if (!string.IsNullOrEmpty(context.Error)) { locationUri = QueryHelpers.AddQueryString(locationUri, "errorCode", context.Error); } if (!string.IsNullOrEmpty(context.ErrorDescription)) { locationUri = QueryHelpers.AddQueryString(locationUri, "errorDesc", context.ErrorDescription); } context.Response.Headers.Append(HeaderNames.Location, locationUri); context.Response.StatusCode = 200; } } context.Response.Headers.Append(HeaderNames.WWWAuthenticate, context.Options.Challenge); return(Task.Factory.StartNew(() => context.HandleResponse())); }; var tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, // The signing key must match! IssuerSigningKey = signingKey, ValidateIssuer = true, // Validate the JWT Issuer (iss) claim ValidIssuer = cfg.TokenIssuer, ValidateAudience = true, // Validate the JWT Audience (aud) claim ValidAudience = cfg.TokenAudience, ValidateLifetime = true, // Validate the token expiry ClockSkew = TimeSpan.Zero // If you want to allow a certain amount of clock drift, set that here: }; app.UseJwtBearerAuthentication(new JwtBearerOptions { AutomaticAuthenticate = true, AutomaticChallenge = true, SaveToken = true, TokenValidationParameters = tokenValidationParameters, Events = new JwtBearerEvents { OnChallenge = onChallenge } }); app.UseCookieAuthentication(new CookieAuthenticationOptions { AutomaticAuthenticate = true, AutomaticChallenge = true, AuthenticationScheme = "Cookie", CookieName = "access_token", TicketDataFormat = new Model.TokenDataFormat(cfg.TokenSecurityAlgorithm, "Cookie", tokenValidationParameters) }); }