// /Api/Admin/{action} /// <summary> /// Constructor /// </summary> /// <param name="environment"></param> /// <param name="tokenValidationSettings"></param> /// <param name="tokenService"></param> /// <param name="frontendSettingsOptions"></param> /// <param name="avatarSettingsOptions"></param> /// <param name="userService"></param> /// <param name="adminUserService"></param> /// <param name="notificationService"></param> /// <param name="permissionService"></param> /// <param name="groupService"></param> /// <param name="roleService"></param> /// <param name="bulletinService"></param> /// <param name="userActionLogService"></param> /// <param name="moduleMetaDataProviders"></param> /// <param name="menuProviders"></param> /// <param name="logger"></param> public AdminController( IHostingEnvironment environment, TokenValidationSettings tokenValidationSettings, ITokenService tokenService, IOptions <FrontendSettings> frontendSettingsOptions, IOptions <AvatarSettings> avatarSettingsOptions, IUserService userService, IAdminUserService adminUserService, INotificationService notificationService, IPermissionService permissionService, IGroupService groupService, IRoleService roleService, IBulletinService bulletinService, IUserActionLogService userActionLogService, IEnumerable <IModuleMetaDataProvider> moduleMetaDataProviders, IEnumerable <IMenuProvider> menuProviders, ILogger <AdminController> logger) { _environment = environment; _tokenValidationSettings = tokenValidationSettings; _tokenService = tokenService; _frontendSettings = frontendSettingsOptions.Value; _avatarSettings = avatarSettingsOptions.Value; _userService = userService; _adminUserService = adminUserService; _notificationService = notificationService; _permissionService = permissionService; _groupService = groupService; _roleService = roleService; _bulletinService = bulletinService; _userActionLogService = userActionLogService; _moduleMetaDataProviders = moduleMetaDataProviders; _menuProviders = menuProviders; _logger = logger; }
// /Api/Admin/{action} /// <summary> /// 构造函数 /// </summary> /// <param name="tokenValidationSettings"></param> /// <param name="frontendSettingsOptions"></param> /// <param name="userService"></param> /// <param name="adminUserService"></param> /// <param name="notificationService"></param> /// <param name="permissionService"></param> /// <param name="groupService"></param> /// <param name="roleService"></param> /// <param name="bulletinService"></param> /// <param name="permissionProviders"></param> /// <param name="menuProviders"></param> public AdminController( TokenValidationSettings tokenValidationSettings, IOptions <FrontendSettings> frontendSettingsOptions, IUserService userService, IAdminUserService adminUserService, INotificationService notificationService, IPermissionService permissionService, IGroupService groupService, IRoleService roleService, IBulletinService bulletinService, IEnumerable <IPermissionProvider> permissionProviders, IEnumerable <IMenuProvider> menuProviders) { _tokenValidationSettings = tokenValidationSettings; _frontendSettings = frontendSettingsOptions.Value; _userService = userService; _adminUserService = adminUserService; _notificationService = notificationService; _permissionService = permissionService; _groupService = groupService; _roleService = roleService; _bulletinService = bulletinService; _permissionProviders = permissionProviders; _menuProviders = menuProviders; }
/// <summary> /// 构造函数 /// </summary> /// <param name="tokenValidationSettings"></param> /// <param name="cache"></param> public TokenService( TokenValidationSettings tokenValidationSettings, IDistributedCache cache ) { _tokenValidationSettings = tokenValidationSettings; _cache = cache; }
/// <summary> /// Constructor /// </summary> /// <param name="tokenValidationSettings"></param> /// <param name="cache"></param> /// <param name="logger"></param> public TokenService( TokenValidationSettings tokenValidationSettings, IDistributedCache cache, ILogger <TokenService> logger ) { _tokenValidationSettings = tokenValidationSettings; _cache = cache; _logger = logger; }
private static CloudBornWebConfiguration CreateConfiguration(IConfiguration configuration) { ServiceEnvironmentSettings serviceEnvironmentSettings = configuration.GetSection("ServiceEnvironment").Get <ServiceEnvironmentSettings>(); var environmentSettings = EnvironmentSettingsLoader.Load(serviceEnvironmentSettings.EnvironmentSettingsResourceName); TokenValidationSettings tokenValidationSettings = configuration.GetSection("TokenValidation").Get <TokenValidationSettings>(); var authorizedResources = configuration.GetSection("AuthorizedResources").Get <AuthorizedResources>(); return(new CloudBornWebConfiguration(serviceEnvironmentSettings, environmentSettings, tokenValidationSettings, authorizedResources)); }
public CloudBornWebConfiguration( ServiceEnvironmentSettings serviceEnvironmentSettings, EnvironmentSettings environmentSettings, TokenValidationSettings tokenValidationSettings, AuthorizedResources authorizedResources) { this.ServiceEnvironmentSettings = serviceEnvironmentSettings; this.EnvironmentSettings = environmentSettings; this.TokenValidationSettings = tokenValidationSettings; this.AuthorizedResources = authorizedResources; }
public AuthenticationController( IOptions <AuthenticationSettings> authenticationSettingsOptions, TokenValidationSettings tokenValidationSettings, IUserService userService, IMobileUserService mobileUserService, IWeixinUserService weixinUserService ) { _authenticationSettings = authenticationSettingsOptions.Value; _tokenValidationSettings = tokenValidationSettings; _userService = userService; _mobileUserService = mobileUserService; _weixinUserService = weixinUserService; }
private static StatelessAuthenticationConfiguration BuildAuthConfiguration(TokenValidationSettings settings) { var configuration = new StatelessAuthenticationConfiguration( ctx => { try { var authorization = ctx.Request.Headers.Authorization; if (string.IsNullOrWhiteSpace(authorization)) { return(null); } if (!authorization.StartsWith(TokenPrefix, StringComparison.OrdinalIgnoreCase)) { return(null); } var jwtToken = authorization.Remove(0, TokenPrefix.Length); var handler = new JwtSecurityTokenHandler { SetDefaultTimesOnTokenCreation = false }; var principal = handler.ValidateToken( jwtToken, settings.BuildTokenValidationParameters(), out _); ParsePermissions(principal, jwtToken); return(principal); } catch (Exception) { return(null); } }); return(configuration); }
private static TokenValidationSettings BuildDefaultTokenValidationSettings() { var settings = new TokenValidationSettings { Audience = "*", Issuer = "Issuer", ValidateLifetime = false, Keys = new[] { new KeyInfo { Alg = SecurityAlgorithms.HmacSha256, Key = "kiHLSfGebYvXGTDx0vWb53JhyUpnw6HvgRwOJ6h/hUs=" }, new KeyInfo { Alg = SecurityAlgorithms.RsaSha256, Key = "PFJTQUtleVZhbHVlPjxNb2R1bHVzPng1Y2tLak5NQzUvVTRETnZ2ZEhTRnkzc1ZoUDgxRmZrZ1lmZ3o5RjRXK05mUVpXK3k2Mk43NmZwRjRMOGh0cVNoSjFRcjJuRUtFNjdPZ2V0R3FjZWJ6dlppaXU3UXlpTFlzN1VJK2sxUGhiN1B1WDFTNUFBelpkY2tRSDdiNXZiV2lXVmdyUG9xYjM3M1BnRTJDai8vNFZmYUR4TEhWOThBbCtXbTV5VEd3WjhPWk45MVFSSmdmQkVseXB0ZEw1MDVRbkVzZGQ3aEZUU0VkUTdlUDRaOE1JK1REaVk5VU10WFh4cU1haUY0UWw1RFR5bUMvUWpiSi9aaVZLbXZXeCtFRkZFSHdUTFZYSHNxZUp5bTg5SzNma3Zvdm11NHNhOGN3ZUovWlRwUnJDM0R0M2YrZnd0NFFBRTNEOGxZNjBmNjhEQkdteWNQVDVtRDliUzlYYWxoUT09PC9Nb2R1bHVzPjxFeHBvbmVudD5BUUFCPC9FeHBvbmVudD48L1JTQUtleVZhbHVlPg ==" } } }; return settings; }
public static void AddDomain0Auth(this IPipelines pipelines, TokenValidationSettings settings) { StatelessAuthentication.Enable( pipelines, BuildAuthConfiguration(settings)); }
public static void AddDomain0Auth(this IServiceCollection services, TokenValidationSettings settings) { var defaultPolicy = new AuthorizationPolicyBuilder() .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme) .RequireAuthenticatedUser() .Build(); services.AddAuthorizationCore(opt => opt.AddPolicy(Domain0Auth.Policy, defaultPolicy)); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options => { // Automatically disable the HTTPS requirement for development scenarios. options.RequireHttpsMetadata = false; //!env.IsDevelopment(); options.ConfigurationManager = null; options.MetadataAddress = null; options.Authority = null; options.TokenValidationParameters = settings.BuildTokenValidationParameters(); options.Events = new JwtBearerEvents { OnAuthenticationFailed = context => Task.FromResult(0), OnTokenValidated = context => { //TODO use constants var claimsIdentity = (ClaimsIdentity)context.Principal.Identity; claimsIdentity.AddClaim(new Claim("id_token", context.Request.Headers["Authorization"][0].Substring( context.Scheme.Name.Length + 1))); foreach (var role in context.Principal.FindAll("permissions").ToList()) { foreach (var permission in JsonConvert.DeserializeObject <string[]>(role.Value)) { claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, permission)); } } var subClaim = context.Principal.FindFirst( "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"); if (subClaim != null) { claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, subClaim.Value)); } return(Task.FromResult(0)); }, OnChallenge = context => { //TODO replace if (string.Compare(context.Request.Method, "OPTIONS", StringComparison.OrdinalIgnoreCase) != 0) { return(Task.FromResult(0)); } context.Response.StatusCode = 200; context.Response.Headers.Add("Access-Control-Allow-Origin", context.Request.Headers["Origin"][0]); context.Response.Headers.Add("Access-Control-Allow-Credentials", "true"); context.Response.Headers.Add("Access-Control-Allow-Headers", context.Request.Headers["Access-Control-Request-Headers"][0]); return(Task.FromResult(0)); } }; }); }