Startup.auth.cs

1. using System;
2. using System.Text;
3. using System.Security.Claims;
4. using System.Security.Principal;
5. using System.Threading.Tasks;
6. using Microsoft.AspNetCore.Builder;
7. using Microsoft.IdentityModel.Tokens;
8. using Microsoft.Extensions.Options;
9.  
10.  
11. namespace WebApplication1
12. {
13.     public partial class Startup
14.     {
15.         private void ConfigureAuth(IApplicationBuilder app)
16.         {
17.             var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration.GetSection("TokenAuthentication:SecretKey").Value));
18.  
19.             var tokenValidationParameters = new TokenValidationParameters
20.             {
21.                 // The signing key must match!
22.                 ValidateIssuerSigningKey = true,
23.                 IssuerSigningKey = signingKey,
24.                 // Validate the JWT Issuer (iss) claim
25.                 ValidateIssuer = true,
26.                 ValidIssuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
27.                 // Validate the JWT Audience (aud) claim
28.                 ValidateAudience = true,
29.                 ValidAudience = Configuration.GetSection("TokenAuthentication:Audience").Value,
30.                 // Validate the token expiry
31.                 ValidateLifetime = true,
32.                 // If you want to allow a certain amount of clock drift, set that here:
33.                 ClockSkew = TimeSpan.Zero
34.             };
35.  
36.             app.UseJwtBearerAuthentication(new JwtBearerOptions
37.             {
38.                 AutomaticAuthenticate = true,
39.                 AutomaticChallenge = true,
40.                 TokenValidationParameters = tokenValidationParameters
41.             });
42.  
43.  
44.  
45.             app.UseCookieAuthentication(new CookieAuthenticationOptions
46.             {
47.                 AutomaticAuthenticate = true,
48.                 AutomaticChallenge = true,
49.                 AuthenticationScheme = "Cookie",
50.                 CookieName = Configuration.GetSection("TokenAuthentication:CookieName").Value,
51.                 TicketDataFormat = new CustomJwtDataFormat(
52.                     SecurityAlgorithms.HmacSha256,
53.                     tokenValidationParameters)
54.             });
55.  
56.             var tokenProviderOptions = new TokenProviderOptions
57.             {
58.                 Path = Configuration.GetSection("TokenAuthentication:TokenPath").Value,
59.                 Audience = Configuration.GetSection("TokenAuthentication:Audience").Value,
60.                 Issuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
61.                 SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256),
62.                 IdentityResolver = GetIdentity
63.             };
64.  
65.             app.UseMiddleware<TokenProviderMiddleware>(Options.Create(tokenProviderOptions));
66.  
67.  
68.         }
69.  
70.         private Task<ClaimsIdentity> GetIdentity(string username, string password)
71.         {
72.             // Don't do this in production, obviously!
73.             if (username == "TEST" && password == "TEST123")
74.             {
75.                 return Task.FromResult(new ClaimsIdentity(new GenericIdentity(username, "Token"), new Claim[] { }));
76.             }
77.  
78.             // Credentials are invalid, or account doesn't exist
79.             return Task.FromResult<ClaimsIdentity>(null);
80.         }
81.     }
82. }