Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.IdentityModel.Tokens.Jwt;
- using System.IO;
- using System.Security.Cryptography.X509Certificates;
- using System.Threading;
- using System.Threading.Tasks;
- using Microsoft.AspNetCore.Authentication.JwtBearer;
- using Microsoft.AspNetCore.Builder;
- using Microsoft.AspNetCore.Hosting;
- using Microsoft.AspNetCore.Mvc;
- using Microsoft.Extensions.Configuration;
- using Microsoft.Extensions.DependencyInjection;
- using Microsoft.IdentityModel.Protocols;
- using Microsoft.IdentityModel.Protocols.OpenIdConnect;
- using Microsoft.IdentityModel.Tokens;
- namespace OidcApi
- {
- public class NullConfigurationManager : IConfigurationManager<OpenIdConnectConfiguration>
- {
- public Task<OpenIdConnectConfiguration> GetConfigurationAsync(CancellationToken cancel)
- {
- return Task.FromResult((OpenIdConnectConfiguration) null);
- }
- public void RequestRefresh()
- {
- }
- }
- public class Startup
- {
- public Startup(IConfiguration configuration)
- {
- Configuration = configuration;
- }
- public IConfiguration Configuration { get; }
- public void ConfigureServices(IServiceCollection services)
- {
- var cert = new X509Certificate2(File.ReadAllBytes("pkcs12public_dev_usb_123.pfx"), "123");
- var key = new X509SecurityKey(cert);
- var jwk = JsonWebKeyConverter.ConvertFromX509SecurityKey(key);
- services.AddMvc()
- .SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
- services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
- .AddJwtBearer(options =>
- {
- options.SecurityTokenValidators.Clear();
- options.SecurityTokenValidators.Add(
- new JwtSecurityTokenHandler
- {
- MapInboundClaims = false
- });
- options.ConfigurationManager = new NullConfigurationManager();
- options.TokenValidationParameters = new TokenValidationParameters
- {
- ValidIssuer = "https://oidc-auth-dev-usb.dodois.ru",
- ValidAudience = "delivery_cashier",
- IssuerSigningKeys = new SecurityKey[] {jwk},
- ValidateActor = false,
- ValidateAudience = true,
- ValidateIssuer = true,
- ValidateIssuerSigningKey = true,
- ValidateLifetime = true,
- ValidateTokenReplay = true,
- RequireExpirationTime = true,
- RequireSignedTokens = true,
- ClockSkew = TimeSpan.FromSeconds(5),
- NameClaimType = Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames.Sub,
- RoleClaimType = "role"
- };
- });
- }
- public void Configure(IApplicationBuilder app, IHostingEnvironment env)
- {
- if (env.IsDevelopment())
- {
- app.UseDeveloperExceptionPage();
- }
- else
- {
- app.UseHsts();
- }
- app.UseAuthentication();
- app.UseHttpsRedirection();
- app.UseMvc();
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement