92 lines
3.6 KiB
C#
92 lines
3.6 KiB
C#
using Invio.Extensions.Authentication.JwtBearer;
|
|
using IRaCIS.Core.Application.Auth;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.JwtBearer;
|
|
using Microsoft.Extensions.Configuration;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using System;
|
|
using System.Text;
|
|
|
|
namespace IRaCIS.Core.API
|
|
{
|
|
public static class JWTAuthSetup
|
|
{
|
|
public static void AddJWTAuthSetup(this IServiceCollection services, IConfiguration configuration)
|
|
{
|
|
services.Configure<JwtSetting>(configuration.GetSection("JwtSetting"));
|
|
|
|
var jwtSetting = new JwtSetting();
|
|
configuration.Bind("JwtSetting", jwtSetting);
|
|
|
|
services
|
|
.AddAuthentication(o=> {
|
|
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
|
|
o.DefaultChallengeScheme = nameof(ApiResponseHandler);
|
|
o.DefaultForbidScheme = nameof(ApiResponseHandler);
|
|
})
|
|
.AddJwtBearer(options =>
|
|
{
|
|
options.TokenValidationParameters = new TokenValidationParameters
|
|
{
|
|
ValidIssuer = jwtSetting.Issuer,
|
|
ValidAudience = jwtSetting.Audience,
|
|
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSetting.SecurityKey)),
|
|
// 默认 300s
|
|
ClockSkew = TimeSpan.Zero
|
|
};
|
|
|
|
// OPTION 1: use `Invio.Extensions.Authentication.JwtBearer`
|
|
|
|
options.AddQueryStringAuthentication();
|
|
|
|
// OPTION 2: do it manually
|
|
|
|
#region
|
|
//options.Events = new JwtBearerEvents
|
|
//{
|
|
// OnMessageReceived = (context) => {
|
|
|
|
// if (!context.Request.Query.TryGetValue("access_token", out StringValues values))
|
|
// {
|
|
// return Task.CompletedTask;
|
|
// }
|
|
|
|
// if (values.Count > 1)
|
|
// {
|
|
// context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
|
|
// context.Fail(
|
|
// "Only one 'access_token' query string parameter can be defined. " +
|
|
// $"However, {values.Count:N0} were included in the request."
|
|
// );
|
|
|
|
// return Task.CompletedTask;
|
|
// }
|
|
|
|
// var token = values.Single();
|
|
|
|
// if (String.IsNullOrWhiteSpace(token))
|
|
// {
|
|
// context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
|
|
// context.Fail(
|
|
// "The 'access_token' query string parameter was defined, " +
|
|
// "but a value to represent the token was not included."
|
|
// );
|
|
|
|
// return Task.CompletedTask;
|
|
// }
|
|
|
|
// context.Token = token;
|
|
|
|
// return Task.CompletedTask;
|
|
// }
|
|
//};
|
|
#endregion
|
|
|
|
})
|
|
.AddScheme<AuthenticationSchemeOptions, ApiResponseHandler>(nameof(ApiResponseHandler), o => { });
|
|
|
|
}
|
|
}
|
|
}
|