Skip to content

Commit ae21e12

Browse files
authored
Sample refactor (#10)
* Adding JBR exclusion * Completed AuthZ implementation for Permissions / App Roles
1 parent 3160ae1 commit ae21e12

File tree

197 files changed

+150144
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

197 files changed

+150144
-0
lines changed

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ bld/
2121
[Bb]in/
2222
[Oo]bj/
2323

24+
# JetBrains Rider director
25+
.idea/
2426
# Visual Studio 2015 cache/options directory
2527
.vs/
2628
# Uncomment if you have tasks that create the project's static files in wwwroot
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
<Project Sdk="Microsoft.NET.Sdk.Web">
2+
3+
<PropertyGroup>
4+
<TargetFramework>net6.0</TargetFramework>
5+
<Nullable>enable</Nullable>
6+
<ImplicitUsings>enable</ImplicitUsings>
7+
<UserSecretsId>d475610a-7a11-433f-aa9c-cf3927afbe7a</UserSecretsId>
8+
</PropertyGroup>
9+
10+
<ItemGroup>
11+
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.5" />
12+
</ItemGroup>
13+
14+
</Project>
Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
using System.IdentityModel.Tokens.Jwt;
2+
using Microsoft.AspNetCore.Authentication.JwtBearer;
3+
using Microsoft.Net.Http.Headers;
4+
5+
namespace Microsoft.Extensions.DependencyInjection;
6+
7+
public static class AuthenticationExtensions
8+
{
9+
public static IServiceCollection AddApiAuthentication(this IServiceCollection services, IConfiguration configuration)
10+
{
11+
// Clear all the claim type mappings
12+
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
13+
14+
var schemeNames = new TokenAuthority[] {
15+
new TokenAuthority { Name = "Auth0", Issuer = configuration["Auth0:Authority"] },
16+
new TokenAuthority { Name = "Okta", Issuer = configuration["Okta:Authority"] },
17+
};
18+
19+
services
20+
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
21+
.AddJwtBearer(options =>
22+
{
23+
options.ForwardDefaultSelector = context =>
24+
{
25+
string authorization = context.Request.Headers[HeaderNames.Authorization];
26+
27+
if (!string.IsNullOrEmpty(authorization))
28+
{
29+
if (authorization.StartsWith(JwtBearerDefaults.AuthenticationScheme, StringComparison.OrdinalIgnoreCase))
30+
{
31+
var token = authorization.Substring(JwtBearerDefaults.AuthenticationScheme.Length + 1).Trim();
32+
var jwtHandler = new JwtSecurityTokenHandler();
33+
34+
if (jwtHandler.CanReadToken(token))
35+
{
36+
var jwtToken = jwtHandler.ReadJwtToken(token);
37+
var authority = schemeNames.FirstOrDefault(scheme => string.Equals(scheme.Issuer, jwtToken.Issuer));
38+
39+
return authority?.Name;
40+
}
41+
}
42+
}
43+
44+
return null;
45+
};
46+
})
47+
.AddJwtBearer("Auth0", options =>
48+
{
49+
options.Authority = configuration["Auth0:Authority"];
50+
options.RefreshOnIssuerKeyNotFound = true;
51+
52+
options.TokenValidationParameters.IgnoreTrailingSlashWhenValidatingAudience = true;
53+
options.TokenValidationParameters.ValidateActor = false;
54+
options.TokenValidationParameters.ValidateAudience = false;
55+
options.TokenValidationParameters.ValidateIssuer = false;
56+
options.TokenValidationParameters.ValidateLifetime = true;
57+
})
58+
.AddJwtBearer("Okta", options =>
59+
{
60+
options.Authority = configuration["Okta:Authority"];
61+
options.RefreshOnIssuerKeyNotFound = true;
62+
63+
options.TokenValidationParameters.IgnoreTrailingSlashWhenValidatingAudience = true;
64+
options.TokenValidationParameters.ValidateActor = false;
65+
options.TokenValidationParameters.ValidateAudience = false;
66+
options.TokenValidationParameters.ValidateIssuer = false;
67+
options.TokenValidationParameters.ValidateLifetime = true;
68+
});
69+
70+
return services;
71+
}
72+
}
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
namespace AuthN.API.Controllers;
2+
3+
public class ClaimEcho
4+
{
5+
public string Type { get; set; }
6+
public string Value { get; set; }
7+
}
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
using Microsoft.AspNetCore.Mvc;
2+
3+
namespace AuthN.API.Controllers;
4+
5+
[ApiController, Route("echo")]
6+
public class EchoController : Controller
7+
{
8+
[HttpGet, Route("")]
9+
public ClaimEcho[] Get()
10+
{
11+
var user = User;
12+
var claims = user.Claims.Select(c =>
13+
new ClaimEcho {Type = c.Type, Value = c.Value}).ToArray();
14+
15+
return claims;
16+
}
17+
}
Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
var builder = WebApplication.CreateBuilder(args);
2+
3+
var services = builder.Services;
4+
var configuration = builder.Configuration;
5+
6+
services.AddControllers();
7+
services.AddApiAuthentication(configuration);
8+
9+
var app = builder.Build();
10+
11+
app.UseHttpsRedirection();
12+
13+
app.UseAuthentication();
14+
app.UseAuthorization();
15+
16+
app.MapControllers().RequireAuthorization();
17+
18+
app.Run();
Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"$schema": "https://json.schemastore.org/launchsettings.json",
3+
"iisSettings": {
4+
"windowsAuthentication": false,
5+
"anonymousAuthentication": true,
6+
"iisExpress": {
7+
"applicationUrl": "http://localhost:22768",
8+
"sslPort": 44316
9+
}
10+
},
11+
"profiles": {
12+
"AuthN.API": {
13+
"commandName": "Project",
14+
"dotnetRunMessages": true,
15+
"launchBrowser": true,
16+
"launchUrl": "echo",
17+
"applicationUrl": "https://localhost:7043;http://localhost:5279",
18+
"environmentVariables": {
19+
"ASPNETCORE_ENVIRONMENT": "Development"
20+
}
21+
},
22+
"IIS Express": {
23+
"commandName": "IISExpress",
24+
"launchBrowser": true,
25+
"launchUrl": "swagger",
26+
"environmentVariables": {
27+
"ASPNETCORE_ENVIRONMENT": "Development"
28+
}
29+
}
30+
}
31+
}
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
namespace Microsoft.Extensions.DependencyInjection;
2+
3+
public class TokenAuthority
4+
{
5+
public string Name { get; set; }
6+
public string Issuer { get; set; }
7+
public string Endpoint { get; set; }
8+
}
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
{
2+
"Logging": {
3+
"LogLevel": {
4+
"Default": "Information",
5+
"Microsoft.AspNetCore": "Warning"
6+
}
7+
}
8+
}
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
{
2+
"Logging": {
3+
"LogLevel": {
4+
"Default": "Information",
5+
"Microsoft.AspNetCore": "Warning"
6+
}
7+
},
8+
"AllowedHosts": "*",
9+
"Okta": {
10+
"Authority": ""
11+
},
12+
"Auth0": {
13+
"Authority": ""
14+
}
15+
}

0 commit comments

Comments
 (0)