Created
December 10, 2019 05:41
-
-
Save bachoang/90b646e2fedb0a446522d5e0076dddf7 to your computer and use it in GitHub Desktop.
asp.net core web API implementing JwtBearerOptions events
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Diagnostics; | |
using System.Text; | |
using System.Threading.Tasks; | |
using Microsoft.AspNetCore.Authentication.JwtBearer; | |
using Microsoft.AspNetCore.Builder; | |
using Microsoft.AspNetCore.Hosting; | |
using Microsoft.AspNetCore.Http; | |
using Microsoft.AspNetCore.Mvc; | |
using Microsoft.Extensions.Configuration; | |
using Microsoft.Extensions.DependencyInjection; | |
namespace CoreWebAPIAAD | |
{ | |
public class Startup | |
{ | |
public string message = ""; | |
public Startup(IConfiguration configuration) | |
{ | |
Configuration = configuration; | |
} | |
public IConfiguration Configuration { get; } | |
// This method gets called by the runtime. Use this method to add services to the container. | |
public void ConfigureServices(IServiceCollection services) | |
{ | |
services.AddAuthentication(sharedoptions => | |
{ | |
sharedoptions.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; | |
}) | |
.AddJwtBearer(options => | |
{ | |
options.Authority = "https://login.microsoftonline.com/<tenant>.onmicrosoft.com"; | |
// if you intend to validate only one audience for the access token, you can use options.Audience instead of | |
// using options.TokenValidationParameters which allow for more customization. | |
// options.Audience = "10e569bc5-4c43-419e-971b-7c37112adf691"; | |
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters | |
{ | |
ValidAudiences = new List<string> { "<Application ID URI>", "10e569bc5-4c43-419e-971b-7c37112adf691" }, | |
ValidIssuers = new List<string> { "https://sts.windows.net/<Directory ID>/", "https://sts.windows.net/<Directory ID>/v2.0" } | |
}; | |
options.Events = new JwtBearerEvents | |
{ | |
OnAuthenticationFailed = ctx => | |
{ | |
ctx.Response.StatusCode = StatusCodes.Status401Unauthorized; | |
message += "From OnAuthenticationFailed:\n"; | |
message += FlattenException(ctx.Exception); | |
return Task.CompletedTask; | |
}, | |
OnChallenge = ctx => | |
{ | |
message += "From OnChallenge:\n"; | |
ctx.Response.StatusCode = StatusCodes.Status401Unauthorized; | |
ctx.Response.ContentType = "text/plain"; | |
return ctx.Response.WriteAsync(message); | |
}, | |
OnMessageReceived = ctx => | |
{ | |
message = "From OnMessageReceived:\n"; | |
ctx.Request.Headers.TryGetValue("Authorization", out var BearerToken); | |
if (BearerToken.Count == 0) | |
BearerToken = "no Bearer token sent\n"; | |
message += "Authorization Header sent: " + BearerToken + "\n"; | |
return Task.CompletedTask; | |
}, | |
OnTokenValidated = ctx => | |
{ | |
Debug.WriteLine("token: " + ctx.SecurityToken.ToString()); | |
return Task.CompletedTask; | |
} | |
}; | |
}); | |
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); | |
} | |
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. | |
public void Configure(IApplicationBuilder app, IHostingEnvironment env) | |
{ | |
if (env.IsDevelopment()) | |
{ | |
app.UseDeveloperExceptionPage(); | |
} | |
else | |
{ | |
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. | |
app.UseHsts(); | |
} | |
// turn on PII logging | |
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true; | |
app.UseHttpsRedirection(); | |
app.UseAuthentication(); | |
app.UseMvc(); | |
} | |
public static string FlattenException(Exception exception) | |
{ | |
var stringBuilder = new StringBuilder(); | |
while (exception != null) | |
{ | |
stringBuilder.AppendLine(exception.Message); | |
stringBuilder.AppendLine(exception.StackTrace); | |
exception = exception.InnerException; | |
} | |
return stringBuilder.ToString(); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment