husm
diff --git a/‎.DS_Store
6 KB b/‎.DS_Store
6 KB
diff --git a/‎.vscode/launch.json
+46 b/‎.vscode/launch.json
+46
diff --git a/‎.vscode/tasks.json
+16 b/‎.vscode/tasks.json
+16
diff --git a/‎ApiDemo.csproj
+18 b/‎ApiDemo.csproj
+18
diff --git a/‎Controllers/JwtController.cs
+127 b/‎Controllers/JwtController.cs
+127
diff --git a/‎Controllers/ValuesController.cs
+63 b/‎Controllers/ValuesController.cs
+63
diff --git a/‎Models/ApplicationUser.cs
+8 b/‎Models/ApplicationUser.cs
+8
diff --git a/‎Options/JwtIssuerOptions.cs
+103 b/‎Options/JwtIssuerOptions.cs
+103
@@ -0,0 +1,46 @@
+{
+   // Use IntelliSense to find out which attributes exist for C# debugging
+   // Use hover for the description of the existing attributes
+   // For further information visit https://github.com/OmniSharp/omnisharp-vscode/blob/master/debugger-launchjson.md
+   "version": "0.2.0",
+   "configurations": [
+        {
+            "name": ".NET Core Launch (web)",
+            "type": "coreclr",
+            "request": "launch",
+            "preLaunchTask": "build",
+            // If you have changed target frameworks, make sure to update the program path.
+            "program": "${workspaceRoot}/bin/Debug/netcoreapp1.1/ApiDemo.dll",
+            "args": [],
+            "cwd": "${workspaceRoot}",
+            "stopAtEntry": false,
+            "internalConsoleOptions": "openOnSessionStart",
+            "launchBrowser": {
+                "enabled": true,
+                "args": "${auto-detect-url}",
+                "windows": {
+                    "command": "cmd.exe",
+                    "args": "/C start ${auto-detect-url}"
+                },
+                "osx": {
+                    "command": "open"
+                },
+                "linux": {
+                    "command": "xdg-open"
+                }
+            },
+            "env": {
+                "ASPNETCORE_ENVIRONMENT": "Development"
+            },
+            "sourceFileMap": {
+                "/Views": "${workspaceRoot}/Views"
+            }
+        },
+        {
+            "name": ".NET Core Attach",
+            "type": "coreclr",
+            "request": "attach",
+            "processId": "${command:pickProcess}"
+        }
+    ]
+}
@@ -0,0 +1,16 @@
+{
+    "version": "0.1.0",
+    "command": "dotnet",
+    "isShellCommand": true,
+    "args": [],
+    "tasks": [
+        {
+            "taskName": "build",
+            "args": [
+                "${workspaceRoot}/ApiDemo.csproj"
+            ],
+            "isBuildCommand": true,
+            "problemMatcher": "$msCompile"
+        }
+    ]
+}
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Project Sdk="Microsoft.NET.Sdk.Web">
+  <PropertyGroup>
+    <TargetFramework>netcoreapp1.1</TargetFramework>
+  </PropertyGroup>
+  <ItemGroup>
+    <Folder Include="wwwroot\"/>
+  </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore" Version="1.1.1"/>
+    <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="1.1.2"/>
+    <PackageReference Include="Microsoft.Extensions.Logging.Debug" Version="1.1.1"/>
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="1.0.0"/>
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="5.1.3"/>
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.1.3"/>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="1.1.1"/>
+  </ItemGroup>
+</Project>
@@ -0,0 +1,127 @@
+using System;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
+using System.Security.Principal;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Newtonsoft.Json;
+
+namespace ApiDemo {
+    [Route("api/[controller]")]
+    public class JwtController : Controller
+    {
+        private readonly JwtIssuerOptions _jwtOptions;
+        private readonly ILogger _logger;
+        private readonly JsonSerializerSettings _serializerSettings;
+
+        public JwtController(IOptions<JwtIssuerOptions> jwtOptions, ILoggerFactory loggerFactory)
+        {
+            _jwtOptions = jwtOptions.Value;
+            ThrowIfInvalidOptions(_jwtOptions);
+
+            _logger = loggerFactory.CreateLogger<JwtController>();
+
+            _serializerSettings = new JsonSerializerSettings
+            {
+                Formatting = Formatting.Indented
+            };
+        }
+
+        [HttpPost]
+        [AllowAnonymous]
+        public async Task<IActionResult> Get([FromForm] ApplicationUser applicationUser)
+        {
+            var identity = await GetClaimsIdentity(applicationUser);
+            if (identity == null)
+            {
+                _logger.LogInformation($"Invalid username ({applicationUser.UserName}) or password ({applicationUser.Password})");
+                return BadRequest("Invalid credentials");
+            }
+
+            var claims = new[]
+            {
+                new Claim(JwtRegisteredClaimNames.Sub, applicationUser.UserName),
+                new Claim(JwtRegisteredClaimNames.Jti, await _jwtOptions.JtiGenerator()),
+                new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(_jwtOptions.IssuedAt).ToString(), ClaimValueTypes.Integer64),
+                identity.FindFirst("DisneyCharacter")
+            };
+
+            // Create the JWT security token and encode it.
+            var jwt = new JwtSecurityToken(
+                issuer: _jwtOptions.Issuer,
+                audience: _jwtOptions.Audience,
+                claims: claims,
+                notBefore: _jwtOptions.NotBefore,
+                expires: _jwtOptions.Expiration,
+                signingCredentials: _jwtOptions.SigningCredentials
+            );
+
+            var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
+
+            // Serialize and return the response
+            var response = new
+            {
+                access_token = encodedJwt,
+                expires_in = (int)_jwtOptions.ValidFor.TotalSeconds
+            };
+
+            var json = JsonConvert.SerializeObject(response, _serializerSettings);
+            return new OkObjectResult(json);
+        }
+
+        private static void ThrowIfInvalidOptions(JwtIssuerOptions options)
+        {
+            if (options == null) throw new ArgumentNullException(nameof(options));
+
+            if (options.ValidFor <= TimeSpan.Zero)
+            {
+                throw new ArgumentException("Must be a non-zero TimeSpan.", nameof(JwtIssuerOptions.ValidFor));
+            }
+
+            if (options.SigningCredentials == null)
+            {
+                throw new ArgumentNullException(nameof(JwtIssuerOptions.SigningCredentials));
+            }
+
+            if (options.JtiGenerator == null)
+            {
+                throw new ArgumentNullException(nameof(JwtIssuerOptions.JtiGenerator));
+            }
+        }
+
+        /// <returns>Date converted to seconds since Unix epoch (Jan 1, 1970, midnight UTC).</returns>
+        private static long ToUnixEpochDate(DateTime date)
+            => (long)Math.Round((date.ToUniversalTime() - new DateTimeOffset(1979, 1, 1, 0, 0, 0, TimeSpan.Zero)).TotalSeconds);
+
+        /// <summary>
+        /// IMAGINE BIG RED WARNING SIGNS HERE!
+        /// You'd want to retrieve claims through your claims provider
+        /// in whatever way suits you, the below is purely for demo purposes!
+        /// </summary>
+        private static Task<ClaimsIdentity> GetClaimsIdentity(ApplicationUser user)
+        {
+            if (user.UserName == "MickeyMouse" && user.Password == "MickeyMouse123")
+            {
+                return Task.FromResult(new ClaimsIdentity(new GenericIdentity(user.UserName, "Token"),
+                    new[]
+                    {
+                        new Claim("DisneyCharacter", "IAmMickey")
+                    }
+                ));
+            }
+
+            if (user.UserName == "NotMickeyMouse" && user.Password == "NotMickeyMouse123")
+            {
+                return Task.FromResult(new ClaimsIdentity(new GenericIdentity(user.UserName, "Token"),
+                    new Claim[] { }
+                ));
+            }
+
+            // Credentials are invalid, or accout doesn't exist
+            return Task.FromResult<ClaimsIdentity>(null);
+        }
+    }
+}
@@ -0,0 +1,63 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Newtonsoft.Json;
+
+namespace ApiDemo.Controllers
+{
+    [Route("api/[controller]")]
+    public class ValuesController : Controller
+    {
+        private readonly JsonSerializerSettings _serializerSettings;
+
+        public ValuesController()
+        {
+            _serializerSettings = new JsonSerializerSettings
+            {
+                Formatting = Formatting.Indented
+            };
+        }
+
+        // GET api/values
+        [HttpGet]
+        [Authorize(Policy = "DisneyUser")]
+        public IEnumerable<Value> Get()
+        {
+            return new Value[] { new Value{Id = 1, Text = "value1" }, new Value{ Id = 2, Text="value2"} };
+        }
+
+        // GET api/values/5
+        [HttpGet("{id:int}")]
+        public Value Get(int id)
+        {
+            return new Value { Id = id, Text = "value" };
+        }
+
+        // POST api/values
+        [HttpPost]
+        public IActionResult Post([FromBody]Value value)
+        {
+            return CreatedAtAction("Get", new { id = value.Id }, value);
+        }
+
+        // PUT api/values/5
+        [HttpPut("{id}")]
+        public void Put(int id, [FromBody]string value)
+        {
+        }
+
+        // DELETE api/values/5
+        [HttpDelete("{id}")]
+        public void Delete(int id)
+        {
+        }
+    }
+
+    public class Value {
+        public int Id { get; set; }
+        public string Text { get; set; } 
+    }
+}
@@ -0,0 +1,8 @@
+namespace ApiDemo
+{
+    public class ApplicationUser
+    {
+        public string UserName { get; set; }
+        public string Password { get; set; }
+    }
+}
@@ -0,0 +1,103 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.IdentityModel.Tokens;
+
+namespace ApiDemo
+{
+    public class JwtIssuerOptions
+    {
+        /// <summary>
+        /// "iss" (Issuer) Claim
+        /// </summary>
+        /// <remarks>The "iss" (issuer) claim identifies the principal that issued the
+        ///   JWT.  The processing of this claim is generally application specific.
+        ///   The "iss" value is a case-sensitive string containing a StringOrURI
+        ///   value.  Use of this claim is OPTIONAL.</remarks>
+        public string Issuer { get; set; }
+
+        /// <summary>
+        /// "sub" (Subject) Claim
+        /// </summary>
+        /// <remarks> The "sub" (subject) claim identifies the principal that is the
+        ///   subject of the JWT.  The claims in a JWT are normally statements
+        ///   about the subject.  The subject value MUST either be scoped to be
+        ///   locally unique in the context of the issuer or be globally unique.
+        ///   The processing of this claim is generally application specific.  The
+        ///   "sub" value is a case-sensitive string containing a StringOrURI
+        ///   value.  Use of this claim is OPTIONAL.</remarks>
+        public string Subject { get; set; }
+
+        /// <summary>
+        /// "aud" (Audience) Claim
+        /// </summary>
+        /// <remarks>The "aud" (audience) claim identifies the recipients that the JWT is
+        ///   intended for.  Each principal intended to process the JWT MUST
+        ///   identify itself with a value in the audience claim.  If the principal
+        ///   processing the claim does not identify itself with a value in the
+        ///   "aud" claim when this claim is present, then the JWT MUST be
+        ///   rejected.  In the general case, the "aud" value is an array of case-
+        ///   sensitive strings, each containing a StringOrURI value.  In the
+        ///   special case when the JWT has one audience, the "aud" value MAY be a
+        ///   single case-sensitive string containing a StringOrURI value.  The
+        ///   interpretation of audience values is generally application specific.
+        ///   Use of this claim is OPTIONAL.</remarks>
+        public string Audience { get; set; }
+
+        /// <summary>
+        /// "nbf" (Not Before) Claim (default is UTC NOW)
+        /// </summary>
+        /// <remarks>The "nbf" (not before) claim identifies the time before which the JWT
+        ///   MUST NOT be accepted for processing.  The processing of the "nbf"
+        ///   claim requires that the current date/time MUST be after or equal to
+        ///   the not-before date/time listed in the "nbf" claim.  Implementers MAY
+        ///   provide for some small leeway, usually no more than a few minutes, to
+        ///   account for clock skew.  Its value MUST be a number containing a
+        ///   NumericDate value.  Use of this claim is OPTIONAL.</remarks>
+        public DateTime NotBefore => DateTime.UtcNow;
+
+        /// <summary>
+        /// "iat" (Issued At) Claim (default is UTC NOW)
+        /// </summary>
+        /// <remarks>The "iat" (issued at) claim identifies the time at which the JWT was
+        ///   issued.  This claim can be used to determine the age of the JWT.  Its
+        ///   value MUST be a number containing a NumericDate value.  Use of this
+        ///   claim is OPTIONAL.</remarks>
+        public DateTime IssuedAt => DateTime.UtcNow;
+
+        /// <summary>
+        /// Set the timespan the token will be valid for (default is 5 min/300 seconds)
+        /// </summary>
+        public TimeSpan ValidFor { get; set; } = TimeSpan.FromMinutes(5);
+
+        /// <summary>
+        /// "exp" (Expiration Time) Claim (returns IssuedAt + ValidFor)
+        /// </summary>
+        /// <remarks>The "exp" (expiration time) claim identifies the expiration time on
+        ///   or after which the JWT MUST NOT be accepted for processing.  The
+        ///   processing of the "exp" claim requires that the current date/time
+        ///   MUST be before the expiration date/time listed in the "exp" claim.
+        ///   Implementers MAY provide for some small leeway, usually no more than
+        ///   a few minutes, to account for clock skew.  Its value MUST be a number
+        ///   containing a NumericDate value.  Use of this claim is OPTIONAL.</remarks>
+        public DateTime Expiration => IssuedAt.Add(ValidFor);
+
+        /// <summary>
+        /// "jti" (JWT ID) Claim (default ID is a GUID)
+        /// </summary>
+        /// <remarks>The "jti" (JWT ID) claim provides a unique identifier for the JWT.
+        ///   The identifier value MUST be assigned in a manner that ensures that
+        ///   there is a negligible probability that the same value will be
+        ///   accidentally assigned to a different data object; if the application
+        ///   uses multiple issuers, collisions MUST be prevented among values
+        ///   produced by different issuers as well.  The "jti" claim can be used
+        ///   to prevent the JWT from being replayed.  The "jti" value is a case-
+        ///   sensitive string.  Use of this claim is OPTIONAL.</remarks>
+        public Func<Task<string>> JtiGenerator =>
+            () => Task.FromResult(Guid.NewGuid().ToString());
+
+        /// <summary>
+        /// The signing key to use when generating tokens.
+        /// </summary>
+        public SigningCredentials SigningCredentials { get; set; }
+    }
+}