chore: Authentifizierung mit layz loading hinzugefügt.

2025-01-15 10:25:51 +01:00 · 2025-01-15 10:25:51 +01:00 · 82f23d447b
commit 82f23d447b
parent b1bfc46a60
2 changed files with 45 additions and 2 deletions
--- a/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj
+++ b/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj
@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
@ -7,6 +7,8 @@
  </PropertyGroup>

  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.12" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.3.0" />
    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
  </ItemGroup>

--- a/src/DigitalData.Auth.API/Program.cs
+++ b/src/DigitalData.Auth.API/Program.cs
@ -1,5 +1,9 @@
 using DigitalData.Auth.API.Config;
 using DigitalData.Auth.API.Services;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.IdentityModel.JsonWebTokens;
+using Microsoft.IdentityModel.Tokens;
+using System.Security.Claims;

 var builder = WebApplication.CreateBuilder(args);

@ -14,10 +18,45 @@ builder.Services.Configure<AuthApiParams>(config);
 builder.Services.AddConsumerApiServiceFromConfiguration(config);

 builder.Services.AddControllers();
-// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
+
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();

+// Add authentication
+Lazy<SecurityKey>? issuerSigningKeyInitiator = null;
+
+builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(options =>
+    {
+        options.RequireHttpsMetadata = apiParams!.RequireHttpsMetadata;
+        options.ClaimsIssuer = apiParams!.Issuer;
+        options.Audience = apiParams!.DefaultConsumer.Audience;
+        options.TokenValidationParameters = new()
+        {
+            ValidateIssuer = true,
+            ValidIssuer = apiParams!.Issuer,
+            ValidateAudience = true,
+            ValidAudience = apiParams!.DefaultConsumer.Audience,
+            ValidateLifetime = true,
+            IssuerSigningKey = issuerSigningKeyInitiator?.Value,
+            NameClaimType = JwtRegisteredClaimNames.Name,
+            RoleClaimType = ClaimTypes.Role
+        };
+
+        options.Events = new JwtBearerEvents
+        {
+            OnMessageReceived = context =>
+            {
+                // if there is no token read related cookie
+                if (context.Token is null   // if there is no token
+                    && context.Request.Cookies.TryGetValue(apiParams!.CookieName, out var token)    // get token from cookies  
+                    && token is not null)  
+                    context.Token = token;
+                return Task.CompletedTask;
+            }
+        };
+    });
+
 var app = builder.Build();

 // Configure the HTTP request pipeline.
@ -29,6 +68,8 @@ if (app.Environment.IsDevelopment())

 app.UseHttpsRedirection();

+app.UseAuthentication();
+
 app.UseAuthorization();

 app.MapControllers();