Compare commits
7 Commits
74444d301d
...
29ad0554bc
| Author | SHA1 | Date | |
|---|---|---|---|
|
29ad0554bc | ||
|
|
583864469c | ||
|
|
85ccc52ca1 | ||
|
|
a69e13c2ab | ||
|
|
8ef879a663 | ||
|
|
ef6d834448 | ||
|
|
1db1b35f3c |
@@ -28,7 +28,7 @@ public class ClientPublicKey : RSAKeyBase, IAsymmetricTokenValidator, IUniqueSec
|
||||
}
|
||||
}
|
||||
|
||||
public void UpdateContent(string content)
|
||||
internal void UpdateContent(string content)
|
||||
{
|
||||
_content = content;
|
||||
RSA.ImportFromPem(content);
|
||||
|
||||
@@ -11,7 +11,7 @@ public static class DIExtensions
|
||||
{
|
||||
public static IServiceCollection AddAuthHubClient(this IServiceCollection services, IConfiguration? configuration = null, Action<ClientParams>? options = null)
|
||||
{
|
||||
var clientParams = configuration?.GetSection(nameof(ClientParams)).Get<ClientParams>() ?? new ClientParams();
|
||||
var clientParams = configuration?.Get<ClientParams>() ?? new ClientParams();
|
||||
options?.Invoke(clientParams);
|
||||
services
|
||||
.AddSingleton(Options.Create(clientParams))
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<Nullable>enable</Nullable>
|
||||
<PackageId>DigitalData.Auth.Client</PackageId>
|
||||
<Version>1.1.4.1</Version>
|
||||
<Version>1.1.5</Version>
|
||||
<Description>DigitalData.Auth.Client is a SignalR-based authentication client that enables applications to connect to a central authentication hub for real-time message exchange. It provides seamless connection management, automatic reconnection (RetryPolicy), and event-driven communication (ClientEvents). The package includes dependency injection support via DIExtensions, allowing easy integration into ASP.NET Core applications. With built-in retry policies and secure message handling, it ensures a reliable and scalable authentication client for real-time authentication workflows.</Description>
|
||||
<Company>Digital Data GmbH</Company>
|
||||
<Product>Digital Data GmbH</Product>
|
||||
@@ -14,8 +14,8 @@
|
||||
<PackageIcon>auth_icon.png</PackageIcon>
|
||||
<RepositoryUrl>http://git.dd:3000/AppStd/DigitalData.Auth</RepositoryUrl>
|
||||
<PackageTags>Digital Data Auth Authorization Authentication</PackageTags>
|
||||
<AssemblyVersion>1.1.4.1</AssemblyVersion>
|
||||
<FileVersion>1.1.4.1</FileVersion>
|
||||
<AssemblyVersion>1.1.5</AssemblyVersion>
|
||||
<FileVersion>1.1.5</FileVersion>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
||||
@@ -3,13 +3,13 @@ using DigitalData.Core.Abstractions.Security;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.Extensions.Options;
|
||||
using DigitalData.UserManager.Application.DTOs.Auth;
|
||||
using DigitalData.UserManager.Application.Contracts;
|
||||
using DigitalData.UserManager.Application.DTOs.User;
|
||||
using DigitalData.Core.Abstractions.Application;
|
||||
using DigitalData.Auth.API.Dto;
|
||||
using DigitalData.Auth.API.Services.Contracts;
|
||||
using DigitalData.Auth.API.Entities;
|
||||
using DigitalData.Core.DTO;
|
||||
|
||||
namespace DigitalData.Auth.API.Controllers
|
||||
{
|
||||
@@ -45,18 +45,39 @@ namespace DigitalData.Auth.API.Controllers
|
||||
_consumerSignatureHandler = apiSignatureHandler;
|
||||
}
|
||||
|
||||
private async Task<IActionResult> CreateTokenAsync(LogInDto login, string consumerName, bool cookie = true)
|
||||
private async Task<IActionResult> CreateTokenAsync(UserLogin login, string consumerName, bool cookie = true)
|
||||
{
|
||||
bool isValid = await _dirSearchService.ValidateCredentialsAsync(login.Username, login.Password);
|
||||
DataResult<UserReadDto>? uRes;
|
||||
if(login.Username is not null && login.UserId is not null)
|
||||
return BadRequest("Both user ID and username cannot be provided.");
|
||||
if (login.Username is not null)
|
||||
{
|
||||
bool isValid = await _dirSearchService.ValidateCredentialsAsync(login.Username, login.Password);
|
||||
|
||||
if (!isValid)
|
||||
return Unauthorized();
|
||||
if (!isValid)
|
||||
return Unauthorized();
|
||||
|
||||
uRes = await _userService.ReadByUsernameAsync(login.Username);
|
||||
if (uRes.IsFailed)
|
||||
return Unauthorized();
|
||||
}
|
||||
else if(login.UserId is int userId)
|
||||
{
|
||||
uRes = await _userService.ReadByIdAsync(userId);
|
||||
if (uRes.IsFailed)
|
||||
return Unauthorized();
|
||||
|
||||
bool isValid = await _dirSearchService.ValidateCredentialsAsync(uRes.Data.Username, login.Password);
|
||||
|
||||
if (!isValid)
|
||||
return Unauthorized();
|
||||
}
|
||||
else
|
||||
{
|
||||
return BadRequest("User ID or username should be provided.");
|
||||
}
|
||||
|
||||
//find the user
|
||||
var uRes = await _userService.ReadByUsernameAsync(login.Username);
|
||||
if (uRes.IsFailed)
|
||||
return Unauthorized();
|
||||
|
||||
var consumer = await _consumerService.ReadByNameAsync(consumerName);
|
||||
if (consumer is null)
|
||||
return Unauthorized();
|
||||
@@ -64,7 +85,7 @@ namespace DigitalData.Auth.API.Controllers
|
||||
if (!_cryptoFactory.TokenDescriptors.TryGet(_apiParams.Issuer, consumer.Audience, out var descriptor))
|
||||
return StatusCode(StatusCodes.Status500InternalServerError);
|
||||
|
||||
var token = _userSignatureHandler.WriteToken(uRes.Data, descriptor);
|
||||
var token = _userSignatureHandler.WriteToken(uRes!.Data, descriptor);
|
||||
|
||||
//set cookie
|
||||
if (cookie)
|
||||
@@ -102,7 +123,7 @@ namespace DigitalData.Auth.API.Controllers
|
||||
//TODO: Add role depends on group name
|
||||
[HttpPost("{consumerName}/login")]
|
||||
[AllowAnonymous]
|
||||
public async Task<IActionResult> Login([FromForm] LogInDto login, [FromRoute] string consumerName)
|
||||
public async Task<IActionResult> Login([FromForm] UserLogin login, [FromRoute] string consumerName)
|
||||
{
|
||||
try
|
||||
{
|
||||
@@ -146,7 +167,7 @@ namespace DigitalData.Auth.API.Controllers
|
||||
}
|
||||
|
||||
[HttpPost("{consumerName}")]
|
||||
public async Task<IActionResult> CreateTokenViaBody([FromBody] LogInDto login, [FromRoute] string consumerName, [FromQuery] bool cookie = false)
|
||||
public async Task<IActionResult> CreateTokenViaBody([FromBody] UserLogin login, [FromRoute] string consumerName, [FromQuery] bool cookie = false)
|
||||
{
|
||||
try
|
||||
{
|
||||
|
||||
@@ -16,6 +16,9 @@
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.12" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.SignalR" Version="1.2.0" />
|
||||
<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.3.1" />
|
||||
<PackageReference Include="NLog" Version="5.4.0" />
|
||||
<PackageReference Include="NLog.Extensions.Logging" Version="5.4.0" />
|
||||
<PackageReference Include="NLog.Web.AspNetCore" Version="5.4.0" />
|
||||
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.3.1" />
|
||||
<PackageReference Include="Swashbuckle.AspNetCore" Version="7.2.0" />
|
||||
<PackageReference Include="UserManager.Application" Version="3.1.2" />
|
||||
|
||||
3
src/DigitalData.Auth.API/Dto/UserLogin.cs
Normal file
3
src/DigitalData.Auth.API/Dto/UserLogin.cs
Normal file
@@ -0,0 +1,3 @@
|
||||
namespace DigitalData.Auth.API.Dto;
|
||||
|
||||
public record UserLogin(string Password, int? UserId = null, string? Username = null);
|
||||
@@ -11,25 +11,32 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
|
||||
using Microsoft.IdentityModel.JsonWebTokens;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using Microsoft.OpenApi.Models;
|
||||
using NLog;
|
||||
using NLog.Web;
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
|
||||
logger.Info("Logging initialized.");
|
||||
|
||||
builder.Configuration.AddJsonFile("consumer-repository.json", true, true);
|
||||
try
|
||||
{
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
|
||||
var config = builder.Configuration;
|
||||
builder.Configuration.AddJsonFile("consumer-repository.json", true, true);
|
||||
|
||||
var apiParams = config.Get<AuthApiParams>() ?? throw new InvalidOperationException("AuthApiOptions is missing or invalid in appsettings.");
|
||||
var config = builder.Configuration;
|
||||
|
||||
// Add services to the container.
|
||||
builder.Services.Configure<AuthApiParams>(config);
|
||||
builder.Services.AddAuthService(config);
|
||||
builder.Services.AddCryptoFactory(config.GetSection("CryptParams"));
|
||||
builder.Services.AddJwtSignatureHandler<Consumer>(api => new Dictionary<string, object>
|
||||
var apiParams = config.Get<AuthApiParams>() ?? throw new InvalidOperationException("AuthApiOptions is missing or invalid in appsettings.");
|
||||
|
||||
// Add services to the container.
|
||||
builder.Services.Configure<AuthApiParams>(config);
|
||||
builder.Services.AddAuthService(config);
|
||||
builder.Services.AddCryptoFactory(config.GetSection("CryptParams"));
|
||||
builder.Services.AddJwtSignatureHandler<Consumer>(api => new Dictionary<string, object>
|
||||
{
|
||||
{ JwtRegisteredClaimNames.Sub, api.Id },
|
||||
{ JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds() }
|
||||
});
|
||||
builder.Services.AddJwtSignatureHandler<UserReadDto>(user => new Dictionary<string, object>
|
||||
builder.Services.AddJwtSignatureHandler<UserReadDto>(user => new Dictionary<string, object>
|
||||
{
|
||||
{ JwtRegisteredClaimNames.Sub, user.Id },
|
||||
{ JwtRegisteredClaimNames.UniqueName, user.Username },
|
||||
@@ -38,29 +45,29 @@ builder.Services.AddJwtSignatureHandler<UserReadDto>(user => new Dictionary<stri
|
||||
{ JwtRegisteredClaimNames.FamilyName, user.Name ?? string.Empty },
|
||||
{ JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds() }
|
||||
});
|
||||
builder.Services.AddDirectorySearchService(config.GetSection("DirectorySearchOptions"));
|
||||
builder.Services.AddSignalR();
|
||||
builder.Services.AddDirectorySearchService(config.GetSection("DirectorySearchOptions"));
|
||||
builder.Services.AddSignalR();
|
||||
|
||||
var cnn_str = builder.Configuration.GetConnectionString("Default") ?? throw new InvalidOperationException("Default connection string is not found.");
|
||||
var cnn_str = builder.Configuration.GetConnectionString("Default") ?? throw new InvalidOperationException("Default connection string is not found.");
|
||||
|
||||
builder.Services.AddUserManager(cnn_str);
|
||||
builder.Services.AddUserManager(cnn_str);
|
||||
|
||||
builder.Services.AddControllers();
|
||||
builder.Services.AddControllers();
|
||||
|
||||
builder.Services.AddEndpointsApiExplorer();
|
||||
builder.Services.AddSwaggerGen(options =>
|
||||
{
|
||||
options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
|
||||
builder.Services.AddEndpointsApiExplorer();
|
||||
builder.Services.AddSwaggerGen(options =>
|
||||
{
|
||||
Name = "Authorization",
|
||||
Type = SecuritySchemeType.Http,
|
||||
Scheme = "bearer",
|
||||
BearerFormat = "JWT",
|
||||
In = ParameterLocation.Header,
|
||||
Description = "Enter 'Bearer' [space] and then your valid token."
|
||||
});
|
||||
options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
|
||||
{
|
||||
Name = "Authorization",
|
||||
Type = SecuritySchemeType.Http,
|
||||
Scheme = "bearer",
|
||||
BearerFormat = "JWT",
|
||||
In = ParameterLocation.Header,
|
||||
Description = "Enter 'Bearer' [space] and then your valid token."
|
||||
});
|
||||
|
||||
options.AddSecurityRequirement(new OpenApiSecurityRequirement
|
||||
options.AddSecurityRequirement(new OpenApiSecurityRequirement
|
||||
{
|
||||
{
|
||||
new OpenApiSecurityScheme
|
||||
@@ -77,69 +84,75 @@ builder.Services.AddSwaggerGen(options =>
|
||||
new List<string>()
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
// Add authentication
|
||||
Lazy<SecurityKey>? issuerSigningKeyInitiator = null;
|
||||
|
||||
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
||||
.AddJwtBearer(options =>
|
||||
{
|
||||
options.RequireHttpsMetadata = apiParams!.RequireHttpsMetadata;
|
||||
options.ClaimsIssuer = apiParams!.Issuer;
|
||||
options.Audience = apiParams.LocalConsumer.Audience;
|
||||
options.TokenValidationParameters = new()
|
||||
{
|
||||
ValidateIssuer = true,
|
||||
ValidIssuer = apiParams!.Issuer,
|
||||
ValidateAudience = true,
|
||||
ValidAudience = apiParams.LocalConsumer.Audience,
|
||||
ValidateLifetime = true,
|
||||
IssuerSigningKey = issuerSigningKeyInitiator?.Value
|
||||
};
|
||||
|
||||
options.Events = new JwtBearerEvents
|
||||
{
|
||||
OnMessageReceived = context =>
|
||||
{
|
||||
// if there is no token read related cookie or query string
|
||||
if (context.Token is null) // if there is no token
|
||||
{
|
||||
if (context.Request.Cookies.TryGetValue(apiParams!.DefaultCookieName, out var cookieToken) && cookieToken is not null)
|
||||
context.Token = cookieToken;
|
||||
else if (context.Request.Query.TryGetValue(apiParams.DefaultQueryStringKey, out var queryStrToken))
|
||||
context.Token = queryStrToken;
|
||||
}
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
};
|
||||
});
|
||||
|
||||
var app = builder.Build();
|
||||
// Add authentication
|
||||
Lazy<SecurityKey>? issuerSigningKeyInitiator = null;
|
||||
|
||||
issuerSigningKeyInitiator = new Lazy<SecurityKey>(() =>
|
||||
{
|
||||
var factory = app.Services.GetRequiredService<ICryptoFactory>();
|
||||
var desc = factory.TokenDescriptors.Get(apiParams.Issuer, apiParams.LocalConsumer.Audience);
|
||||
return desc.Validator.SecurityKey;
|
||||
});
|
||||
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
|
||||
.AddJwtBearer(options =>
|
||||
{
|
||||
options.RequireHttpsMetadata = apiParams!.RequireHttpsMetadata;
|
||||
options.ClaimsIssuer = apiParams!.Issuer;
|
||||
options.Audience = apiParams.LocalConsumer.Audience;
|
||||
options.TokenValidationParameters = new()
|
||||
{
|
||||
ValidateIssuer = true,
|
||||
ValidIssuer = apiParams!.Issuer,
|
||||
ValidateAudience = true,
|
||||
ValidAudience = apiParams.LocalConsumer.Audience,
|
||||
ValidateLifetime = true,
|
||||
IssuerSigningKey = issuerSigningKeyInitiator?.Value
|
||||
};
|
||||
|
||||
// Configure the HTTP request pipeline.
|
||||
var use_swagger = config.GetValue<bool>("UseSwagger");
|
||||
if (app.Environment.IsDevelopment() || use_swagger)
|
||||
{
|
||||
app.UseSwagger();
|
||||
app.UseSwaggerUI();
|
||||
options.Events = new JwtBearerEvents
|
||||
{
|
||||
OnMessageReceived = context =>
|
||||
{
|
||||
// if there is no token read related cookie or query string
|
||||
if (context.Token is null) // if there is no token
|
||||
{
|
||||
if (context.Request.Cookies.TryGetValue(apiParams!.DefaultCookieName, out var cookieToken) && cookieToken is not null)
|
||||
context.Token = cookieToken;
|
||||
else if (context.Request.Query.TryGetValue(apiParams.DefaultQueryStringKey, out var queryStrToken))
|
||||
context.Token = queryStrToken;
|
||||
}
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
};
|
||||
});
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
issuerSigningKeyInitiator = new Lazy<SecurityKey>(() =>
|
||||
{
|
||||
var factory = app.Services.GetRequiredService<ICryptoFactory>();
|
||||
var desc = factory.TokenDescriptors.Get(apiParams.Issuer, apiParams.LocalConsumer.Audience);
|
||||
return desc.Validator.SecurityKey;
|
||||
});
|
||||
|
||||
// Configure the HTTP request pipeline.
|
||||
var use_swagger = config.GetValue<bool>("UseSwagger");
|
||||
if (app.Environment.IsDevelopment() || use_swagger)
|
||||
{
|
||||
app.UseSwagger();
|
||||
app.UseSwaggerUI();
|
||||
}
|
||||
|
||||
app.UseHttpsRedirection();
|
||||
|
||||
app.UseAuthentication();
|
||||
|
||||
app.UseAuthorization();
|
||||
|
||||
app.MapControllers();
|
||||
|
||||
app.MapHub<AuthHub>("/auth-hub");
|
||||
|
||||
app.Run();
|
||||
}
|
||||
|
||||
app.UseHttpsRedirection();
|
||||
|
||||
app.UseAuthentication();
|
||||
|
||||
app.UseAuthorization();
|
||||
|
||||
app.MapControllers();
|
||||
|
||||
app.MapHub<AuthHub>("/auth-hub");
|
||||
|
||||
app.Run();
|
||||
catch(Exception ex)
|
||||
{
|
||||
logger.Error(ex, "Stopped program because of exception.");
|
||||
throw;
|
||||
}
|
||||
@@ -1,5 +1,4 @@
|
||||
using DigitalData.Auth.API.Config;
|
||||
using DigitalData.Auth.API.Entities;
|
||||
using DigitalData.Auth.API.Entities;
|
||||
using DigitalData.Auth.API.Services.Contracts;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
@@ -9,7 +8,7 @@ namespace DigitalData.Auth.API.Services
|
||||
{
|
||||
private readonly IEnumerable<Consumer> _consumers;
|
||||
|
||||
public ConfiguredConsumerService(IOptions<IEnumerable<Consumer>> consumeroptions)
|
||||
public ConfiguredConsumerService(IOptions<List<Consumer>> consumeroptions)
|
||||
{
|
||||
_consumers = consumeroptions.Value;
|
||||
}
|
||||
|
||||
@@ -53,5 +53,48 @@
|
||||
"Lifetime": "02:00:00"
|
||||
}
|
||||
]
|
||||
},
|
||||
"NLog": {
|
||||
"throwConfigExceptions": true,
|
||||
"variables": {
|
||||
"logDirectory": "E:\\LogFiles\\Digital Data\\Auth.API",
|
||||
"logFileNamePrefix": "${shortdate}-Auth.API"
|
||||
},
|
||||
"targets": {
|
||||
"infoLogs": {
|
||||
"type": "File",
|
||||
"fileName": "${logDirectory}\\${logFileNamePrefix}-Info.log",
|
||||
"maxArchiveDays": 30
|
||||
},
|
||||
"errorLogs": {
|
||||
"type": "File",
|
||||
"fileName": "${logDirectory}\\${logFileNamePrefix}-Error.log",
|
||||
"maxArchiveDays": 30
|
||||
},
|
||||
"criticalLogs": {
|
||||
"type": "File",
|
||||
"fileName": "${logDirectory}\\${logFileNamePrefix}-Critical.log",
|
||||
"maxArchiveDays": 30
|
||||
}
|
||||
},
|
||||
// Trace, Debug, Info, Warn, Error and *Fatal*
|
||||
"rules": [
|
||||
{
|
||||
"logger": "*",
|
||||
"minLevel": "Info",
|
||||
"maxLevel": "Warn",
|
||||
"writeTo": "infoLogs"
|
||||
},
|
||||
{
|
||||
"logger": "*",
|
||||
"level": "Error",
|
||||
"writeTo": "errorLogs"
|
||||
},
|
||||
{
|
||||
"logger": "*",
|
||||
"level": "Fatal",
|
||||
"writeTo": "criticalLogs"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user