Commit 6d6d30f

committed

Updated to use custom jwt middleware with a custom authorize attribute

1 parent 682a0bd commit 6d6d30fCopy full SHA for 6d6d30f

File tree

6 files changed

+108

-52

lines changed

Controllers
- UsersController.cs
Helpers
- AuthorizeAttribute.cs
- JwtMiddleware.cs
Services
- UserService.cs
Startup.cs
WebApi.csproj

6 files changed

+108

-52

lines changed

`‎Controllers/UsersController.cs`

Lines changed: 3 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,9 @@`
`1`	`1`	`using Microsoft.AspNetCore.Mvc;`
`2`		`-using Microsoft.AspNetCore.Authorization;`
`3`		`-using WebApi.Services;`
`4`	`2`	`using WebApi.Models;`
	`3`	`+using WebApi.Services;`
`5`	`4`
`6`	`5`	`namespace WebApi.Controllers`
`7`	`6`	`{`
`8`		`- [Authorize]`
`9`	`7`	`[ApiController]`
`10`	`8`	`[Route("[controller]")]`
`11`	`9`	`public class UsersController : ControllerBase`
`@@ -17,9 +15,8 @@ public UsersController(IUserService userService)`
`17`	`15`	`_userService = userService;`
`18`	`16`	`}`
`19`	`17`
`20`		`- [AllowAnonymous]`
`21`	`18`	`[HttpPost("authenticate")]`
`22`		`- public IActionResult Authenticate([FromBody]AuthenticateRequest model)`
	`19`	`+ public IActionResult Authenticate(AuthenticateRequest model)`
`23`	`20`	`{`
`24`	`21`	`var response = _userService.Authenticate(model);`
`25`	`22`
`@@ -29,6 +26,7 @@ public IActionResult Authenticate([FromBody]AuthenticateRequest model)`
`29`	`26`	`return Ok(response);`
`30`	`27`	`}`
`31`	`28`
	`29`	`+ [Authorize]`
`32`	`30`	`[HttpGet]`
`33`	`31`	`public IActionResult GetAll()`
`34`	`32`	`{`

`‎Helpers/AuthorizeAttribute.cs`

Lines changed: 19 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,19 @@`
	`1`	`+using Microsoft.AspNetCore.Http;`
	`2`	`+using Microsoft.AspNetCore.Mvc;`
	`3`	`+using Microsoft.AspNetCore.Mvc.Filters;`
	`4`	`+using System;`
	`5`	`+using WebApi.Entities;`
	`6`	`+`
	`7`	`+[AttributeUsage(AttributeTargets.Class \| AttributeTargets.Method)]`
	`8`	`+public class AuthorizeAttribute : Attribute, IAuthorizationFilter`
	`9`	`+{`
	`10`	`+ public void OnAuthorization(AuthorizationFilterContext context)`
	`11`	`+ {`
	`12`	`+ var user = (User)context.HttpContext.Items["User"];`
	`13`	`+ if (user == null)`
	`14`	`+ {`
	`15`	`+ // not logged in`
	`16`	`+ context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized };`
	`17`	`+ }`
	`18`	`+ }`
	`19`	`+}`

`‎Helpers/JwtMiddleware.cs`

Lines changed: 63 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,63 @@`
	`1`	`+using Microsoft.AspNetCore.Http;`
	`2`	`+using Microsoft.Extensions.Options;`
	`3`	`+using Microsoft.IdentityModel.Tokens;`
	`4`	`+using System;`
	`5`	`+using System.IdentityModel.Tokens.Jwt;`
	`6`	`+using System.Linq;`
	`7`	`+using System.Text;`
	`8`	`+using System.Threading.Tasks;`
	`9`	`+using WebApi.Services;`
	`10`	`+`
	`11`	`+namespace WebApi.Helpers`
	`12`	`+{`
	`13`	`+ public class JwtMiddleware`
	`14`	`+ {`
	`15`	`+ private readonly RequestDelegate _next;`
	`16`	`+ private readonly AppSettings _appSettings;`
	`17`	`+`
	`18`	`+ public JwtMiddleware(RequestDelegate next, IOptions<AppSettings> appSettings)`
	`19`	`+ {`
	`20`	`+ _next = next;`
	`21`	`+ _appSettings = appSettings.Value;`
	`22`	`+ }`
	`23`	`+`
	`24`	`+ public async Task Invoke(HttpContext context, IUserService userService)`
	`25`	`+ {`
	`26`	`+ var token = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();`
	`27`	`+`
	`28`	`+ if (token != null)`
	`29`	`+ attachUserToContext(context, userService, token);`
	`30`	`+`
	`31`	`+ await _next(context);`
	`32`	`+ }`
	`33`	`+`
	`34`	`+ private void attachUserToContext(HttpContext context, IUserService userService, string token)`
	`35`	`+ {`
	`36`	`+ try`
	`37`	`+ {`
	`38`	`+ var tokenHandler = new JwtSecurityTokenHandler();`
	`39`	`+ var key = Encoding.ASCII.GetBytes(_appSettings.Secret);`
	`40`	`+ tokenHandler.ValidateToken(token, new TokenValidationParameters`
	`41`	`+ {`
	`42`	`+ ValidateIssuerSigningKey = true,`
	`43`	`+ IssuerSigningKey = new SymmetricSecurityKey(key),`
	`44`	`+ ValidateIssuer = false,`
	`45`	`+ ValidateAudience = false,`
	`46`	`+ // set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)`
	`47`	`+ ClockSkew = TimeSpan.Zero`
	`48`	`+ }, out SecurityToken validatedToken);`
	`49`	`+`
	`50`	`+ var jwtToken = (JwtSecurityToken)validatedToken;`
	`51`	`+ var userId = int.Parse(jwtToken.Claims.First(x => x.Type == "id").Value);`
	`52`	`+`
	`53`	`+ // attach user to context on successful jwt validation`
	`54`	`+ context.Items["User"] = userService.GetById(userId);`
	`55`	`+ }`
	`56`	`+ catch`
	`57`	`+ {`
	`58`	`+ // do nothing if jwt validation fails`
	`59`	`+ // user is not attached to context so request won't have access to secure routes`
	`60`	`+ }`
	`61`	`+ }`
	`62`	`+ }`
	`63`	`+}`

`‎Services/UserService.cs`

Lines changed: 11 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
	`1`	`+using Microsoft.Extensions.Options;`
	`2`	`+using Microsoft.IdentityModel.Tokens;`
`1`	`3`	`using System;`
`2`	`4`	`using System.Collections.Generic;`
`3`	`5`	`using System.IdentityModel.Tokens.Jwt;`
`4`	`6`	`using System.Linq;`
`5`	`7`	`using System.Security.Claims;`
`6`	`8`	`using System.Text;`
`7`		`-using Microsoft.Extensions.Options;`
`8`		`-using Microsoft.IdentityModel.Tokens;`
`9`	`9`	`using WebApi.Entities;`
`10`	`10`	`using WebApi.Helpers;`
`11`	`11`	`using WebApi.Models;`
`@@ -16,14 +16,15 @@ public interface IUserService`
`16`	`16`	`{`
`17`	`17`	`AuthenticateResponse Authenticate(AuthenticateRequest model);`
`18`	`18`	`IEnumerable<User> GetAll();`
	`19`	`+ User GetById(int id);`
`19`	`20`	`}`
`20`	`21`
`21`	`22`	`public class UserService : IUserService`
`22`	`23`	`{`
`23`	`24`	`// users hardcoded for simplicity, store in a db with hashed passwords in production applications`
`24`	`25`	`private List<User> _users = new List<User>`
`25`		`- {`
`26`		`- new User { Id = 1, FirstName = "Test", LastName = "User", Username = "test", Password = "test" }`
	`26`	`+ {`
	`27`	`+ new User { Id = 1, FirstName = "Test", LastName = "User", Username = "test", Password = "test" }`
`27`	`28`	`};`
`28`	`29`
`29`	`30`	`private readonly AppSettings _appSettings;`
`@@ -51,6 +52,11 @@ public IEnumerable<User> GetAll()`
`51`	`52`	`return _users;`
`52`	`53`	`}`
`53`	`54`
	`55`	`+ public User GetById(int id)`
	`56`	`+ {`
	`57`	`+ return _users.FirstOrDefault(x => x.Id == id);`
	`58`	`+ }`
	`59`	`+`
`54`	`60`	`// helper methods`
`55`	`61`
`56`	`62`	`private string generateJwtToken(User user)`
`@@ -60,10 +66,7 @@ private string generateJwtToken(User user)`
`60`	`66`	`var key = Encoding.ASCII.GetBytes(_appSettings.Secret);`
`61`	`67`	`var tokenDescriptor = new SecurityTokenDescriptor`
`62`	`68`	`{`
`63`		`- Subject = new ClaimsIdentity(new Claim[]`
`64`		`- {`
`65`		`- new Claim(ClaimTypes.Name, user.Id.ToString())`
`66`		`- }),`
	`69`	`+ Subject = new ClaimsIdentity(new[] { new Claim("id", user.Id.ToString()) }),`
`67`	`70`	`Expires = DateTime.UtcNow.AddDays(7),`
`68`	`71`	`SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)`
`69`	`72`	`};`

`‎Startup.cs`

Lines changed: 10 additions & 37 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,57 +4,32 @@`
`4`	`4`	`using Microsoft.Extensions.DependencyInjection;`
`5`	`5`	`using WebApi.Helpers;`
`6`	`6`	`using WebApi.Services;`
`7`		`-using Microsoft.IdentityModel.Tokens;`
`8`		`-using System.Text;`
`9`		`-using Microsoft.AspNetCore.Authentication.JwtBearer;`
`10`	`7`
`11`	`8`	`namespace WebApi`
`12`	`9`	`{`
`13`	`10`	`public class Startup`
`14`	`11`	`{`
	`12`	`+ public IConfiguration Configuration { get; }`
	`13`	`+`
`15`	`14`	`public Startup(IConfiguration configuration)`
`16`	`15`	`{`
`17`	`16`	`Configuration = configuration;`
`18`	`17`	`}`
`19`	`18`
`20`		`- public IConfiguration Configuration { get; }`
`21`		`-`
`22`		`- // This method gets called by the runtime. Use this method to add services to the container.`
	`19`	`+ // add services to the DI container`
`23`	`20`	`public void ConfigureServices(IServiceCollection services)`
`24`	`21`	`{`
`25`	`22`	`services.AddCors();`
`26`	`23`	`services.AddControllers();`
`27`	`24`
`28`		`- // configure strongly typed settings objects`
`29`		`- var appSettingsSection = Configuration.GetSection("AppSettings");`
`30`		`- services.Configure<AppSettings>(appSettingsSection);`
`31`		`-`
`32`		`- // configure jwt authentication`
`33`		`- var appSettings = appSettingsSection.Get<AppSettings>();`
`34`		`- var key = Encoding.ASCII.GetBytes(appSettings.Secret);`
`35`		`- services.AddAuthentication(x =>`
`36`		`- {`
`37`		`- x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;`
`38`		`- x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;`
`39`		`- })`
`40`		`- .AddJwtBearer(x =>`
`41`		`- {`
`42`		`- x.RequireHttpsMetadata = false;`
`43`		`- x.SaveToken = true;`
`44`		`- x.TokenValidationParameters = new TokenValidationParameters`
`45`		`- {`
`46`		`- ValidateIssuerSigningKey = true,`
`47`		`- IssuerSigningKey = new SymmetricSecurityKey(key),`
`48`		`- ValidateIssuer = false,`
`49`		`- ValidateAudience = false`
`50`		`- };`
`51`		`- });`
	`25`	`+ // configure strongly typed settings object`
	`26`	`+ services.Configure<AppSettings>(Configuration.GetSection("AppSettings"));`
`52`	`27`
`53`	`28`	`// configure DI for application services`
`54`	`29`	`services.AddScoped<IUserService, UserService>();`
`55`	`30`	`}`
`56`	`31`
`57`		`- // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.`
	`32`	`+ // configure the HTTP request pipeline`
`58`	`33`	`public void Configure(IApplicationBuilder app, IWebHostEnvironment env)`
`59`	`34`	`{`
`60`	`35`	`app.UseRouting();`
`@@ -65,12 +40,10 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)`
`65`	`40`	`.AllowAnyMethod()`
`66`	`41`	`.AllowAnyHeader());`
`67`	`42`
`68`		`- app.UseAuthentication();`
`69`		`- app.UseAuthorization();`
`70`		`-`
`71`		`- app.UseEndpoints(endpoints => {`
`72`		`- endpoints.MapControllers();`
`73`		`- });`
	`43`	`+ // custom jwt auth middleware`
	`44`	`+ app.UseMiddleware<JwtMiddleware>();`
	`45`	`+`
	`46`	`+ app.UseEndpoints(x => x.MapControllers());`
`74`	`47`	`}`
`75`	`48`	`}`
`76`	`49`	`}`

`‎WebApi.csproj`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`<TargetFramework>netcoreapp3.1</TargetFramework>`
`4`	`4`	`</PropertyGroup>`
`5`	`5`	`<ItemGroup>`
`6`		`- <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.0" />`
`7`		`- <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="5.6.0" />`
	`6`	`+ <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.6" />`
	`7`	`+ <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.7.1" />`
`8`	`8`	`</ItemGroup>`
`9`	`9`	`</Project>`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 6d6d30f

File tree

6 files changed

6 files changed

`‎Controllers/UsersController.cs`

`‎Helpers/AuthorizeAttribute.cs`

`‎Helpers/JwtMiddleware.cs`

`‎Services/UserService.cs`

`‎Startup.cs`

`‎WebApi.csproj`

0 commit comments