-
Notifications
You must be signed in to change notification settings - Fork 0
/
AnonymousEndpoints.cs
63 lines (52 loc) · 2.57 KB
/
AnonymousEndpoints.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
namespace Chapter09_Authentication_AuthorizationClaims.MapHelper;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using Microsoft.AspNetCore.Authorization;
using Microsoft.IdentityModel.Tokens;
public class AnonymousEndpoints: IEndpointRouteHandler
{
public void MapEndpoints(IEndpointRouteBuilder app)
{
app.MapPost("/api/auth/login", [AllowAnonymous] (LoginRequest request) => HandleLogin(request))
.Produces(StatusCodes.Status400BadRequest)
.Produces(StatusCodes.Status200OK, typeof(AccessTokenResponse))
.WithTags("Anonymous Login Endpoint").WithMetadata("Generate JWT for defined Username and Password");
// using AllowAnonymous instead of attribute
app.MapPost("/api/auth/login-with-allowanonymous", HandleLogin)
.Produces(StatusCodes.Status200OK, typeof(AccessTokenResponse))
.Produces(statusCode: StatusCodes.Status400BadRequest)
.AllowAnonymous();
}
private IResult HandleLogin(LoginRequest request)
{
if (request.Username == "Glareone" && request.Password ==
"Pa$$w0rd")
{
// Claims for Authorization
var claims = new List<Claim>
{
// Role-based claims.
// Pay attention: Role names are case sensitive
new(ClaimTypes.Name, request.Username),
new(ClaimTypes.Role, "Administrator"),
new(ClaimTypes.Role, "User"),
// Policy-based claim. Will be used in AddAuthorization section and Authorize
new("tenant-id", "42")
};
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("my-string-as-security-key-which-should-be-at-least-32bytes-or-16symbols-for-.net"));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var jwtSecurityToken = new JwtSecurityToken(
issuer: "https://chapter09-Authentication.com/predefined-id",
audience: "https://chapter09-API-users",
claims: claims, expires: DateTime.UtcNow.AddHours(1),
signingCredentials: credentials);
var accessToken = new JwtSecurityTokenHandler()
.WriteToken(jwtSecurityToken);
return Results.Ok(new AccessTokenResponse(accessToken));
}
return Results.BadRequest();
}
}
internal record LoginRequest(string Username, string Password);
internal record AccessTokenResponse(string AccessToken);