Upgrade to .Net Core 2.0

README.md

@@ -1,5 +1,5 @@
 # ASP.NET Core Self-created token authentication example
-A simple example of how to protect an ASP.NET Core Web API project using simple self-created JWT bearer tokens for local username/password checking. Working against dotnet core 1.0.1 as of 04/12/2016 - see the rc1, beta8 and beta7 branches if you're using older framework versions.
+A simple example of how to protect an ASP.NET Core Web API project using simple self-created JWT bearer tokens for local username/password checking. Working against dotnet core 2.0 as of 14/08/2017 - see the 1.0.1, rc1, beta8 and beta7, 2.0 preview 2 branches if you're using older framework versions.
 
 **DO NOT USE AS-IS IN PRODUCTION**
 

TokenAuthExample.sln

@@ -1,17 +1,15 @@
-
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 14
-VisualStudioVersion = 14.0.23107.0
+# Visual Studio 15
+VisualStudioVersion = 15.0.26730.3
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{4A19A4CA-58C8-4EE5-94BA-B2D2F2DD68EE}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{8165327B-8AB8-4B19-8AC0-9251BFDC1BDC}"
 	ProjectSection(SolutionItems) = preProject
-		global.json = global.json
 		NuGet.Config = NuGet.Config
 	EndProjectSection
 EndProject
-Project("{8BB2217D-0F2D-49D1-97BC-3654ED321F3B}") = "TokenAuthExampleWebApplication", "src\TokenAuthExampleWebApplication\TokenAuthExampleWebApplication.xproj", "{F6B6DAA2-0460-419E-88D7-CE887777F469}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TokenAuthExampleWebApplication", "src\TokenAuthExampleWebApplication\TokenAuthExampleWebApplication.csproj", "{F6B6DAA2-0460-419E-88D7-CE887777F469}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -30,4 +28,7 @@ Global
 	GlobalSection(NestedProjects) = preSolution
 		{F6B6DAA2-0460-419E-88D7-CE887777F469} = {4A19A4CA-58C8-4EE5-94BA-B2D2F2DD68EE}
 	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {D0B6A60A-7143-4EA9-9A05-D39C63E65A6B}
+	EndGlobalSection
 EndGlobal

src/TokenAuthExampleWebApplication/Controllers/TokenController.cs

@@ -1,6 +1,4 @@
 using System;
-using System.Linq;
-using System.IdentityModel.Tokens;
 using System.Security.Claims;
 using System.Security.Principal;
 using System.IdentityModel.Tokens.Jwt;
@@ -17,8 +15,6 @@ public class TokenController : Controller
         public TokenController(TokenAuthOptions tokenOptions)
         {
             this.tokenOptions = tokenOptions;
-            //this.bearerOptions = options.Value;
-            //this.signingCredentials = signingCredentials;
         }
 
         /// <summary>

src/TokenAuthExampleWebApplication/Controllers/ValuesController.cs

@@ -1,9 +1,6 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using System;
 using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
 
 namespace TokenAuthExampleWebApplication.Controllers
 {

src/TokenAuthExampleWebApplication/Program.cs

@@ -1,8 +1,4 @@
-using System;
-using System.Collections.Generic;
 using System.IO;
-using System.Linq;
-using System.Threading.Tasks;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Builder;
 

src/TokenAuthExampleWebApplication/Properties/launchSettings.json

@@ -17,7 +17,7 @@
     "web": {
       "commandName": "Project",
       "launchBrowser": true,
-      "launchUrl": "http://localhost:5000/api/values",
+      "launchUrl": "http://localhost:5000/",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }

src/TokenAuthExampleWebApplication/RSAKeyUtils.cs

@@ -1,10 +1,6 @@
 using Newtonsoft.Json;
-using System;
-using System.Collections.Generic;
 using System.IO;
-using System.Linq;
 using System.Security.Cryptography;
-using System.Threading.Tasks;
 
 namespace TokenAuthExampleWebApplication
 {

src/TokenAuthExampleWebApplication/Startup.cs

@@ -63,10 +63,32 @@ public void ConfigureServices(IServiceCollection services)
 
             // Enable the use of an [Authorize("Bearer")] attribute on methods and classes to protect.
             services.AddAuthorization(auth =>
-            {
+            {                
                 auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
                     .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌​)
                     .RequireAuthenticatedUser().Build());
+                auth.DefaultPolicy = auth.GetPolicy("Bearer");
+            });
+
+            // Note, it is VITAL that this is added BEFORE services.UseMvc() is called.
+            // See https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/issues/11
+            services.AddAuthentication().AddJwtBearer(o =>
+            {
+                o.Audience = tokenOptions.Audience;
+                o.TokenValidationParameters = new TokenValidationParameters
+                {
+                    IssuerSigningKey = key,
+                    ValidAudience = tokenOptions.Audience,
+                    ValidIssuer = tokenOptions.Issuer,
+                    // When receiving a token, check that it is still valid.
+                    ValidateLifetime = true,
+
+                    // This defines the maximum allowable clock skew - i.e. provides a tolerance on the token expiry time 
+                    // when validating the lifetime. As we're creating the tokens locally and validating them on the same 
+                    // machines which should have synchronised time, this can be set to zero. Where external tokens are
+                    // used, some leeway here could be useful.
+                    ClockSkew = TimeSpan.FromMinutes(0)
+                };
             });
 
             services.AddMvc();
@@ -113,31 +135,12 @@ await context.Response.WriteAsync(
                 });
             });
 
-            // Note, it is VITAL that this is added BEFORE app.UseMvc() is called.
-            // See https://github.com/mrsheepuk/ASPNETSelfCreatedTokenAuthExample/issues/11
-            app.UseJwtBearerAuthentication(new JwtBearerOptions {
-                TokenValidationParameters = new TokenValidationParameters
-                {
-                    IssuerSigningKey = key,
-                    ValidAudience = tokenOptions.Audience,
-                    ValidIssuer = tokenOptions.Issuer,
-
-                    // When receiving a token, check that it is still valid.
-                    ValidateLifetime = true,
-
-                    // This defines the maximum allowable clock skew - i.e. provides a tolerance on the token expiry time 
-                    // when validating the lifetime. As we're creating the tokens locally and validating them on the same 
-                    // machines which should have synchronised time, this can be set to zero. Where external tokens are
-                    // used, some leeway here could be useful.
-                    ClockSkew = TimeSpan.FromMinutes(0)
-                }
-            });
-
             // Configure the HTTP request pipeline.
+            app.UseDefaultFiles();
             app.UseStaticFiles();
 
             // Add MVC to the request pipeline.
             app.UseMvc();
         }
     }
-}
+}

src/TokenAuthExampleWebApplication/TokenAuthExampleWebApplication.csproj

@@ -0,0 +1,16 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
+    <UserSecretsId>aspnet-WebApplication2-25C1FC7A-1752-4DD6-97CC-4327790AF033</UserSecretsId>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.All" Version="2.0.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <DotNetCliToolReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Tools" Version="2.0.0" />
+  </ItemGroup>
+
+</Project>