I have a .net core web api and SPA client in React JS. I want to allow users to login from the client with their emails registered in Azure AD, and secure my web api with JWT Token. i tried to generate tokens with a simple hardcoded username and password, but I don't have any idea how to get users from Azure AD and generate JWT Tokens.
Here is my JWTController :
[Route("api/[controller]")]
public class JwtController : Controller
{
private readonly JwtIssuerOptions _jwtOptions;
private readonly ILogger _logger;
private readonly JsonSerializerSettings _serializerSettings;
public JwtController(IOptions<JwtIssuerOptions> jwtOptions, ILoggerFactory loggerFactory)
{
_jwtOptions = jwtOptions.Value;
ThrowIfInvalidOptions(_jwtOptions);
_logger = loggerFactory.CreateLogger<JwtController>();
_serializerSettings = new JsonSerializerSettings
{
Formatting = Formatting.Indented
};
}
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Get([FromForm] string Username, string Password)
{
var applicationUser = new ApplicationUser();
applicationUser.UserName = Username;
applicationUser.Password = Password;
var identity = await GetClaimsIdentity(applicationUser);
if (identity == null)
{
_logger.LogInformation($"Invalid username({applicationUser.UserName}) or password ({applicationUser.Password})");
return BadRequest("Invalid credentials");
}
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, applicationUser.UserName),
new Claim(JwtRegisteredClaimNames.Jti, await _jwtOptions.JtiGenerator()),
new Claim(JwtRegisteredClaimNames.Iat,
ToUnixExpochDate(_jwtOptions.IssuedAt).ToString(),
ClaimValueTypes.Integer64),
identity.FindFirst("Disney")
};
//Create the JWT security token and encode it.
var jwt = new JwtSecurityToken(
issuer: _jwtOptions.Issuer,
audience: _jwtOptions.Audience,
claims:claims,
notBefore:_jwtOptions.NotBefore,
expires:_jwtOptions.Expiration,
signingCredentials:_jwtOptions.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
//Serialize and return the response.
var response = new
{
access_token = encodedJwt,
expires_in = (int)_jwtOptions.ValidFor.TotalSeconds
};
var json = JsonConvert.SerializeObject(response, _serializerSettings);
return new OkObjectResult(json);
}
private static void ThrowIfInvalidOptions(JwtIssuerOptions options)
{
if (options == null) throw new ArgumentNullException(nameof(options));
if (options.ValidFor <= TimeSpan.Zero)
{
throw new ArgumentException("Must be a non-zero TimeSpan.", nameof(JwtIssuerOptions.ValidFor));
}
if (options.SigningCredentials == null)
{
throw new ArgumentNullException(nameof(JwtIssuerOptions.SigningCredentials));
}
if (options.JtiGenerator == null)
{
throw new ArgumentNullException(nameof(JwtIssuerOptions.JtiGenerator));
}
}
private static long ToUnixExpochDate(DateTime date)
=> (long)Math.Round((date.ToUniversalTime() -
new DateTimeOffset(1970, 1, 1, 0, 0, 0, TimeSpan.Zero))
.TotalSeconds);
private Task<ClaimsIdentity> GetClaimsIdentity(ApplicationUser user)
{
if (user.UserName == "mickey" && user.Password == "mouse")
{
return Task.FromResult(new ClaimsIdentity(
new GenericIdentity(user.UserName, "Token"),
new[]
{
new Claim("Disney", "mickey")
}));
}
if (user.UserName == "notmickey" && user.Password == "mouse")
{
return Task.FromResult(new ClaimsIdentity(
new GenericIdentity(user.UserName, "Token"),
new Claim[] { }));
}
return Task.FromResult<ClaimsIdentity>(null);
}
}
Anyone have an idea how to implement this?
