From 61cfdded08689c0e6a622810fc175b2e91cda126 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eirik=20Nordb=C3=B8?= Date: Sun, 3 Jan 2016 19:11:20 +0100 Subject: [PATCH] added KeyContainer for storing RSA keys --- .../KeyContainer.cs | 20 +++++++++++++++++++ src/TokenAuthExampleWebApplication/Startup.cs | 17 +++++----------- 2 files changed, 25 insertions(+), 12 deletions(-) create mode 100644 src/TokenAuthExampleWebApplication/KeyContainer.cs diff --git a/src/TokenAuthExampleWebApplication/KeyContainer.cs b/src/TokenAuthExampleWebApplication/KeyContainer.cs new file mode 100644 index 0000000..89259f4 --- /dev/null +++ b/src/TokenAuthExampleWebApplication/KeyContainer.cs @@ -0,0 +1,20 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Security.Cryptography; +using System.Threading.Tasks; + +namespace TokenAuthExampleWebApplication +{ + public class KeyContainer + { + public static RSAParameters GetKeyFromContainer(string containerName) + { + CspParameters cp = new CspParameters { KeyContainerName = containerName, }; + RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048, cp); + RSAParameters rsaKeyInfo = rsa.ExportParameters(true); + return rsaKeyInfo; + + } + } +} diff --git a/src/TokenAuthExampleWebApplication/Startup.cs b/src/TokenAuthExampleWebApplication/Startup.cs index 56bc98b..eac52ea 100644 --- a/src/TokenAuthExampleWebApplication/Startup.cs +++ b/src/TokenAuthExampleWebApplication/Startup.cs @@ -25,25 +25,18 @@ public Startup(IHostingEnvironment env) public void ConfigureServices(IServiceCollection services) { - // *** CHANGE THIS FOR PRODUCTION USE *** - // Here, we're generating a random key to sign tokens - obviously this means - // that each time the app is started the key will change, and multiple servers - // all have different keys. This should be changed to load a key from a file - // securely delivered to your application, controlled by configuration. - // - // See the RSAKeyUtils.GetKeyParameters method for an examle of loading from - // a JSON file. - RSAParameters keyParams = RSAKeyUtils.GetRandomKey(); + // Fetching key from KeyContainer, if the key does not exist, we create it. + var keyFromContainer = KeyContainer.GetKeyFromContainer("TokenAuthExample"); // Create the key, and a set of token options to record signing credentials // using that key, along with the other parameters we will need in the // token controlller. - key = new RsaSecurityKey(keyParams); + tokenOptions = new TokenAuthOptions() { Audience = TokenAudience, Issuer = TokenIssuer, - SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256Signature) + SigningCredentials = new SigningCredentials(keyFromContainer, SecurityAlgorithms.RsaSha256Signature) }; // Save the token options into an instance so they're accessible to the @@ -54,7 +47,7 @@ public void ConfigureServices(IServiceCollection services) services.AddAuthorization(auth => { auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder() - .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌​) + .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme) .RequireAuthenticatedUser().Build()); });