Agregamos la dependencia:
En la clase Startup, en el método ConfigureServices:
//JWT
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options => {
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true, //Validar Emisor
ValidateAudience = true, //Validar Audiencia
ValidateLifetime = true, //Validar tiempo
ValidateIssuerSigningKey = true, //Validar la firma del emisor
ValidIssuer = Configuration["Authentication:Issuer"], //Accdemos a valores que tenems en el appsetting.json
ValidAudience = Configuration["Authentication:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Authentication:Secretkey"])) //Secret Key
};
});
en el método configure:
app.UseAuthentication(); //JWT
app.UseAuthorization();
Obteniendo info de la base de datos:
public async Task<EmpleadoModel> GetUserCredentials(UserLogin login)
{
var sql = from empleado in _context.Empleados
join roles in _context.Roles on empleado.Rol equals roles.Id
select new EmpleadoModel
{
Id = empleado.Id,
Documento = empleado.Documento,
Nombres = empleado.Nombres,
Apellidos = empleado.Apellidos,
Roles = new RolModel
{
Descripcion = roles.Descripcion,
}
};
var response = await sql.FirstOrDefaultAsync(x =>
x.Documento == login.User);
return response;
}
public class TokenController : ControllerBase
{
private readonly IConfiguration _configuration;
private readonly ISecurityService _securityService;
public TokenController(IConfiguration configuration, ISecurityService securityService)
{
_configuration = configuration;
_securityService = securityService;
}
[HttpPost]
public async Task<IActionResult> Authentication(UserLogin userLogin)
{
var validation = await isValidaUser(userLogin);
if (validation.Item1)
{
var token = GenerateToken(validation.Item2);
return Ok(new { token });
}
return BadRequest();
}
private async Task<(bool, EmpleadoModel)> isValidaUser(UserLogin userLogin)
{
var response = await _securityService.GetUserCredentials(userLogin);
return (response != null, response);
}
private string GenerateToken(EmpleadoModel security)
{
var symmetricSecurityKry = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Authentication:Secretkey"]));
var signingCredentials = new SigningCredentials(symmetricSecurityKry, SecurityAlgorithms.HmacSha256);
var header = new JwtHeader(signingCredentials);
var claims = new[]
{
new Claim(ClaimTypes.Name, $"{security.Nombres} {security.Apellidos}"),
new Claim("Email", ""),
new Claim(ClaimTypes.Role, security.Roles.Descripcion),
};
var payload = new JwtPayload
(
_configuration["Authentication:Issuer"],
_configuration["Authentication:Audience"],
claims,
DateTime.Now,
DateTime.UtcNow.AddMinutes(10)
);
var token = new JwtSecurityToken(header, payload);
return new JwtSecurityTokenHandler().WriteToken(token);
}
}