Maintenance updates to improve writing style and appeal

Controllers/DemoController.cs

@@ -0,0 +1,45 @@
+using System;
+using System.Linq;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using System.Security.Claims;
+
+namespace Demo.Controllers
+{
+    [ApiController]
+    [Route("[controller]")]
+    public class DemoController : ControllerBase
+    {
+        /*
+         * A normal security level endpoint that enforces a required scope
+         */
+        [HttpGet("data")]
+        [Authorize(Policy = "has_required_scope")]
+        public IActionResult MediumSensitivityData()
+        {
+            return Ok(new { data = "Some medium sensitivity data", user = GetSubject() });
+        }
+
+        /*
+         * A high security endpoint that also requires a custom claim with a low risk score
+         */
+        [HttpGet("highworthdata")]
+        [Authorize(Policy = "has_required_scope")]
+        [Authorize(Policy = "has_low_risk")]
+        public IActionResult HighSensitivityData()
+        {
+            return Ok(new { data = "Some high sensitivity data", user = GetSubject(), risk = GetClaim("risk") });
+        }
+
+        private String GetSubject()
+        {
+            return GetClaim("sub");
+        }
+
+        private String GetClaim(String type)
+        {
+            Claim c = User.Claims.FirstOrDefault(c => c.Type == type);
+            return c?.Value;
+        }
+    }
+}

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2021 Curity
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Program.cs

@@ -1,13 +1,7 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Logging;
 
-namespace weather
+namespace Demo
 {
     public class Program
     {

README.md

@@ -0,0 +1,76 @@
+# Secure a .NET API with JWT Access Tokens
+
+[![Quality](https://img.shields.io/badge/quality-demo-red)](https://curity.io/resources/code-examples/status/)
+[![Availability](https://img.shields.io/badge/availability-source-blue)](https://curity.io/resources/code-examples/status/)
+
+A demo API to show how to use JWTs for authorization in .NET APIs.\
+The code uses the [JWT Bearer Middleware](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-jwt-bearer-authentication) and [Policy Based Authorization](https://learn.microsoft.com/en-us/aspnet/core/security/authorization/policies).
+
+## Configure the API
+
+The API uses an `appSettings.json` file to configure its expected issuer, audience and JWT signing algorithm:
+
+```json
+{
+  "Authorization": {
+    "Issuer": "https://login.example.com/oauth/v2/oauth-anonymous",
+    "Audience": "demo-api",
+    "Algorithm": "RS256"
+  }
+}
+```
+
+## Configure the Curity Identity Server
+
+Before running the app you need to configure an authorization server like a local Docker instance of the Curity Identity Server:
+
+- [Run a local Docker instance](https://curity.io/resources/learn/run-curity-docker/).
+- [Use the token designer to configure scopes and claims](https://curity.io/resources/learn/token-designer/).
+- [Create a client that gets an access token to send to the API](https://curity.io/resources/learn/configure-client/).
+
+## Run the Example
+
+Ensure that an up to date [.NET SDK](https://dotnet.microsoft.com/en-us/download) is installed, then run the example.\
+Use developer-specific settings if required, such as the use of HTTP OAuth URLs.
+
+```bash
+export ASPNETCORE_ENVIRONMENT='Development'
+dotnet build
+dotnet run
+```
+
+The configuration uses a local example domain for the authorization server.\
+To use such a domain, add the following entry to your local computer's hosts file:
+
+```text
+127.0.0.1 login.example.com
+```
+
+## Call the API
+
+You can then act as an OAuth client to get an access token and call the API.\
+The following endpoint returns normal sensitivity data and requires a `read` scope:
+
+```bash
+curl -i http://localhost:5000/demo/data -H "Authorization: Bearer $ACCESS_TOKEN"
+```
+
+The following endpoint return higher sensitivity data and also requires a custom `risk` claim with a value below 50.\
+Such a claim might originate from an external system like a risk engine.
+
+```bash
+curl -i http://localhost:5000/demo/highworthdata -H "Authorization: Bearer $ACCESS_TOKEN"
+```
+
+## Run a Deployed API
+
+To run the API in a [Docker](https://docs.docker.com/engine/install/) container, execute the deployment script:
+
+```bash
+./deployment/run.sh
+```
+
+## Further Information
+
+- See the [.NET API Tutorial](https://curity.io/resources/learn/dotnet-api) for further details on the example API's security behavior.
+- See the [JWT Best Practices](https://curity.io/resources/learn/jwt-best-practices/) article for further information on using JWTs securely.