protecting api

Startup.cs

@@ -2,7 +2,9 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -11,7 +13,7 @@ namespace nuget_host
 {
     public class Startup
     {
-        public Startup(IHostingEnvironment env, IConfiguration config)
+        public Startup(IConfiguration config)
         {
             Configuration = config;
         }
@@ -19,11 +21,26 @@ namespace nuget_host
         public IConfiguration Configuration { get; }
         public static string ExternalUrl { get; private set; }
         public static string SourceDir { get; private set; }
+        public static string RootApiKeySecret { get; private set; }
 
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
         {
+            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+            .AddJwtBearer(options =>
+            {
+                // base-address of your identityserver
+                options.Authority = ExternalUrl;
+
+                // if you are using API resources, you can specify the name here
+                options.Audience = "packages";
+                
+            });
+
             services.AddMvc();
+
+            services.AddDataProtection();
+
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
@@ -40,6 +57,7 @@ namespace nuget_host
 
             ExternalUrl = Configuration["NuGet:ExternalUrl"];
             SourceDir = Configuration["NuGet:SourceDir"];
+            RootApiKeySecret = Configuration["RootApiKeySecret"];
 
             app.UseStaticFiles();