Beispiel #1
0
        // GET: api/Auth
        public HttpResponseMessage Get(bool refresh = true)
        {
            //if not JWT Authorization punt
            if (Request.Headers.Authorization == null || Request.Headers.Authorization.Scheme != "Bearer")
            {
                throw new HttpResponseException(Request.CreateErrorResponse(System.Net.HttpStatusCode.Unauthorized, "You are unauthorized."));
            }

            //get token
            var authorizationToken = Request.Headers.Authorization.Parameter;

            //validate token and get username
            string username = null;

            if (!_authenticationHelper.ValidateAuthorizationToken(authorizationToken, out username))
            {
                throw new HttpResponseException(Request.CreateErrorResponse(System.Net.HttpStatusCode.Unauthorized, "You are unauthorized."));
            }

            if (!refresh)
            {
                return new HttpResponseMessage {
                           StatusCode = HttpStatusCode.OK
                }
            }
            ;

            //create new token
            var jwtSecurityToken = new JwtSecurityToken(
                issuer: "mycompanyauth",
                audience: "mycompany",
                claims: new List <Claim>()
            {
                new Claim(ClaimTypes.Name, username),
            },
                notBefore: DateTime.UtcNow.AddMinutes(_authenticationServerConfiguration.AuthTokenRefreshNotBeforeAdjustMinutes),
                expires: DateTime.UtcNow.AddMinutes(_authenticationServerConfiguration.AuthTokenRefreshExpiryMinutes),
                signingCredentials: _authenticationHelper.SigningCredentials
                );

            //create a token handler and use it to write the token to a string
            string tokenString = _jwtSecurityTokenHandler.WriteToken(jwtSecurityToken);

            //respond
            return(new HttpResponseMessage
            {
                Content = new StringContent(tokenString, Encoding.UTF8, "text/html")
            });
        }
    }