private void attachUserToContext(HttpContext context, ITokkenService tokkenService, string token)
{
try
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_configuration["Jwt:Secret"]);
tokenHandler.ValidateToken(token, new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
ClockSkew = TimeSpan.Zero
}, out SecurityToken validatedToken);
var jwtToken = (JwtSecurityToken)validatedToken;
var xusername = jwtToken.Claims.First(x => x.Type == "username").Value;
// attach user to context on successful jwt validation
context.Items["User"] = tokkenService.GetValidUser(xusername);
}
catch
{
// do nothing if jwt validation fails
// user is not attached to context so request won't have access to secure routes
}
}
public async Task Invoke(HttpContext context, ITokkenService tokkenService)
{
var token = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
if (token != null)
{
attachUserToContext(context, tokkenService, token);
}
await _next(context);
}
public UserController(ITokkenService tokkenService)
{
_tokkenService = tokkenService;
}
