private string ProduceToken(long?pkSystemUser, string client_id, ApiContext context)
        {
            var apiSession = Aparte.WebApi.BeginApiSession.Execute(context, pkSystemUser);

            Aparte.WebApi.GetTenant.Execute(context, apiSession);
            context = null;

            var token = new JWEAsymmetric();

            try
            {
                token.AsymmetricKey = Audiences.Item(client_id).PublicKey;
                token.SetExpiry(apiSession.TokenExpiry);
                token.AddClaim(JWTConstant.PK_SYSTEM_USER, apiSession.PKSystemUser.ToString());
                token.AddClaim(JWTConstant.USER_NAME, apiSession.UserName);
                token.AddClaim(JWTConstant.USER_CODE, apiSession.UserCode);
                token.AddClaim(JWTConstant.ACCESS_TOKEN, apiSession.AccessToken.ToString());
                token.AddClaim(JWTConstant.REFRESH_TOKEN, apiSession.RefreshToken.ToString());
            }
            catch (Exception ex)
            {
            }

            var encryptedToken = token.SerializeToBase64UrlString();

            UserList.Add(apiSession.PKSystemUser, apiSession.UserName, apiSession.UserCode, apiSession.AccessToken, apiSession.RefreshToken, apiSession.TokenExpiry);
            return(encryptedToken);
        }
Beispiel #2
0
        /// <summary>
        /// Method to get User AccessToken by connecting to Token Method "api/Account/Token" of Api Server with user credential
        /// Password is encrypted with Api Server Public Key
        /// This method requires
        /// 1. JEdixAuthServerPublicKey
        /// 2. JEdixWin is authorized - Gene.Client.WinClient.IsClientAuthorized
        /// If authenticated,
        /// 1. Token is decrypted and stored in static properties of static class "Win"
        /// </summary>
        /// <param name="userId"></param>
        /// <param name="password"></param>
        /// <param name="cancellationToken"></param>
        /// <returns></returns>
        public static async Task <bool> GetAccessToken(string userId, string password, CancellationToken cancellationToken = new CancellationToken())
        {
            if (WinClient.IsClientAuthorized)
            {
                using (var client = new AparteHttpClient(WinClient.ApiServiceUri, HttpHeader.UserVerificationHeader(WinClient.ServerPublicKey)))
                {
                    var encryptedPassword = Security.Cryptography.AsymmetricEncryption.Encrypt(password, WinClient.ServerPublicKey);
                    var loginContent      = JsonSerializer.GetStringContent(new { UserId = userId, Password = encryptedPassword });
                    using (var response = await client.PostAsync("api/Account/Token", loginContent, cancellationToken).ConfigureAwait(false))
                    {
                        if (response.IsSuccessStatusCode)
                        {
                            var token = await response.Content.ReadAsStringAsync();

                            token = token.Replace("\"", "");
                            var decryptedToken = JWEAsymmetric.Parse(token, WinClient.PRIVATE_KEY);
                            WinClient.PKSystemUser     = GetInt64(decryptedToken.Claims[JWTConstant.PK_SYSTEM_USER]);
                            WinClient.SystemUserName   = decryptedToken.Claims[JWTConstant.USER_NAME];
                            WinClient.AccessToken      = decryptedToken.Claims[JWTConstant.ACCESS_TOKEN];
                            WinClient.RefreshToken     = decryptedToken.Claims[JWTConstant.REFRESH_TOKEN];
                            WinClient.TokenExpiryInUtc = decryptedToken.ExpiryDateTimeInUtc();
                            return(true);
                        }
                    }
                }
            }
            return(false);
        }
Beispiel #3
0
        /// <summary>
        /// Important Step to get verified if this JEdixWin is authentic by Api Server.
        /// PKI Encrypted Header is created by HttpHeader.VerifyClientHeader(ServerPublicKey)
        /// which contains KeyFile.JEDIX_WIN_CLIENT_SECRET encrypted by ServerPublicKey
        /// </summary>
        /// <param name="token"></param>
        /// <returns></returns>
        public static async Task <bool> VerifyClient(CancellationToken token = new CancellationToken())
        {
            if (!WinClient.IsClientAuthorized)
            {
                using (var clientKeyExchange = new AparteHttpClient(WinClient.ApiServiceUri, HttpHeader.VerifyClientHeader(WinClient.ServerPublicKey)))
                {
                    var content = JsonSerializer.GetStringContent(null);
                    using (var response = await clientKeyExchange.PostAsync("api/Account/VerifyClient", content, token).ConfigureAwait(false))
                    {
                        if (response.IsSuccessStatusCode)
                        {
                            var jwsString = await response.Content.ReadAsStringAsync();

                            var jws = JWEAsymmetric.Parse(jwsString.Replace("\"", ""), WinClient.PRIVATE_KEY);
                            WinClient.SharedSymmetricKey = jws[JWTConstant.CLAIM_SYMMETRIC_KEY];
                            WinClient.IsClientAuthorized = true;
                        }
                        else
                        {
                            WinClient.IsClientAuthorized = false;
                        }
                    }
                }
            }
            return(WinClient.IsClientAuthorized);
        }
Beispiel #4
0
        /// <summary>
        /// Method to re-obtain User Access Token with Refresh Token
        /// </summary>
        /// <param name="pkSystemUser"></param>
        /// <param name="accessToken"></param>
        /// <param name="refreshToken"></param>
        /// <param name="cancellationToken"></param>
        /// <returns></returns>
        public static async Task <bool> RefreshToken(long?pkSystemUser, string accessToken, string refreshToken, CancellationToken cancellationToken = new CancellationToken())
        {
            if (WinClient.IsClientAuthorized)
            {
                using (var client = new AparteHttpClient(WinClient.ApiServiceUri, HttpHeader.UserVerificationHeader(WinClient.ServerPublicKey)))
                {
                    var encryptedAccessToken  = Security.Cryptography.AsymmetricEncryption.Encrypt(accessToken, WinClient.ServerPublicKey);
                    var encryptedRefreshToken = Security.Cryptography.AsymmetricEncryption.Encrypt(refreshToken, WinClient.ServerPublicKey);
                    var body    = new { PKSystemUser = pkSystemUser, AccessToken = encryptedAccessToken, RefreshToken = encryptedRefreshToken };
                    var content = JsonSerializer.GetStringContent(body);
                    using (var response = await client.PostAsync("api/Account/RefreshToken", content, cancellationToken).ConfigureAwait(false))
                    {
                        if (response.IsSuccessStatusCode)
                        {
                            var token = await response.Content.ReadAsStringAsync();

                            var decryptedToken = JWEAsymmetric.Parse(token, WinClient.PRIVATE_KEY);
                            WinClient.AccessToken      = decryptedToken.Claims[JWTConstant.ACCESS_TOKEN];
                            WinClient.TokenExpiryInUtc = decryptedToken.ExpiryDateTimeInUtc();
                            return(true);
                        }
                    }
                }
            }
            return(false);
        }
        public IHttpActionResult VerifyClient([FromBody] Aparte.Credentials.ApplicationCredential application)
        {
            var token = new JWEAsymmetric();

            token.AddClaim(JWTConstant.CLAIM_SYMMETRIC_KEY, Audiences.Item(KeyFile.JEDIX_WIN_CLIENT_NAME).SecretSymmetricKey);
            token.AsymmetricKey = Audiences.Item(KeyFile.JEDIX_WIN_CLIENT_NAME).PublicKey;
            return(Ok <string>(token.SerializeToBase64UrlString()));
        }
        public IHttpActionResult RefreshToken([FromBody] Aparte.Credentials.UserToken userToken)
        {
            var accessToken  = AsymmetricEncryption.Decrypt(userToken.AccessToken, AuthenticationServer.PRIVATE_KEY);
            var refreshToken = AsymmetricEncryption.Decrypt(userToken.RefreshToken, AuthenticationServer.PRIVATE_KEY);

            var context    = new ApiContext();
            var apiSession = Aparte.WebApi.RefreshApiSession.Execute(context, userToken.PKSystemUser, accessToken, refreshToken);
            var token      = new JWEAsymmetric();

            token.AsymmetricKey = Audiences.Item(KeyFile.JEDIX_WIN_CLIENT_NAME).PublicKey;
            token.SetExpiry(apiSession.TokenExpiry);
            token.AddClaim(JWTConstant.PK_SYSTEM_USER, apiSession.PKSystemUser.ToString());
            token.AddClaim(JWTConstant.ACCESS_TOKEN, apiSession.AccessToken.ToString());
            var encryptedToken = token.SerializeToBase64UrlString();

            UserList.Add(apiSession.PKSystemUser, apiSession.UserName, apiSession.UserCode, apiSession.AccessToken, apiSession.RefreshToken, apiSession.TokenExpiry);
            return(Ok <string>(encryptedToken));
        }