public static rs Decode(string token = "")
{
rs r;
var secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk";
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
//
var json = decoder.Decode(token, secret, verify: true);
JwtLoginModel model = JsonConvert.DeserializeObject <JwtLoginModel>(json);
r = rs.T("Ok", model);
}
catch (TokenExpiredException)
{
r = rs.F("Token has expired");
}
catch (SignatureVerificationException)
{
r = rs.F("Token has invalid signature");
}
return(r);
}
protected override void Initialize(System.Web.Routing.RequestContext requestContext)
{
loginVM logvm = MySsAuthUsers.GetAuth();
if (logvm == null)
{
var jsonnn = myCookies.Get("auth");
if (!string.IsNullOrWhiteSpace(jsonnn))
{
try
{
rs rsdecode = EncodeDecodeJWT.Decode(jsonnn);
if (rsdecode.r && rsdecode.v != null)
{
JwtLoginModel user_cook = (JwtLoginModel)rsdecode.v;
var log = _userServ.GetEntry(user_cook.uid);
var quanids = log.UserQuans.Select(s => s.QuanID).ToList();
if (log.QuanDefaultId == null)
{
requestContext.HttpContext.Response.Clear();
requestContext.HttpContext.Response.Redirect(Url.Action("ChonQuan", "Quan", new{ area = "Admin" }));
requestContext.HttpContext.Response.End();
}
logvm = new loginVM(log);
MySsAuthUsers.setLogin(logvm);
}
}
catch (Exception ex)
{
//_userServ.SSLogOut();
}
}
}
__langid = myCookies.GetLangKey();
__setting = _settingServ.GetSetting();
__config = _confServ.GetConfigCache();
HitCounter();
ViewBag.__config = __config;
ViewBag.__setting = __setting;
VIEWSETTING __viewsetting = new VIEWSETTING();
__viewsetting.__config = __config;
__viewsetting.__setting = __setting;
__viewsetting.__login = MySsAuthUsers.GetAuth();
ViewBag.__viewsetting = __viewsetting; //VIEWSETTING __vs = ViewBag.__viewsetting;
base.Initialize(requestContext);
}
public async Task <(string, DateTime)> Login(JwtLoginModel model)
{
var user = await _userManager.FindByNameAsync(model.UserName);
if (user == null)
{
throw new UserNotFoundException();
}
if (user.LockoutEnabled && user.LockoutEnd > DateTime.Now)
{
throw new UserLockedOutException();
}
if (!await _userManager.CheckPasswordAsync(user, model.Password))
{
throw new PasswordIncorrectException();
}
var userRoles = await _userManager.GetRolesAsync(user);
var authClaims = new List <Claim>
{
new Claim(ClaimTypes.Name, user.Id),
new Claim(JwtRegisteredClaimNames.Sub, user.Email),
};
foreach (var userRole in userRoles)
{
authClaims.Add(new Claim(ClaimTypes.Role, userRole));
}
var authSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.Jwt.Secret));
var expirationDate = DateTime.Now.AddMonths(1);
var jwtSecurityToken = new JwtSecurityToken(
issuer: _config.Jwt.ValidIssuer,
audience: _config.Jwt.ValidAudience,
expires: expirationDate,
claims: authClaims,
signingCredentials: new SigningCredentials(authSigningKey, SecurityAlgorithms.HmacSha256));
string token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
return(token, expirationDate);
}
// This method must be thread-safe since it is called by the thread-safe OnCacheAuthorization() method.
/*
* Phương thức này phải được thread-safe vì nó được gọi bởi các phương thức Authorization cache thread-safe ()
* cái đích của phương thức này là kiểm tra xem user đó đăng nhập đúng hay ko, có quền hay ko có quề
* true: có quền
* false: không có quên - > simple that!
*
*/
protected virtual bool AuthorizeCore(HttpContextBase httpContext)
{
this._userServ = DependencyResolver.Current.GetService <IUserRepository>();
try
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
loginVM logvm = MySsAuthUsers.GetAuth();
if (logvm == null)
{
var jsonnn = myCookies.Get("auth");
if (!string.IsNullOrWhiteSpace(jsonnn))
{
try
{
rs rsdecode = EncodeDecodeJWT.Decode(jsonnn);
if (rsdecode.r && rsdecode.v != null)
{
JwtLoginModel user_cook = (JwtLoginModel)rsdecode.v;
var log = _userServ.GetEntry(user_cook.uid);
logvm = new loginVM(log);
MySsAuthUsers.setLogin(logvm);
}
}
catch (Exception ex)
{
// _userServ.SSLogOut();
return(false);
}
}
}
if (logvm == null)
{
return(false);
}
var user_login = _userServ.SSgetUserLoged();
//Auth2. kiểm tra quền hạn theo username
if (_usersSplit.Length > 0 &&
!_usersSplit.Contains(user_login.Username, StringComparer.OrdinalIgnoreCase))
{
return(false);
}
if (_rolesSplit.Length > 0 && !_rolesSplit.Contains(user_login.RoleId.ToString()))
{
return(false);
}
//Auth3. Kiểm tra quền hạn theo access role
if (user_login.Username != "admin")
{
if (_quyensSplit.Length > 0 && !IsInRole(user_login.ne_quyenIntArrStr, _quyensSplit))
{
return(false);
}
}
return(true);
}
catch
{
return(false);
}
}
