Beispiel #1
0
        public static void SignIdentityToken(IdentityToken token)
        {
            string text      = token.PayloadString();
            string signature = TokenSignFactory.SignToken(text);

            token.Signature = signature;
        }
        public TokenValidationResult ValiateIdentityToken(IdentityToken token)
        {
            if (token != null)
            {
                TokenValidationResult result = new TokenValidationResult();
                if (DateTime.Now > token.ExpirationTime)
                {
                    result.Error   = "Token Expired.";
                    result.IsValid = false;
                    return(result);
                }
                var hashData  = HashFactory.GetHash(token.PayloadString());
                var plainData = TokenSignFactory.GetHashData(token.Signature);
                if (!string.Equals(hashData, plainData))
                {
                    result.Error   = "Token Not Verified.";
                    result.IsValid = false;
                    return(result);
                }
                SessionBussiness sessionBs = new SessionBussiness();


                var session = sessionBs.GetSingle(it => it.SecuritySessionId == token.SessionId);
                if (session != null)
                {
                    if (session.ExpiredDate != null)
                    {
                        result.Error   = "Session Is Expired.";
                        result.IsValid = false;
                        return(result);
                    }
                }
                else
                {
                    result.Error   = "Session not exist.";
                    result.IsValid = false;
                    return(result);
                }
                result.IsValid = true;
                return(result);
            }
            return(null);
        }