public override void OnActionExecuted(HttpActionExecutedContext filterContext)
{
string accessTokenFromRequest = "";
{
var authHeader = filterContext.Request.Headers.Authorization;
if (authHeader != null)
{
var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader.ToString());
// RFC 2617 sec 1.2, "scheme" name is case-insensitive
if (authHeaderVal.Scheme.Equals("bearer",
StringComparison.OrdinalIgnoreCase) &&
authHeaderVal.Parameter != null)
{
accessTokenFromRequest = authHeaderVal.Parameter;
}
}
// get the access token
// accessTokenFromRequest = actionContext.Request.Headers.Authorization.ToString();
string username = "";
if (JwtManager.Instance.ValidateToken(accessTokenFromRequest, out username))
{
string tempUsername = string.Copy(username);
JAccessToken accessToken = _jwtRepository.GetSingle(d => d.UserName == tempUsername, d => d.Account);
if (accessToken != null)
{
string accessTokenStored = accessToken.Value;
if (accessTokenFromRequest == accessTokenStored)
{
accessToken.DateTimeIssued = DateTime.UtcNow;
accessToken.Value = JwtManager.Instance.GenerateToken(username);
_jwtRepository.Update(accessToken);
filterContext.Response.Headers.Add("Authorization", accessToken.Value);
}
else
{
filterContext.Response.StatusCode = System.Net.HttpStatusCode.Unauthorized;
filterContext.Response.ReasonPhrase = "Invalid token.";
}
}
else
{
filterContext.Response.StatusCode = System.Net.HttpStatusCode.Unauthorized;
filterContext.Response.ReasonPhrase = "User does not have a current token.";
}
}
else
{
if (JwtManager.Instance.ValidateExpiredToken(accessTokenFromRequest, out username))
{
if (_jwtRepository.Exists(d => d.UserName == username, d => d.Account))
{
JAccessToken accessToken = _jwtRepository.GetSingle(d => d.UserName == username, d => d.Account);
if (accessToken != null)
{
string accessTokenStored = accessToken.Value;
if (accessTokenFromRequest == accessTokenStored && accessToken.DateTimeIssued.AddDays(1).CompareTo(DateTime.Now.ToUniversalTime()) > 0)
{
accessToken.DateTimeIssued = DateTime.UtcNow;
accessToken.Value = JwtManager.Instance.GenerateToken(username);
_jwtRepository.Update(accessToken);
filterContext.Response.Headers.Add("Authorization", accessToken.Value);
}
else
{
filterContext.Response.StatusCode = System.Net.HttpStatusCode.Unauthorized;
filterContext.Response.ReasonPhrase = "Invalid token.";
}
}
else
{
filterContext.Response.StatusCode = System.Net.HttpStatusCode.Unauthorized;
filterContext.Response.ReasonPhrase = "User does not have a current token.";
}
}
else
{
filterContext.Response.StatusCode = System.Net.HttpStatusCode.Unauthorized;
filterContext.Response.ReasonPhrase = "User does not have a current token.";
}
}
else
{
filterContext.Response.StatusCode = System.Net.HttpStatusCode.Unauthorized;
filterContext.Response.ReasonPhrase = "Invalid token.";
}
}
}
}
public JAccessToken GetJAccessToken(string username)
{
return(_jAccessTokenRepository.GetSingle(token => token.UserName == username));
}
public IHttpActionResult Submit(AccountCredentialDTO credentials)
{
// Credentials is already read and deserialized into a DTO. Validate it.
Validate(credentials);
// Checks for valid model state
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
// Check to make they are not a new SSO user
if (_partialAccountRepository.Exists(d => d.UserName == credentials.Username))
{
var transformer = new SsoLoginTransformer();
var ssoLoginDto = transformer.Fetch(credentials);
var response = _ssoControllerLogic.Login(ssoLoginDto);
return(ResponseMessage(response));
}
// Proccess any other information.
if (!_accountRepository.Exists(d => d.UserName == credentials.Username))
{
return(Unauthorized());
}
if (!_saltRepository.Exists(d => d.UserName == credentials.Username, d => d.Account))
{
return(Unauthorized());
}
Salt salt;
try
{
salt = _saltRepository.GetSingle(d => d.UserName == credentials.Username, d => d.Account);
}
catch (Exception)
{
return(Unauthorized());
}
// Check app DB for user.
Account account;
try
{
account = _accountRepository.GetSingle(d => d.UserName == credentials.Username);
}
catch (Exception)
{
return(Unauthorized());
}
if (!account.AccountStatus)
{
return(BadRequest("SUSPENDED"));
}
// Issue login information
if (account.Password == HashService.Instance.HashPasswordWithSalt(salt.PasswordSalt, credentials.Password, true))
{
var response = new HttpResponseMessage();
JAccessToken token;
var claims = (List <AccountType>)account.AccountTypes;
// JWT token already exists
if (_jwtRepository.Exists(d => d.UserName == account.UserName, d => d.Account))
{
token = _jwtRepository.GetSingle(d => d.UserName == account.UserName, d => d.Account);
token.Value = JwtManager.Instance.GenerateToken(claims);
token.DateTimeIssued = DateTime.UtcNow;
_jwtRepository.Update(token);
}
// JWT does not exist for this user
else
{
token = new JAccessToken
{
Value = JwtManager.Instance.GenerateToken(claims),
UserName = account.UserName,
DateTimeIssued = DateTime.UtcNow
};
_jwtRepository.Insert(token);
}
return(Json(new { AuthToken = token.Value }));
}
// Given password does no match the stored hashed password after being hashed
else
{
return(Unauthorized());
}
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
string accessTokenFromRequest = "";
if (actionContext.Request.Headers.Authorization.ToString() != null)
{
var authHeader = actionContext.Request.Headers.Authorization;
if (authHeader != null)
{
var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader.ToString());
// RFC 2617 sec 1.2, "scheme" name is case-insensitive
if (authHeaderVal.Scheme.Equals("bearer",
StringComparison.OrdinalIgnoreCase) &&
authHeaderVal.Parameter != null)
{
accessTokenFromRequest = authHeaderVal.Parameter;
}
}
// get the access token
// accessTokenFromRequest = actionContext.Request.Headers.Authorization.ToString();
string username = "";
if (JwtManager.Instance.ValidateToken(accessTokenFromRequest, out username))
{
string tempUsername = string.Copy(username);
JAccessToken accessToken = _jwtRepository.GetSingle(d => d.UserName == tempUsername, d => d.Account);
if (accessToken != null)
{
string accessTokenStored = accessToken.Value;
if (accessTokenFromRequest == accessTokenStored)
{
return(true);
}
else
{
return(false);
}
}
else
{
return(false);
}
}
// Token is either not valid or expired
else
{
if (JwtManager.Instance.ValidateExpiredToken(accessTokenFromRequest, out username))
{
if (_jwtRepository.Exists(d => d.UserName == username, d => d.Account))
{
JAccessToken accessToken = _jwtRepository.GetSingle(d => d.UserName == username, d => d.Account);
if (accessToken != null)
{
string accessTokenStored = accessToken.Value;
if (accessTokenFromRequest == accessTokenStored && accessToken.DateTimeIssued.AddDays(1).CompareTo(DateTime.Now.ToUniversalTime()) > 0)
{
return(true);
}
else
{
return(false);
}
}
else
{
return(false);
}
}
else
{
return(false);
}
}
else
{
return(false);
}
}
}
else
{
return(false);
}
}
