private async Task attachUserToContext(HttpContext context, IUserTokenAppService userTokenAppService, string token)
{
try
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_jwtettings.Secret);
tokenHandler.ValidateToken(token, new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
// set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)
ClockSkew = TimeSpan.Zero
}, out SecurityToken validatedToken);
var jwtToken = (JwtSecurityToken)validatedToken;
var userId = Guid.Parse(jwtToken.Claims.First(x => x.Type == "Id").Value);
// attach user to context on successful jwt validation
context.Items["User"] = await userTokenAppService.GetAccountById(userId);
}
catch (Exception ex)
{
// do nothing if jwt validation fails
// user is not attached to context so request won't have access to secure routes
}
}
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
validatedToken = null;
JwtSecurityToken token = parse2Token(securityToken);
string md5Id = Encrypion.GenerateMD5(securityToken);
//给Identity赋值
ClaimsIdentity identity = null;
List <Claim> claims = new List <Claim>();
long nowValue = new DateTimeOffset(TimeHelper.Now).ToUnixTimeSeconds();
if (token != null)
{
string userCode = token.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name).Value;
long.TryParse(token.Claims.FirstOrDefault(c => c.Type == JwtRegisteredClaimNames.Nbf).Value, out long nbf);
long.TryParse(token.Claims.FirstOrDefault(c => c.Type == JwtRegisteredClaimNames.Exp).Value, out long exp);
if (!(exp < nowValue || nbf > nowValue))// token的时间非法
{
IUserTokenAppService userService = EngineerContext.Current.Resolve <IUserTokenAppService>();
var userTokenInfo = userService.GetTokenById(md5Id);
if (userTokenInfo != null && string.Equals(userTokenInfo.Token, securityToken, StringComparison.OrdinalIgnoreCase))
{
identity = new ClaimsIdentity(JwtBearerDefaults.AuthenticationScheme);
identity.AddClaims(token.Claims);
}
}
}
if (identity == null)
{
identity = new ClaimsIdentity("");
}
var principle = new ClaimsPrincipal(identity);
return(principle);
}
public ApiUserController(IUserAppService userAppService, IUserTokenAppService userTokenAppService, IServiceAppService serviceAppService, IOrderedAppService orderedAppService, IEvaluationAppService evaluationAppService)
{
this._userAppService = userAppService;
this._userTokenAppService = userTokenAppService;
this._serviceAppService = serviceAppService;
this._orderedAppService = orderedAppService;
this._evaluationAppService = evaluationAppService;
}
public UserController(IOptions <JwtSettings> jwtSettings
, IPersonAppService personAppService
, IUserTokenAppService userTokenAppService
)
{
this._jwtSettings = jwtSettings.Value;
this._personAppService = personAppService;
this._userTokenAppService = userTokenAppService;
}
public async Task Invoke(HttpContext context, IUserTokenAppService userTokenAppService)
{
var token = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
if (token != null)
{
await attachUserToContext(context, userTokenAppService, token);
}
await _next(context);
}
public AccountController(IAccountAppService accountAppService, IUserTokenAppService userTokenService)
{
_accountAppService = accountAppService;
_userTokenService = userTokenService;
}
