public void Create_JWT()
{
using (new BasicAppHost().Init())
{
var jwtProvider = new JwtAuthProvider
{
AuthKeyBase64 = Config.JwtAuthKeyBase64,
ExpireTokensInDays = 3650
};
var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm);
var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession
{
UserAuthId = "1",
DisplayName = "test",
UserName = "******",
IsAuthenticated = true,
},
issuer: jwtProvider.Issuer,
expireIn: jwtProvider.ExpireTokensIn,
audience: jwtProvider.Audience,
roles: new[] { "TheRole" },
permissions: new[] { "ThePermission" });
var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm());
jwtToken.Print();
}
}
/// <summary>
/// Генерация пары токенов для пользователя
/// </summary>
/// <returns>Пара токенов: Access и Refresh</returns>
internal async Task <TokenResult> GenerateToken(User user, TimeSpan?customAccessExpire = null, TimeSpan?customRefreshExpire = null)
{
//var user = await UserRepository.GetWithIncludesAsync(uid);
var sessionId = Guid.NewGuid().ToString();
var token = new TokenResult();
var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider("jwt");
if (jwtProvider?.PublicKey == null)
{
throw new HttpError(HttpStatusCode.ServiceUnavailable, "AuthProvider does not work");
}
var defaultAccessExpire = jwtProvider.ExpireTokensIn;
//Можно запросить время жизни токена не больше чем 'defaultAccessExpire'
var accExpSpan = (customAccessExpire ?? defaultAccessExpire) >= defaultAccessExpire
? defaultAccessExpire
: customAccessExpire.Value;
var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession
{
UserAuthId = user.Id,
CreatedAt = DateTime.UtcNow,
DisplayName = user.Login,
},
issuer: jwtProvider.Issuer, expireIn: accExpSpan);
body["useragent"] = Request.UserAgent;
body["session"] = sessionId;
token.AccessToken = JwtAuthProvider.CreateEncryptedJweToken(body, jwtProvider.PublicKey.Value);
var defaultRefreshExpire = jwtProvider.ExpireRefreshTokensIn;
var refExpSpan = (customRefreshExpire ?? defaultRefreshExpire) >= defaultRefreshExpire
? defaultRefreshExpire
: customRefreshExpire.Value;
var refreshBody = JwtAuthProvider.CreateJwtPayload(new AuthUserSession
{
UserAuthId = user.Id,
DisplayName = user.Login,
CreatedAt = DateTime.UtcNow,
Permissions = new List <string> {
RefreshPermission
},
},
issuer: jwtProvider.Issuer, expireIn: refExpSpan);
refreshBody["useragent"] = Request.UserAgent;
refreshBody["session"] = body["session"];
token.RefreshToken = JwtAuthProvider.CreateEncryptedJweToken(refreshBody, jwtProvider.PublicKey.Value);
return(token);
}
public override void Configure(Container container)
{
Plugins.Add(new EncryptedMessagesFeature
{
PrivateKey = SecureConfig.PrivateKeyXml.ToPrivateRSAParameters(),
FallbackPrivateKeys =
{
SecureConfig.FallbackPrivateKeyXml.ToPrivateRSAParameters()
},
});
var apiKeyAuth = new ApiKeyAuthProvider(AppSettings);
var jwtAuth = new JwtAuthProvider(AppSettings)
{
AuthKey = AesUtils.CreateKey(),
UseTokenCookie = false, // only works with non HTTP Cookies
};
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[] {
new CredentialsAuthProvider(AppSettings),
apiKeyAuth,
jwtAuth,
}));
container.Register <IAuthRepository>(c => new InMemoryAuthRepository());
var authRepo = container.Resolve <IAuthRepository>();
var userAuth = authRepo.CreateUserAuth(
new UserAuth {
Email = "*****@*****.**"
}, "p@55word");
var apiKeys = apiKeyAuth.GenerateNewApiKeys(userAuth.Id.ToString(), "live");
var apiKeyRepo = (IManageApiKeys)authRepo;
apiKeyRepo.StoreAll(apiKeys);
LiveApiKey = apiKeys[0];
JwtBearerToken = jwtAuth.CreateJwtBearerToken(new AuthUserSession {
UserAuthId = userAuth.Id.ToString(),
Email = userAuth.Email,
IsAuthenticated = true,
});
}
public void Does_validate_multiple_audiences()
{
var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProviderReader.Name);
string CreateJwtWithAudiences(params string[] audiences)
{
var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm);
var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession
{
UserAuthId = "1",
DisplayName = "Test",
Email = "*****@*****.**",
IsAuthenticated = true,
},
issuer: jwtProvider.Issuer,
expireIn: jwtProvider.ExpireTokensIn,
audiences: audiences);
var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm());
return(jwtToken);
}
jwtProvider.Audiences = new List <string> {
"foo", "bar"
};
var jwtNoAudience = CreateJwtWithAudiences();
Assert.That(jwtProvider.IsJwtValid(jwtNoAudience));
var jwtWrongAudience = CreateJwtWithAudiences("qux");
Assert.That(!jwtProvider.IsJwtValid(jwtWrongAudience));
var jwtPartialAudienceMatch = CreateJwtWithAudiences("bar", "qux");
Assert.That(jwtProvider.IsJwtValid(jwtPartialAudienceMatch));
jwtProvider.Audience = "foo";
Assert.That(!jwtProvider.IsJwtValid(jwtPartialAudienceMatch));
jwtProvider.Audience = null;
Assert.That(jwtProvider.IsJwtValid(jwtPartialAudienceMatch));
}
protected string CreateJwt(RSAParameters privateKey, string algorithm, string audience = null)
{
var header = JwtAuthProvider.CreateJwtHeader(algorithm);
var payload = JwtAuthProvider.CreateJwtPayload(new AuthUserSession {
UserAuthId = "1",
DisplayName = "Test",
Email = "*****@*****.**",
// JwtAuthProvider.CreateJwt would fail without ProfileUrl when
// there is no initialized AppHost
ProfileUrl = "http://myprofile"
}, "https://server.example.com",
audiences: new [] { audience },
expireIn: TimeSpan.FromDays(7));
var rsaSignFunc = JwtAuthProviderReader.RsaSignAlgorithms[algorithm];
return(JwtAuthProvider.CreateJwt(header, payload,
data => rsaSignFunc(privateKey, data)));
}
public static void Initialize(Settings settings)
{
Settings = settings;
JWTProvider = new JwtAuthProvider()
{
AuthKeyBase64 = Settings.Auth.SigningKey,
ExpireTokensIn = TimeSpan.FromMinutes(Settings.Auth.TokenValidityMinutes),
CreatePayloadFilter = CreatePayload,
PopulateSessionFilter = PopulateSession,
RequireSecureConnection = false
};
AuthFeature = new AuthFeature(
() => new UserSession(),
new[] {
JWTProvider
})
{
HtmlRedirect = null, IncludeAssignRoleServices = false
};
}
public void Can_manually_create_an_authenticated_UserSession_in_Token()
{
var jwtProvider = CreateJwtAuthProvider();
var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm);
var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession
{
UserAuthId = "1",
DisplayName = "Test",
Email = "*****@*****.**",
IsAuthenticated = true,
},
issuer: jwtProvider.Issuer,
expireIn: jwtProvider.ExpireTokensIn,
audiences: jwtProvider.Audiences,
roles: new[] { "TheRole" },
permissions: new[] { "ThePermission" });
var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm());
var client = GetClient();
try
{
client.Send(new HelloJwt {
Name = "no jwt"
});
Assert.Fail("should throw");
}
catch (WebServiceException ex)
{
Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
}
client.SetTokenCookie(jwtToken);
var response = client.Send(new HelloJwt {
Name = "from Custom JWT"
});
Assert.That(response.Result, Is.EqualTo("Hello, from Custom JWT"));
}
private string CreateJwtToken()
{
var jwtProvider = CreateJwtAuthProvider();
var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm);
var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession {
UserAuthId = "1",
DisplayName = "Test",
Email = "*****@*****.**",
IsAuthenticated = true,
},
issuer: jwtProvider.Issuer,
expireIn: jwtProvider.ExpireTokensIn,
audiences: jwtProvider.Audiences,
roles: new[] { "TheRole" },
permissions: new[] { "ThePermission" });
var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm());
return(jwtToken);
}
public object Any(CreateRefreshJwt request)
{
var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProvider.Name);
var jwtHeader = new JsonObject
{
{ "typ", "JWTR" }, //RefreshToken
{ "alg", jwtProvider.HashAlgorithm }
};
var keyId = jwtProvider.GetKeyId(Request);
if (keyId != null)
{
jwtHeader["kid"] = keyId;
}
var now = DateTime.UtcNow;
var jwtPayload = new JsonObject
{
{ "sub", request.UserAuthId ?? "1" },
{ "iat", now.ToUnixTime().ToString() },
{ "exp", (request.JwtExpiry ?? DateTime.UtcNow.AddDays(1)).ToUnixTime().ToString() },
};
if (jwtProvider.Audience != null)
{
jwtPayload["aud"] = jwtProvider.Audience;
}
var hashAlgoritm = jwtProvider.GetHashAlgorithm();
var refreshToken = JwtAuthProvider.CreateJwt(jwtHeader, jwtPayload, hashAlgoritm);
return(new CreateRefreshJwtResponse
{
Token = refreshToken
});
}
public static ResponseDTO CheckUserLogin(string username, string password, string page, int typeSearch)
{
ErrorDTO ErrorResponse = new ErrorDTO();
LoginResponseDTO DataResponse = new LoginResponseDTO();
ResponseDTO Response = new ResponseDTO();
SqlConnection con = connection.loadDB();
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.CommandText = "SearchUserData";
SqlParameter param1 = new SqlParameter();
param1.ParameterName = "UserName";
param1.SqlDbType = SqlDbType.NVarChar;
if (username != null && username != "")
{
param1.Value = username;
}
else
{
param1.Value = DBNull.Value;
}
cmd.Parameters.Add(param1);
SqlParameter param2 = new SqlParameter();
param2.ParameterName = "Password";
param2.SqlDbType = SqlDbType.NVarChar;
if (password != null && password != "")
{
param2.Value = password;
}
else
{
param2.Value = DBNull.Value;
}
cmd.Parameters.Add(param2);
SqlParameter param3 = new SqlParameter();
param3.ParameterName = "TypeSearch";
param3.SqlDbType = SqlDbType.Int;
param3.Value = typeSearch;
cmd.Parameters.Add(param3);
List <UserDTO> ListUsers = new List <UserDTO>();
try
{
SqlDataReader reader = cmd.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
UserDTO userModel = new UserDTO();
userModel.ID = Convert.ToInt16(reader["ID"].ToString());
userModel.UserName = reader["username"].ToString();
userModel.FirstName = reader["first_name"].ToString();
userModel.LastName = reader["last_name"].ToString();
userModel.Password = reader["password"].ToString();
userModel.Email = reader["email"].ToString();
userModel.Role = reader["ROLES"].ToString();
userModel.Permission = reader["PERMISSTION"].ToString();
ListUsers.Add(userModel);
}
}
if (ListUsers.Count > 0)
{
if ((ListUsers[0].Role.ToUpper() != "PAID USER" && ListUsers[0].Role.ToUpper() != "FREE USER" && page == "admin") || (page == "front"))
{
DataResponse.id = ListUsers[0].ID;
DataResponse.token = JwtAuthProvider.GenerateToken(ListUsers[0].UserName, ListUsers[0].Password);
Response.Data = DataResponse;
}
else
{
ErrorResponse.Code = 404;
ErrorResponse.Message = "Authenticate Error";
Response.Error = ErrorResponse;
}
return(Response);
}
else
{
ErrorResponse.Code = 404;
ErrorResponse.Message = "Authenticate Error";
Response.Error = ErrorResponse;
return(Response);
}
}
catch (Exception ex)
{
Logger.Error("", ex, Level.ERROR);
throw ex;
}
finally
{
con.Close();
}
}
