public TokenProviderOptions()
{
Path = "/api/token";
Issuer = "ExampleIssuer";
Audience = "ExampleAudience";
Expiration = TimeSpan.FromDays(1);
var secretKey = "mysupersecret_secretkey!123";
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));
SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
TokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = "ExampleIssuer",
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = Audience,
// Validate the token expiry
ValidateLifetime = true,
// If you want to allow a certain amount of clock drift, set that here:
ClockSkew = TimeSpan.Zero
};
}
public void TokenPerformanceTest()
{
byte[] keyForHmacSha256 = new byte[64];
var randomGen = RandomNumberGenerator.Create();
randomGen.GetBytes(keyForHmacSha256);
var securityKey = new SymmetricSecurityKey(keyForHmacSha256);
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
var options = new TokenProviderOptions
{
Issuer = "InColUn",
Audience = "All",
SigningCredentials = signingCredentials
};
var provider = new TokenProvider(options);
for (int i = 0; i < 128 * 2; i++)
{
var token = provider.GenerateUserToken(1, "John Dwo");
}
Stopwatch stopwatch = Stopwatch.StartNew();
int limit = 128 * 1024;
for (int i = 0; i < limit; i++)
{
var token = provider.GenerateUserToken(i, "John Dwo");
}
stopwatch.Stop();
var output = string.Format("{0} tokens/sec", 1000.0 * limit / stopwatch.Elapsed.TotalMilliseconds);
Console.WriteLine(output);
}
public void TokenExpirationTest()
{
byte[] keyForHmacSha256 = new byte[64];
var randomGen = RandomNumberGenerator.Create();
randomGen.GetBytes(keyForHmacSha256);
var securityKey = new SymmetricSecurityKey(keyForHmacSha256);
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
var options = new TokenProviderOptions
{
Issuer = "InColUn",
Audience = "All",
SigningCredentials = signingCredentials,
Expiration = TimeSpan.FromMilliseconds(1000)
};
var provider = new TokenProvider(options);
var token = provider.GenerateUserToken(1, "John Dwo");
var id = provider.ValidateToken(token.access_token);
Assert.NotNull(id);
Assert.Equal(1, id.Value);
}
/// <summary>
/// Generates Defauls SigningCredentials
/// SigningCredentials generated from random key using HmacSha256Signature algorithm
/// </summary>
/// <returns>Generated SigningCredentials</returns>
public static SigningCredentials DefaultSigningCredentials()
{
if (TokenProvider._signingCredentials != null) return TokenProvider._signingCredentials;
lock(TokenProvider.s_lock)
{
if (TokenProvider._signingCredentials != null) return TokenProvider._signingCredentials;
var keyForHmacSha256 = Common.Crypto.GetRandomBytes(64);
var securityKey = new SymmetricSecurityKey(keyForHmacSha256);
_signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
return _signingCredentials;
}
}
private void ConfigureToken(IServiceCollection services)
{
byte[] keyForHmacSha256 = new byte[64];
var randomGen = RandomNumberGenerator.Create();
randomGen.GetBytes(keyForHmacSha256);
var securityKey = new SymmetricSecurityKey(keyForHmacSha256);
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
var options = new TokenProviderOptions
{
Issuer = "InColUn",
Audience = "All",
SigningCredentials = signingCredentials,
Expiration = TimeSpan.FromMilliseconds(1000)
};
var tokenProvider = new TokenProvider(options);
services.AddSingleton(tokenProvider);
}
public UserToken BuildToken(string email)
{
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.UniqueName, email),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JwtConfig:Secret"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expiration = DateTime.UtcNow.AddHours(1);
JwtSecurityToken token = new JwtSecurityToken(
issuer: null,
audience: null,
claims: claims,
expires: expiration,
signingCredentials: creds);
return(new UserToken()
{
Token = new JwtSecurityTokenHandler().WriteToken(token),
Expiration = expiration
});
}
public string CreateAccessToken(string username)
{
var claims = new[]
{
new Claim(ClaimTypes.Name, username)
};
var jwtSecurityKey = Encoding.UTF8.GetBytes(_configuration.GetValue <string>("Settings:JWT:SecurityKey"));
var key = new SymmetricSecurityKey(jwtSecurityKey);
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expires = DateTime.UtcNow.Add(TimeSpan.ParseExact(_configuration.GetSection("Settings:JWT:AccessToken:Expiry").Value, "c", null));
var accessToken = new JwtSecurityToken(
_configuration.GetValue <string>("Settings:JWT:Issuer"),
_configuration.GetValue <string>("Settings:JWT:Audience"),
claims,
notBefore: DateTime.UtcNow,
expires: expires,
signingCredentials: creds
);
var accessTokenString = new JwtSecurityTokenHandler().WriteToken(accessToken);
return(accessTokenString);
}
public string CreateToken(AppUser user)
{
try
{
var claims = new List <Claim> {
new Claim(JwtRegisteredClaimNames.NameId, user.UserName)
};
var creds = new SigningCredentials(_key, SecurityAlgorithms.HmacSha512Signature);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(7),
SigningCredentials = creds
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
return(tokenHandler.WriteToken(token));
}
catch (System.Exception e)
{
return($"{e.Message}");
}
}
public string CreateToken(AppUser user)
{
var claims = new List<Claim>
{
new Claim(JwtRegisteredClaimNames.NameId, user.UserName)
};
// generate signing credentials
var creds = new SigningCredentials(_key, SecurityAlgorithms.HmacSha512Signature);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(7),
SigningCredentials = creds
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}
string GenerateJWT(User userInfo)
{
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:SecretKey"]));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, userInfo.UserName),
new Claim("firstName", userInfo.FirstName.ToString()),
new Claim("role", userInfo.UserType),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
};
var token = new JwtSecurityToken(
issuer: _config["Jwt:Issuer"],
audience: _config["Jwt:Audience"],
claims: claims,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: credentials
);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
public JwtHandler(IOptions <JwtOptions> options)
{
_options = options.Value;
_issuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.SecretKey));
// !!! NOTE
// Another BETTER option would be to use RSA here, because in case of HMAC we need to have same secret key
// shared between Identity service and other services like API.
// In case of RSA Identity service would have the private/public certificates - private key and public key.
// Then it could provide the public key for all of the other services - they only have to verify if token is valid, which
// could be done via public key. Private key needs to be used only inside of the Identity service scope, for the singing tokens.
_signingCredentials = new SigningCredentials(_issuerSigningKey, SecurityAlgorithms.HmacSha256);
_jwtHeader = new JwtHeader(_signingCredentials);
_tokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false, // Dosen't care which end client will be authenticated
ValidIssuer = _options.Issuer,
IssuerSigningKey = _issuerSigningKey
};
}
public Object GetToken()
{
string key = "my_secret_key_12345";
var issuer = "http://mysite.com";
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var permClaims = new List <Claim>();
permClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
permClaims.Add(new Claim("valid", "1"));
permClaims.Add(new Claim("userid", "1"));
permClaims.Add(new Claim("name", "bilal"));
var token = new JwtSecurityToken(issuer,
issuer,
permClaims,
expires: DateTime.Now.AddDays(1),
signingCredentials: credentials);
var jwt_token = new JwtSecurityTokenHandler().WriteToken(token);
return(new { data = jwt_token });
}
public string CreatToken()
{
var config = ConfigerManager.Instance.Build().GetSwaggerSetting();
var claims = new List <Claim>
{ // 令牌颁发时间
new Claim(JwtRegisteredClaimNames.Iat, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
new Claim(JwtRegisteredClaimNames.Nbf, $"{new DateTimeOffset(DateTime.Now).ToUnixTimeSeconds()}"),
// 过期时间 100秒
new Claim(JwtRegisteredClaimNames.Exp, $"{new DateTimeOffset(DateTime.Now.AddSeconds(100)).ToUnixTimeSeconds()}"),
new Claim(JwtRegisteredClaimNames.Iss, config.Issuer), // 签发者
};
// 密钥
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config.JwtSecret));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
JwtSecurityToken jwt = new JwtSecurityToken(
claims: claims,// 声明的集合
signingCredentials: creds);
var handler = new JwtSecurityTokenHandler();
var strJWT = handler.WriteToken(jwt);
StaticCacher.SetCacher("token", strJWT);
return(strJWT);
}
private string GenerateJSONWebToken(User userInfo)
{
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.UniqueName, userInfo.UserName),
new Claim(JwtRegisteredClaimNames.Email, userInfo.UserEmail),
new Claim(JwtRegisteredClaimNames.GivenName, userInfo.UserFirstName),
new Claim(JwtRegisteredClaimNames.FamilyName, userInfo.UserLastName + " " + userInfo.UserMiddleName),
new Claim("Role", userInfo.RoleName.ToString()),
new Claim(ClaimTypes.Role, userInfo.RoleName.ToString())
};
var token = new JwtSecurityToken(_config["Jwt:Issuer"],
_config["Jwt:Issuer"],
claims,
expires: DateTime.Now.AddHours(24),
signingCredentials: credentials);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
public void CreateToken(AppUser userInfo)
{
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[] {
new Claim("id", userInfo.Id.ToString()),
new Claim(JwtRegisteredClaimNames.Sub, userInfo.UserName),
new Claim(JwtRegisteredClaimNames.GivenName, string.Format("{0} {1}", userInfo.FirstName, userInfo.LastName)),
new Claim(JwtRegisteredClaimNames.Email, userInfo.Email),
//new Claim("role", string.Join(",",userInfo.UserRoles.Select(x=>x.RoleId).ToArray())),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var token = new JwtSecurityToken(
issuer: _config["Jwt:Issuer"],
audience: _config["Jwt:Issuer"],
claims,
expires: DateTime.Now.AddMinutes(Convert.ToInt32(_config["Jwt:ExpirationTimeMinutes"])),
signingCredentials: credentials);
userInfo.Token = new JwtSecurityTokenHandler().WriteToken(token);
}
private string CreateToken(ApplicationUser _user)
{
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["jwt:Key"]));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, _user.UserName),
new Claim(JwtRegisteredClaimNames.Email, _user.Email),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var token = new JwtSecurityToken(
issuer: _config["Jwt:Issuer"],
audience: _config["Jwt:Issuer"],
claims,
expires: DateTime.Now.AddMinutes(60),
signingCredentials: credentials);
var encodedToken = new JwtSecurityTokenHandler().WriteToken(token);
return(encodedToken);
}
public string CriarToken(AppUser usuario)
{
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Email, usuario.Email),
new Claim(JwtRegisteredClaimNames.GivenName, usuario.DisplayName),
};
var credenciais = new SigningCredentials(_key, SecurityAlgorithms.HmacSha512);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(7),
SigningCredentials = credenciais,
Issuer = _config["Token:Issuer"]
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
return(tokenHandler.WriteToken(token));
}
public string CreateToken(User user)
{
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.NameId, user.UserName) // Add username as a name id to the jwt token.
};
var checksum = new SigningCredentials(_key, SecurityAlgorithms.HmacSha512Signature); //
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(7),
SigningCredentials = checksum
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
return(tokenHandler.WriteToken(token));
}
public async Task<IActionResult> Login(UserForLoginDto userForLoginDto)
{
var userFromRepo = await _repo.Login(userForLoginDto.Username.ToLower(), userForLoginDto.Password);
if (userFromRepo == null)
return Unauthorized();
var creds = new SigningCredentials(GetKey(), SecurityAlgorithms.HmacSha512Signature);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(GetClaims(userFromRepo)),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = creds
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
var user = _mapper.Map<UserForListDto>(userFromRepo);
return Ok(new { token = tokenHandler.WriteToken(token), user });
}
public static string GenerateToken(SiteUser user)
{
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, user.Email),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(ClaimTypes.NameIdentifier, user.Id)
};
var key = GetSymmetricSecurityKey();
var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expires = DateTime.UtcNow.AddMinutes(LifetimeInMinutes);
var token = new JwtSecurityToken(
Issuer,
Audience,
notBefore: DateTime.UtcNow,
claims: claims,
expires: expires,
signingCredentials: credentials);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
private string GenerateAccessToken(User user)
{
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, user.Id),
new Claim(ClaimTypes.Name, user.Username)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = creds
};
var tokenHandler = new JwtSecurityTokenHandler();
return(tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor)));
}
private object GenerateJwtToken(string email, IdentityUser user)
{
var claims = new List <Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, email),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(ClaimTypes.NameIdentifier, user.Id)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JwtKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expires = DateTime.Now.AddDays(Convert.ToDouble(_configuration["JwtExpireDays"]));
var token = new JwtSecurityToken(
_configuration["JwtIssuer"],
_configuration["JwtIssuer"],
claims,
expires: expires,
signingCredentials: creds
);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
public async Task <IActionResult> Login(UserForLoginDTO userForLoginDTO)
{
var userFromRepo = await _repo.Login(userForLoginDTO.Username.ToLower(), userForLoginDTO.Password);
if (userFromRepo == null)
{
return(Unauthorized());
}
var claims = new[] {
new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()),
new Claim(ClaimTypes.Name, userFromRepo.Username)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = creds
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
var user = _mapper.Map <UserForListDTO>(userFromRepo);
return(Ok(new
{
token = tokenHandler.WriteToken(token),
user
}));
}
public AuthenticatedUserDTO Authenticate(string username, string password)
{
RegisteredUser user = _userRepository.GetBy(username, password);
if (user == null)
{
return(null);
}
if (user.Role.Equals("Patient"))
{
Patient p = (Patient)user;
if (p.Blocked || !p.Confirmed)
{
return(null);
}
}
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("QKcOa8xPopVOliV6tpvuWmoKn4MOydSeIzUt4W4r1UlU2De7dTUYMlrgv3rU"));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[] {
new Claim(ClaimTypes.Name, user.Id),
new Claim(ClaimTypes.Role, user.Role),
new Claim("Role", user.Role)
};
var token = new JwtSecurityToken(
expires: DateTime.Now.AddMinutes(60),
signingCredentials: credentials,
claims: claims);
string tokenString = new JwtSecurityTokenHandler().WriteToken(token);
return(RegisteredUserMapper.RegisteredUserToAuthenticatedUserDTO(user, tokenString));
}
public IActionResult Login(LoginViewModel login)
{
try
{
Usuarios usuarioBuscado = UsuarioRepository.BuscarPorEmailESenha(login);
if (usuarioBuscado == null)
{
return(NotFound(new { mensagem = "Eita, deu ruim." }));
}
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Email, usuarioBuscado.Email),
new Claim(JwtRegisteredClaimNames.Jti, usuarioBuscado.IdUsuario.ToString()),
};
var key = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes("roman-chave-autenticacao"));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: "Roman.WebApi",
audience: "Roman.WebApi",
claims: claims,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: creds);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token)
}));
}
catch (System.Exception ex)
{
return(BadRequest(new { mensagem = "Erro ao tentar encontrar um usuario" + ex }));
}
}
//----------------------------------------------------------------
private string GenerateJSONWebToken(UserModel userInfo)
{
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
//var token = new JwtSecurityToken(_config["Jwt:Issuer"],
// _config["Jwt:Issuer"],
// null,
// //notBefore:DateTime.Now,
// expires: DateTime.Now.AddMinutes(1),
// signingCredentials: credentials);
var claims = new[] {
new Claim(JwtRegisteredClaimNames.Sub, userInfo.Username),
new Claim(JwtRegisteredClaimNames.Email, userInfo.EmailAddress),
new Claim("DateOfJoin", DateTime.Now.ToString("yyyy-MM-dd")),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var token = new JwtSecurityToken(_config["Jwt:Issuer"],
_config["Jwt:Issuer"],
claims,
// notBefore: DateTime.UtcNow,
notBefore: new DateTimeOffset(DateTime.Now).DateTime,
expires: new DateTimeOffset(DateTime.Now.AddMinutes(2)).DateTime,
//expires: DateTime.UtcNow.AddMinutes(5),
//expires: DateTime.UtcNow.AddMilliseconds(30000), // 30 Sec.
//expires: TimeSpan.FromMilliseconds(30000),
signingCredentials: credentials);
token.Payload["profilePicture"] = "http://url/user.jpg";
token.Payload["Ali"] = "Nadjar";
return(new JwtSecurityTokenHandler().WriteToken(token));
}
public string GenerateJWT(LoginResponseModel user)
{
var claims = new List <Claim> {
new Claim(ClaimTypes.Name, user.Email),
new Claim(ClaimTypes.GivenName, user.FirstName),
new Claim(ClaimTypes.Surname, user.LastName),
new Claim(ClaimTypes.DateOfBirth, user.DateOfBirth.Value.ToShortDateString()),
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
};
foreach (var role in user.Roles)
{
claims.Add(new Claim(ClaimTypes.Role, role.Name.ToString()));
}
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaims(claims);
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["TokenSettings:PrivateKey"]));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
var expires = DateTime.UtcNow.AddHours(_config.GetValue <double>("TokenSettings:ExpirationHours"));
var tokenHandler = new JwtSecurityTokenHandler();
var tokenObject = new SecurityTokenDescriptor
{
Subject = identityClaims,
Expires = expires,
SigningCredentials = credentials,
Issuer = _config["TokenSettings:Issuer"],
Audience = _config["TokenSettings:Audiance"],
};
var encodedJwt = tokenHandler.CreateToken(tokenObject);
return(tokenHandler.WriteToken(encodedJwt));
}
public async Task <IActionResult> Login([FromBody] LoginModel login)
{
//尝试登陆
var result = await _signInManager.PasswordSignInAsync(login.Email, login.Password, false, false);
if (!result.Succeeded)
{
return(BadRequest(new LoginResult {
Successful = false, Error = "用户名或密码错误"
})); //如果登陆失败
}
//payload
var claims = new[]
{
new Claim(ClaimTypes.Name, login.Email),
};
//对称密钥
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JwtSecurityKey"]));
//密钥做签名
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
//过期时间
var expiry = DateTime.Now.AddDays(Convert.ToInt32(_configuration["JwtExpiryInDays"]));
//生成token
var token = new JwtSecurityToken(
_configuration["JwtIssuer"],
_configuration["JwtAudience"],
claims,
expires: expiry,
signingCredentials: creds
);
return(Ok(new LoginResult {
Successful = true, Token = new JwtSecurityTokenHandler().WriteToken(token)
}));
}
public async Task <IActionResult> Login(UserForLoginDTO userForLoginDTO)
{
var userFromRepo = await this.repositry.Login(userForLoginDTO.UserName.ToLower(), userForLoginDTO.PassWord);
if (userFromRepo == null) // user dosn`t exisits in database
{
return(Unauthorized());
}
else
{
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, userFromRepo.Id.ToString()),
new Claim(ClaimTypes.Name, userFromRepo.UserName),
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this.config.GetSection("AppSettings:Token").Value));
// SecurityAlgorithms.HmacSha512Signature => security algo ussing to hashing
var Credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = Credentials
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
return(Ok(new
{
token = tokenHandler.WriteToken(token)
}));
}
}
public async Task <IActionResult> Login(UserForLoginParam userForLogin)
{
var userFromService = await _authService.Login(userForLogin.UserName, userForLogin.Password);
if (userFromService == null)
{
return(Unauthorized());
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, userFromService.User_Account),
new Claim(ClaimTypes.Name, userFromService.User_Account),
new Claim("Factory", userFromService.Factory_ID)
};
var key = new SymmetricSecurityKey(Encoding.UTF8
.GetBytes(_config.GetSection("AppSettings:Token").Value));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = creds
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
return(Ok(new
{
token = tokenHandler.WriteToken(token),
user = userFromService
}));
}
//Funcion para añadir el claim de deshabilitado
private IActionResult AddDeshabilitadoClaim(ApplicationUser userInfo, string Nombre, string Apellido, string Id, int Rol, string fuente)
{
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.UniqueName, userInfo.Email),
new Claim("Rol", "Deshabilitado"),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:SigningKey"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expiration = DateTime.UtcNow.AddDays(1);
if (fuente == "movil")
{
expiration = DateTime.UtcNow.AddDays(90);
}
JwtSecurityToken token = new JwtSecurityToken(
issuer: "yourdomain.com",
audience: "yourdomain.com",
claims: claims,
expires: expiration,
signingCredentials: creds);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
expiration = expiration,
nombre = Nombre,
apellido = Apellido,
email = userInfo.Email,
id_user = Id,
rol = Rol
}));
}
public async Task <IActionResult> LoginAsync([FromBody] LoginModel user)
{
User userdb = await _userService.GetUserByNameAsync(user.UserName);
if (user == null || userdb == null)
{
return(BadRequest("Invalid client request"));
}
if (user.UserName == userdb.UserName && user.Password == userdb.Password)
{
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@345"));
var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);
var claims = new List <Claim>
{
new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.Role, "Manager"),
new Claim(ClaimTypes.NameIdentifier, userdb.Id.ToString())
};
var tokeOptions = new JwtSecurityToken(
issuer: "http://localhost:5000",
audience: "http://localhost:5000",
claims: claims,
expires: DateTime.Now.AddMinutes(100),
signingCredentials: signinCredentials
);
var tokenString = new JwtSecurityTokenHandler().WriteToken(tokeOptions);
return(Ok(new { Token = tokenString }));
}
else
{
return(Unauthorized());
}
}
/// <summary>
/// Genear el token con la informacion del usuario
/// </summary>
/// <param name="usuarioInfo">Información del usuario</param>
/// <returns></returns>
private string GenerarTokenJWT(UsuariInfoDTO usuarioInfo)
{
// CREAMOS EL HEADER //
string secretKey = _configuration["JWT:SecretKey"];
var _symmetricSecurityKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(secretKey)
);
var _signingCredentials = new SigningCredentials(
_symmetricSecurityKey, SecurityAlgorithms.HmacSha256
);
var _Header = new JwtHeader(_signingCredentials);
// CREAMOS LOS CLAIMS //
var _Claims = new[] {
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.NameId, usuarioInfo.Id.ToString()),
new Claim(JwtRegisteredClaimNames.Email, usuarioInfo.Email),
new Claim(ClaimTypes.Role, usuarioInfo.Rol)
};
// CREAMOS EL PAYLOAD //
var _Payload = new JwtPayload(
issuer: _configuration["JWT:Issuer"],
audience: _configuration["JWT:Audience"],
claims: _Claims,
notBefore: DateTime.Now,
expires: DateTime.Now.AddHours(int.Parse(_configuration["JWT:Expire"]))
);
// GENERAMOS EL TOKEN //
var _Token = new JwtSecurityToken(
_Header,
_Payload
);
return(new JwtSecurityTokenHandler().WriteToken(_Token));
}
/// <summary>
/// 创建token
/// <para>作 者:蔡亚康</para>
/// <para>创建时间:2019-03-06</para>
/// </summary>
/// <param name="user">登陆的用户实体信息</param>
/// <returns>token值</returns>
internal String CreateToken(TblHssPassport user)
{
string privateKey = ClientConfigManager.HssConfig.TokenKey.PrivateKey; //使用私钥加密
int tokenTimestamp = ClientConfigManager.HssConfig.TokenTimestamp;
RSA rsa = RSAKeyHelper.CreateRsaProviderFromPrivateKey(privateKey);
//Claims(Payload)
// Claims 部分包含了一些跟这个 token 有关的重要信息。 JWT 标准规定了一些字段,下面节选一些字段:
//iss: The issuer of the token,token 是给谁的
// sub: The subject of the token,token 主题
// exp: Expiration Time。 token 过期时间,Unix 时间戳格式
// iat: Issued At。 token 创建时间, Unix 时间戳格式
// jti: JWT ID。针对当前 token 的唯一标识
// 除了规定的字段外,可以包含其他任何 JSON 兼容的字段。
var key = new RsaSecurityKey(rsa);
var creds = new SigningCredentials(key, SecurityAlgorithms.RsaSha256);
List <Claim> claims = new List <Claim>();
claims.Add(new Claim(JwtUserId, user.PassporId.ToString()));
claims.Add(new Claim(JwtUserName, user.UserCode));
claims.Add(new Claim(JwtOpenId, user.OpenId));
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(
issuer: ISSUER,
audience: AUDIENCE,
claims: claims,
expires: DateTime.Now.AddHours(tokenTimestamp),
signingCredentials: creds);
string token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
return(token);
}
public async Task <IActionResult> Get(string account)
{
bool checkExistUser = await _systemManagementService.CheckExistUser(account);
if (!checkExistUser)
{
return(NotFound());
}
var userFromService = await _authService.GetUser(account);
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, userFromService.USER_GUID.ToString()),
new Claim(ClaimTypes.Name, userFromService.NAME)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = creds
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
return(Ok(new
{
token = tokenHandler.WriteToken(token),
user = userFromService
}));
}
