public static rs Decode(string token = "")
{
rs r;
var secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk";
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
//
var json = decoder.Decode(token, secret, verify: true);
JwtLoginModel model = JsonConvert.DeserializeObject <JwtLoginModel>(json);
r = rs.T("Ok", model);
}
catch (TokenExpiredException)
{
r = rs.F("Token has expired");
}
catch (SignatureVerificationException)
{
r = rs.F("Token has invalid signature");
}
return(r);
}
public HttpResponseMessage login(string account, string password)
{
User user = userDal.login(account, password);
HttpResponseMessage h = new HttpResponseMessage();
if (user == null)
{
h.Content = new StringContent(JsonConvert.SerializeObject(new { stasus = 0, message = "用户名或密码错误" }), Encoding.GetEncoding("UTF-8"), "application/json");
}
else
{
System.Web.HttpContext.Current.Response.Cookies.Add(new HttpCookie("token")
{
Value = user.Token,
Expires = user.Entry_time
});
const string secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk";
byte[] key = Encoding.UTF8.GetBytes(secret);
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
//解密
var json = decoder.DecodeToObject <Models.Auth>(user.Token, key, verify: true);
h.Content = new StringContent(JsonConvert.SerializeObject(new { json, stasus = 1, user }), Encoding.GetEncoding("UTF-8"), "application/json");
}
return(h);
}
/// <summary>
/// 获取权限验证token值
/// </summary>
/// <returns></returns>
public string GetAuthToken(UserLoginResponse response)
{
var token = "";
if (response.IsLoginSuccess == true)
{
IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); //HMACSHA256加密
IJsonSerializer serializer = new JsonNetSerializer(); //序列化和反序列
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); //Base64编解码
IDateTimeProvider provider = new UtcDateTimeProvider(); //UTC时间获取
Dictionary <string, object> payload = new Dictionary <string, object>();
payload.Add("iss", response.UserPhone); //iss:发行人
payload.Add("exp", DateTime.Now.AddDays(7).ToUnixTime()); //exp:到期时间
payload.Add("sub", "jwt"); //sub:主题
payload.Add("aud", response.UserPhone); //aud:用户
payload.Add("nbf", DateTime.Now.ToUnixTime()); //nbf:在此之前不可用
payload.Add("iat", DateTime.Now.ToUnixTime()); //iat:发布时间
payload.Add("jti", response.UserId); //jti:JWT ID用于标识该JWT
const string secret = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4aKpVo2OHXPwb1R7duLgg"; //服务端
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
token = encoder.Encode(payload, secret);
}
return(token);
}
public static ClaimsPrincipal ValidateToken(string token, string secretKey, string audience = null, bool checkExpiration = false, string issuer = null, bool isSecretBase64Encoded = true)
{
byte[] secret;
if (isSecretBase64Encoded)
{
secret = Convert.FromBase64String(secretKey);
}
else
{
secret = Encoding.UTF8.GetBytes(secretKey);
}
var serializer = new JsonNetSerializer();
var provider = new UtcDateTimeProvider();
var validator = new JwtValidator(serializer, provider);
var urlEncoder = new JwtBase64UrlEncoder();
var decoder = new JwtDecoder(serializer, validator, urlEncoder);
var payloadJson = decoder.Decode(token, secret, verify: true);
var payloadData = JObject.Parse(payloadJson).ToObject <Dictionary <string, object> >();
// audience check
if (!string.IsNullOrEmpty(audience) && payloadData.TryGetValue("aud", out object aud))
{
if (!aud.ToString().Equals(audience, StringComparison.Ordinal))
{
throw new TokenValidationException(string.Format("Audience mismatch. Expected: '{0}' and got: '{1}'", audience, aud));
}
}
// expiration check
if (checkExpiration && payloadData.TryGetValue("exp", out object exp))
{
DateTime validTo = FromUnixTime(long.Parse(exp.ToString()));
if (DateTime.Compare(validTo, DateTime.UtcNow) <= 0)
{
throw new TokenValidationException(
string.Format("Token is expired. Expiration: '{0}'. Current: '{1}'", validTo, DateTime.UtcNow));
}
}
// issuer check
if (payloadData.TryGetValue("iss", out object iss))
{
if (!string.IsNullOrEmpty(issuer))
{
if (!iss.ToString().Equals(issuer, StringComparison.Ordinal))
{
throw new TokenValidationException(string.Format("Token issuer mismatch. Expected: '{0}' and got: '{1}'", issuer, iss));
}
}
else
{
// if issuer is not specified, set issuer with jwt[iss]
issuer = iss.ToString();
}
}
return(new ClaimsPrincipal(ClaimsIdentityFromJwt(payloadData, issuer)));
}
private string GenerateJwt(int key, string secret, int expiryPeriod = 300)
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
int secondsSinceEpoch = (int)Math.Round((now - unixEpoch).TotalSeconds);
int expiry = secondsSinceEpoch + expiryPeriod;
var payload = new Dictionary <string, object>
{
{ "iss", Convert.ToString(key) },
{ "ist", "project" },
{ "iat", secondsSinceEpoch },
{ "exp", expiry }
};
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(payload, secret);
return(token);
}
public static JwtModel setToken(JwtModel md)
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch
var secondsSinceEpoch = Convert.ToInt32(Math.Round((now - unixEpoch).TotalSeconds));
secondsSinceEpoch += 24 * 60 * 60;
md.exp = secondsSinceEpoch;
var payload = new Dictionary <string, object>
{
{ "id", md.userid },
{ "usercode", md.rolecode },
{ "username", md.username },
{ "isadmin", md.isadmin },
{ "rolecode", md.rolecode },
{ "exp", md.exp }
};
var secret = "9720cbfbb0684617a2afbe466e100ba2";
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
md.token = encoder.Encode(payload, secret);
md.message = "获取成功";
md.status_code = 200;
return(md);
}
private void VerifyJsonWebToken()
{
JsonNetSerializer jsonNetSerializer = new JsonNetSerializer();
UtcDateTimeProvider utcDateTimeProvider = new UtcDateTimeProvider();
JwtBase64UrlEncoder jwtBase64UrlEncoder = new JwtBase64UrlEncoder();
JwtValidator jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
JwtDecoder jwtDecoder = new JwtDecoder(jsonNetSerializer, jwtValidator, jwtBase64UrlEncoder);
try
{
IDictionary <string, object> payloadClaims = jwtDecoder.DecodeToObject(JsonWebToken, CommunicationKey, true);
if (!payloadClaims.ContainsKey(IssAtClaims) || !payloadClaims.ContainsKey(ApplicationIdClaims) ||
!payloadClaims[ApplicationIdClaims].ToString().Equals(ApplicationId, StringComparison.OrdinalIgnoreCase))
{
throw new Exception("Jwt中Payload不符合规范");
}
IsRequestExpire((long)payloadClaims[IssAtClaims]);
}
catch (Exception e)
{
throw new Exception(string.Format("身份认证失败:{0}", e.Message));
}
}
/// <summary>
/// 解密
/// </summary>
/// <param name="token">token令牌</param>
/// <param name="key">秘钥</param>
/// <returns>登录信息对象</returns>
public static Dictionary <string, string> DEcode(string token)
{
var secret = key;
try {
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
//首先将token转换成json
var json = decoder.Decode(token, secret, true);
//然后转换成键值对对象
var result = JsonConvert.DeserializeObject <Dictionary <string, string> >(json);
//判断登录是否过期,过期则报错,未过期则移除登录时间属性。
if (Convert.ToDateTime(result["timeout"])
< DateTime.Now)
{
throw new Exception("登录失效,请重新登录");
}
result.Remove("timeout");
//返回键值对对象
return(result);
}
catch (Exception ex) {
throw new Exception(ex.Message);
}
}
/// <summary>
/// 创建Token
/// </summary>
/// <param name="userId">用户Id</param>
/// <param name="bAdmin">是否超级管理员</param>
/// <returns></returns>
public static string GetToken(string userId, string corpId, bool bAdmin)
{
//生成过期时间
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow(); //token颁发时间
var exp = now.AddHours(ConstValue.TOKEN_EXPTIME); //token过期时间
var nbf = Convert.ToDateTime(NBF_TIME); //启用日期
var secondsSinceEpoch = Math.Round((now - TOKEN_STARTDATE).TotalSeconds);
var secondsExp = Math.Round((exp - TOKEN_STARTDATE).TotalSeconds);
var secondsNbf = Math.Round((nbf - TOKEN_STARTDATE).TotalSeconds);
//生成token
var payload = new Dictionary <string, object>
{
{ ConstValue.SUB_KEY_NODE, userId }, // 该JWT所面向的用户
{ ConstValue.ISS_KEY_NODE, ISS_VALUE }, //该JWT的签发者
{ ConstValue.IAT_KEY_NODE, secondsSinceEpoch }, //在什么时候签发的token
{ ConstValue.EXP_KEY_NODE, secondsExp }, // token什么时候过期
{ ConstValue.NBF_KEY_NODE, secondsNbf }, //token在此时间之前不能被接收处理
{ ConstValue.JTI_KEY_NODE, JTI_VALUE }, //JWT ID为web token提供唯一标识
{ ConstValue.ADMIN_KEY_NODE, bAdmin }, //是否超级管理员
{ ConstValue.CORP_KEY_NODE, corpId } //是否超级管理员
};
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
return(encoder.Encode(payload, TOKEN_SECRET));;
}
static void Main(string[] args)
{
var token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJVc2VySWQiOjEyMywiVXNlck5hbWUiOiJhZG1pbiJ9.Qjw1epD5P6p4Yy2yju3-fkq28PddznqRj3ESfALQy_U";
var secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk";
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
var json = decoder.Decode(token, secret, verify: true);
Console.WriteLine(json);
Console.ReadKey();
}
catch (TokenExpiredException)
{
Console.WriteLine("Token has expired");
}
catch (SignatureVerificationException)
{
Console.WriteLine("Token has invalid signature");
}
}
public static object Get(string token, string tokenKey, string jsonKey)
{
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
string json = decoder.Decode(token, tokenKey, verify: true);
var dic = decoder.DecodeToObject <Dictionary <string, object> >(token);
return(dic[jsonKey]);
}
catch (TokenExpiredException ex)
{
throw new BaseException("请重新登陆,token已失效");
}
catch (SignatureVerificationException ex)
{
throw new BaseException("请重新登陆,签名错误");
}
}
public void DecodeToObject_Should_Throw_Exception_On_Expired_Claim()
{
const string key = TestData.Key;
const int timeDelta = -1;
var algorithm = new HMACSHA256Algorithm();
var dateTimeProvider = new UtcDateTimeProvider();
var serializer = new JsonNetSerializer();
var validator = new JwtValidator(serializer, dateTimeProvider);
var urlEncoder = new JwtBase64UrlEncoder();
var decoder = new JwtDecoder(serializer, validator, urlEncoder);
var now = dateTimeProvider.GetNow();
var exp = UnixEpoch.GetSecondsSince(now.AddHours(timeDelta));
var encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(new { exp }, key);
Action decodeExpiredJwt =
() => decoder.DecodeToObject <Customer>(token, key, verify: true);
decodeExpiredJwt.Should()
.Throw <TokenExpiredException>("because decoding an expired token should raise an exception when verified");
}
public static JwtPayload ToJwtDecodedPayload(this HttpRequest request, string secret)
{
bool result = request.Headers.TryGetValue("Authorization", out var headers);
if (!result)
{
return(null);
}
string authHeader = headers.FirstOrDefault();
var authBits = authHeader.Split(' ');
if (authBits.Length != 2)
{
return(null);
}
if (!authBits[0].ToLowerInvariant().Equals("bearer"))
{
return(null);
}
string token = authBits[1];
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
return(decoder.DecodeToObject <JwtPayload>(token, secret, verify: false));
}
/// <summary>
/// 验证Token
/// </summary>
/// <param name="token"></param>
/// <returns></returns>
public static string VerifyingToken(string token)
{
TokenResult tokenResult = new TokenResult();
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
tokenResult.Code = "200";
tokenResult.Data = "200";
tokenResult.TokenInfo = new JsonNetSerializer().Deserialize <TokenInfo>(decoder.Decode(token, SecretKey, verify: true));
}
catch (TokenExpiredException)
{
tokenResult.Code = "401";
tokenResult.Data = "Token has expired";
}
catch (SignatureVerificationException)
{
tokenResult.Code = "402";
tokenResult.Data = "Token has invalid signature";
}
catch
{
tokenResult.Code = "403";
tokenResult.Data = "Token has invalid Token";
}
return(new JsonNetSerializer().Serialize(tokenResult));
}
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Crypto_Matches_Signature()
{
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new UtcDateTimeProvider();
var jwt = new JwtParts(TestData.Token);
var payloadJson = GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign);
signatureData[0]++; // malformed signature
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex);
Assert.False(isValid);
Assert.NotNull(ex);
}
//校验用户名密码(对Session匹配,或数据库数据匹配)
private bool ValidateTicket(string encryptToken)
{
try
{
//解密Ticket
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
string json = "[" + decoder.Decode(encryptToken, "YYplayMerchant", verify: true).ToString() + "]";//token为之前生成的字符串
if (json == null)
{
return(false);
}
return(true);
}
catch (Exception x)
{
return(false);
}
}
public static UserInfo DecodeJWTToken(string jwtToken)
{
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm);
UserInfo dd = decoder.DecodeToObject <UserInfo>(jwtToken, TokenSecretKey, true);
return(dd);
}
catch (TokenExpiredException)
{
Console.WriteLine("Token has expired");
return(null);
}
catch (SignatureVerificationException)
{
Console.WriteLine("Token has invalid signature");
return(null);
}
}
/// <summary>
/// Jwt 解密
/// </summary>
/// <returns></returns>
public static Dictionary <string, object> Decode(string secret, string token)
{
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm);
var json = decoder.Decode(token, secret, verify: true);
var payload = JsonConvert.DeserializeObject <Dictionary <string, object> >(json);
// 去除超时时间
if ((DateTime)payload["timeOut"] < DateTime.Now)
{
throw new Exception("登录超时,请重新登录");
}
payload.Remove("timeOut");
return(payload);
}
catch (TokenExpiredException)
{
Console.WriteLine("Token has expired");
throw;
}
catch (SignatureVerificationException)
{
Console.WriteLine("签名验证失败,数据可能被篡改");
throw;
}
}
public async Task <Team> GetTeamByToken(string token)
{
var serializer = new JsonNetSerializer();
var provider = new UtcDateTimeProvider();
var validator = new JwtValidator(serializer, provider);
var urlEncoder = new JwtBase64UrlEncoder();
var decoder = new JwtDecoder(serializer, validator, urlEncoder);
var result = decoder.Decode(token);
var jwtToken = JsonConvert.DeserializeObject <JWTToken>(result);
string teamName = jwtToken.Sub;
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
client.DefaultRequestHeaders.Accept.Add(MediaTypeWithQualityHeaderValue.Parse("application/json"));
var response = await client.GetAsync(baseUrl + "team/name/" + teamName).ConfigureAwait(false);
if (response.IsSuccessStatusCode)
{
var team = JsonConvert.DeserializeObject <Team>(await response.Content.ReadAsStringAsync());
return(team);
}
}
return(null);
}
/// <summary>
/// 获取权限验证token值
/// </summary>
/// <param name="name"></param>
/// <param name="pwd"></param>
/// <returns></returns>
public string GetAuthToken(string name, string pwd)
{
var token = "";
if (name == "王玺凯" && pwd == "123") //登录这块 写到数据库中
{
IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); //HMACSHA256加密
IJsonSerializer serializer = new JsonNetSerializer(); //序列化和反序列
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); //Base64编解码
IDateTimeProvider provider = new UtcDateTimeProvider(); //UTC时间获取
//iss:发行人 //exp:到期时间 //sub:主题 //aud:用户
//nbf:在此之前不可用 //iat:发布时间 //jti:JWT ID用于标识该JWT
Dictionary <string, object> payload = new Dictionary <string, object>();
payload.Add("iss", "1707A");
payload.Add("exp", DateTime.Now.AddYears(1).ToUnixTime());//时间戳
payload.Add("sub", "jwt");
payload.Add("aud", "1");
payload.Add("nbf", DateTime.Now.ToUnixTime());
payload.Add("iat", DateTime.Now.ToUnixTime());
payload.Add("jti", "1");
const string secret = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4aKpVo2OHXPwb1R7duLgg";//服务端
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
token = encoder.Encode(payload, secret);
}
return(token);
}
public Token ValidateToken(string token)
{
try{
IJsonSerializer serializer = new JsonNetSerializer();
var provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); // symmetric
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm);
string json = decoder.Decode(token, secret, verify: true);
Token data = JsonSerializer.Deserialize <Token>(json);
data.status = true;
data.message = "ok";
return(data);
}
catch (TokenExpiredException)
{
return(new Token()
{
status = false,
message = "Token Expirado"
});
}
catch (SignatureVerificationException)
{
return(new Token()
{
status = false,
message = "Error Al Leer Token"
});
}
}
private string AuthUser()
{
if (Request.Headers.TryGetValue("Authorization", out StringValues authValues))
{
var authVal = authValues.First();
if (authVal.StartsWith("Bearer "))
{
var token = authVal.Substring("Bearer ".Length);
var serializer = new JsonNetSerializer();
var provider = new UtcDateTimeProvider();
var validator = new JwtValidator(serializer, provider);
var urlEncoder = new JwtBase64UrlEncoder();
var decoder = new JwtDecoder(serializer, validator, urlEncoder);
var tokenJson = decoder.Decode(token);
JObject tokenObj = JObject.Parse(tokenJson);
// TODO: Need to validate issuer matches the allowed issuer of the DataGraph
// TODO: Need to validate issuer signature
return(tokenObj.Value <string>("sub"));
}
else
{
throw new InvalidOperationException("Invalid Authorization format");
}
}
else
{
throw new InvalidOperationException("Authorization header wasn't provided");
}
}
public void TryValidate_Should_Return_True_And_Exception_Null_When_Crypto_Matches_Signature()
{
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new UtcDateTimeProvider();
var jwt = new JwtParts(TestData.Token);
var payloadJson = GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(GetBytes(TestData.Key), bytesToSign);
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex);
isValid.Should()
.BeTrue("because the token should have been validated");
ex.Should()
.BeNull("because a valid token verified should not raise any exception");
}
private void ProfesorDataForm_Load(object sender, EventArgs e)
{
string token = jsonWebToken;
const string secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk";
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
var json = decoder.Decode(token, secret, verify: true);
Console.WriteLine(json);
rtTeksti.Text = json;
var data = Newtonsoft.Json.Linq.JObject.Parse(json);
lblName.Text = data["name"] + " ";
lblSurname.Text = data["surname"] + "";
lblDegree.Text = data["degree"] + "";
lblSalary.Text = data["salary"] + "";
lblEmail.Text = data["email"] + "";
lblUsername.Text = data["username"] + "";
}
catch (TokenExpiredException)
{
MessageBox.Show("Token has been expired");
}
catch (SignatureVerificationException)
{
MessageBox.Show("Token has invalid signature");
}
}
public void Validate_Should_Throw_Exception_When_Crypto_Does_Not_Match_Signature()
{
const string token = TestData.Token;
var urlEncoder = new JwtBase64UrlEncoder();
var jsonNetSerializer = new JsonNetSerializer();
var utcDateTimeProvider = new UtcDateTimeProvider();
var jwt = new JwtParts(token);
var payloadJson = GetString(urlEncoder.Decode(jwt.Payload));
var crypto = urlEncoder.Decode(jwt.Signature);
var decodedCrypto = Convert.ToBase64String(crypto);
var alg = new HMACSHA256Algorithm();
var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload));
var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign);
++signatureData[0]; // malformed signature
var decodedSignature = Convert.ToBase64String(signatureData);
var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider);
Action validateJwtWithBadSignature =
() => jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature);
validateJwtWithBadSignature.Should()
.Throw <SignatureVerificationException>("because the signature does not match the crypto");
}
// Mark: This method decode and returns Json Web Token
public static object decodeJWT(string token)
{
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
var json = decoder.Decode(token, ConfigurationManager.AppSettings[Constants.ASK_JWT_KEY], verify: true);
Console.WriteLine(json);
jpuser payload = JsonConvert.DeserializeObject <jpuser>(Convert.ToString(json));
return(payload);
}
catch (TokenExpiredException)
{
//ErrorResponse error = new ErrorResponse(StringConstants.Message.TokenExpired, HttpStatusCode.BadRequest);
return(Constants.MSG_ERROR);
}
catch (SignatureVerificationException)
{
//ErrorResponse error = new ErrorResponse(StringConstants.Message.TokenInvalidSignature, HttpStatusCode.BadRequest);
return(Constants.MSG_ERROR);
}
}
private static JwtDecoder CreateJwtDecoder()
{
var serializer = new JsonNetSerializer();
var provider = new UtcDateTimeProvider();
return(new JwtDecoder(serializer, new JwtValidator(serializer, provider), new JwtBase64UrlEncoder()));
}
//POST: api/Login
public async Task <APIResult> Post([FromBody] UserLoginModel UserLoginModel)
{
var account = UserLoginModel.Account;
var password = UserLoginModel.Password;
var fooItem = await db.LOBMyUsers.FirstOrDefaultAsync(x => x.EmployeeID == account && x.Password == password);
if (fooItem != null)
{
#region 產生這次通過身分驗證的存取權杖 Access Token
string secretKey = MainHelper.SecretKey;
#region 設定該存取權杖的有效期限
IDateTimeProvider provider = new UtcDateTimeProvider();
// 這個 Access Token只有一個小時有效
var now = provider.GetNow().AddHours(1);
var unixEpoch = UnixEpoch.Value; // 1970-01-01 00:00:00 UTC
var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds);
#endregion
string[] fooRole;
if (fooItem.IsManager == true)
{
fooRole = new string[] { "Manager" };
}
else
{
fooRole = new string[0];
}
var jwtToken = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(secretKey)
.AddClaim("iss", UserLoginModel.Account)
.AddClaim("exp", secondsSinceEpoch)
.AddClaim("role", fooRole)
.AddClaim("manager", fooItem.IsManager)
.Build();
#endregion
// 帳號與密碼比對正確,回傳帳密比對正確
this.Request.CreateResponse(HttpStatusCode.OK);
fooResult = new APIResult()
{
Success = true,
Message = $"",
TokenFail = false,
Payload = new UserLoginResultModel()
{
AccessToken = $"{jwtToken}",
MyUser = fooItem.ToMyUsers(),
}
};
}
else
{
fooResult.Success = false;
fooResult.Message = $"使用者不存在或者帳號、密碼不正確";
fooResult.TokenFail = false;
fooResult.Payload = null;
}
return(fooResult);
}
public string TryValidateToken(string token)
{
var symmetricKey = Convert.FromBase64String(Secret);
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm);
var payload = decoder.Decode(token, symmetricKey, true);
return(payload);
}
catch (TokenExpiredException)
{
return("Token has expired");
}
catch (SignatureVerificationException)
{
return("Token has invalid signature");
}
catch (Exception ex)
{
return(ex.Message);
}
}
//validates incoming tokens
public TokenContent VerifyToken(string token)
{
TokenContent output;
try
{
IJsonSerializer serializer = new JsonNetSerializer();
IDateTimeProvider provider = new UtcDateTimeProvider();
IJwtValidator validator = new JwtValidator(serializer, provider);
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder);
string json = decoder.Decode(token, Secret, verify: true);
output = JsonConvert.DeserializeObject <TokenContent>(json);
}
catch (TokenExpiredException)
{
ErrorMessage = "Token has expired";
Errored = true;
return(null);
}
catch (SignatureVerificationException)
{
ErrorMessage = "Token has invalid signature";
Errored = true;
return(null);
}
return(output);
}
public void Format_Should_Return_DateTime_In_Universal_Format()
{
// Arrange
IDateTimeProvider dateTimeProvider = new UtcDateTimeProvider();
// Act
string output = dateTimeProvider.Format(DateTime.UtcNow);
// Assert
output.Should().MatchRegex(@"^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$");
}
