private void attachUserToContext(HttpContext context, ITokkenService tokkenService, string token) { try { var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_configuration["Jwt:Secret"]); tokenHandler.ValidateToken(token, new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false, ClockSkew = TimeSpan.Zero }, out SecurityToken validatedToken); var jwtToken = (JwtSecurityToken)validatedToken; var xusername = jwtToken.Claims.First(x => x.Type == "username").Value; // attach user to context on successful jwt validation context.Items["User"] = tokkenService.GetValidUser(xusername); } catch { // do nothing if jwt validation fails // user is not attached to context so request won't have access to secure routes } }
public async Task Invoke(HttpContext context, ITokkenService tokkenService) { var token = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last(); if (token != null) { attachUserToContext(context, tokkenService, token); } await _next(context); }
public UserController(ITokkenService tokkenService) { _tokkenService = tokkenService; }