/// <summary> /// Generate JwtToken. /// </summary> /// <param name="user">User.</param> /// <param name="appSetting">App Setting.</param> /// <returns>Identity TokenDto.</returns> internal static IdentityTokenDto GenerateJwtToken(ICurrentUser user, IdentityAppSetting appSetting) { var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(appSetting.Secret); DateTime expiryTime; var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(typeof(ICurrentUser) .GetProperties() .Select(x => new Claim(x.Name, x.GetValue(user)?.ToString() ?? string.Empty)) .ToArray()), Expires = expiryTime = DateTime.Now.AddSeconds(appSetting.ExpireSeconds), SigningCredentials = new SigningCredentials( new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature), }; var token = tokenHandler.CreateToken(tokenDescriptor); return(new IdentityTokenDto { Token = $"Bearer {tokenHandler.WriteToken(token)}", ExpiryTime = expiryTime, Ttl = appSetting.ExpireSeconds, TokenHeaderName = "Authorization", }); }
/// <summary> /// Initializes a new instance of the <see cref="IdentityAppService{TUser,TPrimaryKey}"/> class. /// </summary> /// <param name="userManage">User Manage.</param> /// <param name="appSetting">App Setting.</param> /// <param name="httpContext">Http Context Accessor.</param> /// <param name="mapper">Mapper.</param> public IdentityAppService( IUserManage <TUser, TPrimaryKey> userManage, IOptions <IdentityAppSetting> appSetting, IHttpContextAccessor httpContext, IAspireMapper mapper) { this.userManage = userManage; this.httpContext = httpContext; this.mapper = mapper; this.appSetting = appSetting.Value; }
/// <summary> /// Initializes a new instance of the <see cref="JwtMiddleware{TCurrentUser}"/> class. /// </summary> /// <param name="next">Next Middleware.</param> /// <param name="appSetting">App Setting.</param> public JwtMiddleware(RequestDelegate next, IOptions <IdentityAppSetting> appSetting) { this.next = next; this.appSetting = appSetting.Value; }
/// <summary> /// Deconstruction JwtToken. /// </summary> /// <typeparam name="TCurrentUser">Current User.</typeparam> /// <param name="jwtToken">jwt token value.</param> /// <param name="appSetting">App Setting.</param> /// <returns>Current User .</returns> internal static ICurrentUser DeconstructionJwtToken <TCurrentUser>(string jwtToken, IdentityAppSetting appSetting) where TCurrentUser : ICurrentUser, new() { try { var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(appSetting.Secret); _ = tokenHandler.ValidateToken( jwtToken.Split(' ').LastOrDefault(), new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false, // set clocks kew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later) // TODO what? ClockSkew = TimeSpan.Zero, }, out var validatedToken); var token = (JwtSecurityToken)validatedToken; return(new TCurrentUser { Account = token.Claims.First(x => x.Type == nameof(ICurrentUser.Account)).Value, Name = token.Claims.First(x => x.Type == nameof(ICurrentUser.Name)).Value, Roles = token.Claims.First(x => x.Type == nameof(ICurrentUser.Roles)).Value.DeserializeObject <string[]>(), }); } catch (Exception ex) { if (ex is not SecurityTokenExpiredException) { ServiceLocator.ServiceProvider .GetService <ILogWriter>() .Error(ex, "Jwt Token Exception"); throw FriendlyThrowException.ThrowException(ResponseCode.AuthorizeInvalid); } throw FriendlyThrowException.ThrowException(ResponseCode.AuthorizeExpired); } }