private void Init(string encription)
{
var tokenHandler = new JwsSecurityTokenHandler();
_tokenParameters = new TokenParameters
{
Audience = "audience",
Issuer = "issuer",
Subject = "subject",
EncryptionAlgorithm = encription,
ValidFrom = DateTime.Now.AddMinutes(5),
ValidateLifeTime = true
};
_manager = new TokenManager(EncryptionHelper.CreateKey(encription), tokenHandler, _tokenParameters);
}
private TokenManager GetTokenManager(DateTime validFrom)
{
var tokenHandler = new JwsSecurityTokenHandler();
ITokenParameters generateTokenParameter = new TokenParameters
{
Audience = Configuration.TokenAuthentication.Audience,
Issuer = Configuration.TokenAuthentication.Issuer,
Subject = Configuration.TokenAuthentication.Subject,
EncryptionAlgorithm = Configuration.TokenAuthentication.EncriptionAlgorithm,
AccessLifeTimeInMinutes = Configuration.TokenAuthentication.AccessLifeTimeInMinutes,
RefreshLifeTimeInMinutes = Configuration.TokenAuthentication.RefreshLifeTimeInMinutes,
ClockSkewInMinutes = Configuration.TokenAuthentication.ClockSkewInMinutes,
ValidFrom = validFrom,
ValidateLifeTime = true
};
return(new TokenManager(SecurityKey, tokenHandler, generateTokenParameter));
}
private void TokenAuthenticate(bool basicAuthenticated, HttpContextBase context, HttpApplication application)
{
try
{
var tokenHandler = new JwsSecurityTokenHandler();
var validFrom = DateTime.UtcNow;
ITokenParameters generateTokenParameter = new TokenParameters
{
Audience = Configuration.TokenAuthentication.Audience,
Issuer = Configuration.TokenAuthentication.Issuer,
Subject = Configuration.TokenAuthentication.Subject,
EncryptionAlgorithm = Configuration.TokenAuthentication.EncriptionAlgorithm,
AccessLifeTimeInMinutes = Configuration.TokenAuthentication.AccessLifeTimeInMinutes,
RefreshLifeTimeInMinutes = Configuration.TokenAuthentication.RefreshLifeTimeInMinutes,
ClockSkewInMinutes = Configuration.TokenAuthentication.ClockSkewInMinutes,
ValidFrom = validFrom,
ValidateLifeTime = true
};
var tokenManager = new TokenManager(SecurityKey, tokenHandler, generateTokenParameter);
if (basicAuthenticated)
{
// user has just authenticated by basic auth, so let's emit a set of tokens and cookies in response
try
{
var userName = context.User.Identity.Name;
var roleName = string.Empty;
// emit both access and refresh token and cookie
EmitTokensAndCookies(context, tokenManager, validFrom, userName, roleName, true);
context.Response.StatusCode = HttpResponseStatusCode.Ok;
}
catch (Exception ex)
{
SnLog.WriteException(ex);
context.Response.StatusCode = HttpResponseStatusCode.Unauthorized;
}
finally
{
context.Response.Flush();
if (application.Context != null)
{
application.CompleteRequest();
}
}
return;
}
// user has not been authenticated yet, so there must be a valid token and cookie in the request
var header = GetRefreshHeader(context.Request);
if (!string.IsNullOrWhiteSpace(header))
{
// we got a refresh token
try
{
var authCookie = CookieHelper.GetCookie(context.Request, RefreshSignatureName);
if (authCookie == null)
{
throw new UnauthorizedAccessException("Missing refresh cookie.");
}
var refreshHeadAndPayload = header;
var refreshSignature = authCookie.Value;
var principal = tokenManager.ValidateToken(refreshHeadAndPayload + "." + refreshSignature);
var userName = principal.Identity.Name;
var roleName = string.Empty;
// emit access token and cookie only
EmitTokensAndCookies(context, tokenManager, validFrom, userName, roleName, false);
context.Response.StatusCode = HttpResponseStatusCode.Ok;
}
catch (Exception ex)
{
SnLog.WriteException(ex);
context.Response.StatusCode = HttpResponseStatusCode.Unauthorized;
}
finally
{
context.Response.Flush();
if (application.Context != null)
{
application.CompleteRequest();
}
}
return;
}
header = GetAccessHeader(context.Request);
if (!string.IsNullOrWhiteSpace(header))
{
// we got an access token
var authCookie = CookieHelper.GetCookie(context.Request, AccessSignatureName);
if (authCookie == null)
{
throw new UnauthorizedAccessException("Missing access cookie.");
}
var accessHeadAndPayload = header;
var accessSignature = authCookie.Value;
var principal = tokenManager.ValidateToken(accessHeadAndPayload + "." + accessSignature);
if (principal == null)
{
throw new UnauthorizedAccessException("Invalid access token.");
}
var userName = tokenManager.GetPayLoadValue(accessHeadAndPayload.Split(Convert.ToChar("."))[1], "name");
using (new SystemAccount())
{
context.User = LoadUserPrincipal(userName);
}
}
}
catch (Exception ex)
{
SnLog.WriteException(ex);
if (!basicAuthenticated)
{
context.User = GetVisitorPrincipal();
}
}
}
