private void Init(string encription) { var tokenHandler = new JwsSecurityTokenHandler(); _tokenParameters = new TokenParameters { Audience = "audience", Issuer = "issuer", Subject = "subject", EncryptionAlgorithm = encription, ValidFrom = DateTime.Now.AddMinutes(5), ValidateLifeTime = true }; _manager = new TokenManager(EncryptionHelper.CreateKey(encription), tokenHandler, _tokenParameters); }
private TokenManager GetTokenManager(DateTime validFrom) { var tokenHandler = new JwsSecurityTokenHandler(); ITokenParameters generateTokenParameter = new TokenParameters { Audience = Configuration.TokenAuthentication.Audience, Issuer = Configuration.TokenAuthentication.Issuer, Subject = Configuration.TokenAuthentication.Subject, EncryptionAlgorithm = Configuration.TokenAuthentication.EncriptionAlgorithm, AccessLifeTimeInMinutes = Configuration.TokenAuthentication.AccessLifeTimeInMinutes, RefreshLifeTimeInMinutes = Configuration.TokenAuthentication.RefreshLifeTimeInMinutes, ClockSkewInMinutes = Configuration.TokenAuthentication.ClockSkewInMinutes, ValidFrom = validFrom, ValidateLifeTime = true }; return(new TokenManager(SecurityKey, tokenHandler, generateTokenParameter)); }
private void TokenAuthenticate(bool basicAuthenticated, HttpContextBase context, HttpApplication application) { try { var tokenHandler = new JwsSecurityTokenHandler(); var validFrom = DateTime.UtcNow; ITokenParameters generateTokenParameter = new TokenParameters { Audience = Configuration.TokenAuthentication.Audience, Issuer = Configuration.TokenAuthentication.Issuer, Subject = Configuration.TokenAuthentication.Subject, EncryptionAlgorithm = Configuration.TokenAuthentication.EncriptionAlgorithm, AccessLifeTimeInMinutes = Configuration.TokenAuthentication.AccessLifeTimeInMinutes, RefreshLifeTimeInMinutes = Configuration.TokenAuthentication.RefreshLifeTimeInMinutes, ClockSkewInMinutes = Configuration.TokenAuthentication.ClockSkewInMinutes, ValidFrom = validFrom, ValidateLifeTime = true }; var tokenManager = new TokenManager(SecurityKey, tokenHandler, generateTokenParameter); if (basicAuthenticated) { // user has just authenticated by basic auth, so let's emit a set of tokens and cookies in response try { var userName = context.User.Identity.Name; var roleName = string.Empty; // emit both access and refresh token and cookie EmitTokensAndCookies(context, tokenManager, validFrom, userName, roleName, true); context.Response.StatusCode = HttpResponseStatusCode.Ok; } catch (Exception ex) { SnLog.WriteException(ex); context.Response.StatusCode = HttpResponseStatusCode.Unauthorized; } finally { context.Response.Flush(); if (application.Context != null) { application.CompleteRequest(); } } return; } // user has not been authenticated yet, so there must be a valid token and cookie in the request var header = GetRefreshHeader(context.Request); if (!string.IsNullOrWhiteSpace(header)) { // we got a refresh token try { var authCookie = CookieHelper.GetCookie(context.Request, RefreshSignatureName); if (authCookie == null) { throw new UnauthorizedAccessException("Missing refresh cookie."); } var refreshHeadAndPayload = header; var refreshSignature = authCookie.Value; var principal = tokenManager.ValidateToken(refreshHeadAndPayload + "." + refreshSignature); var userName = principal.Identity.Name; var roleName = string.Empty; // emit access token and cookie only EmitTokensAndCookies(context, tokenManager, validFrom, userName, roleName, false); context.Response.StatusCode = HttpResponseStatusCode.Ok; } catch (Exception ex) { SnLog.WriteException(ex); context.Response.StatusCode = HttpResponseStatusCode.Unauthorized; } finally { context.Response.Flush(); if (application.Context != null) { application.CompleteRequest(); } } return; } header = GetAccessHeader(context.Request); if (!string.IsNullOrWhiteSpace(header)) { // we got an access token var authCookie = CookieHelper.GetCookie(context.Request, AccessSignatureName); if (authCookie == null) { throw new UnauthorizedAccessException("Missing access cookie."); } var accessHeadAndPayload = header; var accessSignature = authCookie.Value; var principal = tokenManager.ValidateToken(accessHeadAndPayload + "." + accessSignature); if (principal == null) { throw new UnauthorizedAccessException("Invalid access token."); } var userName = tokenManager.GetPayLoadValue(accessHeadAndPayload.Split(Convert.ToChar("."))[1], "name"); using (new SystemAccount()) { context.User = LoadUserPrincipal(userName); } } } catch (Exception ex) { SnLog.WriteException(ex); if (!basicAuthenticated) { context.User = GetVisitorPrincipal(); } } }