/// <summary> /// /// </summary> /// <param name="sysFileManager"></param> /// <param name="jwtConfig"></param> /// <param name="logger"></param> /// <param name="appConfig"></param> public FileController(ISysFileManager sysFileManager, JwtConfig jwtConfig, ILogger <FileController> logger, AppConfig appConfig) { _logger = logger; _appConfig = appConfig; _sysFileManager = sysFileManager; _jwtConfig = jwtConfig; }
public virtual IHttpActionResult RequestRefresh([FromBody] RefreshParams rp) { return(ExecuteValidatedAction(() => { // manually validating, as api is no longer wired up... ValidatorHelpers.ValidateAndThrow(rp, new RefreshParamsValidator()); // validate AuthClient and RefreshToken JwtConfig config = new JwtConfig(true, RequestLeftPart); AuthClient client = ValidateClient(rp); AuthToken rt = AuthService.RetrieveToken(rp.AuthUserId, rp.AuthClientId, rp.TokenIdentifier); AddNoCacheHeader(); if (client == null || rt == null || rt.AuthClientId != client.Id || !JsonWebToken.GrantNewAccess(config, rt.Token)) { return ImATeapot(); } // get user AuthUser user = AuthService.GetByIdForLogin(rt.AuthUserId); if (user == null) { return ImATeapot(); } CheckSetRoleManager(user); // make sure state is set in RoleManager ILoginResultDto loginResult = CreateTokenResult(user, client, config); // create new tokens, return result return loginResult != null ? (IHttpActionResult)Ok(loginResult) : ImATeapot(); })); }
public static string Generate(JwtConfig config, User user) { var now = DateTime.UtcNow; var claims = new Claim[] { new Claim(JwtRegisteredClaimNames.Sub, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iat, now.ToUniversalTime().ToString(CultureInfo.InvariantCulture), ClaimValueTypes.Integer64), new Claim(ClaimTypes.Sid, user.Id.ToString()), new Claim(ClaimTypes.Name, user.DisplayName), new Claim(ClaimTypes.Email, user.Email ?? string.Empty), new Claim(ClaimTypes.Role, "todo") }; var keyByteArray = Encoding.ASCII.GetBytes(config.Secret); var signingKey = new SymmetricSecurityKey(keyByteArray); var jwt = new JwtSecurityToken( issuer: config.Issuer, audience: config.Audience, claims: claims, notBefore: now, expires: now.AddDays(90), signingCredentials: new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256) ); var token = new JwtSecurityTokenHandler().WriteToken(jwt); return(token); }
/// <summary> /// Validate tokens /// </summary> /// <param name="config">JwtConfig</param> /// <param name="token">Token value</param> public static Maybe <ClaimsPrincipal> ValidateToken(JwtConfig config, string token) { try { // Create validation parameters var parameters = new TokenValidationParameters { RequireExpirationTime = true, ValidIssuer = config.Issuer, ValidAudience = config.Audience ?? config.Issuer, IssuerSigningKey = config.GetSigningKey() }; _ = config.GetEncryptingKey().IfSome(encryptingKey => parameters.TokenDecryptionKey = encryptingKey); // Create handler to validate token var handler = new JwtSecurityTokenHandler(); // Validate token and return principal return(handler.ValidateToken(token, parameters, out var validatedToken)); } catch (SecurityTokenNotYetValidException) { return(F.None <ClaimsPrincipal, M.TokenIsNotValidYetMsg>()); } catch (Exception e) when(e.Message.Contains("IDX10223")) { return(F.None <ClaimsPrincipal, M.TokenHasExpiredMsg>()); } catch (Exception e) { return(F.None <ClaimsPrincipal, M.ValidatingTokenExceptionMsg>(e)); } }
public AuthController(UserManager <ApplicationUser> userManager, IOptionsMonitor <JwtConfig> optionsMonitor, TokenValidationParameters tokenValidationParameters, ApplicationDbContext applicationDbContext) { _userManager = userManager; _jwtConfig = optionsMonitor.CurrentValue; _tokenValidationParameters = tokenValidationParameters; _applicationDbContext = applicationDbContext; }
public static void AddSnowdropJwt(this IServiceCollection services, IConfiguration configuration) { JwtConfig config = configuration.GetSection(nameof(JwtConfig)).Get <JwtConfig>(); if (config == null) { throw new ArgumentException(nameof(JwtConfig)); } services.AddSingleton(config); services .AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.RequireHttpsMetadata = true; options.SaveToken = true; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidIssuer = config.Issuer, ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(config.Secret)), ValidAudience = config.Audience, ValidateAudience = true, ValidateLifetime = true, ClockSkew = TimeSpan.FromSeconds(30) }; }); services.AddScoped <IJwtAuthManager, JwtAuthManager>(); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); var jwtConfig = new JwtConfig(); Configuration.Bind(nameof(JwtConfig), jwtConfig); services.AddJwtAuthentication(jwtConfig); services.AddSingleton(jwtConfig); services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" }); //Locate the XML file being generated by ASP.NET... var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); //... and tell Swagger to use those XML comments. c.IncludeXmlComments(xmlPath); }); services.AddDbContext <AppDbContext>(optionBuilder => { optionBuilder.UseMySql(Configuration["ConnectionStrings:MySQL"]); }); services.AddTransient <IUnitOfWork, UnitOfWork>(); services.AddTransient <UserRepository>(); services.AddTransient <UserService>(); services.AddTransient <AuthService>(); }
public UserController(UserManager <User> userManager, IOptionsMonitor <JwtConfig> optionsMonitor, IMapper autoMapper, RoleManager <IdentityRole> roleManager) { _userManager = userManager; _jwtConfig = optionsMonitor.CurrentValue; _mapper = autoMapper; _roleManager = roleManager; }
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer) { var jsonObject = JObject.Load(reader); var setting = default(IAuthenticationConfig); if (jsonObject["Provider"] != null) { switch (jsonObject["Provider"].Value <string>()) { case "Jwt": setting = new JwtConfig( jsonObject["Authority"].Value <string>(), jsonObject["Audience"].Value <string>()); break; default: setting = new IdentityServerConfig( jsonObject["ProviderRootUrl"].Value <string>(), jsonObject["ApiName"].Value <string>(), jsonObject["RequireHttps"].Value <bool>(), jsonObject["ApiSecret"].Value <string>()); break; } } else { setting = new IdentityServerConfig(string.Empty, string.Empty, false, string.Empty); } serializer.Populate(jsonObject.CreateReader(), setting); return(setting); }
public void ConfigureServices(IServiceCollection services) { services.AddControllers(); var jwtBearer = new JwtConfig(); Configuration.GetSection(nameof(JwtConfig)).Bind(jwtBearer); var appData = new AppData() { JwtConfig = jwtBearer, DocumentLibraryConnectionString = Configuration.GetConnectionString("DocumentLibraryConnection") }; services.AddDependencyInjectionBindings(appData); services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies()); services.AddDatabaseDeveloperPageExceptionFilter(); services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new OpenApiInfo { Title = "DocumentLibrary.API.Admin", Version = "v1" }); }); }
/// <summary> /// 生成Token凭证 /// </summary> /// <param name="user">用户信息</param> /// <param name="jwtSetting">Jwt配置信息</param> /// <returns>Token</returns> public static string GenerateToken(User user, JwtConfig jwtSetting) { var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSetting.TokenSecretKey)); DateTime dtNow = DateTime.Now; DateTime dtExpires = DateTime.Now.AddMinutes(jwtSetting.Expiration); var descriptor = new SecurityTokenDescriptor() { Subject = new ClaimsIdentity(new Claim[] { new Claim(JwtClaimTypes.Issuer, jwtSetting.Issuer), new Claim(JwtClaimTypes.Audience, jwtSetting.Audience), new Claim(JwtClaimTypes.Id, user.UserId.ParseToStr()), new Claim(JwtClaimTypes.Name, user.UserName), new Claim("permission", user.UserName), new Claim(JwtClaimTypes.NotBefore, dtNow.ParseToStr()), new Claim(JwtClaimTypes.Expiration, dtExpires.ParseToStr()) }), IssuedAt = dtNow,//颁发时间 NotBefore = dtNow, Expires = dtExpires, SigningCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256) }; var jwtHandler = new JwtSecurityTokenHandler(); var securityToken = jwtHandler.CreateToken(descriptor); return(jwtHandler.WriteToken(securityToken)); }
/// <summary> /// create access token /// </summary> /// <param name="jwtConfig"></param> /// <param name="user"></param> /// <returns></returns> public static JwtToken CreateAccessToken( JwtConfig jwtConfig , string jti , string uniqueName , string nameId , string name , string roleIds ) { if (jti.IsNullOrWhiteSpace()) { throw new ArgumentNullException(nameof(jti)); } var claims = new Claim[] { new Claim(JwtRegisteredClaimNames.Jti, jti), new Claim(JwtRegisteredClaimNames.UniqueName, uniqueName), new Claim(JwtRegisteredClaimNames.NameId, nameId), new Claim(JwtRegisteredClaimNames.Name, name), new Claim("roleids", roleIds) }; return(WriteToken(jwtConfig, claims, Tokens.AccessToken)); }
public IdentityService(JwtConfig jwtConfig, UserManager <UserEntity> userManager, IMapper mapper, IBlackListJWT blackList) { _jwtConfig = jwtConfig; _userManager = userManager; _mapper = mapper; _blackList = blackList; }
public JwtProvider(IOptions <JwtConfig> config, UserManager <UserEntity> userManager) { _config = config.Value; _userManager = userManager; _key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.Key)); _tokenHandler = new JwtSecurityTokenHandler(); }
public SnUserController(ISnUserService service, snblogContext coreDbContext, IOptions <JwtConfig> _jwtModel) { _service = service; _coreDbContext = coreDbContext; user = coreDbContext.SnUser; jwtModel = _jwtModel.Value; }
public AuthManagementController( UserManager <IdentityUser> userManager, IOptionsMonitor <JwtConfig> optionsMonitor) { _userManager = userManager; _jwtConfig = optionsMonitor.CurrentValue; }
public AuthController(UserManager <PickEmUser> userManager, LeagueService leagueService, IOptions <JwtConfig> jwtOptions, ILogger <AuthController> logger) { _userManager = userManager; _leagueService = leagueService; _logger = logger; _jwtOptions = jwtOptions.Value; }
/// <summary> /// /// </summary> /// <param name="userManager"></param> /// <param name="appConfig"></param> /// <param name="tokenManage"></param> /// <param name="mapper"></param> /// <param name="logger"></param> public UserService(IUserManager userManager, AppConfig appConfig, JwtConfig tokenManage, IMapper mapper, ILogger <UserService> logger) : base(logger) { _userManager = userManager; _mapper = mapper; _appConfig = appConfig; _tokenManage = tokenManage; }
/// <summary> /// 构造函数 /// </summary> public AccountController(IJwtProvider jwtProvider, ICacheProvider cacheService, IOptions <JwtConfig> jwtConfig, IUserService service) { _jwtProvider = jwtProvider; _cacheService = cacheService; _service = service; _jwtConfig = jwtConfig.Value; }
public static void Initialize(IServiceCollection services, JwtConfig jwtConfig) { var authenticationProviderKey = "TestKey"; services.AddAuthentication() .AddIdentityServerAuthentication(authenticationProviderKey, x => { x.Authority = jwtConfig.Authority; x.RequireHttpsMetadata = false; //// x.Audience = "basket"; //x.TokenValidationParameters = new TokenValidationParameters //{ // ValidAudiences = new[] { "basket" } //}; // x.Audience = "openid"; //x.TokenValidationParameters = new TokenValidationParameters //{ // ValidateIssuer = true, // ValidateAudience = true, // ValidateLifetime = true, // ValidateIssuerSigningKey = true, //// validissuer = jwtconfig.issuer, // // validaudience = jwtconfig.audience, // ValidAudiences = new[] { "api1" }, // // issuersigningkey = new symmetricsecuritykey(encoding.utf8.getbytes(configuration["jwt:key"])) //}; }); }
public static DateTime ExchangeExpirationTime(JwtConfig config) { switch (config.ExpirationType) { case ExpirationType.Minutes: return(DateTime.UtcNow.AddMinutes(config.ExpirationTime)); case ExpirationType.Hours: return(DateTime.UtcNow.AddHours(config.ExpirationTime)); case ExpirationType.Days: return(DateTime.UtcNow.AddDays(config.ExpirationTime)); case ExpirationType.Weeks: return(DateTime.UtcNow.AddDays(config.ExpirationTime * 7)); case ExpirationType.Months: return(DateTime.UtcNow.AddMonths(config.ExpirationTime)); case ExpirationType.Years: return(DateTime.UtcNow.AddYears(config.ExpirationTime)); default: throw new NotSupportedException("Expiration time for Jwt Token is invalid"); } }
public AuthManagementController(UserManager <IdentityUser> userManager, IOptionsMonitor <JwtConfig> optionsMonitor, TokenValidationParameters tokenValidationParams, ApiDbContext apiDbContext) { _userManager = userManager; _jwtConfig = optionsMonitor.CurrentValue; _tokenValidationParams = tokenValidationParams; _apiDbContext = apiDbContext; }
public AuthController(ILogger <AuthController> logger, UserManager <User> userManager, IMapper mapper, IOptionsSnapshot <JwtConfig> jwtSetting) { _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _userManager = userManager ?? throw new ArgumentNullException(nameof(userManager)); _mapper = mapper ?? throw new ArgumentNullException(nameof(mapper)); _jwtSetting = jwtSetting.Value; }
public TokenController(IUserService userService, IRoleService roleService, IPasswordHasher passwordHasher, IOptions <JwtConfig> jwtConfig) { this.userService = userService; this.roleService = roleService; this.passwordHasher = passwordHasher; this.jwtConfig = jwtConfig.Value; }
public IdentityService(UserManager <IdentityUser> userManager, JwtConfig jwtSettings, TokenValidationParameters tokenValidationParameters, DataContext context, IUserProfileService userProfileService) { _userManager = userManager; _jwtSettings = jwtSettings; _tokenValidationParameters = tokenValidationParameters; _context = context; _userProfileService = userProfileService; }
public AccountController(IOptionsSnapshot <JwtConfig> jwtConfig , IAccountAppService accountService , IUserContext userContext) { _jwtConfig = jwtConfig.Value; _accountService = accountService; _userContext = userContext; }
public SsoAuthenticationMiddleware(RequestDelegate next , IOptions <JwtConfig> jwtConfig , ICacheProvider cache) { _next = next ?? throw new ArgumentNullException(nameof(next)); _cache = cache; _jwtConfig = jwtConfig.Value; }
public AccountController(JwtConfig jwtConfig, UserManager <IdentityUser> userManager, SignInManager <IdentityUser> signInManager) { _jwtConfig = jwtConfig; _userManager = userManager; _signInManager = signInManager; _authService = new AuthService(userManager); }
public LoginCommandHandler(TasiContext context, IMapper mapper, ILogger <LoginCommandHandler> logger, IOptions <JwtConfig> config) { _context = context; _mapper = mapper; _logger = logger; _config = config.Value; }
public RefreshAccessTokenCommandHandler(IHttpContextAccessor httpContextAccessor, IRefreshTokenService refreshTokenService, IOptions <JwtConfig> jwtConfigOptions) { _httpContext = httpContextAccessor.HttpContext ?? throw new ArgumentNullException(nameof(httpContextAccessor.HttpContext)); _refreshTokenService = refreshTokenService ?? throw new ArgumentNullException(nameof(refreshTokenService)); _jwtConfig = jwtConfigOptions.Value ?? throw new ArgumentNullException(nameof(jwtConfigOptions.Value)); }
public IssuedAtCheckerTests(ITestOutputHelper output) { this.output = output; this.Config = new JwtConfig { KeyConfig = new KeyConfig { Value = new byte[] { 237, 77, 131, 121, 90, 110, 35, 231, 70, 26, 39, 55, 158, 159, 179, 231 } }, Signer = new HS256Signer() }; }
public JwtIdCheckerTests(ITestOutputHelper output) { this.output = output; this.Whitelist = new List<string> { "B311F1EA-588B-40D3-BD89-27DCDF9DB5EB", "C706DE30-2C8F-4834-8C1A-71136310CDB0", "5B6D2B63-C101-4FEA-8625-F1C3C36F2857" }; this.Validator = (id) => { return Whitelist.Where(Q => Q == id).Any(); }; this.Config = new JwtConfig { KeyConfig = new KeyConfig { Value = new byte[] { 237, 77, 131, 121, 90, 110, 35, 231, 70, 26, 39, 55, 158, 159, 179, 231 } }, Signer = new HS256Signer() }; }
public void Sample() { var jwtConfig = new JwtConfig { KeyConfig = new KeyConfig { Value = new byte[] { 237, 77, 131, 121, 90, 110, 35, 231, 70, 26, 39, 55, 158, 159, 179, 231 } }, Signer = new HS256Signer() }; var jwtCodec = new JwtCodec(jwtConfig); var claims = new { UserId = 1, Username = "******", Role = "Admin" }; string token1 = jwtCodec.Encode(claims); //eyJVc2VySWQiOjEsIlVzZXJuYW1lIjoiamFja2FudG9ubyIsIlJvbGUiOiJBZG1pbiJ9.yCY897l0Qt4pNWAMkLebcwjygiqbkQcFMfNW+BZjCUo= output.WriteLine(token1); bool isValid = jwtCodec.Decode(token1); //True output.WriteLine(isValid.ToString()); var now = new DateTime(2015, 11, 23, 14, 0, 0, DateTimeKind.Utc); var token2 = jwtCodec.Encode(claims, Issuer: "accelist.com", Subject: "Authentication", Audience: new List<string> { "EmployeePortal", "SecurityCenter" }, ExpirationTime: now.AddHours(12), NotBefore: now, IssuedAt: now, JwtId: Guid.Parse("2628850a-e1a9-4897-bf78-355fa5367ca1").ToString() ); //eyJVc2VySWQiOjEsIlVzZXJuYW1lIjoiamFja2FudG9ubyIsIlJvbGUiOiJBZG1pbiIsImlzcyI6ImFjY2VsaXN0LmNvbSIsInN1YiI6IkF1dGhlbnRpY2F0aW9uIiwiYXVkIjpbIkVtcGxveWVlUG9ydGFsIiwiU2VjdXJpdHlDZW50ZXIiXSwiZXhwIjoxNDQ4MzMwNDAwLCJuYmYiOjE0NDgyODcyMDAsImlhdCI6MTQ0ODI4NzIwMCwianRpIjoiMjYyODg1MGEtZTFhOS00ODk3LWJmNzgtMzU1ZmE1MzY3Y2ExIn0=.d/ON3EdLGOC0VPcKwiLE15WZKoM9Mwx+3P2QQIhSP8U= output.WriteLine(token2); /// Validation logic for registered claim: Issuer. /// Successful if the Issuer property value equals the claim or claim is not provided. var issChecker = new IssuerChecker(); /// Validation logic for registered claim: Subject. /// Successful if the Subject property value equals the claim or claim is not provided. var subChecker = new SubjectChecker(); /// Validation logic for registered claim: Audience. /// Successful if the claim is not present or the Audience property value is in the said claim. var audChecker = new AudienceChecker(); var leeway = new TimeSpan(0, 5, 0); /// Validation logic for registered claim: Expiration Time. /// Successful if claim exists and current time is at or before the said claim, using leeway period if provided. var expChecker = new ExpirationTimeChecker(leeway); /// Authorization logic for registered claim: Not Before. /// Successful if claim exists and current time is at or after the said claim, using leeway period if provided. var nbfChecker = new NotBeforeChecker(leeway); /// Authorization logic for registered claim: Issued At. /// Successful if claim exists. var iatChecker = new IssuedAtChecker(); /// Validation logic for registered claim: JWT ID. /// Successful if claims exist and resolves to true when passed through the validator. Func<string, bool> jtiValidator = (jti) => { return true; }; var jtiChecker = new JwtIdChecker(jtiValidator); /// Validation logic for AuthorizeAttribute 'Role' claim. /// Successful if the Roles property is not set or the claim is in the Roles property value. var roleChecker = new RoleChecker("Role"); /// Validation logic for AuthorizeAttribute 'User' claim. /// Successful if the User property is not set or the claim is in the Users property value. var userChecker = new UserChecker("Username"); var claimsCheckers = new List<IClaimsChecker> { issChecker, subChecker, audChecker, expChecker, nbfChecker, iatChecker, jtiChecker, roleChecker, userChecker }; var variables = new ClaimsCheckerVariables { Issuer = "accelist.com", Subject = "Administration", Roles = "Admin", Audience = "EmployeePortal", Users = "jackantono, ryanelian", }; jwtCodec.Decode(token2, claimsCheckers, variables); var jwtObj = JwtObject.Parse(token2); var extractClaims = jwtObj.ClaimsAsObject<ClaimsTest>(); output.WriteLine(Newtonsoft.Json.JsonConvert.SerializeObject(extractClaims, Newtonsoft.Json.Formatting.Indented)); }