public void DecodeToObject_Should_Decode_Token_To_Dictionary_Multiple_Secrets() { var expected = TestData.DictionaryPayload; const string key = TestData.Key; const string token = TestData.Token; var serializer = new JsonNetSerializer(); var dateTimeProvider = new UtcDateTimeProvider(); var validator = new JwtValidator(serializer, dateTimeProvider); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validator, urlEncoder); var actual = decoder.DecodeToObject(token, new[] { key }, verify: true); actual.Should() .Equal(expected, "because the JWT should have been correctly deserialized to the correct object"); }
public static string GetTokenJson(string token) { try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var json = decoder.Decode(token, SecretKey, verify: true); return(json); } catch (Exception) { throw; } }
public void DecodeToObject_Should_Decode_Token_To_Generic_Type_Multiple_Secrets() { var expected = TestData.Customer; const string key = TestData.Key; const string token = TestData.Token; var serializer = new JsonNetSerializer(); var dateTimeProvider = new UtcDateTimeProvider(); var validator = new JwtValidator(serializer, dateTimeProvider); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validator, urlEncoder); var actual = decoder.DecodeToObject <Customer>(token, new[] { key }, verify: true); actual.Should() .BeEquivalentTo(expected, "because the JWT should have been correctly deserialized to the same customer object"); }
public static bool ValidateToken(string token) { IJwtValidator validator = new JwtValidator(_serializer, _provider); IJwtDecoder decoder = new JwtDecoder(_serializer, validator, _urlEncoder); try { decoder.Decode(token, secret, verify: true); } catch { return(false); } return(true); }
public T Decode <T>(string token, string secret) { var serializer = new JsonNetSerializer(); var base64 = new JwtBase64UrlEncoder(); var provier = new UtcDateTimeProvider(); var validator = new JwtValidator(serializer, provier); var payload = new JwtBuilder() .WithSerializer(serializer) .WithValidator(validator) .WithUrlEncoder(base64) .WithSecret(secret) .MustVerifySignature() .Decode <T>(token); return(payload); }
public void DecodeToObject_Should_Throw_Exception_On_Invalid_Key_Multiple_Secrets() { const string token = TestData.Token; var keys = _fixture.Create <string[]>(); var serializer = new JsonNetSerializer(); var validTor = new JwtValidator(serializer, new UtcDateTimeProvider()); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validTor, urlEncoder); Action decodingAJwtWithWrongKey = () => decoder.DecodeToObject <Customer>(token, keys, verify: true); decodingAJwtWithWrongKey.Should() .Throw <SignatureVerificationException>( "because providing the wrong key must raise an error when the signature is verified"); }
public DTO.Tokens.JWT Decode(string Token = "") { if (string.IsNullOrWhiteSpace(Token)) { return(null); } IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var json = decoder.Decode(Token, Secret, true); return(JSON.Deserialize <DTO.Tokens.JWT>(json)); }
/// <summary> /// 根据jwtToken 获取实体 /// </summary> /// <param name="token">jwtToken</param> /// <returns></returns> public static T Get <T>(string token) { try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var userInfo = decoder.DecodeToObject <T>(token, WebConfig.JWT_Secret, verify: true);//token为之前生成的字符串 return(userInfo); } catch (Exception ex) { return(default(T)); } }
protected override bool IsAuthorized(HttpActionContext actionContext) { //从网络请求中获取到token //用相同的解密方式,判断请求过来的token是不是复合规范 //符合 验证通过 //不符合要求 验证失败 //在Api中使用权限过滤器,过滤请求的请求头中间是否包含key=token //如果包含则验证token的值是否正确(token是不是在api中获取的,tpken是否过期),不包含返回失败 var authHeader = from t in actionContext.Request.Headers where t.Key == "token" select t.Value.FirstOrDefault(); if (authHeader != null) { string token = authHeader.FirstOrDefault(); if (!string.IsNullOrEmpty(token)) { try { const string secret = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4aKpVo2OHXPwb1R7duLgg"; //secret需要加密 IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm); var json = decoder.DecodeToObject <object>(token, secret, verify: true); if (json != null) { actionContext.RequestContext.RouteData.Values.Add("auth", json); return(true); } return(false); } catch (Exception ex) { return(false); } } } return(false); }
public override void OnAuthorization(HttpActionContext actionContext) { string token = null; //读取请求中是否包含token if (actionContext.Request.Headers.TryGetValues("Authorization", out IEnumerable <string> headValues)) { token = headValues.FirstOrDefault(); } if (token != null) { try { //验证jwt的合法性 IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJwtValidator validator = new JwtValidator(serializer, provider); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm); var json = decoder.Decode(token, ConfigurationManager.AppSettings["JwtSecret"], verify: true); //验证redis是否过期 if (RedisHelper.Get(token) == null) { HttpResponseMessage httpResponse = new HttpResponseMessage(HttpStatusCode.Unauthorized); httpResponse.Content = new StringContent("签名已过期"); actionContext.Response = httpResponse; } } catch (SignatureVerificationException) { HttpResponseMessage httpResponse = new HttpResponseMessage(HttpStatusCode.Unauthorized); httpResponse.Content = new StringContent("签名无效"); actionContext.Response = httpResponse; } } else { HttpResponseMessage httpResponse = new HttpResponseMessage(HttpStatusCode.Unauthorized); httpResponse.Content = new StringContent("签名无效"); actionContext.Response = httpResponse; } }
static void Main(string[] args) { var payload = new Dictionary <string, object> { { "UserId", "hx123456" }, { "UserName", "admin" } }; var secret = "ASDFQWEFAWDFASDFASGERGSDRGFSDFGSDFGERTGWER";//不要泄露 IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder); var token = encoder.Encode(payload, secret); Console.WriteLine(token); try { IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var json = decoder.Decode(token, secret, verify: true); Console.WriteLine(json); } catch (FormatException e) { Console.WriteLine("Token format invalid" + e.Message); } catch (TokenExpiredException e) { Console.WriteLine("Token has expired" + e.Message); } catch (SignatureVerificationException e) { Console.WriteLine("Token has invalid signature" + e.Message); } catch (Exception e) { Console.WriteLine(e.Message); } Console.WriteLine("Hello World!"); }
public static T GetDecryptToken <T>(string jwtToken, string key) { T model = Activator.CreateInstance <T>(); IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider dateTimeProvider = new UtcDateTimeProvider(); IJwtValidator validate = new JwtValidator(serializer, dateTimeProvider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decode = new JwtDecoder(serializer, validate, urlEncoder); model = decode.DecodeToObject <T>(jwtToken, key, true); return(model); }
/// <summary> /// Create the default set of JwtServiceArgs /// </summary> /// <param name="useDefaults">If the JWT Service should use defaults</param> /// <param name="loggingService">The logging service to log errors with, default null</param> /// <param name="secureSecret">The secure secret used to encode JWTs, default null</param> public JwtServiceArgs(bool useDefaults, ILoggingService loggingService = null, SecureString secureSecret = null) { if (useDefaults) { Serializer = new JsonNetSerializer(); Provider = new UtcDateTimeProvider(); UrlEncoder = new JwtBase64UrlEncoder(); Algorithm = new HMACSHA256Algorithm(); Secret = Environment.GetEnvironmentVariable("JWT_SECRET"); Validator = new JwtValidator(Serializer, Provider); Decoder = new JwtDecoder(Serializer, Validator, UrlEncoder); Encoder = new JwtEncoder(Algorithm, Serializer, UrlEncoder); } LoggingService = loggingService; SecureSecret = secureSecret; }
public static bool IsValidToken(string token) { try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var json = decoder.Decode(token, secret, verify: true); return(true); } catch (Exception) { return(false); } }
private static Dictionary <string, string> DecodeJwt(string token) { try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var json = decoder.Decode(token, GetSecret(), verify: true); return(JsonConvert.DeserializeObject <Dictionary <string, string> >(json)); } catch (Exception) { return(new Dictionary <string, string>()); } }
public static bool VerifyToken(string token, string key, string value = "true") { IJsonSerializer serializer = new JsonSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); string json = decoder.Decode(token, Secret, true); Dictionary <string, string> claims = serializer.Deserialize <Dictionary <string, string> >(json); if (claims.ContainsKey(key) && claims[key] == value) { return(true); } return(false); }
public void Init() { var serializer = new JsonNetSerializer(); var validator = new JwtValidator(serializer, new UtcDateTimeProvider()); jwtDecoder = new JwtDecoder(serializer, validator, new JwtBase64UrlEncoder()); Constants.JwtValidIssuer = "TestIssuer"; Constants.JwtValidAudience = "TestAudience"; Constants.JwtSecretKey = "test-gv-core-secret-key"; Constants.JwtExpiryInMinutes = 10; user = new ApplicationUser { Id = Guid.NewGuid(), UserName = "******" }; }
public void Decode_Should_Decode_Token_To_Json_String_Multiple_Secrets() { const string key = TestData.Key; const string token = TestData.Token; var toSerialize = TestData.Customer; var serializer = new JsonNetSerializer(); var dateTimeProvider = new UtcDateTimeProvider(); var validator = new JwtValidator(serializer, dateTimeProvider); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validator, urlEncoder); var actual = decoder.Decode(token, new[] { key }, verify: true); var expected = serializer.Serialize(toSerialize); actual.Should() .Be(expected, "because the provided object should be correctly serialized in the token"); }
public void DecodeToObject_Should_Throw_Exception_On_Expired_Claim() { var serializer = new JsonNetSerializer(); var dateTimeProvider = new UtcDateTimeProvider(); var validator = new JwtValidator(serializer, dateTimeProvider); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validator, urlEncoder); var now = dateTimeProvider.GetNow(); var exp = (int)(now.AddHours(-1) - JwtValidator.UnixEpoch).TotalSeconds; var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder); var expiredtoken = encoder.Encode(new { exp = exp }, "ABC"); Action action = () => decoder.DecodeToObject <Customer>(expiredtoken, "ABC", verify: true); action.ShouldThrow <TokenExpiredException>(); }
public void DecodeToObject_Should_Throw_Exception_On_Expired_Claim() { var serializer = new JsonNetSerializer(); var dateTimeProvider = new UtcDateTimeProvider(); var validator = new JwtValidator(serializer, dateTimeProvider); var decoder = new JwtDecoder(serializer, validator); var now = dateTimeProvider.GetNow(); var hourAgo = now.Subtract(new TimeSpan(1, 0, 0)); var unixTimestamp = (int)(hourAgo - new DateTime(1970, 1, 1)).TotalSeconds; var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer); var expiredtoken = encoder.Encode(new { exp = unixTimestamp }, "ABC"); Action action = () => decoder.DecodeToObject <Customer>(expiredtoken, "ABC", verify: true); action.ShouldThrow <TokenExpiredException>(); }
public void Decode_Should_Throw_Exception_When_HMA_Algorithm_Is_Used_But_RSA_Was_Expected_MultipleKeys() { var serializer = new JsonNetSerializer(); var urlEncoder = new JwtBase64UrlEncoder(); var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder); var encodedToken = encoder.Encode(TestData.Customer, TestData.ServerRsaPublicKey1); var validTor = new JwtValidator(serializer, new UtcDateTimeProvider()); var algFactory = new RSAlgorithmFactory(() => new X509Certificate2(TestData.ServerRsaPublicKey1)); var decoder = new JwtDecoder(serializer, validTor, urlEncoder, algFactory); Action decodeJwtWithRsaWhenHmaIsExpected = () => decoder.Decode(encodedToken, TestData.ServerRsaPublicKeys, verify: true); decodeJwtWithRsaWhenHmaIsExpected.Should() .Throw <NotSupportedException>("because an encryption algorithm can't be changed another on decoding"); }
/// <summary> /// 解析token提取用户授权信息 /// </summary> /// <param name="token"></param> /// <returns></returns> public AuthInfo DecodeToken(string token) { string secret = System.Configuration.ConfigurationManager.AppSettings["SecureKey"]; AuthInfo authInfo = null; IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); try { authInfo = decoder.DecodeToObject <AuthInfo>(token, secret, verify: true); } catch { } return(authInfo); }
public void DecodeToObject_Should_Throw_Exception_Before_NotBefore_Becomes_Valid() { var serializer = new JsonNetSerializer(); var dateTimeProvider = new UtcDateTimeProvider(); var validTor = new JwtValidator(serializer, dateTimeProvider); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validTor, urlEncoder); var now = dateTimeProvider.GetNow(); var nbf = UnixEpoch.GetSecondsSince(now.AddHours(1)); var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder); var token = encoder.Encode(new { nbf }, "ABC"); Action action = () => decoder.DecodeToObject <Customer>(token, "ABC", verify: true); Assert.Throws <SignatureVerificationException>(action); }
/// <summary> /// 验证token /// </summary> /// <param name="actionContext"></param> /// <returns></returns> protected override bool IsAuthorized(HttpActionContext actionContext) { var authHeader = from t in actionContext.Request.Headers where t.Key == "Authorization" select t.Value.FirstOrDefault(); if (authHeader != null) { string secretKey = "JWT SECRET"; //口令加密秘钥 string token = authHeader.FirstOrDefault(); //获取token if (!string.IsNullOrEmpty(token)) { try { byte[] key = Encoding.UTF8.GetBytes(secretKey); IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); //解密 var json = decoder.DecodeToObject <Payload>(token, key, verify: true); if (json.ExpiryDateTime < DateTime.Now) { return(false); } actionContext.RequestContext.RouteData.Values.Add("Authorization", json); return(true); } catch (Exception ex) { log.Error("token生成失败:" + ex.Message); return(false); } } else { return(false); } } else { return(false); } }
public Task Invoke(HttpContext context) { var authHeader = from t in context.Request.Headers where t.Key == "auth" select t.Value.FirstOrDefault(); if (authHeader != null) { const string secretKey = "Hello World";//加密秘钥 string token = authHeader.FirstOrDefault(); if (!string.IsNullOrEmpty(token)) { try { byte[] key = Encoding.UTF8.GetBytes(secretKey); IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var json = decoder.DecodeToObject <AuthInfo>(token, key, verify: true); if (json != null) //Token验证成功 { if (json.ExpiryDateTime < DateTime.Now) { return(_next.Invoke(context)); //return context.Response.WriteAsync("Token已失效"); } return(_next.Invoke(context)); } else //Token验证失败 { return(context.Response.WriteAsync("Token验证失败!")); } } catch (Exception ex) { //context.Result = new EmptyResult(); return(context.Response.WriteAsync("Token验证发生异常!")); } } } return(context.Response.WriteAsync("authHeader为空!")); }
public void DecodeToObject_Should_Decode_Token_After_NotBefore_Becomes_Valid() { var dateTimeProvider = new UtcDateTimeProvider(); const string key = TestData.Key; var serializer = new JsonNetSerializer(); var validator = new JwtValidator(serializer, new UtcDateTimeProvider()); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validator, urlEncoder); var now = dateTimeProvider.GetNow(); var nbf = UnixEpoch.GetSecondsSince(now); var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder); var token = encoder.Encode(new { nbf }, key); decoder.DecodeToObject <Customer>(token, key, verify: true); }
public void DecodeToObject_Should_Throw_Exception_On_Invalid_Expiration_Claim_MultipleKeys() { const string key = TestData.Key; var serializer = new JsonNetSerializer(); var validator = new JwtValidator(serializer, new UtcDateTimeProvider()); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validator, urlEncoder); var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder); var token = encoder.Encode(new { exp = _fixture.Create <string>() }, key); Action encodeJwtWithWrongExpField = () => decoder.DecodeToObject <Customer>(token, new[] { key }, verify: true); encodeJwtWithWrongExpField.Should() .Throw <SignatureVerificationException>("because the invalid 'exp' must result in an exception on decoding"); }
public static UserDTO GetLoginUser() { ICacheFactory cacheFactory = ServiceLocator.Get <ICacheFactory>(); ICacheClient cacheClient = cacheFactory.CreateClient(CacheType.Redis); IHttpContextAccessor httpContext = ServiceLocator.Get <IHttpContextAccessor>(); bool flag = httpContext.HttpContext.Request.Headers.TryGetValue("loginToken", out StringValues token); if (!flag) { throw new AuthException(); } if (string.IsNullOrEmpty(token[0]) || token[0] == "null") { throw new AuthException(); } string value = cacheClient.StringGet(token); #region 判断是否过期 TokenModel tokenModel = JsonConvert.DeserializeObject <TokenModel>(value); if (tokenModel.ExpireTime < DateTime.Now) { cacheClient.Remove(token); throw new AuthException(); } if (DateTime.Now.AddDays(1) == tokenModel.ExpireTime) { tokenModel.ExpireTime = DateTime.Now.AddDays(7); cacheClient.StringSet(token, tokenModel, TimeSpan.FromDays(7)); } #endregion if (string.IsNullOrEmpty(value)) { throw new AuthException(); } IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm); var json = decoder.Decode(token); return(JsonConvert.DeserializeObject <UserDTO>(json)); }
public static IDictionary <string, object> DecodeToken(string token, string secret) { try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var jsonPayload = decoder.DecodeToObject <IDictionary <string, object> >(token, secret, verify: true); return(jsonPayload); } catch (Exception e) when(e is SignatureVerificationException || e is ArgumentException) { throw new NotifyAuthException(e.Message); } }
public void Decode_With_Multiple_Secrets_Should_Return_Token() { const string key = TestData.Secret; const string token = TestData.Token; var payload = TestData.Customer; var serializer = new JsonNetSerializer(); var dateTimeProvider = new UtcDateTimeProvider(); var validator = new JwtValidator(serializer, dateTimeProvider); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validator, urlEncoder, TestData.HMACSHA256Algorithm); var actual = decoder.Decode(token, new[] { key }, verify: true); var expected = serializer.Serialize(payload); actual.Should() .Be(expected, "because the provided object should be correctly serialized in the token"); }