public JsonResult ValidateTokenUser()
{
string token = null;
if (Request.Headers.AllKeys.Contains("access_token"))
{
token = Request.Headers.GetValues("access_token").FirstOrDefault();
}
using (SoHoaEntities db = new SoHoaEntities())
{
AccessToken accessToken = db.AccessTokens.FirstOrDefault(x => x.Token.Equals(token));
S_Users user = db.S_Users.FirstOrDefault(x => x.UserName.Equals(accessToken.UserName));
if (user != null)
{
return(Json(
new
{
User = new
{
UserId = user.UserID,
UserName = user.UserName,
}
}, JsonRequestBehavior.AllowGet));
}
}
return(Json("Error", JsonRequestBehavior.AllowGet));
}
public bool ValidateToken(ref TokenIdentity tokenIdentity)
{
bool result = false;
try
{
tokenIdentity.SetAuthenticationType("Custom");
// Base64 decode the string, obtaining the token:guid:username:timeStamp.
string key = Encoding.UTF8.GetString(Convert.FromBase64String(tokenIdentity.Token));
// Split the parts.
string[] parts = key.Split(new char[] { ':' });
if (parts.Length == 4)
{
// Get the hash message, username, and timestamp.
string hash = parts[0];
string guid = parts[1];
string username = parts[2];
long ticks = long.Parse(parts[3]);
tokenIdentity.EffectiveTime = ticks;
DateTime timeStamp = new DateTime(ticks);
// Ensure the timestamp is valid.
bool expired = Math.Abs((DateTime.Now.AddHours(7) - timeStamp).TotalSeconds) > _expirationSeconds;
if (!expired)
{
// Hash the message with the key to generate a token.
string computedToken = GenerateToken(username, tokenIdentity.UserAgent, tokenIdentity.IP, guid, ticks).Token;
// Compare the computed token with the one supplied and ensure they match.
if (tokenIdentity.Token.Equals(computedToken))
{
using (SoHoaEntities db = new SoHoaEntities())
{
AccessToken accessToken = db.AccessTokens.SingleOrDefault(x => x.Token == computedToken);
//connection.Open();
//AccessToken accessToken = connection.QuerySingleOrDefault<AccessToken>(SchemaAuth.AccessTokens_GetByToken, new { Token = computedToken }, commandType: System.Data.CommandType.StoredProcedure);
if (accessToken != null &&
Math.Abs((DateTime.Now - accessToken.EffectiveTime).TotalSeconds) < _expirationSeconds &&
accessToken.UserName.Equals(username))
{
result = true;
tokenIdentity.SetIsAuthenticated(true);
tokenIdentity.UserName = username;
}
}
}
}
}
}
catch (Exception ex)
{
return(false);
throw ex;
}
return(result);
}
public JsonResult Login(LoginForm login)
{
using (SoHoaEntities db = new SoHoaEntities())
{
S_Users user = db.S_Users.SingleOrDefault(x => x.UserName == login.Username);
if (user != null)
{
string passwordSalt = user.PasswordSalt;
string passwordInput = AuthenticationHelper.GetMd5Hash(passwordSalt + login.Password);
string passwordUser = user.Password;
if (passwordInput.Equals(passwordUser))
{
TokenProvider tokenProvider = new TokenProvider();
TokenIdentity token = tokenProvider.GenerateToken(login.Username,
Request.Headers["User-Agent"].ToString(),
HttpContext.Request.UserHostAddress, Guid.NewGuid().ToString(),
DateTime.Now.AddHours(7).Ticks);
token.SetAuthenticationType("Custom");
token.SetIsAuthenticated(true);
db.AccessTokens.Add(new AccessToken()
{
Token = token.Token,
EffectiveTime = new DateTime(token.EffectiveTime),
ExpiresIn = token.ExpiresTime,
IP = token.IP,
UserAgent = token.UserAgent,
UserName = token.Name
});
db.SaveChanges();
return(Json(
new
{
Token = token,
Profile = new
{
Username = token.UserName,
FullName = user.UserName,
},
User = new
{
UserName = user.UserName,
UserId = user.UserID
}
}));
}
}
}
return(Json("Login failed!"));
}
