public JsonResult ValidateTokenUser() { string token = null; if (Request.Headers.AllKeys.Contains("access_token")) { token = Request.Headers.GetValues("access_token").FirstOrDefault(); } using (SoHoaEntities db = new SoHoaEntities()) { AccessToken accessToken = db.AccessTokens.FirstOrDefault(x => x.Token.Equals(token)); S_Users user = db.S_Users.FirstOrDefault(x => x.UserName.Equals(accessToken.UserName)); if (user != null) { return(Json( new { User = new { UserId = user.UserID, UserName = user.UserName, } }, JsonRequestBehavior.AllowGet)); } } return(Json("Error", JsonRequestBehavior.AllowGet)); }
public bool ValidateToken(ref TokenIdentity tokenIdentity) { bool result = false; try { tokenIdentity.SetAuthenticationType("Custom"); // Base64 decode the string, obtaining the token:guid:username:timeStamp. string key = Encoding.UTF8.GetString(Convert.FromBase64String(tokenIdentity.Token)); // Split the parts. string[] parts = key.Split(new char[] { ':' }); if (parts.Length == 4) { // Get the hash message, username, and timestamp. string hash = parts[0]; string guid = parts[1]; string username = parts[2]; long ticks = long.Parse(parts[3]); tokenIdentity.EffectiveTime = ticks; DateTime timeStamp = new DateTime(ticks); // Ensure the timestamp is valid. bool expired = Math.Abs((DateTime.Now.AddHours(7) - timeStamp).TotalSeconds) > _expirationSeconds; if (!expired) { // Hash the message with the key to generate a token. string computedToken = GenerateToken(username, tokenIdentity.UserAgent, tokenIdentity.IP, guid, ticks).Token; // Compare the computed token with the one supplied and ensure they match. if (tokenIdentity.Token.Equals(computedToken)) { using (SoHoaEntities db = new SoHoaEntities()) { AccessToken accessToken = db.AccessTokens.SingleOrDefault(x => x.Token == computedToken); //connection.Open(); //AccessToken accessToken = connection.QuerySingleOrDefault<AccessToken>(SchemaAuth.AccessTokens_GetByToken, new { Token = computedToken }, commandType: System.Data.CommandType.StoredProcedure); if (accessToken != null && Math.Abs((DateTime.Now - accessToken.EffectiveTime).TotalSeconds) < _expirationSeconds && accessToken.UserName.Equals(username)) { result = true; tokenIdentity.SetIsAuthenticated(true); tokenIdentity.UserName = username; } } } } } } catch (Exception ex) { return(false); throw ex; } return(result); }
public JsonResult Login(LoginForm login) { using (SoHoaEntities db = new SoHoaEntities()) { S_Users user = db.S_Users.SingleOrDefault(x => x.UserName == login.Username); if (user != null) { string passwordSalt = user.PasswordSalt; string passwordInput = AuthenticationHelper.GetMd5Hash(passwordSalt + login.Password); string passwordUser = user.Password; if (passwordInput.Equals(passwordUser)) { TokenProvider tokenProvider = new TokenProvider(); TokenIdentity token = tokenProvider.GenerateToken(login.Username, Request.Headers["User-Agent"].ToString(), HttpContext.Request.UserHostAddress, Guid.NewGuid().ToString(), DateTime.Now.AddHours(7).Ticks); token.SetAuthenticationType("Custom"); token.SetIsAuthenticated(true); db.AccessTokens.Add(new AccessToken() { Token = token.Token, EffectiveTime = new DateTime(token.EffectiveTime), ExpiresIn = token.ExpiresTime, IP = token.IP, UserAgent = token.UserAgent, UserName = token.Name }); db.SaveChanges(); return(Json( new { Token = token, Profile = new { Username = token.UserName, FullName = user.UserName, }, User = new { UserName = user.UserName, UserId = user.UserID } })); } } } return(Json("Login failed!")); }