//public static IApplicationBuilder UseJwtValidationAtDatabase(this IApplicationBuilder app) //{ // return app.UseMiddleware<JwtMidddleware>(); //} public static void UseJwtValidationAtDatabase(this IApplicationBuilder app, IConfiguration config) { app.Use(async delegate(HttpContext context, Func <Task> next) { if (context.Request.Headers.ContainsKey("Authorization")) { var claims = context.User.Claims; string name = claims.Single(x => x.Type == ClaimTypes.Name).Value; string role = claims.Single(x => x.Type == ClaimTypes.Role).Value; string ConnectionString = config.GetSection("ConnectionStrings").GetSection(Connection.ConnectionName).Value; UserDataAccessLayer dal = new UserDataAccessLayer(ConnectionString); User _model = new User { userName = name }; TitleValidationStatus _titleValidate = await dal.getUserTitle(_model); if (role != _titleValidate.validateMessage) { context.Response.ContentType = "text/plain"; context.Response.StatusCode = StatusCodes.Status403Forbidden; var message = new { validateResult = "403db", validateMessage = "" }; await context.Response.WriteAsync(JsonConvert.SerializeObject(message)); return; } } await next.Invoke(); }); }
private async Task <bool> ManualValidateRole(string token, string _role) { var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.ReadToken(token) as JwtSecurityToken; var claims = securityToken.Claims; string name = claims.First(x => x.Type == "unique_name").Value; string role = claims.First(x => x.Type == "role").Value; if (String.IsNullOrEmpty(name) || String.IsNullOrEmpty(role)) { return(false); } string ConnectionString = Configuration.GetSection("ConnectionStrings").GetSection(Connection.ConnectionName).Value; UserDataAccessLayer dal = new UserDataAccessLayer(ConnectionString); User _model = new User { userName = name }; TitleValidationStatus _titleValidate = await dal.getUserTitle(_model); if (role != _titleValidate.validateMessage || role != _role) { return(false); } return(true); }
public async Task <TitleValidationStatus> getUserTitle(User model) { TitleValidationStatus _status = new TitleValidationStatus(); using (SqlConnection con = SqlCon()) { SqlCommand cmd = SqlCmd(con); cmd.CommandText = "GetUserTitle"; cmd.Parameters.AddWithValue("@userName", model.userName); SqlParameter prm1 = new SqlParameter { ParameterName = "@status", SqlDbType = SqlDbType.NVarChar, Size = 50, Direction = ParameterDirection.Output }; SqlParameter prm2 = new SqlParameter { ParameterName = "@message", SqlDbType = SqlDbType.NVarChar, Size = 50, Direction = ParameterDirection.Output }; cmd.Parameters.Add(prm1); cmd.Parameters.Add(prm2); try { con.Open(); cmd.ExecuteNonQuery(); _status.validateResult = (string)prm1.Value; _status.validateMessage = (string)prm2.Value; } catch (SqlException ex) { _status.validateResult = ex.Number.ToString(); _status.validateMessage = ex.Message; } finally { if (con.State == System.Data.ConnectionState.Open) { con.Close(); } cmd.Dispose(); } } return(_status); }