//public static IApplicationBuilder UseJwtValidationAtDatabase(this IApplicationBuilder app)
//{
// return app.UseMiddleware<JwtMidddleware>();
//}
public static void UseJwtValidationAtDatabase(this IApplicationBuilder app, IConfiguration config)
{
app.Use(async delegate(HttpContext context, Func <Task> next)
{
if (context.Request.Headers.ContainsKey("Authorization"))
{
var claims = context.User.Claims;
string name = claims.Single(x => x.Type == ClaimTypes.Name).Value;
string role = claims.Single(x => x.Type == ClaimTypes.Role).Value;
string ConnectionString = config.GetSection("ConnectionStrings").GetSection(Connection.ConnectionName).Value;
UserDataAccessLayer dal = new UserDataAccessLayer(ConnectionString);
User _model = new User {
userName = name
};
TitleValidationStatus _titleValidate = await dal.getUserTitle(_model);
if (role != _titleValidate.validateMessage)
{
context.Response.ContentType = "text/plain";
context.Response.StatusCode = StatusCodes.Status403Forbidden;
var message = new { validateResult = "403db", validateMessage = "" };
await context.Response.WriteAsync(JsonConvert.SerializeObject(message));
return;
}
}
await next.Invoke();
});
}
private async Task <bool> ManualValidateRole(string token, string _role)
{
var tokenHandler = new JwtSecurityTokenHandler();
var securityToken = tokenHandler.ReadToken(token) as JwtSecurityToken;
var claims = securityToken.Claims;
string name = claims.First(x => x.Type == "unique_name").Value;
string role = claims.First(x => x.Type == "role").Value;
if (String.IsNullOrEmpty(name) || String.IsNullOrEmpty(role))
{
return(false);
}
string ConnectionString = Configuration.GetSection("ConnectionStrings").GetSection(Connection.ConnectionName).Value;
UserDataAccessLayer dal = new UserDataAccessLayer(ConnectionString);
User _model = new User {
userName = name
};
TitleValidationStatus _titleValidate = await dal.getUserTitle(_model);
if (role != _titleValidate.validateMessage || role != _role)
{
return(false);
}
return(true);
}
public async Task <TitleValidationStatus> getUserTitle(User model)
{
TitleValidationStatus _status = new TitleValidationStatus();
using (SqlConnection con = SqlCon())
{
SqlCommand cmd = SqlCmd(con);
cmd.CommandText = "GetUserTitle";
cmd.Parameters.AddWithValue("@userName", model.userName);
SqlParameter prm1 = new SqlParameter
{
ParameterName = "@status",
SqlDbType = SqlDbType.NVarChar,
Size = 50,
Direction = ParameterDirection.Output
};
SqlParameter prm2 = new SqlParameter
{
ParameterName = "@message",
SqlDbType = SqlDbType.NVarChar,
Size = 50,
Direction = ParameterDirection.Output
};
cmd.Parameters.Add(prm1);
cmd.Parameters.Add(prm2);
try
{
con.Open();
cmd.ExecuteNonQuery();
_status.validateResult = (string)prm1.Value;
_status.validateMessage = (string)prm2.Value;
}
catch (SqlException ex)
{
_status.validateResult = ex.Number.ToString();
_status.validateMessage = ex.Message;
}
finally
{
if (con.State == System.Data.ConnectionState.Open)
{
con.Close();
}
cmd.Dispose();
}
}
return(_status);
}
