protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request,
CancellationToken cancellationToken)
{
HttpStatusCode statusCode;
string token;
if (!TryRetrieveToken(request, out token))
{
statusCode = HttpStatusCode.Unauthorized;
return(base.SendAsync(request, cancellationToken));
}
try
{
var claveSecreta = ConfigurationManager.AppSettings["ClaveSecreta"];
var issuerToken = ConfigurationManager.AppSettings["Issuer"];
var audienceToken = ConfigurationManager.AppSettings["Audience"];
var securityKey = new SymmetricSecurityKey(
System.Text.Encoding.Default.GetBytes(claveSecreta));
SecurityToken securityToken;
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
ValidAudience = audienceToken,
ValidIssuer = issuerToken,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
// DELEGADO PERSONALIZADO PERA COMPROBAR
// LA CADUCIDAD EL TOKEN.
LifetimeValidator = this.LifetimeValidator,
IssuerSigningKey = securityKey
};
// COMPRUEBA LA VALIDEZ DEL TOKEN
Thread.CurrentPrincipal = tokenHandler.ValidateToken(token,
validationParameters,
out securityToken);
HttpContext.Current.User = tokenHandler.ValidateToken(token,
validationParameters,
out securityToken);
return(base.SendAsync(request, cancellationToken));
}
catch (SecurityTokenValidationException ex)
{
statusCode = HttpStatusCode.Unauthorized;
}
catch (Exception ex)
{
statusCode = HttpStatusCode.InternalServerError;
}
return(Task <HttpResponseMessage> .Factory.StartNew(() =>
new HttpResponseMessage(statusCode) { }));
}
/// <summary>
///
/// </summary>
/// <param name="request"></param>
/// <param name="cancellationToken"></param>
/// <returns></returns>
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
//HttpStatusCode statusCode;
// Determinar si existe un jwt o no
if (!TryRetrieveToken(request, out var token))
{
return(base.SendAsync(request, cancellationToken));
}
try
{
var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"];
var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"];
var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"];
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey));
SecurityToken securityToken;
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters()
{
ValidAudience = audienceToken,
ValidIssuer = issuerToken,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
LifetimeValidator = this.LifetimeValidator,
IssuerSigningKey = securityKey
};
// Extraer y asignar el Current Principal y usuario
Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
return(base.SendAsync(request, cancellationToken));
}
catch (SecurityTokenValidationException securityTokenValidation)
{
var httpResponseMessage = request.CreateErrorResponse(HttpStatusCode.Unauthorized,
"Indica que el recurso solicitado requiere autenticación. El encabezado WWW-Authenticate contiene los detalles de cómo realizar la autenticación.");
LoggingService.Instance.Error(securityTokenValidation);
return(Task <HttpResponseMessage> .Factory.StartNew(() => httpResponseMessage, cancellationToken));
}
catch (Exception ex)
{
var httpResponseMessage = request.CreateErrorResponse(HttpStatusCode.InternalServerError,
"Indica que se ha producido un error genérico del servidor.Por favor comuníquese con el administrador.");
LoggingService.Instance.Error(ex);
return(Task <HttpResponseMessage> .Factory.StartNew(() => httpResponseMessage, cancellationToken));
}
//return Task<HttpResponseMessage>.Factory.StartNew(() => new HttpResponseMessage(statusCode) { }, cancellationToken);
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
HttpStatusCode statusCode;
string token;
// determine whether a jwt exists or not
if (!TryRetrieveToken(request, out token))
{
statusCode = HttpStatusCode.Unauthorized;
return(base.SendAsync(request, cancellationToken));
}
try
{
var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"];
var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"];
var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"];
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey));
SecurityToken securityToken;
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
ValidAudience = audienceToken,
ValidIssuer = issuerToken,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
LifetimeValidator = this.LifetimeValidator,
IssuerSigningKey = securityKey
};
// Extract and assign Current Principal and user
Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
return(base.SendAsync(request, cancellationToken));
}
catch (SecurityTokenValidationException)
{
statusCode = HttpStatusCode.Unauthorized;
}
catch (Exception)
{
statusCode = HttpStatusCode.InternalServerError;
}
return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(statusCode) { }));
}
public ClaimsPrincipal ObtenerClaims(string jwtToken)
{
IdentityModelEventSource.ShowPII = true;
var secretKey = _configuration["JWT:key"];
var audienceToken = _configuration["JWT:Audience_Token"];
var issuerToken = _configuration["JWT:Issuer_Token"];
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey));
SecurityToken securityToken;
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
ValidAudience = audienceToken,
ValidIssuer = issuerToken,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
LifetimeValidator = this.LifetimeValidator,
IssuerSigningKey = securityKey
};
var principal = new ClaimsPrincipal();
try
{
principal = tokenHandler.ValidateToken(jwtToken, validationParameters, out securityToken);
}
catch (Exception e)
{
}
// Extract and assign Current Principal and user
return(principal);
}
public static JWTUserModel GetUserFromToken(string token)
{
JWTUserModel user = null;
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(IssuerSigningKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
try
{
var tokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
{
ValidAudience = ValidAudience,
ValidIssuer = ValidIssuer,
IssuerSigningKey = creds.Key,
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = false
};
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var identity = handler.ValidateToken(token, tokenValidationParameters, out Microsoft.IdentityModel.Tokens.SecurityToken validatedToken);
if (identity.Identity.IsAuthenticated)
{
user = GetJWTUser(identity.Claims);
user.Access_Token = token;
}
}
catch (Exception ex)
{
throw ex;
}
return(user);
}
public User ValidateJwtToken(string token)
{
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes("[SECRET USED TO SIGN AND VERIFY JWT TOKENS, IT CAN BE ANY STRING]");
try
{
tokenHandler.ValidateToken(token, new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
// set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)
ClockSkew = TimeSpan.Zero
}, out SecurityToken validatedToken);
var jwtToken = (JwtSecurityToken)validatedToken;
return(new User
{
Id = Convert.ToInt64(jwtToken.Claims.FirstOrDefault(x => x.Type == nameof(User.Id).ToLowerInvariant()).Value),
Name = jwtToken.Claims.FirstOrDefault(x => x.Type == nameof(User.Name).ToLowerInvariant()).Value
});
}
catch
{
// return null if validation fails
return(null);
}
}
public static bool TryValidateToken
(
string plainTextSecurityKey
, string token
, out JwtSecurityToken validatedPlainToken
, out ClaimsPrincipal claimsPrincipal
)
{
var r = false;
validatedPlainToken = null;
claimsPrincipal = null;
try
{
var tokenHandler = new System
.IdentityModel
.Tokens
.Jwt
.JwtSecurityTokenHandler();
var jst = ((JwtSecurityToken)tokenHandler.ReadToken(token));
var signingKey = new Microsoft
.IdentityModel
.Tokens
.SymmetricSecurityKey
(
Encoding
.UTF8
.GetBytes
(
plainTextSecurityKey
)
);
var tokenValidationParameters = new TokenValidationParameters()
{
ValidIssuer = jst.Issuer,
ValidateIssuer = true,
ValidAudiences = jst.Audiences,
ValidateAudience = true,
IssuerSigningKey = signingKey,
ValidateIssuerSigningKey = true,
ValidateLifetime = false
};
claimsPrincipal = tokenHandler
.ValidateToken
(
token
, tokenValidationParameters
, out var validatedPlainToken0
);
validatedPlainToken = validatedPlainToken0 as JwtSecurityToken;
r = true;
}
catch (Exception e)
{
Console.WriteLine(e);
}
return(r);
}
public ClaimsPrincipal ValidToken(string payload)
{
if (_validationParameters != null)
{
JwtSecurityTokenHandler handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var user = handler.ValidateToken(payload, _validationParameters, out SecurityToken validatedToken);
return(user);
}
return(null);
}
public string GetUserType(string jwttoken)
{
var key = Encoding.ASCII.GetBytes(TokenKey);
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var validations = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
var claims = handler.ValidateToken(jwttoken, validations, out var tokenSecure);
return(claims.FindFirstValue(ClaimTypes.Role));
}
public static string DecodeJwt(string tokenString, string keyString)
{
if (keyString == null)
{
return(null);
}
// 鍵 チケットの一部をキーとする
//var keyString = tiket.Substring(5,20);
var key = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.UTF8.GetBytes(keyString));
// トークン操作用のクラス
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
// トークンの文字列表現
//var tokenString = model.Param;
// トークン検証用のパラメータを用意
// Audience, Issuer, Lifetimeに関してはデフォルトで検証が有効になっている
// audが空でexpが期限切れなのでValidateAudienceとValidateLifetimeはfalseにしておく
var validationParams = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateAudience = false,
ValidIssuer = keyString,
ValidateLifetime = false,
IssuerSigningKey = key,
};
try
{
// 第三引数にSecurityToken型の変数を参照で渡しておくと、検証済みのトークンが出力される
handler.ValidateToken(tokenString, validationParams, out SecurityToken token);
var json = ((System.IdentityModel.Tokens.Jwt.JwtSecurityToken)token).Payload.SerializeToJson();
//Dictionary<string, object> dic = list.ToDictionary(item => item.Key, item => item.Value);
return(json);
}
catch (Exception e)
{
// ValidateTokenで検証に失敗した場合はここにやってくる
Console.WriteLine("トークンが無効です: " + e.Message);
return(null);
}
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
HttpStatusCode statusCode;
string token;
var vrlResponse = new ResponseModel();
// determine whether a jwt exists or not
if (!TryRetrieveToken(request, out token))
{
statusCode = HttpStatusCode.Unauthorized;
vrlResponse.RsCode = CodeManager.CODE_200;
vrlResponse.RsMessageForUser = CodeManager.MSG_User_200;
vrlResponse.RsMessage = "Se ha denegado la autorización para esta solicitud.";
vrlResponse.RsContent = statusCode;
return(base.SendAsync(request, cancellationToken));
}
try
{
var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"];
var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"];
var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"];
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey));
SecurityToken securityToken;
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
ValidAudience = audienceToken,
ValidIssuer = issuerToken,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
LifetimeValidator = this.LifetimeValidator,
IssuerSigningKey = securityKey
};
// Extract and assign Current Principal and user
Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
return(base.SendAsync(request, cancellationToken));
}
catch (SecurityTokenValidationException s)
{
statusCode = HttpStatusCode.Unauthorized;
vrlResponse.RsCode = CodeManager.CODE_200;
vrlResponse.RsMessageForUser = CodeManager.MSG_User_200;
vrlResponse.RsMessage = s.Message;
vrlResponse.RsContent = statusCode;
}
catch (Exception e)
{
statusCode = HttpStatusCode.InternalServerError;
vrlResponse.RsCode = CodeManager.CODE_200;
vrlResponse.RsMessageForUser = CodeManager.MSG_User_200;
vrlResponse.RsMessage = e.Message;
vrlResponse.RsContent = statusCode;
}
return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(statusCode)
{
Content = new StringContent(JsonConvert.SerializeObject(vrlResponse), System.Text.Encoding.UTF8, "application/json")
}));
}