private bool IsUserAuthorized(HttpActionContext actionContext) { try { string token = FetchFromHeader(actionContext); // fetch authorization token from header if (token != null && !String.IsNullOrWhiteSpace(token)) { AuthenticationModule auth = new AuthenticationModule(); JwtSecurityToken userPayloadToken = auth.ValidateToken(token); if (userPayloadToken != null) { JWTAuthenticationIdentity identity = AuthenticationModule.PopulateUserIdentity(userPayloadToken); if (this.role == null || identity.Roles.Contains(this.role)) { actionContext.ControllerContext.RequestContext.Principal = identity.GetPrincipal(); return(true); } } } } catch (Exception ex) { LogManager.GetLogger().Error(ex); } return(false); }
/// <summary> /// Affecte les permissions pour chaque base de données de la liste /// en fonction de l'utilsateur connecté /// </summary> /// <param name="list"></param> /// <param name="jWTAuthenticationIdentity"></param> private void FillPermissions(List <DatabaseDB> list, JWTAuthenticationIdentity jwtAuthenticationIdentity) { foreach (DatabaseDB databaseDB in list) { FillPermissions(databaseDB, jwtAuthenticationIdentity); } }
public bool IsUserAuthorized(HttpActionContext actionContext) { var authHeader = FetchFromHeader(actionContext); // fetch authorization token from header if (authHeader != null) { var auth = new AuthenticationModule(); JwtSecurityToken userPayloadToken = auth.GenerateUserClaimFromJWT(authHeader); if (userPayloadToken != null) { JWTAuthenticationIdentity identity = auth.PopulateUserIdentity(userPayloadToken); string[] roles = { "All" }; var genericPrincipal = new GenericPrincipal(identity, roles); Thread.CurrentPrincipal = genericPrincipal; var authenticationIdentity = Thread.CurrentPrincipal.Identity as JWTAuthenticationIdentity; if (authenticationIdentity != null && !String.IsNullOrEmpty(authenticationIdentity.UserName)) { authenticationIdentity.UserId = identity.UserId; authenticationIdentity.UserName = identity.UserName; } return(true); } } return(false); }
public JWTAuthenticationIdentity AuthenticateUser(string userName, string password) { //TODO - actually validate the user if (userName == "kkilton") { var identity = new JWTAuthenticationIdentity(userName) { FirstName = "Kris", LastName = "Kilton", UserName = userName, Roles = new List <string> { "admin" } }; AuthenticationModule.SetUserIdentity(identity); return(identity); } if (userName == "user") { var identity = new JWTAuthenticationIdentity(userName) { FirstName = "Just", LastName = "User", UserName = userName, Roles = new List <string> { "user" } }; AuthenticationModule.SetUserIdentity(identity); return(identity); } throw new AuthenticationException(); }
/// <summary> /// Affecte les permissions pour chaque base de données de la liste /// en fonction de l'utilsateur connecté /// </summary> /// <param name="list"></param> private void FillPermissions(List <DatabaseDb> list) { JWTAuthenticationIdentity jwtAuthenticationIdentity = GetJWTIdentity(); foreach (DatabaseDb databaseDb in list) { FillPermissions(databaseDb, jwtAuthenticationIdentity); } }
/// <summary> /// /// </summary> /// <param name="databaseDb"></param> /// <param name="jwtAuthenticationIdentity"></param> private void FillPermissions(DatabaseDb databaseDb, JWTAuthenticationIdentity jwtAuthenticationIdentity) { if (jwtAuthenticationIdentity == null || string.IsNullOrEmpty(jwtAuthenticationIdentity.Name)) { databaseDb.CanBeDeleted = databaseDb.CanBeUpdated = databaseDb.CanAddGroupUser = false; if (databaseDb.Users != null) { foreach (DatabaseGroupUser user in databaseDb.Users) { user.CanBeUpdated = user.CanBeDeleted = false; } } } else { // Si l'utilisateur est administrateur il peut faire toutes les opérations int groupType = DatabaseGroupUserPermissions.GetGroupType(databaseDb.Users, jwtAuthenticationIdentity.Name); if (groupType == DatabaseGroupUserPermissions.ADMINISTRATEUR) { databaseDb.CanBeDeleted = databaseDb.CanBeUpdated = databaseDb.CanAddGroupUser = true; if (databaseDb.Users != null) { foreach (DatabaseGroupUser user in databaseDb.Users) { user.CanBeUpdated = user.CanBeDeleted = true; } } } else { databaseDb.CanBeDeleted = databaseDb.CanBeUpdated = databaseDb.CanAddGroupUser = false; if (databaseDb.Users != null) { foreach (DatabaseGroupUser user in databaseDb.Users) { // Si l'utilisateur connecté est l'utilisateur alors il peut faire les actions if (!String.IsNullOrWhiteSpace(user.UserLogin) && user.UserLogin.Equals(jwtAuthenticationIdentity.Name, StringComparison.InvariantCultureIgnoreCase)) { user.CanBeUpdated = user.CanBeDeleted = true; } else { user.CanBeUpdated = user.CanBeDeleted = false; } } } } } }
protected bool SecurityCheckRoleAdminOrUser() { if (User?.Identity == null) { return(false); } /* La demande de modification est valide ssi * - le rôle est ROLE_SUPER_ADMIN * ou * - le rôle est ROLE_USER */ JWTAuthenticationIdentity jwtAuthenticationIdentity = GetJWTIdentity(); return(jwtAuthenticationIdentity.IsInRole("ROLE_SUPER_ADMIN") || jwtAuthenticationIdentity.IsInRole("ROLE_USER")); }
protected bool SecurityCheckRoleAdminOrOwner(string userLogin) { if (User?.Identity == null) { return(false); } /* La demande de modification est valide ssi * - le rôle est ROLE_SUPER_ADMIN * ou * - le rôle est ROLE_USER et l'utilisateur authentifié pat le token est l'utilisateur qui fait la modification */ JWTAuthenticationIdentity jwtAuthenticationIdentity = GetJWTIdentity(); return(jwtAuthenticationIdentity.IsInRole("ROLE_SUPER_ADMIN") || (jwtAuthenticationIdentity.IsInRole("ROLE_USER") && jwtAuthenticationIdentity.Name.Equals(userLogin, System.StringComparison.InvariantCultureIgnoreCase))); }
public void TokenValidation() { AuthenticationModule authentication = new AuthenticationModule(); string token = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbi50ZXN0Iiwibm9tIjoiQWRtaW5pc3RyYXRldXIiLCJwcmVub20iOiJBZG1pbmlzdHJhdGV1ciIsIm1haWwiOiJhZG1pbi5yZXNlYXVAbW9udHBlbGxpZXItZXBzaS5mciIsImNsYXNzZSI6IkFkbWluaXN0cmF0aW9uIiwicm9sZXMiOiJST0xFX1NVUEVSX0FETUlOIiwiaWF0IjoxNTQ0Nzc3NzgzLCJleHAiOjE1NDQ3ODQ5ODN9.ebNHIHnaOtiCTPJmP2a0V7vhkrCZB0S5-wpN2fkzOKk"; JwtSecurityToken securityToken = authentication.ValidateToken(token); Assert.IsNotNull(securityToken); JWTAuthenticationIdentity identity = AuthenticationModule.PopulateUserIdentity(securityToken); Assert.IsTrue(identity.Name.Equals("admin.test")); Assert.IsTrue(identity.Nom.Equals("Administrateur")); Assert.IsTrue(identity.Mail.Equals("*****@*****.**")); Assert.IsTrue(1 == 1); }
public WeatherForecast Get(int id) { JWTAuthenticationIdentity jwtUser = AuthenticationModule.PopulateUser(HttpContext.User.Identity as ClaimsIdentity); Console.WriteLine($"WeatherForecastController.Get, jwtUser.Name={jwtUser.Name}"); LogManager.GetLogger().Info($"WeatherForecastController.Get, jwtUser.Name={jwtUser.Name}"); var rng = new Random(); return(new WeatherForecast { Date = DateTime.Now.AddDays(2), TemperatureC = rng.Next(-20, 55), Summary = Summaries[rng.Next(Summaries.Length)], Roles = String.Join(",", jwtUser.Roles), Email = jwtUser.Mail, Classe = jwtUser.Classe }); }