private LoginResultData UpdateToken(string renewalToken, PersistedToken ptoken, UserInfo userInfo) { var expiry = DateTime.UtcNow.AddMinutes(SessionTokenTtl); if (expiry > ptoken.RenewalExpiry) { // don't extend beyond renewal expiry and make sure it is marked in UTC expiry = new DateTime(ptoken.RenewalExpiry.Ticks, DateTimeKind.Utc); } ptoken.TokenExpiry = expiry; var portalSettings = PortalController.Instance.GetCurrentPortalSettings(); var secret = ObtainSecret(ptoken.TokenId, portalSettings.GUID, userInfo.Membership.LastPasswordChangeDate); var jwt = CreateJwtToken(secret, portalSettings.PortalAlias.HTTPAlias, ptoken, userInfo.Roles); var accessToken = jwt.RawData; // save hash values in DB so no one with access can create JWT header from existing data ptoken.TokenHash = GetHashedStr(accessToken); DataProvider.UpdateToken(ptoken); return(new LoginResultData { UserId = userInfo.UserID, DisplayName = userInfo.DisplayName, AccessToken = accessToken, RenewalToken = renewalToken }); }
/// <inheritdoc/> public virtual void AddToken(PersistedToken token) { this.dataProvider.ExecuteNonQuery( "JsonWebTokens_Add", token.TokenId, token.UserId, token.TokenExpiry, token.RenewalExpiry, token.TokenHash, token.RenewalHash); DataCache.SetCache(GetCacheKey(token.TokenId), token, token.TokenExpiry.ToLocalTime()); }
public virtual void UpdateToken(PersistedToken token) { _dataProvider.ExecuteNonQuery("JsonWebTokens_Update", token.TokenId, token.TokenExpiry, token.TokenHash); token.RenewCount += 1; DataCache.SetCache(GetCacheKey(token.TokenId), token, token.TokenExpiry.ToLocalTime()); }
private static JwtSecurityToken CreateJwtToken(byte[] symmetricKey, string issuer, PersistedToken ptoken, IEnumerable <string> roles) { //var key = Convert.FromBase64String(symmetricKey); var credentials = new SigningCredentials( new InMemorySymmetricSecurityKey(symmetricKey), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256"); var claimsIdentity = new ClaimsIdentity(); claimsIdentity.AddClaim(new Claim(SessionClaimType, ptoken.TokenId)); claimsIdentity.AddClaims(roles.Select(r => new Claim(ClaimTypes.Role, r))); var notBefore = DateTime.UtcNow.AddMinutes(-ClockSkew); var notAfter = ptoken.TokenExpiry; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(issuer, null, claimsIdentity, notBefore, notAfter, credentials); return(token); }
/// <summary> /// Validates user login credentials from request header Auth parameter and returns result when successful /// </summary> public LoginResultData LoginUser(HttpRequestMessage request) { if (!JwtAuthMessageHandler.IsEnabled) { Logger.Trace(SchemeType + " is not registered/enabled in web.config file"); return(EmptyWithError("disabled")); } var portalSettings = PortalController.Instance.GetCurrentPortalSettings(); if (portalSettings == null) { Logger.Trace("portalSettings = null"); return(EmptyWithError("no-portal")); } var status = UserLoginStatus.LOGIN_FAILURE; var ipAddress = request.GetIPAddress() ?? ""; var loginData = GetCredentials(request); if (loginData == null) { Logger.Trace("empty username or password"); return(EmptyWithError("bad-credentials")); } var userInfo = UserController.ValidateUser(portalSettings.PortalId, loginData.Value.Username, loginData.Value.Password, "DNN", "", AuthScheme, ipAddress, ref status); if (userInfo == null) { Logger.Trace("user = null"); return(EmptyWithError("bad-credentials")); } var valid = status == UserLoginStatus.LOGIN_SUCCESS || status == UserLoginStatus.LOGIN_SUPERUSER || status == UserLoginStatus.LOGIN_INSECUREADMINPASSWORD || status == UserLoginStatus.LOGIN_INSECUREHOSTPASSWORD; if (!valid) { Logger.Trace("login status = " + status); return(EmptyWithError("bad-credentials")); } // save hash values in DB so no one with access can create JWT header from existing data var sessionId = NewSessionId; var now = DateTime.UtcNow; var renewalToken = EncodeBase64(Hasher.ComputeHash(Guid.NewGuid().ToByteArray())); var ptoken = new PersistedToken { TokenId = sessionId, UserId = userInfo.UserID, TokenExpiry = now.AddMinutes(SessionTokenTtl), RenewalExpiry = now.AddDays(RenewalTokenTtl), //TokenHash = GetHashedStr(accessToken), -- not computed yet RenewalHash = GetHashedStr(renewalToken), }; var secret = ObtainSecret(sessionId, portalSettings.GUID, userInfo.Membership.LastPasswordChangeDate); var jwt = CreateJwtToken(secret, portalSettings.PortalAlias.HTTPAlias, ptoken, userInfo.Roles); var accessToken = jwt.RawData; ptoken.TokenHash = GetHashedStr(accessToken); DataProvider.AddToken(ptoken); return(new LoginResultData { UserId = userInfo.UserID, DisplayName = userInfo.DisplayName, AccessToken = accessToken, RenewalToken = renewalToken }); }