private async Task GenerateToken(HttpContext context) { string UserName = GlobalFunctions.CmdAsymmetricDecrypt(context.Request.Form["UserName"]); UserName = UserName.Substring(0, UserName.Length - 10); string UserPass = GlobalFunctions.CmdAsymmetricDecrypt(context.Request.Form["UserPass"]); UserPass = UserPass.Substring(0, UserPass.Length - 10); string UserType = GlobalFunctions.CmdAsymmetricDecrypt(context.Request.Form["UserType"]); UserType = UserType.Substring(0, UserType.Length - 10); WebApiUserTypesEnum tmpWebApiUserType = (WebApiUserTypesEnum)Convert.ToInt16(UserType); string MachineID = GlobalFunctions.CmdAsymmetricDecrypt(context.Request.Form["MachineID"]); MachineID = MachineID.Substring(0, MachineID.Length - 10); string Par_Out_Result = string.Empty; string Par_Out_UserRole = string.Empty; string tmp_IPAddress = context.Connection.RemoteIpAddress.ToString(); await TS.AddVisitor(tmp_IPAddress); await TS.AddActivityLog("AllUser", "Token generation for " + tmp_IPAddress, MethodBase.GetCurrentMethod()); var identity = await GetIdentity(UserName, UserPass, tmp_IPAddress, MachineID, tmpWebApiUserType, out Par_Out_Result, out Par_Out_UserRole); if (identity == null) { var error_response = new { Access_token = "", Expires_in = 0, Error_Message = Par_Out_Result }; // Serialize and return the response context.Response.ContentType = "application/json"; await context.Response.WriteAsync(JsonConvert.SerializeObject(error_response, new JsonSerializerSettings { Formatting = Formatting.Indented })); return; } var now = DateTime.UtcNow; TimeSpan span = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc)); double unixTime = span.TotalSeconds; // Specifically add the jti (random nonce), iat (issued timestamp), and sub (subject/user) claims. // You can add other claims here, if you want: var claims = new Claim[] { new Claim(JwtRegisteredClaimNames.Sub, "tmp_User"), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(now).ToString(), ClaimValueTypes.Integer64), new Claim("UserID", Par_Out_Result), //encrypted new Claim("UserName", GlobalFunctions.CmdAsymmetricEncrypt(UserName.ToLower() + GlobalFunctions.GetRandomAlphaNumeric(10))), //encrypted //new Claim("MyClientAsymPK", context.Request.Form["MyClientAsymPK"]), //encrypted new Claim("ClientSymmKey", context.Request.Form["ClientSymmKey"]), //encrypted new Claim("ClientSymmIV", context.Request.Form["ClientSymmIV"]), //encrypted new Claim("MachineID", context.Request.Form["MachineID"]), //encrypted new Claim("ClientIP", GlobalFunctions.CmdAsymmetricEncrypt(tmp_IPAddress + GlobalFunctions.GetRandomAlphaNumeric(10))), //encrypted new Claim("roles", Par_Out_UserRole), }; // Create the JWT and write it to a string var jwt = new JwtSecurityToken( issuer: _options.Issuer, audience: _options.Audience, claims: claims, notBefore: now, expires: now.Add(_options.Expiration), signingCredentials: _options.SigningCredentials); try { var response = new { Access_token = new JwtSecurityTokenHandler().WriteToken(jwt), Expires_in = (int)_options.Expiration.TotalSeconds, Error_Message = string.Empty }; // Serialize and return the response context.Response.ContentType = "application/json"; await context.Response.WriteAsync(JsonConvert.SerializeObject(response, new JsonSerializerSettings { Formatting = Formatting.Indented })); } catch (Exception ex) { var response = new { Access_token = string.Empty, Expires_in = 0, Error_Message = ex.Message }; // Serialize and return the response context.Response.ContentType = "application/json"; await context.Response.WriteAsync(JsonConvert.SerializeObject(response, new JsonSerializerSettings { Formatting = Formatting.Indented })); } }