public string GetToken(ClsReturnValues audience, int UserGroupID) { // TODO - Authenticate credentials here // TODO - Based on the audience passed in, pick the shared key from key store // Just hard-coding a key heress string key = "qqO5yXcbijtAdYmS2Otyzeze2XQedqy+Tp37wQ3sgTQ="; SimpleWebToken token = new SimpleWebToken(key) { Issuer = "tdoCloud" }; //verify the user from the database token.AddClaim(ClaimTypes.Name, audience.ID.ToString()); //token.AddClaim(ClaimTypes.Email, "*****@*****.**"); using (tdoEntities db = new tdoEntities()) { var groupName = db.uspGetUserGroups().ToList <ClsUserGroups>().Where(p => p.userGroupID == UserGroupID).First().groupName; token.AddClaim(ClaimTypes.Role, groupName); token.AddClaim("GroupID", UserGroupID.ToString()); } //token.AddClaim(ClaimTypes.Role, "Administrator"); return(token.ToString()); }
public static SimpleWebToken Parse(string token, string secretKey) { var items = HttpUtility.ParseQueryString(token); var swt = new SimpleWebToken(secretKey); foreach (string key in items.AllKeys) { string item = items[key]; switch (key) { case "Issuer": swt.Issuer = item; break; case "Audience": swt.Audience = item; break; case "ExpiresOn": swt.ExpiresOn = ulong.Parse(item); break; case "HMACSHA256": swt.Signature = Convert.FromBase64String(item); break; default: swt.AddClaim(key, items[key]); break; } } string rawToken = swt.ToString(); // Computes HMAC inside ToString() string computedSignature = HttpUtility.ParseQueryString(rawToken) ["HMACSHA256"]; if (!computedSignature.Equals(Convert.ToBase64String(swt.Signature), StringComparison.Ordinal)) { throw new SecurityTokenValidationException("Signature is invalid"); } TimeSpan ts = DateTime.UtcNow - epochStart; if (swt.ExpiresOn < Convert.ToUInt64(ts.TotalSeconds)) { throw new SecurityTokenException("Token has expired"); } return(swt); }