public string CreateNewToken(User user, EAccessTokenPurpose purpose) { if (user != null) { try { var token = Randomizor.GenerateRandomAlphanumeric(TOKEN_RAND_LENGTH); string tokenString = StringCipher.Encrypt(token, CIPHER_KEYPHRASE); var encodedToken = System.Text.Encoding.Unicode.GetBytes(tokenString); var tokenUrlEncoded = System.Web.HttpServerUtility.UrlTokenEncode(encodedToken); var purposeName = Enum.GetName(typeof(EAccessTokenPurpose), purpose); //delete all previously request of the same purpose var tokens = _uow.Repository <AccessToken>().GetAsQueryable(x => x.UserId == user.UserId && x.Purpose == purposeName); _uow.Repository <AccessToken>().DeleteAll(tokens); var newToken = new AccessToken { TokenId = Guid.NewGuid(), UserId = user.UserId, TokenKey = token, CreatedTimestamp = DateTime.UtcNow, Purpose = purposeName, StatusId = (int)EStatus.Active, ExpiredTimestamp = DateTime.UtcNow.AddDays(1) }; _uow.Repository <AccessToken>().Insert(newToken); SaveChanges(); return(tokenUrlEncoded); } catch (Exception ex) { Log.Error(ex.Message, ex); } } throw new NullReferenceException("User cannot be null on creating a new token."); }
//token string passed in has userid combined, please seperate and validate token only. public AccessToken IsValidToken(string tokenString, EAccessTokenPurpose purpose) { try { var tokenPurpose = Enum.GetName(typeof(EAccessTokenPurpose), purpose); var tokenUrlDecoded = System.Web.HttpServerUtility.UrlTokenDecode(tokenString); var decodedToken = System.Text.Encoding.Unicode.GetString(tokenUrlDecoded); var decryptedTokenString = StringCipher.Decrypt(decodedToken, CIPHER_KEYPHRASE); var tokenRecord = _uow.Repository <AccessToken>().GetAsQueryable(x => x.TokenKey == decryptedTokenString).FirstOrDefault(); if (tokenRecord != null) { return(tokenRecord); } } catch (Exception ex) { } return(null); }