public string GenerateToken() { var signingCredentials = new SigningCredentials(appSettings.TokenSigningKey, SecurityAlgorithms.HmacSha256); var ec = new EncryptingCredentials(appSettings.TokenEncryptionKey, JwtConstants.DirectKeyUseAlg, SecurityAlgorithms.Aes256CbcHmacSha512); var handler = new JwtSecurityTokenHandler(); IList <Claim> claims = new List <Claim>(); claims.Add(new Claim(Constants.Claims.ObjectId, ObjectId, ClaimValueTypes.String, appSettings.IdTokenIssuer)); claims.Add(new Claim(Constants.Claims.TransactionReference, TransactionReference, ClaimValueTypes.String, appSettings.IdTokenIssuer)); claims.Add(new Claim(Constants.Claims.IsVerified, IsVerified.ToString(), ClaimValueTypes.String, appSettings.IdTokenIssuer)); claims.Add(new Claim(Constants.Claims.Message, Message ?? string.Empty, ClaimValueTypes.String, appSettings.IdTokenIssuer)); var jwt = handler.CreateEncodedJwt( appSettings.IdTokenIssuer, appSettings.IdTokenAudience, new ClaimsIdentity(claims), DateTime.Now, DateTime.Now.AddDays(1), DateTime.Now, signingCredentials, ec); return(jwt); }
private (string Token, DateTimeOffset Expires) CreateToken(IEnumerable <Claim> claims, int expirationMinutes) { var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration.Value.SigningKey)); var signingCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); EncryptingCredentials encryptCredentials = null; if (!string.IsNullOrEmpty(_configuration.Value.EncrtyptKey)) { var encryptionkey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration.Value.EncrtyptKey)); encryptCredentials = new EncryptingCredentials(encryptionkey, SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); } var now = DateTime.UtcNow; var expires = now.AddMinutes(expirationMinutes); var descriptor = new SecurityTokenDescriptor { Issuer = _configuration.Value.Issuer, Audience = _configuration.Value.Audience, IssuedAt = now, NotBefore = now, Expires = expires, SigningCredentials = signingCredentials, EncryptingCredentials = encryptCredentials, Subject = new ClaimsIdentity(claims) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(descriptor); var encryptedJwt = tokenHandler.WriteToken(securityToken); return(encryptedJwt, expires); }
public string Generate(User user) { var secretKey = Encoding.UTF8.GetBytes(_configuration["Jwt:SecretKey"]); // longer that 16 character var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(secretKey), SecurityAlgorithms.HmacSha256Signature); var encryptionkey = Encoding.UTF8.GetBytes(_configuration["Jwt:Encryptkey"]); //must be 16 character var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); var claims = _getClaims(user); var descriptor = new SecurityTokenDescriptor { Issuer = _configuration["Jwt:Issuer"], Audience = _configuration["Jwt:Audience"], IssuedAt = DateTime.Now, NotBefore = DateTime.Now.AddMinutes(0), Expires = DateTime.Now.AddDays(7), SigningCredentials = signingCredentials, EncryptingCredentials = encryptingCredentials, Subject = new ClaimsIdentity(claims) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(descriptor); var encryptedJwt = tokenHandler.WriteToken(securityToken); return(encryptedJwt); }
public async Task <string> GenerateAccessTokenAsync(AppUser user) { var secretKey = Encoding.UTF8.GetBytes(_siteSettings.JwtSettings.SecretKey); var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(secretKey), SecurityAlgorithms.HmacSha256Signature); var encryptionKey = Encoding.UTF8.GetBytes(_siteSettings.JwtSettings.EncryptKey); var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionKey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); var tokenDescriptor = new SecurityTokenDescriptor() { Issuer = _siteSettings.JwtSettings.Issuer, Audience = _siteSettings.JwtSettings.Audience, IssuedAt = DateTime.Now, NotBefore = DateTime.Now.AddMinutes(_siteSettings.JwtSettings.NotBeforeMinutes), Expires = DateTime.Now.AddMinutes(_siteSettings.JwtSettings.ExpirationMinutes), SigningCredentials = signingCredentials, Subject = new ClaimsIdentity(GetClaimsAsync(user)), EncryptingCredentials = encryptingCredentials, }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(tokenDescriptor); return(tokenHandler.WriteToken(securityToken)); }
public ActionResult GetAdminToken() { var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, "sub"), new Claim(JwtRegisteredClaimNames.Jti, "jti"), new Claim(ClaimTypes.Role, "admin") }; string securityKey = "super_secrete_222super_secrete_222super_secrete_222super_secrete_222super_secrete_222super_secrete_222super_secrete_222super_secrete_222"; var symmetricSecKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey)); var singInCredentials = new SigningCredentials(symmetricSecKey, SecurityAlgorithms.HmacSha256Signature); var encryptingCredentials = new EncryptingCredentials(symmetricSecKey, JwtConstants.DirectKeyUseAlg, SecurityAlgorithms.Aes256CbcHmacSha512); var token = new JwtSecurityTokenHandler().CreateJwtSecurityToken( "kevin.broit", "readers", new ClaimsIdentity(claims), null, DateTime.Now.AddHours(1), null, singInCredentials, encryptingCredentials); return(Ok(new JwtSecurityTokenHandler().WriteToken(token))); }
public async Task <string> Generate(User user) { var secretKey = Encoding.UTF8.GetBytes(settings.Value.JWTSettings.SecretKey); // longer than 16 characters var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(secretKey), SecurityAlgorithms.HmacSha256Signature); var encryptionKey = Encoding.UTF8.GetBytes(settings.Value.JWTSettings.EncryptKey); var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionKey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); var claims = await _getClaims(user); var descriptor = new SecurityTokenDescriptor { Issuer = settings.Value.JWTSettings.Issuer, Audience = settings.Value.JWTSettings.Audience, IssuedAt = DateTime.Now, //NotBefore = DateTime.Now.AddMinutes(settings.Value.JWTSettings.NotBeforeMinutes), Expires = DateTime.Now.AddMinutes(settings.Value.JWTSettings.ExpirationTime), SigningCredentials = signingCredentials, EncryptingCredentials = encryptingCredentials, Subject = new ClaimsIdentity(claims) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(descriptor); var encryptedJwt = tokenHandler.WriteToken(securityToken); return(encryptedJwt); }
private UserToken BuildToken(UserInfo data, string rol) { var claimsData = new List <Claim> { new Claim(JwtRegisteredClaimNames.UniqueName, data.User), new Claim("Custom", "CustomData"), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(ClaimTypes.Role, rol) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("LLAVE-DE-SEGURIDAD123456789012345679012lsklsksiwkwkwkisksksiwlwlodckd34569874525241252524414525215655000")); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var encryptingCredentials = new EncryptingCredentials(key, JwtConstants.DirectKeyUseAlg, SecurityAlgorithms.Aes256CbcHmacSha512); var tiempoExpiracion = DateTime.UtcNow.AddMinutes(30); var token = new JwtSecurityTokenHandler().CreateJwtSecurityToken( issuer: null, audience: null, subject: new ClaimsIdentity(claimsData), notBefore: null, expires: tiempoExpiracion, issuedAt: null, signingCredentials: creds, encryptingCredentials: encryptingCredentials ); return(new UserToken() { ExpirationToken = tiempoExpiracion, Token = new JwtSecurityTokenHandler().WriteToken(token) }); }
public SecurityTokenDescriptor CreateDescriptor(string name = "user", string nameIdentifier = "user-id", SecurityKey encryptionKey = null, SecurityKey signingKey = null, SecurityKey proofKey = null, bool encryptProofKey = true) { if (encryptionKey == null) encryptionKey = DefaultEncryptionKey; if (signingKey == null) signingKey = DefaultSigningKey; var claims = new List<Claim>(); if (name != null) claims.Add(new Claim(ClaimTypes.Name, name)); if (nameIdentifier != null) claims.Add(new Claim(ClaimTypes.NameIdentifier, nameIdentifier)); var identity = new ClaimsIdentity(claims, "Test", ClaimTypes.NameIdentifier, ClaimTypes.Role); var encryptingCredentials = new EncryptingCredentials(encryptionKey, SecurityAlgorithms.RsaOaepKeyWrap, SecurityAlgorithms.Aes128Encryption); var descriptor = new RequestedSecurityTokenDescriptor { Issuer = "urn:tests", Audience = "urn:unittests", EncryptingCredentials = encryptingCredentials, SigningCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha256Signature, SecurityAlgorithms.Sha256Digest), IssuedAt = DateTime.UtcNow, Expires = DateTime.UtcNow.AddMinutes(5), NotBefore = DateTime.UtcNow, Subject = identity, ProofKey = proofKey, ProofKeyEncryptingCredentials = encryptProofKey ? encryptingCredentials : null }; return descriptor; }
public string GenerateToken(IAuthContainerModel model) { if (model == null || model.Claims == null || model.Claims.Count == 0) { throw new ArgumentException("Arguments to create token are not valid"); } var ep = new EncryptingCredentials( GetSymmetricSecurityKey2(), JwtConstants.DirectKeyUseAlg, // SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); SecurityTokenDescriptor securityTokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(GetClaims(model.Claims)), Expires = DateTime.UtcNow.AddMinutes(Convert.ToInt32(model.ExpireMinutes)), SigningCredentials = new SigningCredentials(GetSymmetricSecurityKey(), model.SecurityAlgorithm), EncryptingCredentials = ep//new EncryptingCredentials(GetSymmetricSecurityKey2(), model.SecurityAlgorithm), }; JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); SecurityToken securityToken = handler.CreateToken(securityTokenDescriptor); string token = handler.WriteToken(securityToken); return(token); }
public void ShouldValidateJwe(string algorithm, string encryption) { var key = new CryptographicKey(Algorithm.Create(algorithm).WithContentEncryption(encryption)); var encryptingCredentials = new EncryptingCredentials(key, algorithm, encryption); var handler = new JsonWebTokenHandler(); var now = DateTime.Now; var jwt = new SecurityTokenDescriptor { Issuer = "me", Audience = "you", IssuedAt = now, NotBefore = now, Expires = now.AddMinutes(5), Subject = new ClaimsIdentity(GenerateClaim().Generate(5)), EncryptingCredentials = encryptingCredentials }; var jwe = handler.CreateToken(jwt); var result = handler.ValidateToken(jwe, new TokenValidationParameters { ValidIssuer = "me", ValidAudience = "you", RequireSignedTokens = false, TokenDecryptionKey = encryptingCredentials.Key }); result.IsValid.Should().BeTrue(); }
public static void Run() { var key = new RsaSecurityKey(RSA.Create(2048)) { KeyId = Guid.NewGuid().ToString() }; var jweKey = new EncryptingCredentials(key, SecurityAlgorithms.RsaOAEP, SecurityAlgorithms.Aes128CbcHmacSha256); var payloadRepresentation = new List <Claim>() { new("claim1", "10"), new("claim2", "claim2-value"), new ("name", "Bruno Brito"), new ("given_name", "Bruno"), new ("logins", "brunohbrito"), new ("logins", "bhdebrito"), new ("logins", "bruno_hbrito"), }; var handler = new JsonWebTokenHandler(); var now = DateTime.Now; var jwt = new SecurityTokenDescriptor { Issuer = "me", Audience = "you", IssuedAt = now, NotBefore = now, Expires = now.AddMinutes(5), Subject = new ClaimsIdentity(payloadRepresentation), EncryptingCredentials = jweKey }; var jwe = handler.CreateToken(jwt); Console.ResetColor(); Console.ForegroundColor = ConsoleColor.Yellow; Console.Write("JWE: "); Console.ForegroundColor = ConsoleColor.Cyan; Console.WriteLine(jwe); Console.ResetColor(); var result = handler.ValidateToken(jwe, new TokenValidationParameters { ValidIssuer = "me", ValidAudience = "you", RequireSignedTokens = false, TokenDecryptionKey = jweKey.Key }); var claims = JsonSerializer.Serialize(result.Claims, new JsonSerializerOptions() { WriteIndented = true }); Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine("Claims: "); Console.ForegroundColor = ConsoleColor.Cyan; Console.WriteLine(claims); Console.ResetColor(); }
private string CreateJwt(User created) { var claims = new[] { new Claim(ClaimTypes.Name, created.Id.ToString()) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration.Token.Key)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var encryptingCredentials = new EncryptingCredentials(key, JwtConstants.DirectKeyUseAlg, SecurityAlgorithms.Aes256CbcHmacSha512); var jwtSecurityToken = new JwtSecurityTokenHandler().CreateJwtSecurityToken( _configuration.Token.Issuer, _configuration.Token.Audience, new ClaimsIdentity(claims), null, expires: DateTime.UtcNow.AddDays(3), null, signingCredentials: creds, encryptingCredentials: encryptingCredentials ); var encryptedJWT = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken); return(encryptedJWT); }
public async Task <AccessToken> GenerateToken(User user) { var securityKey = Encoding.UTF8.GetBytes(_settings.JwtOptions.SecretKey); var signinCredentials = new SigningCredentials(new SymmetricSecurityKey(securityKey), SecurityAlgorithms.HmacSha256Signature); var secretKey2 = Encoding.UTF8.GetBytes(_settings.JwtOptions.SecretKey2); var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(secretKey2), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); var claims = await _getUserClaims(user); var descriptor = new SecurityTokenDescriptor { Issuer = _settings.JwtOptions.Issuer, Audience = _settings.JwtOptions.Audience, IssuedAt = DateTime.UtcNow, Expires = DateTime.Now.AddMinutes(_settings.JwtOptions.Expiration), SigningCredentials = signinCredentials, Subject = new ClaimsIdentity(claims), EncryptingCredentials = encryptingCredentials }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateJwtSecurityToken(descriptor); return(GenerateAccessToken(securityToken)); }
/// <summary> /// Generate a token /// </summary> /// <param name="entitlements">Details of the entitlements to encode into the token.</param> /// <param name="signingCert">Certificate to use when signing the token (optional).</param> /// <param name="encryptionCert">Certificate to use when encrypting the token (optional).</param> /// <returns>Generated token, if any; otherwise all related errors.</returns> private static string GenerateToken( NodeEntitlements entitlements, X509Certificate2 signingCert = null, X509Certificate2 encryptionCert = null) { SigningCredentials signingCredentials = null; if (signingCert != null) { var signingKey = new X509SecurityKey(signingCert); signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.RsaSha512Signature); } EncryptingCredentials encryptingCredentials = null; if (encryptionCert != null) { var encryptionKey = new X509SecurityKey(encryptionCert); encryptingCredentials = new EncryptingCredentials( encryptionKey, SecurityAlgorithms.RsaOAEP, SecurityAlgorithms.Aes256CbcHmacSha512); } var entitlementWithIdentifier = entitlements.WithIdentifier($"entitlement-{Guid.NewGuid():D}"); var generator = new TokenGenerator(_logger, signingCredentials, encryptingCredentials); return(generator.Generate(entitlementWithIdentifier)); }
private async Task <string> GenerateToken(TokenInfo user, int lifeTime) { var secretKey = Encoding.UTF8.GetBytes(_setting.JwtSetting.SecretKey); // longer that 16 character var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(secretKey) , SecurityAlgorithms.HmacSha256Signature); var encryptionkey = Encoding.UTF8.GetBytes(_setting.JwtSetting.Encryptkey); //must be 16 character var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); ///تنظیم ویژگی های توکن var descriptor = new SecurityTokenDescriptor { ///صادر کننده توکن Issuer = _setting.JwtSetting.Issuer, Audience = _setting.JwtSetting.Audience, IssuedAt = DateTime.Now, NotBefore = DateTime.Now, Expires = DateTime.Now.AddMinutes(lifeTime), SigningCredentials = signingCredentials, EncryptingCredentials = encryptingCredentials, Subject = new ClaimsIdentity(CustomClaims(user)) }; var tokenHandler = new JwtSecurityTokenHandler(); return(tokenHandler.WriteToken(tokenHandler.CreateToken(descriptor))); }
public string Generate(User user) { var encryptionkey = Encoding.UTF8.GetBytes("aaaaaaaaaaaaaaaa"); //must be 16 character var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); var secretkey = Encoding.UTF8.GetBytes("asdfdsasdfcdsdfdsd"); var signingcredential = new SigningCredentials(new SymmetricSecurityKey(secretkey), SecurityAlgorithms.HmacSha256Signature); var claims = getclaims(user); var descriptor = new SecurityTokenDescriptor { Issuer = "MyWeb", Audience = "MyWeb", IssuedAt = DateTime.Now, NotBefore = DateTime.Now.AddMinutes(0), Expires = DateTime.Now.AddHours(1), SigningCredentials = signingcredential, EncryptingCredentials = encryptingCredentials, Subject = new ClaimsIdentity(claims) }; var tokenhandler = new JwtSecurityTokenHandler(); var securitykey = tokenhandler.CreateToken(descriptor); var jwt = tokenhandler.WriteToken(securitykey); return(jwt); }
public async Task <String> GenerateTokenAsync(ApplicationUser user) { var securityKey = Encoding.UTF8.GetBytes(_settings.SecretKey); var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(securityKey), SecurityAlgorithms.HmacSha256Signature); var encryptKey = Encoding.UTF8.GetBytes(_settings.EncryptKey); var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptKey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); var tokenDescriptor = new SecurityTokenDescriptor { Audience = _settings.Audience, Issuer = _settings.Issuer, IssuedAt = DateTime.Now, NotBefore = DateTime.Now.AddMinutes(_settings.NotBeforeMinutes), Expires = DateTime.Now.AddDays(_settings.ExpirationDay), SigningCredentials = signingCredentials, EncryptingCredentials = encryptingCredentials, Subject = await _getUserAsSubject(user) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(tokenDescriptor); var writeToken = tokenHandler.WriteToken(securityToken); return(writeToken); }
public async Task <Token> BuildTokenAsync(long userId, IEnumerable <Claim> claims) { var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.Value.SigningKey)); var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256); var encryptingKey = Encoding.UTF8.GetBytes(_options.Value.EncryptingKey); //must be 16 character var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptingKey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); var now = DateTime.UtcNow; var tokenDescriptor = new SecurityTokenDescriptor { Issuer = _options.Value.Issuer, Audience = _options.Value.Audience, IssuedAt = now, NotBefore = now, Expires = now.AddMinutes(_options.Value.TokenExpirationMinutes), SigningCredentials = signingCredentials, EncryptingCredentials = encryptingCredentials, Subject = new ClaimsIdentity(claims) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(tokenDescriptor); var token = tokenHandler.WriteToken(securityToken); await AddUserTokenAsync(userId, token); return(new Token { Value = token }); }
public async Task <AccessToken> GenerateAsync(User user) { byte[] secretKey = Encoding.UTF8.GetBytes(_siteSetting.JwtSettings.SecretKey); // longer that 16 character SigningCredentials signingCredentials = new SigningCredentials(new SymmetricSecurityKey(secretKey), SecurityAlgorithms.HmacSha256Signature); byte[] encryptionkey = Encoding.UTF8.GetBytes(_siteSetting.JwtSettings.Encryptkey); //must be 16 character EncryptingCredentials encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); IEnumerable <Claim> claims = await _getClaimsAsync(user); SecurityTokenDescriptor descriptor = new SecurityTokenDescriptor { Issuer = _siteSetting.JwtSettings.Issuer, Audience = _siteSetting.JwtSettings.Audience, IssuedAt = DateTime.Now, NotBefore = DateTime.Now.AddMinutes(_siteSetting.JwtSettings.NotBeforeMinutes), Expires = DateTime.Now.AddMinutes(_siteSetting.JwtSettings.ExpirationMinutes), SigningCredentials = signingCredentials, EncryptingCredentials = encryptingCredentials, Subject = new ClaimsIdentity(claims) }; //JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); //JwtSecurityTokenHandler.DefaultMapInboundClaims = false; //JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear(); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken securityToken = tokenHandler.CreateJwtSecurityToken(descriptor); //string encryptedJwt = tokenHandler.WriteToken(securityToken); return(new AccessToken(securityToken)); }
public static string BuildJwt( IEnumerable <Claim> claims, string issuer, string?audience, TimeSpan accessTokenExpiryTime, SigningCredentials signingCredentials, EncryptingCredentials encryptingCredentials) { DateTime utcNow = DateTime.UtcNow; JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); JwtSecurityToken token = handler.CreateJwtSecurityToken( issuer, audience, // null if _options.NeedAudienceToBeChecked is false new ClaimsIdentity(claims), utcNow, utcNow + accessTokenExpiryTime, utcNow, signingCredentials, encryptingCredentials ); return(handler.WriteToken(token)); }
public async Task <AccessToken> GenerateAsync(User user) { var secretKey = Encoding.UTF8.GetBytes(_siteSetting.SecretKey); // longer that 16 character var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(secretKey), SecurityAlgorithms.HmacSha256Signature); var encryptionkey = Encoding.UTF8.GetBytes(_siteSetting.Encryptkey); //must be 16 character var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); var claims = await _getClaimsAsync(user); var descriptor = new SecurityTokenDescriptor { Issuer = _siteSetting.Issuer, Audience = _siteSetting.Audience, IssuedAt = DateTime.Now, NotBefore = DateTime.Now.AddMinutes(0), Expires = DateTime.Now.AddMinutes(_siteSetting.ExpirationMinutes), SigningCredentials = signingCredentials, EncryptingCredentials = encryptingCredentials, Subject = new ClaimsIdentity(claims) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateJwtSecurityToken(descriptor); var refreshToken = await _unitOfWork.UserRefreshTokenRepository.CreateToken(user.Id); await _unitOfWork.CommitAsync(); return(new AccessToken(securityToken, refreshToken.ToString())); }
public static void AddAuthentication(this IServiceCollection services, SecurityOptions options) { _signing = _signing ?? BuildSigningCredentials(options); _encrypting = _encrypting ?? BuildEncryptingCredentials(options); services .AddAuthentication(x => { x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(x => { x.TokenValidationParameters = BuildTokenValidationParameters(options); #if DEBUG x.IncludeErrorDetails = true; x.RequireHttpsMetadata = false; #else x.IncludeErrorDetails = false; x.RequireHttpsMetadata = true; #endif }) .AddCookie(cfg => cfg.SlidingExpiration = true); }
private string BuildToken2(UserModel user) { var secretKey = Encoding.UTF8.GetBytes(_config["JwtSettings:Key"]); // must be 16 character or longer var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(secretKey), SecurityAlgorithms.HmacSha256Signature); var encryptionkey = Encoding.UTF8.GetBytes(_config["JwtSettings:EncryptKey"]); //must be 16 character var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); var claims = new List <Claim> { new Claim(ClaimTypes.Name, "UserName"), //user.UserName new Claim(ClaimTypes.NameIdentifier, "123"), //user.Id }; var descriptor = new SecurityTokenDescriptor { Issuer = _config["JwtSettings:Issuer"], //_siteSetting.JwtSettings.Issuer, Audience = _config["JwtSettings:Audience"], //_siteSetting.JwtSettings.Audience, IssuedAt = DateTime.Now, NotBefore = DateTime.Now.AddMinutes(Convert.ToDouble(_config["JwtSettings:AccessTokenExpirationMinutes"])), Expires = DateTime.Now.AddMinutes(Convert.ToDouble(_config["JwtSettings:AccessTokenExpirationMinutes"])), SigningCredentials = signingCredentials, EncryptingCredentials = encryptingCredentials, Subject = new ClaimsIdentity(claims) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(descriptor); string encryptedJwt = tokenHandler.WriteToken(securityToken); return(encryptedJwt); }
public CustomSecurityTokenService(string loginProviderName, SecurityTokenServiceConfiguration securityTokenServiceConfiguration, EncryptingCredentials encryptingCredentials, IDragonUserStore <T> userStore) : base(securityTokenServiceConfiguration) { _loginProviderName = loginProviderName; _encryptingCredentials = encryptingCredentials; _userStore = userStore; }
public async Task <string> GenerateAsync(ApplicationUser user) { var secretKey = Encoding.UTF8.GetBytes(_siteSettings.JwtSettings.secretkey); // secret key on server to ensure security (encrypt+decrypt) var signinCredentials = new SigningCredentials(new SymmetricSecurityKey(secretKey), SecurityAlgorithms.HmacSha256Signature); var encryptionkey = Encoding.UTF8.GetBytes(_siteSettings.JwtSettings.secretkey); //must be 16 character var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); var claims = await _getClaimsAsync(user); var descriptor = new SecurityTokenDescriptor() { Issuer = _siteSettings.JwtSettings.Issuer, Audience = _siteSettings.JwtSettings.Audience, IssuedAt = DateTime.Now, Expires = DateTime.Now.AddMinutes(30), SigningCredentials = signinCredentials, EncryptingCredentials = encryptingCredentials, Subject = new ClaimsIdentity(claims) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(descriptor); var jwt = tokenHandler.WriteToken(securityToken); return(jwt); }
public async Task <JwtToken> CreateAsync(User user) { var jwtSetting = new JwtSettings(); var secretKey = Encoding.UTF8.GetBytes(jwtSetting.SecretKey); // longer that 16 character var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(secretKey), SecurityAlgorithms.HmacSha256Signature); var encryptionkey = Encoding.UTF8.GetBytes(jwtSetting.Encryptkey); //must be 16 character var encryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(encryptionkey), SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); var claims = await AddClaimsAsync(user); var descriptor = new SecurityTokenDescriptor { Issuer = jwtSetting.Issuer, Audience = jwtSetting.Audience, IssuedAt = DateTime.Now, NotBefore = DateTime.Now.AddMinutes(jwtSetting.NotBeforeMinutes), Expires = DateTime.Now.AddMinutes(jwtSetting.ExpirationMinutes), SigningCredentials = signingCredentials, EncryptingCredentials = encryptingCredentials, Subject = new ClaimsIdentity(claims) }; //JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); //JwtSecurityTokenHandler.DefaultMapInboundClaims = false; //JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear(); var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateJwtSecurityToken(descriptor); //string encryptedJwt = tokenHandler.WriteToken(securityToken); return(new JwtToken(securityToken)); }
public string CreateTokenString(ICommandUser commandUser) { SigningCredentials singingCridentials = new SigningCredentials(this.signingKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest); EncryptingCredentials encryptingCridentials = new EncryptingCredentials(this.secutityKey, SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); ClaimsIdentity claimsIdentity = new ClaimsIdentity(new List <Claim>()); claimsIdentity.AddClaim(new Claim(ClaimTypes.PrimarySid, commandUser.ID)); claimsIdentity.AddClaim(new Claim(ClaimTypes.UserData, JsonConvert.SerializeObject(commandUser.UserData))); claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, commandUser.Username)); claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, JsonConvert.SerializeObject(commandUser.UserRoles))); SecurityTokenDescriptor tokenDiscriptor = new SecurityTokenDescriptor(); tokenDiscriptor.Subject = claimsIdentity; tokenDiscriptor.Issuer = this.issuer; tokenDiscriptor.SigningCredentials = singingCridentials; tokenDiscriptor.EncryptingCredentials = encryptingCridentials; tokenDiscriptor.Expires = DateTime.UtcNow.Add(TimeSpan.FromHours(1)); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken token = tokenHandler.CreateJwtSecurityToken(tokenDiscriptor); string tokenString = tokenHandler.WriteToken(token); return(tokenString); }
public async Task ShouldGenerateAndValidateJweAndJws() { await WarmupData.Clear(); var handler = new JsonWebTokenHandler(); var now = DateTime.Now; // Generate right now and in memory var newKey = new CryptographicKey(Algorithm.Create(AlgorithmType.RSA, JwtType.Both)); var encryptingCredentials = new EncryptingCredentials(newKey, EncryptionAlgorithmKey.RsaOAEP, EncryptionAlgorithmContent.Aes128CbcHmacSha256); var signingCredentials = new SigningCredentials(newKey, DigitalSignaturesAlgorithm.RsaSsaPssSha256); var claims = new ClaimsIdentity(GenerateClaim().Generate(5)); var descriptorJws = new SecurityTokenDescriptor { Issuer = "me", Audience = "you", IssuedAt = now, NotBefore = now, Expires = now.AddMinutes(5), Subject = claims, SigningCredentials = signingCredentials }; var descriptorJwe = new SecurityTokenDescriptor { Issuer = "me", Audience = "you", IssuedAt = now, NotBefore = now, Expires = now.AddMinutes(5), Subject = claims, EncryptingCredentials = encryptingCredentials }; var jws = handler.CreateToken(descriptorJws); var jwe = handler.CreateToken(descriptorJwe); var result = await handler.ValidateTokenAsync(jws, new TokenValidationParameters { ValidIssuer = "me", ValidAudience = "you", IssuerSigningKey = signingCredentials.Key }); result.IsValid.Should().BeTrue(); result = await handler.ValidateTokenAsync(jwe, new TokenValidationParameters { ValidIssuer = "me", ValidAudience = "you", RequireSignedTokens = false, TokenDecryptionKey = encryptingCredentials.Key }); result.IsValid.Should().BeTrue(); }
public TokenGeneratorTests() { const string plainTextSecurityKey = "This is my shared, not so secret, secret!"; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(plainTextSecurityKey)); _signingCredentials = new SigningCredentials(key, "fu"); _encryptionCredentials = new EncryptingCredentials(key, "bar", "baz"); }
public CredentialsConfiguration() { SigningCredentials = new SigningCredentials(SymmetricKeySigningCredentials, SecurityAlgorithms.HmacSha256); EncryptingCredentials = new EncryptingCredentials(SymmetricKeyEncryptingCredentials, SecurityAlgorithms.Aes128KW, SecurityAlgorithms.Aes128CbcHmacSha256); }
public SamlRequestDetailsScope(SamlRequestDetails details, EncryptingCredentials signingCredentials, bool requireEncryption) : base(details.Realm.Uri.AbsoluteUri, signingCredentials) { RequestDetails = details; if (RequestDetails.UsesEncryption) { EncryptingCredentials = new X509EncryptingCredentials(details.EncryptingCertificate); } if (RequestDetails.TokenType == TokenTypes.SimpleWebToken || RequestDetails.TokenType == TokenTypes.JsonWebToken) { SigningCredentials = new HmacSigningCredentials(details.RelyingPartyRegistration.SymmetricSigningKey); } ReplyToAddress = RequestDetails.ReplyToAddress.AbsoluteUri; TokenEncryptionRequired = requireEncryption; }