public void DeleteCookie(string name) { _cookieSvc.DeleteCookie(name); }
private async Task <TokenResponseModel> RefreshToken(TokenRequestModel model) { try { if (_appSettings.AllowSiteWideTokenRefresh) { // STEP 1: Validate JWT Token var jwtValidationResult = await ValidateAuthTokenAsync(); if (jwtValidationResult.IsValid && jwtValidationResult.Message == "Token Expired") { // check if there's an user with the refresh token's userId var user = await _userManager.FindByEmailAsync(model.Email); // also check if user is not admin / using admin cookie if (user == null || user.UserRole == "Administrator") { // UserId not found or invalid return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized)); } // check if the received refreshToken exists for the given clientId var rt = _db.Tokens.FirstOrDefault(t => t.ClientId == _appSettings.ClientId && t.UserId == user.Id); if (rt == null) { return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized)); } // check if refresh token is expired if (rt.ExpiryTime < DateTime.UtcNow) { _cookieSvc.DeleteCookie("access_token"); _cookieSvc.DeleteCookie("refreshToken"); _cookieSvc.DeleteCookie("loginStatus"); _cookieSvc.DeleteCookie("username"); _cookieSvc.DeleteCookie("userRole"); return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized)); } /* Get the Data protection service instance */ var protectorProvider = _provider.GetService <IDataProtectionProvider>(); /* Create a protector instance */ var protectorRt = protectorProvider.CreateProtector(rt.EncryptionKeyRt); var unprotectedToken = protectorRt.Unprotect(_cookieSvc.Get("refreshToken")); var decryptedToken = unprotectedToken.ToString(); if (rt.Value != decryptedToken) { return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized)); } var accessToken = await CreateAccessToken(user); var expireTime = accessToken.Expiration.Subtract(DateTime.UtcNow).TotalMinutes; var refreshTokenExpireTime = accessToken.RefreshTokenExpiration.Subtract(DateTime.UtcNow).TotalMinutes; // set cookie for jwt and refresh token // Expiry time for cookie - When Refresh token expires all other cookies should expire // therefor set all the cookie expiry time to refresh token expiry time _cookieSvc.SetCookie("access_token", accessToken.Token.ToString(), Convert.ToInt32(refreshTokenExpireTime)); _cookieSvc.SetCookie("refreshToken", accessToken.RefreshToken, Convert.ToInt32(refreshTokenExpireTime)); _cookieSvc.SetCookie("loginStatus", "1", Convert.ToInt32(refreshTokenExpireTime), false, false); _cookieSvc.SetCookie("username", user.UserName, Convert.ToInt32(refreshTokenExpireTime), false, false); _cookieSvc.SetCookie("userRole", user.UserRole, Convert.ToInt32(refreshTokenExpireTime), false, false); _cookieSvc.SetCookie("user_id", accessToken.UserId, Convert.ToInt32(refreshTokenExpireTime)); accessToken.Principal = validateToken; return(accessToken); } } } catch (Exception ex) { Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}", ex.Message, ex.StackTrace, ex.InnerException, ex.Source); return(CreateErrorResponseToken($"Error => {ex.Message}", HttpStatusCode.Unauthorized)); } return(CreateErrorResponseToken("Request Not Supported", HttpStatusCode.Unauthorized)); }