public async Task ValidateAsync(TokenValidatedContext context)
{
var claimsIdentity = context.Principal.Identity as ClaimsIdentity;
if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any())
{
context.Fail("This is not our issued token. It has no claims.");
return;
}
var serialNumberClaim = claimsIdentity.FindFirst(ClaimTypes.SerialNumber);
if (serialNumberClaim == null)
{
context.Fail("This is not our issued token. It has no serial.");
return;
}
var userIdString = claimsIdentity.FindFirst(ClaimTypes.NameIdentifier).Value;
//if (!int.TryParse(userIdString, out int userId))
//{
// context.Fail("This is not our issued token. It has no user-id.");
// return;
//}
if (string.IsNullOrEmpty(userIdString))
{
context.Fail("This is not our issued token. It has no user-id.");
return;
}
var userId = userIdString.Trim();
var user = await _usersService.FindUserAsync(userId);
if (user == null || user.F_SerialNumber != serialNumberClaim.Value || !user.F_IsActive)
{
// user has changed his/her password/roles/stat/IsActive
context.Fail("This token is expired. Please login again.");
}
if (!(context.SecurityToken is JwtSecurityToken accessToken) || string.IsNullOrWhiteSpace(accessToken.RawData) ||
!await _tokenStoreService.IsValidTokenAsync(accessToken.RawData, userId))
{
context.Fail("This token is not in our database.");
return;
}
await _usersService.UpdateUserLastActivityDateAsync(userId);
}
public async Task ValidateAsync(TokenValidatedContext context)
{
var userPrincipal = context.Principal;
var claimsIdentity = context.Principal.Identity as ClaimsIdentity;
if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any())
{
context.Fail("这不是我们发布的令牌。 它没有 Claims.");
return;
}
var serialNumberClaim = claimsIdentity.FindFirst(ClaimTypes.SerialNumber);
if (serialNumberClaim == null)
{
context.Fail("这不是我们发布的令牌。 它没有 serial.");
return;
}
var userIdString = claimsIdentity.FindFirst(ClaimTypes.UserData).Value;
if (!int.TryParse(userIdString, out int userId))
{
context.Fail("T这不是我们发布的令牌。 它没有 user-id.");
return;
}
var user = await _usersService.FindUserAsync(userId).ConfigureAwait(false);
if (user == null || user.SerialNumber != serialNumberClaim.Value || !user.IsActive)
{
// user has changed his/her password/roles/stat/IsActive
context.Fail("Token过期了 请重新登录.");
}
var accessToken = context.SecurityToken as JwtSecurityToken;
if (accessToken == null || string.IsNullOrWhiteSpace(accessToken.RawData) ||
!await _tokenStoreService.IsValidTokenAsync(accessToken.RawData, userId).ConfigureAwait(false))
{
context.Fail("无效的Token.");
return;
}
//更新用户最后活跃时间
await _usersService.UpdateUserLastActivityDateAsync(userId).ConfigureAwait(false);
}
public async Task ValidateAsync(TokenValidatedContext context)
{
var userPrincipal = context.Principal;
var claimsIdentity = context.Principal.Identity as ClaimsIdentity;
if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any())
{
context.Fail("This is not our issued token. It has no claims.");
return;
}
var serialNumberClaim = claimsIdentity.FindFirst(ClaimTypes.SerialNumber);
if (serialNumberClaim == null)
{
context.Fail("This is not our issued token. It has no serial.");
return;
}
var userIdString = claimsIdentity.FindFirst(ClaimTypes.UserData).Value;
if (!int.TryParse(userIdString, out int userId))
{
context.Fail("This is not our issued token. It has no user-id.");
return;
}
var user = await _userService.FindUserAsync(userId.ToString());
if (user.IsActive != null && (user.SerialNumber != serialNumberClaim.Value || (bool)!user.IsActive))
{
// user has changed his/her password/roles/stat/IsActive
context.Fail("This token is expired. Please login again.");
}
var accessToken = context.SecurityToken as JwtSecurityToken;
if (accessToken == null || string.IsNullOrWhiteSpace(accessToken.RawData) ||
!await _tokenStoreService.IsValidTokenAsync(accessToken.RawData, userId.ToString()))
{
context.Fail("This token is not in our database.");
return;
}
await _userService.UpdateUserLastActivityDateAsync(userId.ToString());
}
public async Task ValidateAsync(TokenValidatedContext context)
{
var userPrincipal = context.Principal;
var claimsIdentity = userPrincipal.Identity as ClaimsIdentity;
if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any())
{
context.Fail("This is not our issued token. It has no claims.");
return;
}
var serialNumber = claimsIdentity.FindFirst(ClaimTypes.SerialNumber);
if (serialNumber == null)
{
context.Fail("This is not our issued token. It has no serial.");
return;
}
var userIdString = claimsIdentity.FindFirst(ClaimTypes.UserData).Value;
if (!int.TryParse(userIdString, out int userId))
{
context.Fail("This is not our issued token. It has no user-id.");
return;
}
var user = await _usersService.GetUserAsync(userId);
if (user == null || user.SerialNumber != serialNumber.Value || !user.IsLocked)
{
context.Fail("This token is expired. Please login again.");
}
if (!(context.SecurityToken is JwtSecurityToken accessToken) || string.IsNullOrWhiteSpace(accessToken.RawData) ||
!await _tokenStoreService.IsValidTokenAsync(accessToken.RawData, userId))
{
context.Fail("This token is not in our database.");
return;
}
await _usersService.UpdateUserLastActivityAsync(userId);
}
public async Task ValidateAsync(TokenValidatedContext context)
{
var claimsIdentity = context.Principal.Identity as ClaimsIdentity;
if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any())
{
context.Fail("This is not our issued token. It has no claims.");
return;
}
var serialNumberClaim = claimsIdentity.FindFirst(ClaimTypes.SerialNumber);
if (serialNumberClaim == null)
{
context.Fail("This is not our issued token. It has no serial.");
return;
}
var userIdString = claimsIdentity.FindFirst(ClaimTypes.UserData).Value;
var cancellationTokenSource = new CancellationTokenSource();
var user = await _usersStoreService.FindByIdAsync(userIdString, cancellationTokenSource.Token);
if (user == null || user.SecurityStamp != serialNumberClaim.Value)
{
// user has changed his/her password/roles/stat/IsActive
context.Fail("This token is expired. Please login again.");
}
var accessToken = context.SecurityToken as JwtSecurityToken;
if (accessToken == null || string.IsNullOrWhiteSpace(accessToken.RawData) ||
!await _tokenStoreService.IsValidTokenAsync(accessToken.RawData, userIdString))
{
context.Fail("This token is not in our database.");
return;
}
await _lastLoggedIn.UpdateUserLastActivityDateAsync(userIdString, cancellationTokenSource.Token);
}
