public async Task Invoke(HttpContext context) { if (context.Request.Path.ToString().StartsWith("/private")) { if (!context.Request.Headers.Keys.Contains("Authorize")) { context.Response.StatusCode = 400; //Bad Request await context.Response.WriteAsync("Authorize attribute is missing " + context.Request.Path.ToString()); return; } else { try { if (!JWT.Verify(_secrets, context.Request.Headers["Authorize"])) { context.Response.StatusCode = 401; //UnAuthorized await context.Response.WriteAsync("Invalid auth"); return; } } catch (Exception ex) { context.Response.StatusCode = 401; //UnAuthorized System.Console.WriteLine(ex.ToString()); await context.Response.WriteAsync("Invalid auth"); return; } } } await _next.Invoke(context); }
public void TestVerifyWorks() { Secrets settings = new Secrets() { SecretKey = "Hello, World" }; Dictionary <string, object> claims = new Dictionary <string, object>(); claims.Add("email", "*****@*****.**"); string token = JWT.Create(settings, claims); Assert.True(JWT.Verify(settings, token)); string badToken = "P" + token; Assert.False(JWT.Verify(settings, badToken)); }