// --- /// <summary> /// Make a token for specified user with specified state /// </summary> public static string CreateAuthToken(AppConfig appConfig, JwtAudience audience, JwtArea area, User user, long rightsMask) { var now = DateTime.UtcNow; var uniqueness = UniqueId(appConfig.Auth.Jwt.Secret); var audienceSett = GetAudienceSettings(appConfig, audience); var jwtSalt = UserAccount.CurrentJwtSalt(user, audience); var claims = new[] { // jw main fields new Claim(JwtRegisteredClaimNames.Sub, uniqueness), new Claim(JwtRegisteredClaimNames.Jti, uniqueness), new Claim(JwtRegisteredClaimNames.Iat, ((DateTimeOffset)now).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64), // gm fields new Claim(ErSecurityStampField, ObtainSecurityStamp(jwtSalt)), new Claim(ErIdField, user.UserName), new Claim(ErRightsField, rightsMask.ToString()), new Claim(ErAreaField, area.ToString().ToLower()), }; var claimIdentity = new ClaimsIdentity( claims, JwtBearerDefaults.AuthenticationScheme ); var creds = new SigningCredentials( CreateJwtSecurityKey(appConfig.Auth.Jwt.Secret), SecurityAlgorithms.HmacSha256 ); var token = new JwtSecurityToken( issuer: appConfig.Auth.Jwt.Issuer, audience: audienceSett.Audience.ToLower(), claims: claimIdentity.Claims, signingCredentials: creds, expires: now.AddSeconds(audienceSett.ExpirationSec) ); return((new JwtSecurityTokenHandler()).WriteToken(token)); }
public RequireJWTArea(JwtArea area) { _area = area; }
/// <summary> /// Make a security token /// </summary> public static string CreateSecurityToken(AppConfig appConfig, JwtAudience audience, JwtArea area, string entityId, string securityStamp, TimeSpan validFor, IEnumerable <Claim> optClaims = null) { var now = DateTime.UtcNow; var uniqueness = UniqueId(appConfig.Auth.Jwt.Secret); var audienceSett = GetAudienceSettings(appConfig, audience); var claims = new List <Claim>() { // jw main fields new Claim(JwtRegisteredClaimNames.Sub, uniqueness), new Claim(JwtRegisteredClaimNames.Jti, uniqueness), new Claim(JwtRegisteredClaimNames.Iat, ((DateTimeOffset)now).ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64), // gm fields new Claim(ErIdField, entityId), new Claim(ErSecurityStampField, ObtainSecurityStamp(securityStamp)), new Claim(ErAreaField, area.ToString().ToLower()), }; if (optClaims != null) { claims.AddRange(optClaims); } var creds = new SigningCredentials( CreateJwtSecurityKey(appConfig.Auth.Jwt.Secret), SecurityAlgorithms.HmacSha256 ); var token = new JwtSecurityToken( issuer: appConfig.Auth.Jwt.Issuer, audience: audienceSett.Audience.ToLower(), claims: claims, signingCredentials: creds, expires: now.Add(validFor) ); return((new JwtSecurityTokenHandler()).WriteToken(token)); }