Esempio n. 1
0
        public async Task <IActionResult> Authorize([FromBody] AuthenticationDto model)
        {
            var found = await _administrationManager.Get(model.UserName);

            if (found != null && found.DeactivatedDate == null &&
                _passwordStorage.VerifyHashedPassword(new User(), found.PasswordHash, model.Password) ==
                PasswordVerificationResult.Success)
            {
                var now = DateTime.UtcNow;

                var claims = new List <Claim>
                {
                    new Claim(JwtRegisteredClaimNames.Sub, found.UserName),                                                                         // The subject of the token.
                    new Claim(JwtRegisteredClaimNames.Email, found.Email),                                                                          // The email.
                    new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),                                                              // Unique identifier for the JWT. Can be used to prevent the JWT from being replayed.This is helpful for a one time use token.
                    new Claim(JwtRegisteredClaimNames.Iat, now.ToUniversalTime().ToString(CultureInfo.InvariantCulture), ClaimValueTypes.Integer64) // The time the JWT was issued. Can be used to determine the age of the JWT.
                };
                // Include user claims
                claims.AddRange(found.Claims.Select(foundClaim => new Claim(foundClaim.ClaimType, foundClaim.ClaimValue)));
                // Include user Id
                claims.Add(new Claim(ClaimTypes.PrimarySid, found.Id.ToString()));
                // Include email
                claims.Add(new Claim(ClaimTypes.Email, found.Email));
                // Include the name in the claims
                claims.Add(found.Profile != null
                    ? new Claim(ClaimTypes.Name, $"{found.Profile.FirstName} {found.Profile.LastName}")
                    : new Claim(ClaimTypes.Name, $"{found.UserName}"));

                var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_settings.Value.Secret));

                var jwt = new JwtSecurityToken(
                    issuer: _settings.Value.Issuer,
                    audience: _settings.Value.Audience,
                    claims: claims,
                    notBefore: now,
                    // Token will live 48 hours
                    expires: now.Add(TimeSpan.FromHours(48)),
                    signingCredentials: new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256)
                    );
                var encodedJwt   = new JwtSecurityTokenHandler().WriteToken(jwt);
                var responseJson = new
                {
                    access_token = encodedJwt,
                    expires_in   = (int)TimeSpan.FromHours(48).TotalSeconds
                };
                return(new JsonResult(responseJson));
            }
            return(new JsonResult(string.Empty));
        }