private async Task AttachAccountToContext(HttpContext context, SharringOfficeDbContext dataContext, string token) { try { var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); tokenHandler.ValidateToken(token, new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false, // set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later) ClockSkew = TimeSpan.Zero }, out SecurityToken validatedToken); var jwtToken = (JwtSecurityToken)validatedToken; var accountId = Guid.Parse(jwtToken.Claims.First(x => x.Type == "id").Value); // attach account to context on successful jwt validation var user = await dataContext.Users.FindAsync(accountId); context.Items["Account"] = user; } catch (Exception exception) { // do nothing if jwt validation fails // account is not attached to context so request won't have access to secure routes } }
public async Task Invoke(HttpContext context, SharringOfficeDbContext dataContext) { var token = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last(); if (token != null) { await AttachAccountToContext(context, dataContext, token); } await _next(context); }
public UserRepository(SharringOfficeDbContext dbContext) { _dbContext = dbContext; }