private object GenerateTokenDealer(Dealer dealer)
{
var identity = new ClaimsIdentity
(
new GenericIdentity(dealer.Email),
new[] {
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Sub, dealer.Id.ToString())
}
);
var handler = new JwtSecurityTokenHandler();
var signingConf = new SigningCredentialsConfiguration();
IdentityModelEventSource.ShowPII = true;
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Subject = identity,
Issuer = this.TokenDescriptor.Issuer,
Audience = this.TokenDescriptor.Audience,
//IssuedAt = _settings.IssuedAt,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(this.TokenDescriptor.MinutesValid),
SigningCredentials = signingConf.SigningCredentials
});
var jwtToken = handler.WriteToken(securityToken);
return(new
{
access_token = jwtToken,
token_type = "bearer",
expires_in = this.TokenDescriptor.MinutesValid
});
}
public async Task <string> GerarTokenUsuario(LoginViewModel login, string nome)
{
var user = await ObterUsuarioPorEmail(login.Email);
var userClaims = await _userManager.GetClaimsAsync(user);
var cargo = await ObterPerfilDousuario(user);
userClaims.Add(new Claim("Cargo", cargo));
userClaims.Add(new Claim("Nome", nome));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Email, user.Email));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Sub, user.Id));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(),
ClaimValueTypes.Integer64));
// Necessário converter para IdentityClaims
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaims(userClaims);
var handler = new JwtSecurityTokenHandler();
var signingConf = new SigningCredentialsConfiguration();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = signingConf.SigningCredentials,
Subject = identityClaims,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid)
});
return(handler.WriteToken(securityToken));
}
private async Task <object> GerarTokenUsuario(LoginUsuarioCommand login)
{
var user = await _userManager.FindByNameAsync(login.UserName);
var userClaims = await _userManager.GetClaimsAsync(user);
userClaims.Add(new Claim(JwtRegisteredClaimNames.Sub, user.Id.ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Email, user.Email));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64));
// Necessário converver para IdentityClaims
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaims(userClaims);
var handler = new JwtSecurityTokenHandler();
var signingConf = new SigningCredentialsConfiguration();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = signingConf.SigningCredentials,
Subject = identityClaims,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid)
});
var encodedJwt = handler.WriteToken(securityToken);
var response = new
{
access_token = encodedJwt,
expires_in = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid),
user = new
{
id = user.Id,
nome = user.UserName,
matricula = user.Matricula,
email = user.Email,
claims = userClaims.Select(c => new { c.Type, c.Value })
}
};
return(response);
}
// Vou gerar o token para o usuário
private async Task <object> GerarTokenUsuario(LoginViewModel login)
{
var user = await _userManager.FindByEmailAsync(login.Email);
var userClaims = await _userManager.GetClaimsAsync(user);
// DICA: Se vc for a definição do JwtRegisteredClaimNames poderá ver as explicações específicas de Sub, Jti, IaT entre outras claims que vc poderá usar
userClaims.Add(new Claim(JwtRegisteredClaimNames.Sub, user.Id));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Email, user.Email));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64));
// Necessário converver para IdentityClaims
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaims(userClaims);
var handler = new JwtSecurityTokenHandler();
var signingConf = new SigningCredentialsConfiguration();
// Aqui de fato irei gerar o Token
// LEMBRETE: No appsettings.json tem determinado o Emissor do Token e quais sites aceitarão o mesmo !
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = signingConf.SigningCredentials,
Subject = identityClaims,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid)
});
// Criar o enconding deste token
var encodedJwt = handler.WriteToken(securityToken);
var orgUser = _organizadorRepository.ObterPorId(Guid.Parse(user.Id));
// Estou devolvendo o usuário como uma informação extra que pode ser usada pelo Front End por exemplo
var response = new
{
access_token = encodedJwt,
expires_in = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid),
user = new
{
id = user.Id,
nome = orgUser.Nome,
email = orgUser.Email,
claims = userClaims.Select(c => new { c.Type, c.Value })
}
};
return(response);
}
private async Task <AuthToken> GerarToken(UsuarioBase usuario, DateTime dataExpiracao)
{
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaim(new Claim(JwtRegisteredClaimNames.Sub, usuario.Id.ToString()));
identityClaims.AddClaim(new Claim(JwtRegisteredClaimNames.UniqueName, usuario.Email));
identityClaims.AddClaim(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
identityClaims.AddClaim(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64));
switch (usuario)
{
case UsuarioCliente _:
identityClaims.AddClaims(AuthorizationUsers.RetornarClaimsUsuario());
break;
}
var tokenHandler = new JwtSecurityTokenHandler();
var signingConf = new SigningCredentialsConfiguration();
var tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = signingConf.SigningCredentials,
Subject = identityClaims,
NotBefore = DateTime.UtcNow,
Expires = dataExpiracao
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var encodedJwt = tokenHandler.WriteToken(token);
var refreshToken = await GerarRefreshTokenAsync(usuario.Id);
return(new AuthToken
{
result = new AuthResult
{
access_token = encodedJwt,
expires_in = dataExpiracao,
refresh_token = refreshToken,
user = new AuthUser
{
id = usuario.Id,
nomeCompleto = usuario.NomeCompleto,
email = usuario.Email,
claims = identityClaims.Claims.Select(c => new AuthClaim {
type = c.Type, value = c.Value
})
}
}
});
}
private SecurityToken BuildSecutiryToken(ClaimsIdentity identityClaims, JwtSecurityTokenHandler handler)
{
var signingConf = new SigningCredentialsConfiguration();
return(handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = signingConf.SigningCredentials,
Subject = identityClaims,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid)
}));
}
private async Task <object> GerarToken(string cpf)
{
var user = await _userManager.FindByNameAsync(cpf);
var userClaims = await _userManager.GetClaimsAsync(user);
var userRoles = await _userManager.GetRolesAsync(user);
userClaims.Add(new Claim(JwtRegisteredClaimNames.Sub, user.Id));
userClaims.Add(new Claim(JwtRegisteredClaimNames.UniqueName, user.UserName));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64));
// Necessário converter para IdentityClaims
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaims(userClaims);
identityClaims.AddClaims(userRoles.Select(p => new Claim("role", p)));
var handler = new JwtSecurityTokenHandler();
var signingConf = new SigningCredentialsConfiguration();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = signingConf.SigningCredentials,
Subject = identityClaims,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid)
});
var encodedJwt = handler.WriteToken(securityToken);
return(new
{
result = new
{
access_token = encodedJwt,
expires_in = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid),
user = new
{
id = user.Id,
cpf = user.UserName,
claims = userClaims.Select(c => new { c.Type, c.Value }),
roles = userRoles
}
}
});
}
protected string GetEncodedJwtToken(List <Claim> claims)
{
var signingConf = new SigningCredentialsConfiguration();
var token = new JwtSecurityToken(
issuer: _tokenDescriptor.Issuer,
audience: _tokenDescriptor.Audience,
claims: claims,
expires: DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid),
signingCredentials: signingConf.SigningCredentials
);
var handler = new JwtSecurityTokenHandler();
return(handler.WriteToken(token));
}
private async Task <object> GenerateAppUserToken(LoginViewModel login, Domain.AppUsers.AppUser usuarioCore, string userName)
{
var aspnetUser = await _userManager.FindByEmailAsync(login.Email);
var userClaims = await _userManager.GetClaimsAsync(aspnetUser);
userClaims.Add(new Claim(JwtRegisteredClaimNames.Sub, aspnetUser.Id));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Email, aspnetUser.Email));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64));
userClaims.Add(new Claim("name", (!string.IsNullOrEmpty(userName.Trim()) ? userName : usuarioCore.Email)));
// Necessário converver para IdentityClaims
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaims(userClaims);
var handler = new JwtSecurityTokenHandler();
var signingConf = new SigningCredentialsConfiguration();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = signingConf.SigningCredentials,
Subject = identityClaims,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid),
});
var encodedJwt = handler.WriteToken(securityToken);
var response = new
{
access_token = encodedJwt,
expires_in = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid),
usuario = new
{
id = usuarioCore.Id,
claims = userClaims.Select(c => new { c.Type, c.Value }),
name = !string.IsNullOrEmpty(userName.Trim()) ? userName : usuarioCore.Email,
email = usuarioCore.Email
}
};
return(response);
}
private object GerarTokenUsuario(LoginViewModel login)
{
if (login == null)
{
return(login);
}
var handler = new JwtSecurityTokenHandler();
var signingConf = new SigningCredentialsConfiguration();
ClaimsIdentity identity = new ClaimsIdentity(
new GenericIdentity(login.Login, "Login"),
new[] {
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString("N")),
new Claim(JwtRegisteredClaimNames.UniqueName, login.Login)
}
);
var token = new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = signingConf.SigningCredentials,
Subject = identity,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid)
};
var securityToken = handler.CreateToken(token);
var encodedJwt = handler.WriteToken(securityToken);
var response = new
{
access_token = encodedJwt,
expires_in = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid),
user = new
{
login = login.Login,
nome = login.Nome
}
};
return(response);
}
private async Task <object> GenerateToken(ApplicationUser userIdentity)
{
var userClaims = await _userManager.GetClaimsAsync(userIdentity);
var roles = await _userManager.GetRolesAsync(userIdentity);
userClaims.Add(new Claim(JwtRegisteredClaimNames.Sub, userIdentity.Id));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Email, userIdentity.Email));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64));
foreach (var role in roles)
{
userClaims.Add(new Claim(ClaimTypes.Role, role));
}
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaims(userClaims);
var handler = new JwtSecurityTokenHandler();
var signingConf = new SigningCredentialsConfiguration();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = signingConf.SigningCredentials,
Subject = identityClaims,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid)
});
var encodedJwt = handler.WriteToken(securityToken);
var response = new
{
access_token = encodedJwt,
userId = userIdentity.Id
isAdmin = roles.FirstOrDefault(r => r == "Admin") != null
};
return(response);
}
}
private async Task <object> GenerateToken(LoginViewModel login)
{
var user = await _userManager.FindByEmailAsync(login.Email);
var userClaims = await _userManager.GetClaimsAsync(user);
userClaims.Add(new Claim(JwtRegisteredClaimNames.Sub, user.Id));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Email, user.Email));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64));
// Necess�rio converver para IdentityClaims
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaims(userClaims);
var handler = new JwtSecurityTokenHandler();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = SigningCredentialsConfiguration.getSignCredentials(_config),
Subject = identityClaims,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid)
});
var encodedJwt = handler.WriteToken(securityToken);
var response = new
{
access_token = encodedJwt,
expires_in = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid),
refresh_token = GenerateRefreshToken(user.Id).RefreshToken,
user = new
{
id = user.Id,
claims = userClaims.Select(c => new { c.Type, c.Value }),
pictureUrl = user.PictureUrl
}
};
return(response);
}
private object GenerateTokenUser(LoginViewModel login)
{
var user = _userManager.FindByEmailAsync(login.Email).Result;
var userClaims = _userManager.GetClaimsAsync(user).Result;
userClaims.Add(new Claim(JwtRegisteredClaimNames.Sub, user.Id.ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Email, user.Email));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64));
// Necessário converver para IdentityClaims
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaims(userClaims);
var handler = new JwtSecurityTokenHandler();
var signingConf = new SigningCredentialsConfiguration();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = signingConf.SigningCredentials,
Subject = identityClaims,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid)
});
var response = new
{
access_token = handler.WriteToken(securityToken),
expires_in = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid),
user = new
{
id = user.Id,
nome = $"{user.Name} {user.LastName}",
email = user.Email,
claims = userClaims.Select(c => new { c.Type, c.Value })
}
};
return(response);
}
private object GerarTokenUsuario(Usuario user)
{
var userClaims = _usuarioRepository.GetClaims(user.UsuarioId).ToList();
userClaims.Add(new Claim(JwtRegisteredClaimNames.Sub, user.UsuarioId.ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Email, user.Login));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
userClaims.Add(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64));
// Necessário converver para IdentityClaims
var identityClaims = new ClaimsIdentity();
identityClaims.AddClaims(userClaims);
var handler = new JwtSecurityTokenHandler();
var signingConf = new SigningCredentialsConfiguration();
var securityToken = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = _tokenDescriptor.Issuer,
Audience = _tokenDescriptor.Audience,
SigningCredentials = signingConf.SigningCredentials,
Subject = identityClaims,
NotBefore = DateTime.Now,
Expires = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid)
});
var encodedJwt = handler.WriteToken(securityToken);
var response = new
{
access_token = encodedJwt,
expires_in = DateTime.Now.AddMinutes(_tokenDescriptor.MinutesValid),
user = new
{
id = user.UsuarioId,
nome = user.Login,
claims = userClaims.Select(c => new { c.Type, c.Value }).FirstOrDefault()
}
};
return(response);
}
public static void AddSecurity(this IServiceCollection services, IConfiguration configuration)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
var tokenConfigurations = new TokenDescriptor();
new ConfigureFromConfigurationOptions <TokenDescriptor>(
configuration.GetSection("JwtTokenOptions"))
.Configure(tokenConfigurations);
services.AddSingleton(tokenConfigurations);
services.AddIdentity <ApplicationUser, IdentityRole>(config =>
{
config.SignIn.RequireConfirmedEmail = true;
config.Lockout.AllowedForNewUsers = false;
config.Password.RequireDigit = false;
config.Password.RequiredLength = 8;
config.Password.RequiredUniqueChars = 0;
config.Password.RequireLowercase = false;
config.Password.RequireNonAlphanumeric = false;
config.Password.RequireUppercase = false;
}).AddEntityFrameworkStores <ApplicationDbContext>()
.AddDefaultTokenProviders();
services.Configure <AuthMessageSenderOptions>(configuration);
services.Configure <ExternalAuthFacebookOptions>(configuration);
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(bearerOptions =>
{
bearerOptions.RequireHttpsMetadata = false;
bearerOptions.SaveToken = true;
bearerOptions.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = SigningCredentialsConfiguration.createKey(configuration),
ValidAudience = tokenConfigurations.Audience,
ValidIssuer = tokenConfigurations.Issuer,
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
});
services.AddAuthorization(options =>
{
options.AddPolicy("Admin", policy => policy.RequireClaim("Global", "Admin"));
options.AddPolicy("Usuario", policy => policy.RequireAssertion(context => context.User.HasClaim(c => c.Type == "Global" && (c.Value == "Usuario" || c.Value == "Admin"))));
options.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build());
});
}
