public IActionResult RequestToken([FromBody] JwtTokenRequest request) { if (request == null) { return(Unauthorized("Invalid Request")); } if (!ModelState.IsValid) { _logger.LogInformation("JWT Authenticate Error - incoming request for jwt token was Invalid."); return(Unauthorized(ModelState)); } string token; if (_authService.IsAuthenticated(request, out token)) { _logger.LogInformation("JWT Authenticate OK - incoming request authorised for: " + request.Username); return(Ok(token)); } // _logger.LogInformation("JWT Authenticate Error - incoming request denied for: " + request.Username); return(Unauthorized("Invalid Request")); }
public bool IsAuthenticated(JwtTokenRequest request, out string token) { token = string.Empty; try { // this can't happen but because these stupid VS 'code enhancers' are flagging it lets add some unnecessary clutter code in if (request == null) { return(false); } // now check agains our injected user checker if (!_userManagementService.IsValidUser(request.Username, request.Password)) { return(false); } var claim = new[] { new Claim(ClaimTypes.Name, request.Username) }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_tokenManagement.Secret)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var jwtToken = new JwtSecurityToken( _tokenManagement.Issuer, _tokenManagement.Audience, claim, expires: DateTime.Now.AddMinutes(_tokenManagement.AccessExpiration), signingCredentials: credentials ); // had to do this (can't remember why so quickly..) Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true; // https://stackoverflow.com/questions/50590432/jwt-securitytokeninvalidsignatureexception-using-rs256-pii-is-hidden token = new JwtSecurityTokenHandler().WriteToken(jwtToken); return(true); } catch (Exception ex) { _logger.LogError("Error occurred in JWT IsAuthenticated - " + ex.Message); } return(false); }