public static string GenerarJSONWebToken(string userInfo)
{
var secretKey = Encoding.UTF8.GetBytes(_config["JWT:SecretKey"]);
var audienceToken = _config["JWT:Audience"];
var issuerToken = _config["JWT:Issuer"]; //editor
var expireTime = _config["JWT:ExipireMinutes"];
var securityKey = new SymmetricSecurityKey(secretKey);
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
//var token = new JwtSecurityToken(issuerToken, audienceToken, ca {
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, userInfo) });
// create token to the user
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken(
audience: audienceToken,
issuer: issuerToken,
subject: claimsIdentity,
notBefore: DateTime.UtcNow,
expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)),
signingCredentials: credentials);
var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken);
return(jwtTokenString);
}
public ClaimsPrincipal ObtenerClaims(string jwtToken)
{
IdentityModelEventSource.ShowPII = true;
var secretKey = _configuration["JWT:key"];
var audienceToken = _configuration["JWT:Audience_Token"];
var issuerToken = _configuration["JWT:Issuer_Token"];
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey));
SecurityToken securityToken;
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
ValidAudience = audienceToken,
ValidIssuer = issuerToken,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
LifetimeValidator = this.LifetimeValidator,
IssuerSigningKey = securityKey
};
var principal = new ClaimsPrincipal();
try
{
principal = tokenHandler.ValidateToken(jwtToken, validationParameters, out securityToken);
}
catch (Exception e)
{
}
// Extract and assign Current Principal and user
return(principal);
}
public User ValidateJwtToken(string token)
{
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes("[SECRET USED TO SIGN AND VERIFY JWT TOKENS, IT CAN BE ANY STRING]");
try
{
tokenHandler.ValidateToken(token, new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
// set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)
ClockSkew = TimeSpan.Zero
}, out SecurityToken validatedToken);
var jwtToken = (JwtSecurityToken)validatedToken;
return(new User
{
Id = Convert.ToInt64(jwtToken.Claims.FirstOrDefault(x => x.Type == nameof(User.Id).ToLowerInvariant()).Value),
Name = jwtToken.Claims.FirstOrDefault(x => x.Type == nameof(User.Name).ToLowerInvariant()).Value
});
}
catch
{
// return null if validation fails
return(null);
}
}
async public Task <string> BuildJwtAuthorizationToken(User user, TokenProviderOptions options)
{
var now = DateTime.UtcNow;
// Specifically add the jti (nonce), iat (issued timestamp), and sub (subject/user) claims.
// You can add other claims here, if you want:
var claims = new List <Claim>()
{
new Claim(System.IdentityModel.Tokens.Jwt.JwtRegisteredClaimNames.Sub, user.Id),
new Claim(ClaimTypes.Name, user.Id),
new Claim(System.IdentityModel.Tokens.Jwt.JwtRegisteredClaimNames.Jti, await options.NonceGenerator()),
//new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(now).ToString(), ClaimValueTypes.Integer64)
};
foreach (Rol role in user.Roles)
{
claims.Add(new Claim(ClaimTypes.Role, role.value));
}
var jwt = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(
issuer: options.Issuer,
claims: claims,
notBefore: now,
signingCredentials: options.SigningCredentials);
var encodedJwt = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler().WriteToken(jwt);
return(encodedJwt);
}
public static Boolean IsUserHasPermission(string accessToken, string formName, string permissionName)
{
var stream = accessToken;
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jsonToken = handler.ReadToken(stream);
var tokenS = handler.ReadToken(stream) as JwtSecurityToken;
List <string> jsonStrPermissions = tokenS.Claims.Where(claim => claim.Type == "role").Select(a => a.Value).ToList();
int permissionValue = 0;
foreach (string permission in jsonStrPermissions)
{
JwtTokenObject result = JsonConvert.DeserializeObject <JwtTokenObject>(permission);
if (result.FormName == formName)
{
permissionValue += PermissionValueDict[result.Permission];
}
}
;
if (permissionValue >= PermissionValueDict[permissionName])
{
return(true);
}
else
{
return(false);
}
}
private string GenerateJwtToken(string userId, string username)
{
// Function handles create the JWT token based on the provided
// user ID and username
// Generate the user claims by User Id & Name
Claim[] jwtClaims = new[]
{
new Claim(ClaimTypes.NameIdentifier, userId),
new Claim(ClaimTypes.Name, username)
};
// Generate the Key, using the App token
SymmetricSecurityKey jwtKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value));
// Generate the creds
SigningCredentials credentials = new SigningCredentials(jwtKey, SecurityAlgorithms.HmacSha512Signature);
// Create a JWT Desc object
SecurityTokenDescriptor jwtDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(jwtClaims),
Expires = DateTime.Now.AddDays(1),
SigningCredentials = credentials
};
System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler jwtHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
// Finally create the JWT token & return it
SecurityToken jwtToken = jwtHandler.CreateToken(jwtDescriptor);
return(jwtHandler.WriteToken(jwtToken));
}
public static string GenerateTokenJwt(string username)
{
var ctkn = new ConfigurationTocken();
var secretKey = ctkn.SecretKey;
var audienceToken = ctkn.host;
var issuerToken = ctkn.host;
var expireTime = ctkn.timeExpire;
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey));
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, username) });
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken(
audience: audienceToken,
issuer: issuerToken,
subject: claimsIdentity,
notBefore: DateTime.UtcNow,
expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)),
signingCredentials: signingCredentials);
var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken);
return(jwtTokenString);
}
public static string GenerateToken(Personas user, int expireMinutes = 20)
{
var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"];
var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"];
var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"];
var expireTime = ConfigurationManager.AppSettings["JWT_EXPIRE_MINUTES"];
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey));
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
// create a claimsIdentity
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, user.PerId.ToString()) });
//se guarda auditoria de ingreso
new AuditoriaBI().Save(user.PerId);
// create token to the user
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken(
audience: audienceToken,
issuer: issuerToken,
subject: claimsIdentity,
notBefore: DateTime.UtcNow,
expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)),
signingCredentials: signingCredentials);
var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken);
return(jwtTokenString);
}
public static string Gen(string username)
{
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
ConfigurationTocken ctkn = new ConfigurationTocken();
var key = System.Text.Encoding.ASCII.GetBytes(ctkn.SecretKey);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, username) }),
Expires = DateTime.UtcNow.AddMinutes(ctkn.timeExpire),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
//var userClaims = await _userManager.GetRolesAsync(user);
List <Claim> claims = new List <Claim>();
claims.Add(new Claim(JwtRegisteredClaimNames.Sub, username));
claims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
claims.Add(new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64));
var jwt = new JwtSecurityToken(
claims: claims);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
return(encodedJwt);
}
public static JWTUserModel GetUserFromToken(string token)
{
JWTUserModel user = null;
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(IssuerSigningKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
try
{
var tokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
{
ValidAudience = ValidAudience,
ValidIssuer = ValidIssuer,
IssuerSigningKey = creds.Key,
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = false
};
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var identity = handler.ValidateToken(token, tokenValidationParameters, out Microsoft.IdentityModel.Tokens.SecurityToken validatedToken);
if (identity.Identity.IsAuthenticated)
{
user = GetJWTUser(identity.Claims);
user.Access_Token = token;
}
}
catch (Exception ex)
{
throw ex;
}
return(user);
}
public static string GenerateTokenJwt(string UserName)
{
// Configuración del Token JWT
var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"];
var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"];
var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"];
var expireTime = ConfigurationManager.AppSettings["JWT_EXPIRE_MINUTES"];
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey));
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
//Creamos una ClaimsIdentity
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, UserName) });
//Generamos el Token para el usuario
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken(
audience: audienceToken,
issuer: issuerToken,
subject: claimsIdentity,
notBefore: DateTime.UtcNow,
expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)),
signingCredentials: signingCredentials);
var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken);
return(jwtTokenString);
}
private string GenerateTokenJwt(UserApi user, string unicoIdentificador, DateTime time, DateTime expireTime)
{
// appsetting for Token JWT
var secretKey = EngineData.JwtKey;
var audienceToken = EngineData.JwtAudience;
var issuerToken = EngineData.JwtIssuer;
//
var securityKey = new SymmetricSecurityKey(Encoding.Default.GetBytes(secretKey));
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
// create a claimsIdentity
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] {
new Claim(ClaimTypes.Name, user.Username),
new Claim(ClaimTypes.Email, user.Email),
new Claim(ClaimTypes.GivenName, user.Password),
new Claim(ClaimTypes.DateOfBirth, DateTime.Now.ToString()),
new Claim("HoraToken", DateTime.UtcNow.ToString()),
new Claim(ClaimTypes.Anonymous, unicoIdentificador)
});
// create token to the user
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken(
audience: audienceToken,
issuer: issuerToken,
subject: claimsIdentity,
notBefore: time,
expires: expireTime,
signingCredentials: signingCredentials);
string token = tokenHandler.WriteToken(jwtSecurityToken);
return(token);
}
public static bool TryValidateToken
(
string plainTextSecurityKey
, string token
, out JwtSecurityToken validatedPlainToken
, out ClaimsPrincipal claimsPrincipal
)
{
var r = false;
validatedPlainToken = null;
claimsPrincipal = null;
try
{
var tokenHandler = new System
.IdentityModel
.Tokens
.Jwt
.JwtSecurityTokenHandler();
var jst = ((JwtSecurityToken)tokenHandler.ReadToken(token));
var signingKey = new Microsoft
.IdentityModel
.Tokens
.SymmetricSecurityKey
(
Encoding
.UTF8
.GetBytes
(
plainTextSecurityKey
)
);
var tokenValidationParameters = new TokenValidationParameters()
{
ValidIssuer = jst.Issuer,
ValidateIssuer = true,
ValidAudiences = jst.Audiences,
ValidateAudience = true,
IssuerSigningKey = signingKey,
ValidateIssuerSigningKey = true,
ValidateLifetime = false
};
claimsPrincipal = tokenHandler
.ValidateToken
(
token
, tokenValidationParameters
, out var validatedPlainToken0
);
validatedPlainToken = validatedPlainToken0 as JwtSecurityToken;
r = true;
}
catch (Exception e)
{
Console.WriteLine(e);
}
return(r);
}
/// <summary>
/// Usado por el Authorization serve
/// </summary>
/// <param name="data"></param>
/// <returns></returns>
public string Protect(AuthenticationTicket data)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
string securityProviderName = string.Empty;
data.Properties.Dictionary.TryGetValue("securityProviderName", out securityProviderName);
Fwk.Security.Identity.jwtSecurityProvider sec_provider = Fwk.Security.Identity.helper.get_secConfig().GetByName(securityProviderName);
var audienceToken = sec_provider.audienceId;
var issuerToken = sec_provider.issuer;
string symmetricKeyAsBase64 = sec_provider.audienceSecret;
var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64);
var securityKey = new SymmetricSecurityKey(keyByteArray);
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
//notBefore
//var issuedAt = data.Properties.IssuedUtc;
//var expireTime = data.Properties.ExpiresUtc;
var expireTime = sec_provider.expires;//ConfigurationManager.AppSettings["JWT_EXPIRE_MINUTES"];
//var token = new JwtSecurityToken(issuerToken, audienceToken, data.Identity.Claims, issuedAt.Value.UtcDateTime, expireTime.Value.UtcDateTime, signingCredentials);
//var handler = new JwtSecurityTokenHandler();
//var jwt = handler.WriteToken(token);
#region otra manera de generar el token
// create a claimsIdentity
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, data.Properties.Dictionary["profesionalName"].ToString()) });
claimsIdentity.AddClaim(new Claim(ClaimTypes.WindowsAccountName, data.Properties.Dictionary["userName"].ToString()));
claimsIdentity.AddClaim(new Claim("userName", data.Properties.Dictionary["userName"].ToString()));
claimsIdentity.AddClaim(new Claim("userId", data.Properties.Dictionary["userId"].ToString()));
if (data.Properties.Dictionary.ContainsKey("email") != false)
{
claimsIdentity.AddClaim(new Claim("email", data.Properties.Dictionary["email"].ToString()));
}
//data.Identity.Claims("role");
//Fwk.HelperFunctions.FormatFunctions.GetStringBuilderWhitSeparator(roles, ',').ToString()
claimsIdentity.AddClaim(new Claim("roles", data.Properties.Dictionary["roles"].ToString()));
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken(
audience: audienceToken,
issuer: issuerToken,
subject: claimsIdentity,
notBefore: DateTime.UtcNow, //antes no
issuedAt: DateTime.UtcNow,
expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)),
signingCredentials: signingCredentials);
var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken);
#endregion
return(jwtTokenString);
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request,
CancellationToken cancellationToken)
{
HttpStatusCode statusCode;
string token;
if (!TryRetrieveToken(request, out token))
{
statusCode = HttpStatusCode.Unauthorized;
return(base.SendAsync(request, cancellationToken));
}
try
{
var claveSecreta = ConfigurationManager.AppSettings["ClaveSecreta"];
var issuerToken = ConfigurationManager.AppSettings["Issuer"];
var audienceToken = ConfigurationManager.AppSettings["Audience"];
var securityKey = new SymmetricSecurityKey(
System.Text.Encoding.Default.GetBytes(claveSecreta));
SecurityToken securityToken;
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
ValidAudience = audienceToken,
ValidIssuer = issuerToken,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
// DELEGADO PERSONALIZADO PERA COMPROBAR
// LA CADUCIDAD EL TOKEN.
LifetimeValidator = this.LifetimeValidator,
IssuerSigningKey = securityKey
};
// COMPRUEBA LA VALIDEZ DEL TOKEN
Thread.CurrentPrincipal = tokenHandler.ValidateToken(token,
validationParameters,
out securityToken);
HttpContext.Current.User = tokenHandler.ValidateToken(token,
validationParameters,
out securityToken);
return(base.SendAsync(request, cancellationToken));
}
catch (SecurityTokenValidationException ex)
{
statusCode = HttpStatusCode.Unauthorized;
}
catch (Exception ex)
{
statusCode = HttpStatusCode.InternalServerError;
}
return(Task <HttpResponseMessage> .Factory.StartNew(() =>
new HttpResponseMessage(statusCode) { }));
}
/// <summary>
/// Parses a string into an instance of JwtSecurityToken.
///
/// If the 'jwtToken' is in JWE Compact Serialization format, only the protected header will be deserialized. Use ParseToken() to obtain the payload.
///
/// JwtSecurityToken see: https://docs.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytoken?view=azure-dotnet
/// </summary>
/// <param name="input">Parameters for the token parsing.</param>
/// <returns>JwtSecurityToken</returns>
public static dynamic ReadToken([PropertyTab] ReadTokenInput input)
{
if (input == null)
{
return(null);
}
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
return(handler.ReadJwtToken(input.JWTToken));
}
public ClaimsPrincipal ValidToken(string payload)
{
if (_validationParameters != null)
{
JwtSecurityTokenHandler handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var user = handler.ValidateToken(payload, _validationParameters, out SecurityToken validatedToken);
return(user);
}
return(null);
}
public static string GenerateTokenJwt(Guid userId, string userName, string email, List <string> rolesArray, string securityProviderName)
{
var sec_provider = helper.get_secConfig().GetByName(securityProviderName);
if (sec_provider == null)
{
throw new ArgumentNullException("No se encuentra configurado el proveedor (securityProviderName) en securityConfig.json");
}
string symmetricKeyAsBase64 = sec_provider.audienceSecret;
var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64);
var audienceToken = sec_provider.audienceId;
var issuerToken = sec_provider.issuer;
var securityKey = new SymmetricSecurityKey(keyByteArray);
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
var expireTime = 600;// ConfigurationManager.AppSettings["JWT_EXPIRE_MINUTES"];
// create a claimsIdentity
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "") });
//claimsIdentity.AddClaim(new Claim(ClaimTypes.WindowsAccountName, username));
claimsIdentity.AddClaim(new Claim("userName", userName));
claimsIdentity.AddClaim(new Claim("userId", userId.ToString()));
if (!string.IsNullOrEmpty(email))
{
claimsIdentity.AddClaim(new Claim("email", email));
}
if (rolesArray != null && rolesArray.Count() != 0)
{
var roles = Fwk.HelperFunctions.FormatFunctions.GetStringBuilderWhitSeparator(rolesArray, ',').ToString();
claimsIdentity.AddClaim(new Claim("roles", roles.ToString()));
}
// create token to the user
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken(
audience: audienceToken,
issuer: issuerToken,
subject: claimsIdentity,
notBefore: DateTime.UtcNow.AddMinutes(-10), //antes no para System.IdentityModel.Tokens. es ValidFrom
issuedAt: DateTime.UtcNow,
expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)),
signingCredentials: signingCredentials);
var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken);
return(jwtTokenString);
}
/// <summary>
/// Retorna informacion basada en el dominio
/// </summary>
/// <param name="userName"></param>
/// <returns></returns>
public static string GenerateTokenJwt_test(string userName)
{
// appsetting for Token JWT
var secretKey = apiAppSettings.serverSettings.apiConfig.api_secretKey;
// audiencia quien genera el tocken
var audienceToken = apiAppSettings.serverSettings.apiConfig.api_audienceToken;
//identifica quien consume y uusa el tocken : El cliente
var issuerToken = apiAppSettings.serverSettings.apiConfig.api_issuerToken;
//hora de caducidad a partir de la cual el JWT NO DEBE ser aceptado para su procesamiento.
var expireTime = apiAppSettings.serverSettings.apiConfig.api_expireTime;
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.ASCII.GetBytes(secretKey));
var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
// create a claimsIdentity
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, userName) });
claimsIdentity.AddClaim(new Claim(ClaimTypes.WindowsAccountName, userName));
//if (aDUser != null)
//{
// claimsIdentity.AddClaim(new Claim("FirstName", userName));
// claimsIdentity.AddClaim(new Claim("UserAccountControl", aDUser.UserAccountControl));
// claimsIdentity.AddClaim(new Claim("Department", aDUser.Department));
// claimsIdentity.AddClaim(new Claim("LastName", aDUser.LastName));
// claimsIdentity.AddClaim(new Claim("LoginNameWithDomain", aDUser.LoginNameWithDomain));
// claimsIdentity.AddClaim(new Claim("EmailAddress", aDUser.EmailAddress));
//}
//if (groups != null && groups.Count != 0)
//{
// var roles = Fwk.HelperFunctions.FormatFunctions.GetStringBuilderWhitSeparator(groups, ',').ToString();
// claimsIdentity.AddClaim(new Claim("groups", roles.ToString()));
//}
// create token to the user
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken(
audience: audienceToken,
issuer: issuerToken,
subject: claimsIdentity,
notBefore: DateTime.UtcNow,
expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)),
signingCredentials: signingCredentials);
var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken);
return(jwtTokenString);
}
/// <summary>
///
/// </summary>
/// <param name="request"></param>
/// <param name="cancellationToken"></param>
/// <returns></returns>
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
//HttpStatusCode statusCode;
// Determinar si existe un jwt o no
if (!TryRetrieveToken(request, out var token))
{
return(base.SendAsync(request, cancellationToken));
}
try
{
var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"];
var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"];
var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"];
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey));
SecurityToken securityToken;
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters()
{
ValidAudience = audienceToken,
ValidIssuer = issuerToken,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
LifetimeValidator = this.LifetimeValidator,
IssuerSigningKey = securityKey
};
// Extraer y asignar el Current Principal y usuario
Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
return(base.SendAsync(request, cancellationToken));
}
catch (SecurityTokenValidationException securityTokenValidation)
{
var httpResponseMessage = request.CreateErrorResponse(HttpStatusCode.Unauthorized,
"Indica que el recurso solicitado requiere autenticación. El encabezado WWW-Authenticate contiene los detalles de cómo realizar la autenticación.");
LoggingService.Instance.Error(securityTokenValidation);
return(Task <HttpResponseMessage> .Factory.StartNew(() => httpResponseMessage, cancellationToken));
}
catch (Exception ex)
{
var httpResponseMessage = request.CreateErrorResponse(HttpStatusCode.InternalServerError,
"Indica que se ha producido un error genérico del servidor.Por favor comuníquese con el administrador.");
LoggingService.Instance.Error(ex);
return(Task <HttpResponseMessage> .Factory.StartNew(() => httpResponseMessage, cancellationToken));
}
//return Task<HttpResponseMessage>.Factory.StartNew(() => new HttpResponseMessage(statusCode) { }, cancellationToken);
}
public string GetUserType(string jwttoken)
{
var key = Encoding.ASCII.GetBytes(TokenKey);
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var validations = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
var claims = handler.ValidateToken(jwttoken, validations, out var tokenSecure);
return(claims.FindFirstValue(ClaimTypes.Role));
}
private string GenerateJwtToken(User user)
{
var tokenhandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var keys = System.Text.Encoding.ASCII.GetBytes(jwtKey);
var tokendescriptor = new Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[] { new Claim("id", user.Id.ToString()) }),
Expires = DateTime.UtcNow.AddHours(24),
SigningCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(keys),
Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256Signature)
};
var tokens = tokenhandler.CreateToken(tokendescriptor);
return(tokenhandler.WriteToken(tokens));
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
HttpStatusCode statusCode;
string token;
// determine whether a jwt exists or not
if (!TryRetrieveToken(request, out token))
{
statusCode = HttpStatusCode.Unauthorized;
return(base.SendAsync(request, cancellationToken));
}
try
{
var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"];
var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"];
var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"];
var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey));
SecurityToken securityToken;
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
ValidAudience = audienceToken,
ValidIssuer = issuerToken,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
LifetimeValidator = this.LifetimeValidator,
IssuerSigningKey = securityKey
};
// Extract and assign Current Principal and user
Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
return(base.SendAsync(request, cancellationToken));
}
catch (SecurityTokenValidationException)
{
statusCode = HttpStatusCode.Unauthorized;
}
catch (Exception)
{
statusCode = HttpStatusCode.InternalServerError;
}
return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(statusCode) { }));
}
public static TokenObjectModel GetGoogleAccesToken(string code)
{
string url = ConfigurationManager.AppSettings["google_auth_url"];
WebClient wc = new WebClient();
wc.QueryString.Add("code", code);
wc.QueryString.Add("client_id", ConfigurationManager.AppSettings["client_id"]);
wc.QueryString.Add("client_secret", ConfigurationManager.AppSettings["client_secret"]);
wc.QueryString.Add("redirect_uri", ConfigurationManager.AppSettings["redirect_uri"]);
wc.QueryString.Add("grant_type", ConfigurationManager.AppSettings["grant_type"]);
if (code == null)
{
return(null);
}
else
{
var data = wc.UploadValues(url, "POST", wc.QueryString);
var responseString = UnicodeEncoding.UTF8.GetString(data);
GoogleTokenObjectModel token = JsonConvert.DeserializeObject <GoogleTokenObjectModel>(responseString);
var stream = token.id_token;
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jsonToken = handler.ReadToken(stream);
var tokenS = handler.ReadToken(stream) as JwtSecurityToken;
string sub = tokenS.Claims.First(claim => claim.Type == "sub").Value;
string email = tokenS.Claims.First(claim => claim.Type == "email").Value;
string name = tokenS.Claims.First(claim => claim.Type == "name").Value;
UserObjectModel userObj = new UserObjectModel(name, email, sub);
TokenObjectModel tokenObj = new TokenObjectModel();
bool isUserExists = UserHelper.IsUserRegistered(sub);
bool registerSuccess = false;
if (!isUserExists)
{
registerSuccess = UserHelper.RegisterUser(userObj) ? true : false;
}
if (isUserExists | registerSuccess)
{
userObj = UserHelper.getUserBySubKey(userObj.Sub);
CreateUserSession(userObj);
tokenObj = TokenHelper.createToken(userObj);
tokenObj = TokenHelper.getTokenByAuthorizationCode(tokenObj.AuthorizationCode);
UserTokensObjectModel userTokenObj = new UserTokensObjectModel(userObj.UserId, tokenObj.TokenId);
bool success = UserTokensHelper.MapUserToken(userTokenObj);
}
return(tokenObj);
}
}
public static void ReadToken(string jwtToken)
{
// To Read Claims on Api Controller
//var jwt = Request.Headers.Authorization.Parameter;
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
System.IdentityModel.Tokens.Jwt.JwtSecurityToken token = handler.ReadJwtToken(jwtToken);
IEnumerable <Claim> claims = token.Claims.ToList();
string id = token.Claims.FirstOrDefault(x => x.Type == "id").Value;
string role = token.Claims.FirstOrDefault(x => x.Type == "role").Value;
string Compcode = token.Claims.FirstOrDefault(x => x.Type == "Compcode").Value;
string Bracode = token.Claims.FirstOrDefault(x => x.Type == "Bracode").Value;
}
public string GenerateJwtToken(User user)
{
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes("[SECRET USED TO SIGN AND VERIFY JWT TOKENS, IT CAN BE ANY STRING]");
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new List <Claim>()
{
new Claim(nameof(User.Id).ToLowerInvariant(), user.Id.ToString()),
new Claim(nameof(User.Name).ToLowerInvariant(), user.Name)
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
return(tokenHandler.WriteToken(token));
}
/// <summary>
/// Generate user specific JWT string
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public static string GenerateEncodedJWT(OCM.API.Common.Model.User user)
{
var claims = new List <System.Security.Claims.Claim>();
claims.Add(new Claim("UserID", user.ID.ToString()));
claims.Add(new Claim("nonce", user.CurrentSessionToken.ToString()));
var signingKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.ASCII.GetBytes(user.CurrentSessionToken));
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(ISSUER, AUDIENCE, claims, DateTime.UtcNow, DateTime.UtcNow.AddMonths(1), signingCredentials);
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
return(jwt);
}
public Employee Authenticate(string username, string password)//User
{
var employee = _unitOfWork.EmployeeRepository.GetAll().SingleOrDefault(x => x.UserName == username && DecodePasswordFrom64(x.Password) == password);
// return null if user not found
if (employee == null)
{
return(null);
}
var employeeRoleIds = employee.EmployeeRoles.Select(r => (long)r.RoleId).ToList();
var roles = _unitOfWork.RoleRepository.GetRoles(employeeRoleIds.ToArray());//.Where(r => userRoleIds.Contains(r.Id));
var role = employee.EmployeeRoles.FirstOrDefault().Roles;
// authentication successful so generate jwt token
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.JWT_Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(ClaimTypes.Name, employee.Id.ToString()),
new Claim(ClaimTypes.Role, role.Id.ToString())
}),
//Expires = DateTime.UtcNow.AddDays(7),
Expires = DateTime.UtcNow.AddDays(1),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenToBeSent = tokenHandler.WriteToken(token);
//user.Token = tokenHandler.WriteToken(token);
// remove password before returning
//user.Password = null;
employee.Token = tokenToBeSent.ToString();
employee.Password = null;
return(employee);
//return tokenToBeSent;
}
public static ClaimsPrincipal ValidateJwtToken(string jwtToken)
{
var tokenHandler = new JwtSecurityTokenHandler()
{
RequireExpirationTime = true
};
var now = DateTime.UtcNow;
var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.Default.GetBytes(jwtToken));
var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(
securityKey,
SecurityAlgorithms.HmacSha256Signature);
var header = new JwtHeader(signingCredentials);
var payload = new JwtPayload
{
{ "access_token", response },
{ "scope", "Read Data Write Data" },
//{ "created","1510553155114"},
//{"jti","2640942c-892c-409a-9ca8-959a538c2128"},
};
var secToken = new JwtSecurityToken(header, payload);
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var tokenString = handler.WriteToken(secToken);
var readToken = handler.ReadJwtToken(generatedToken);
var rawHeader = readToken.RawHeader;
var headers = Base64UrlEncoder.Decode(rawHeader);
var myClaims = readToken.Claims;
var claims = Base64UrlEncoder.Decode(myClaims.ToString());
//var payload = header + "." + claims;
//var signature = Base64UrlEncoder.Decode(HMACSHA256(payload, CLIENT_SECRET));
//var encodedJWT = payload + "." + signature;
return(null);
}
static string GetJwtFromTokenIssuer()
{
byte[] key = Convert.FromBase64String("80ssGCKB931r2r8Lm3om1SIt5YY05yBZ34pna3+dYi8=");
var symmetricKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(key);
//var symmetricKey = new InMemorySymmetricSecurityKey(key);
var signingCredentials =
new Microsoft.IdentityModel.Tokens.SigningCredentials(symmetricKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);
var claimsIdentity = new System.Security.Claims.ClaimsIdentity(new System.Security.Claims.Claim[]
{
new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Johnny")
});
var descriptor = new Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor
{
Subject = claimsIdentity,
Audience = "http://localhost:5000/api",
Issuer = "http://authzserver.demo",
Expires = DateTime.UtcNow.AddMinutes(1),
SigningCredentials = signingCredentials
};
//var descriptor = new SecurityTokenDescriptor()
//{
// TokenIssuerName = "http://authzserver.demo",
// AppliesToAddress = "http://localhost:5000/api",
// Lifetime = new System.IdentityModel.Protocols.WSTrust.Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(1)),
// SigningCredentials = signingCredentials,
// Subject = new System.Security.Claims.ClaimsIdentity(new System.Security.Claims.Claim[]
// {
// new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Johnny")
// })
//};
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(descriptor);
return(tokenHandler.WriteToken(token));
}
