public string GetToken(ClsReturnValues audience, int UserGroupID)
{
// TODO - Authenticate credentials here
// TODO - Based on the audience passed in, pick the shared key from key store
// Just hard-coding a key heress
string key = "qqO5yXcbijtAdYmS2Otyzeze2XQedqy+Tp37wQ3sgTQ=";
SimpleWebToken token = new SimpleWebToken(key)
{
Issuer = "tdoCloud"
};
//verify the user from the database
token.AddClaim(ClaimTypes.Name, audience.ID.ToString());
//token.AddClaim(ClaimTypes.Email, "*****@*****.**");
using (tdoEntities db = new tdoEntities())
{
var groupName = db.uspGetUserGroups().ToList <ClsUserGroups>().Where(p => p.userGroupID == UserGroupID).First().groupName;
token.AddClaim(ClaimTypes.Role, groupName);
token.AddClaim("GroupID", UserGroupID.ToString());
}
//token.AddClaim(ClaimTypes.Role, "Administrator");
return(token.ToString());
}
public static SimpleWebToken Parse(string token, string secretKey)
{
var items = HttpUtility.ParseQueryString(token);
var swt = new SimpleWebToken(secretKey);
foreach (string key in items.AllKeys)
{
string item = items[key];
switch (key)
{
case "Issuer": swt.Issuer = item; break;
case "Audience": swt.Audience = item; break;
case "ExpiresOn": swt.ExpiresOn = ulong.Parse(item); break;
case "HMACSHA256": swt.Signature =
Convert.FromBase64String(item); break;
default: swt.AddClaim(key, items[key]); break;
}
}
string rawToken = swt.ToString(); // Computes HMAC inside ToString()
string computedSignature = HttpUtility.ParseQueryString(rawToken)
["HMACSHA256"];
if (!computedSignature.Equals(Convert.ToBase64String(swt.Signature),
StringComparison.Ordinal))
{
throw new SecurityTokenValidationException("Signature is invalid");
}
TimeSpan ts = DateTime.UtcNow - epochStart;
if (swt.ExpiresOn < Convert.ToUInt64(ts.TotalSeconds))
{
throw new SecurityTokenException("Token has expired");
}
return(swt);
}
