public async Task <Response> HandleAsync(LoginRequest request)
{
if (!string.IsNullOrEmpty(request.UserName) && !string.IsNullOrEmpty(request.Password))
{
AdminUserEntity userEntity = await _userRepository.GetUserAsync(request.UserName, request.Password);
if (userEntity != null)
{
TokenInfo refreshToken = await _tokenFactory.GenerateRefreshToken(TokenConfiguration.RefreshTokenSize, TokenConfiguration.RefreshTokenExpiration);
userEntity.AddRefreshToken(refreshToken.Token, refreshToken.ExpiresIn);
await _userRepository.UpdateUser(userEntity);
AccessTokenParameters accessTokenParameters = new AccessTokenParameters
(
userEntity.UserGuid,
userEntity.UserName,
TokenConfiguration.AccessTokenExpiration,
TokenConfiguration.SecretKey
);
TokenInfo accessToken = await _tokenFactory.GenerateAccessToken(accessTokenParameters);
return(new Response(accessToken.Token, refreshToken.Token));
}
}
return(null);
}
public ClaimsPrincipal GetPrincipalFromExpiredToken(string token)
{
TokenValidationParameters tokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = true,
IssuerSigningKey = AccessTokenParameters.GetSymmetricSecurityKey(),
ValidateLifetime = false
};
SecurityToken securityToken;
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
ClaimsPrincipal principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out securityToken);
JwtSecurityToken jwtSecurityToken = securityToken as JwtSecurityToken;
if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(
SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase))
{
throw new SecurityTokenException("Invalid token");
}
return(principal);
}
public async Task <Response> HandleAsync(RefreshTokenRequest request)
{
UserIdentity userIdentity = _tokenFactory.GetUserIdentity(request.AccessToken, TokenConfiguration.SecretKey);
if (userIdentity != null)
{
var userEntity = await _userRepository.GetUserAsync(userIdentity.Id);
if (userEntity != null && userEntity.IsValidRefreshToken(request.RefreshToken))
{
userEntity.RemoveRefreshToken(request.RefreshToken);
TokenInfo refreshToken = await _tokenFactory.GenerateRefreshToken(TokenConfiguration.RefreshTokenSize, TokenConfiguration.RefreshTokenExpiration);
userEntity.AddRefreshToken(refreshToken.Token, refreshToken.ExpiresIn);
await _userRepository.UpdateUser(userEntity);
AccessTokenParameters accessTokenParameters = new AccessTokenParameters
(
userEntity.UserGuid,
userEntity.UserName,
TokenConfiguration.AccessTokenExpiration,
TokenConfiguration.SecretKey
);
TokenInfo accessToken = await _tokenFactory.GenerateAccessToken(accessTokenParameters);
return(new Response(accessToken.Token, refreshToken.Token));
}
}
return(null);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(
options =>
{
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = AccessTokenParameters.ISSUER,
ValidateAudience = true,
ValidAudience = AccessTokenParameters.AUDIENCE,
ValidateLifetime = true,
IssuerSigningKey = AccessTokenParameters.GetSymmetricSecurityKey(),
ValidateIssuerSigningKey = true
};
});
services.
AddControllers().
AddNewtonsoftJson(options =>
{
options.SerializerSettings.Converters.Add(
new Newtonsoft.Json.Converters.StringEnumConverter());
});
BusinessConfiguration.ConfigureServices(services, Configuration);
// In production, the React files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/build";
});
}
public async Task <TokenInfo> GenerateAccessToken(AccessTokenParameters parameters)
{
var identity = GenerateClaimsIdentity(parameters.UserGuid, parameters.UserName);
SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor()
{
Subject = identity,
IssuedAt = DateTime.Now,
Expires = DateTime.Now.AddSeconds(parameters.ExpiresIn),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(parameters.SigningKey)), SecurityAlgorithms.HmacSha256Signature)
};
var token = _jwtSecurityTokenHandler.CreateToken(tokenDescriptor);
return(new TokenInfo(_jwtSecurityTokenHandler.WriteToken(token), parameters.ExpiresIn));
}
public string GenerateAccessToken(IEnumerable <Claim> claims)
{
SymmetricSecurityKey secretKey = AccessTokenParameters.GetSymmetricSecurityKey();
SigningCredentials signingCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);
JwtSecurityToken tokenOptions = new JwtSecurityToken(
issuer: AccessTokenParameters.ISSUER,
audience: AccessTokenParameters.AUDIENCE,
claims: claims,
expires: DateTime.Now.AddMinutes(AccessTokenParameters.LIFETIME),
signingCredentials: signingCredentials
);
string tokenString = new JwtSecurityTokenHandler().WriteToken(tokenOptions);
return(tokenString);
}
