public async Task <Response> HandleAsync(LoginRequest request) { if (!string.IsNullOrEmpty(request.UserName) && !string.IsNullOrEmpty(request.Password)) { AdminUserEntity userEntity = await _userRepository.GetUserAsync(request.UserName, request.Password); if (userEntity != null) { TokenInfo refreshToken = await _tokenFactory.GenerateRefreshToken(TokenConfiguration.RefreshTokenSize, TokenConfiguration.RefreshTokenExpiration); userEntity.AddRefreshToken(refreshToken.Token, refreshToken.ExpiresIn); await _userRepository.UpdateUser(userEntity); AccessTokenParameters accessTokenParameters = new AccessTokenParameters ( userEntity.UserGuid, userEntity.UserName, TokenConfiguration.AccessTokenExpiration, TokenConfiguration.SecretKey ); TokenInfo accessToken = await _tokenFactory.GenerateAccessToken(accessTokenParameters); return(new Response(accessToken.Token, refreshToken.Token)); } } return(null); }
public ClaimsPrincipal GetPrincipalFromExpiredToken(string token) { TokenValidationParameters tokenValidationParameters = new TokenValidationParameters { ValidateAudience = false, ValidateIssuer = false, ValidateIssuerSigningKey = true, IssuerSigningKey = AccessTokenParameters.GetSymmetricSecurityKey(), ValidateLifetime = false }; SecurityToken securityToken; JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); ClaimsPrincipal principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out securityToken); JwtSecurityToken jwtSecurityToken = securityToken as JwtSecurityToken; if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals( SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase)) { throw new SecurityTokenException("Invalid token"); } return(principal); }
public async Task <Response> HandleAsync(RefreshTokenRequest request) { UserIdentity userIdentity = _tokenFactory.GetUserIdentity(request.AccessToken, TokenConfiguration.SecretKey); if (userIdentity != null) { var userEntity = await _userRepository.GetUserAsync(userIdentity.Id); if (userEntity != null && userEntity.IsValidRefreshToken(request.RefreshToken)) { userEntity.RemoveRefreshToken(request.RefreshToken); TokenInfo refreshToken = await _tokenFactory.GenerateRefreshToken(TokenConfiguration.RefreshTokenSize, TokenConfiguration.RefreshTokenExpiration); userEntity.AddRefreshToken(refreshToken.Token, refreshToken.ExpiresIn); await _userRepository.UpdateUser(userEntity); AccessTokenParameters accessTokenParameters = new AccessTokenParameters ( userEntity.UserGuid, userEntity.UserName, TokenConfiguration.AccessTokenExpiration, TokenConfiguration.SecretKey ); TokenInfo accessToken = await _tokenFactory.GenerateAccessToken(accessTokenParameters); return(new Response(accessToken.Token, refreshToken.Token)); } } return(null); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer( options => { options.RequireHttpsMetadata = false; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidIssuer = AccessTokenParameters.ISSUER, ValidateAudience = true, ValidAudience = AccessTokenParameters.AUDIENCE, ValidateLifetime = true, IssuerSigningKey = AccessTokenParameters.GetSymmetricSecurityKey(), ValidateIssuerSigningKey = true }; }); services. AddControllers(). AddNewtonsoftJson(options => { options.SerializerSettings.Converters.Add( new Newtonsoft.Json.Converters.StringEnumConverter()); }); BusinessConfiguration.ConfigureServices(services, Configuration); // In production, the React files will be served from this directory services.AddSpaStaticFiles(configuration => { configuration.RootPath = "ClientApp/build"; }); }
public async Task <TokenInfo> GenerateAccessToken(AccessTokenParameters parameters) { var identity = GenerateClaimsIdentity(parameters.UserGuid, parameters.UserName); SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor() { Subject = identity, IssuedAt = DateTime.Now, Expires = DateTime.Now.AddSeconds(parameters.ExpiresIn), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(parameters.SigningKey)), SecurityAlgorithms.HmacSha256Signature) }; var token = _jwtSecurityTokenHandler.CreateToken(tokenDescriptor); return(new TokenInfo(_jwtSecurityTokenHandler.WriteToken(token), parameters.ExpiresIn)); }
public string GenerateAccessToken(IEnumerable <Claim> claims) { SymmetricSecurityKey secretKey = AccessTokenParameters.GetSymmetricSecurityKey(); SigningCredentials signingCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256); JwtSecurityToken tokenOptions = new JwtSecurityToken( issuer: AccessTokenParameters.ISSUER, audience: AccessTokenParameters.AUDIENCE, claims: claims, expires: DateTime.Now.AddMinutes(AccessTokenParameters.LIFETIME), signingCredentials: signingCredentials ); string tokenString = new JwtSecurityTokenHandler().WriteToken(tokenOptions); return(tokenString); }