public async Task <AuthenticationToken> Authenticate(string username, string password)
{
var user = await userBusiness.GetByUserName(username);
if (user == null)
{
return(null);
}
var lockCheck = await lockAccountBusiness.CheckUser(user.Id);
if (!lockCheck.Success)
{
return(new AuthenticationToken {
islocked = true, message = lockCheck.Messages[0]
});
}
var attemptResult = await authenticateAttempsStrategy.Check(user.Id, user.Password, password);
if (!attemptResult.Verified)
{
return(attemptResult.UnverifiedAttempt);
}
// authentication successful so generate jwt token
var authenticationToken = tokenGenerationBusiness.Generate(user, appSettings.Secret);
// update user login date and token fields
await userBusiness.UserLoggedIn(user, authenticationToken.token);
return(authenticationToken);
}
public async Task <AuthenticateAttempResult> Check(long userId, string hash, string password)
{
var checkResult = passwordHasher.Check(hash, password);
if (checkResult.Verified)
{
var checkUserResponse = await lockAccountBusiness.CheckUser(userId);
if (!checkUserResponse.Success) // account is locked
{
return(new AuthenticateAttempResult {
Verified = false, UnverifiedAttempt = new AuthenticationToken {
islocked = true, message = WarningMessage_AccountIsLocked
}
});
}
await authenticateAttemptBusiness.ResetRemainingAttempts(userId);
return(new AuthenticateAttempResult {
Verified = true
});
}
else
{
await authenticateAttemptBusiness.DecreaseRemainingAttempts(userId);
var remainingAttempts = await authenticateAttemptBusiness.GetRemainingAttemptCount(userId);
if (remainingAttempts < 0) // lock the account
{
await lockAccountBusiness.LockAccount(userId);
return(new AuthenticateAttempResult {
Verified = false, UnverifiedAttempt = new AuthenticationToken {
islocked = true, message = WarningMessage_AccountIsLocked, remainingattempts = remainingAttempts
}
});
}
return(new AuthenticateAttempResult {
Verified = false, UnverifiedAttempt = new AuthenticationToken {
message = WarningMessage_AuthenticateFailed, islocked = false, remainingattempts = remainingAttempts
}
});
}
}
public async Task <AuthorizationResult> ValidateToken(string token)
{
if (string.IsNullOrEmpty(token))
{
return(new AuthorizationResult {
IsAuthorized = false
});
}
var tokenHandler = new JwtSecurityTokenHandler();
try
{
var claimsPrincipal = tokenHandler.ValidateToken(token, tokenValidationParameters, out var validatedToken);
if (!claimsPrincipal.Identity.IsAuthenticated)
{
return(new AuthorizationResult {
IsAuthorized = false
});
}
var usernameClaim = claimsPrincipal.Claims.FirstOrDefault(c => c.Type.EndsWith("/identity/claims/name"));
var roleClaims = claimsPrincipal.Claims.Where(c => c.Type.EndsWith("/identity/claims/role"));
if (usernameClaim == null || roleClaims == null || roleClaims.Count() < 1)
{
return(new AuthorizationResult {
IsAuthorized = false
});
}
// check user
var user = await userData.GetByUserName(usernameClaim.Value);
if (user == null)
{
return(new AuthorizationResult {
IsAuthorized = false
});
}
var lockCheck = await lockAccountBusiness.CheckUser(user.Id);
if (!lockCheck.Success)
{
return(new AuthorizationResult {
IsAuthorized = false
});
}
return(new AuthorizationResult
{
IsAuthorized = true,
UserName = usernameClaim.Value,
Roles = roleClaims.Select(c => c.Value).ToArray()
});
}
catch (SecurityTokenExpiredException exc)
{
return(new AuthorizationResult {
IsAuthorized = false
});
}
catch (SecurityTokenInvalidSignatureException exc)
{
return(new AuthorizationResult {
IsAuthorized = false
});
}
}
