public async Task <AuthenticationToken> Authenticate(string username, string password) { var user = await userBusiness.GetByUserName(username); if (user == null) { return(null); } var lockCheck = await lockAccountBusiness.CheckUser(user.Id); if (!lockCheck.Success) { return(new AuthenticationToken { islocked = true, message = lockCheck.Messages[0] }); } var attemptResult = await authenticateAttempsStrategy.Check(user.Id, user.Password, password); if (!attemptResult.Verified) { return(attemptResult.UnverifiedAttempt); } // authentication successful so generate jwt token var authenticationToken = tokenGenerationBusiness.Generate(user, appSettings.Secret); // update user login date and token fields await userBusiness.UserLoggedIn(user, authenticationToken.token); return(authenticationToken); }
public async Task <AuthenticateAttempResult> Check(long userId, string hash, string password) { var checkResult = passwordHasher.Check(hash, password); if (checkResult.Verified) { var checkUserResponse = await lockAccountBusiness.CheckUser(userId); if (!checkUserResponse.Success) // account is locked { return(new AuthenticateAttempResult { Verified = false, UnverifiedAttempt = new AuthenticationToken { islocked = true, message = WarningMessage_AccountIsLocked } }); } await authenticateAttemptBusiness.ResetRemainingAttempts(userId); return(new AuthenticateAttempResult { Verified = true }); } else { await authenticateAttemptBusiness.DecreaseRemainingAttempts(userId); var remainingAttempts = await authenticateAttemptBusiness.GetRemainingAttemptCount(userId); if (remainingAttempts < 0) // lock the account { await lockAccountBusiness.LockAccount(userId); return(new AuthenticateAttempResult { Verified = false, UnverifiedAttempt = new AuthenticationToken { islocked = true, message = WarningMessage_AccountIsLocked, remainingattempts = remainingAttempts } }); } return(new AuthenticateAttempResult { Verified = false, UnverifiedAttempt = new AuthenticationToken { message = WarningMessage_AuthenticateFailed, islocked = false, remainingattempts = remainingAttempts } }); } }
public async Task <AuthorizationResult> ValidateToken(string token) { if (string.IsNullOrEmpty(token)) { return(new AuthorizationResult { IsAuthorized = false }); } var tokenHandler = new JwtSecurityTokenHandler(); try { var claimsPrincipal = tokenHandler.ValidateToken(token, tokenValidationParameters, out var validatedToken); if (!claimsPrincipal.Identity.IsAuthenticated) { return(new AuthorizationResult { IsAuthorized = false }); } var usernameClaim = claimsPrincipal.Claims.FirstOrDefault(c => c.Type.EndsWith("/identity/claims/name")); var roleClaims = claimsPrincipal.Claims.Where(c => c.Type.EndsWith("/identity/claims/role")); if (usernameClaim == null || roleClaims == null || roleClaims.Count() < 1) { return(new AuthorizationResult { IsAuthorized = false }); } // check user var user = await userData.GetByUserName(usernameClaim.Value); if (user == null) { return(new AuthorizationResult { IsAuthorized = false }); } var lockCheck = await lockAccountBusiness.CheckUser(user.Id); if (!lockCheck.Success) { return(new AuthorizationResult { IsAuthorized = false }); } return(new AuthorizationResult { IsAuthorized = true, UserName = usernameClaim.Value, Roles = roleClaims.Select(c => c.Value).ToArray() }); } catch (SecurityTokenExpiredException exc) { return(new AuthorizationResult { IsAuthorized = false }); } catch (SecurityTokenInvalidSignatureException exc) { return(new AuthorizationResult { IsAuthorized = false }); } }