public void Validate(TokenValidatedContext context) { ClaimsPrincipal userPrincipal = context.Principal; ClaimsIdentity claimsIdentity = context.Principal.Identity as ClaimsIdentity; if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any()) { context.Fail("This is not our issued token. It has no claims."); return; } Claim serialNumberClaim = claimsIdentity.FindFirst(ClaimTypes.SerialNumber); if (serialNumberClaim == null) { context.Fail("This is not our issued token. It has no serial."); return; } string userIdString = claimsIdentity.FindFirst(ClaimTypes.NameIdentifier).Value; if (!int.TryParse(userIdString, out int userId)) { context.Fail("This is not our issued token. It has no user-id."); return; } Models.DbModels.User user = userService.FindUser(userId); if (user == null || user.SerialNumber != serialNumberClaim.Value || user.IsDeleted) { // user has changed his/her password/roles/stat/IsActive context.Fail("This token is expired. Please login again."); } JwtSecurityToken accessToken = context.SecurityToken as JwtSecurityToken; if (accessToken == null || string.IsNullOrWhiteSpace(accessToken.RawData) || !tokenStoreService.IsValidToken(accessToken.RawData, userId)) { context.Fail("This token is not in our database."); return; } //userService.UpdateUserLastActivityDate(userId); }
public async Task ValidateAsync(TokenValidatedContext context) { var claimsIdentity = context.Principal.Identity as ClaimsIdentity; if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any()) { context.Fail("This is not our issued token. It has no claims."); return; } var serialNumberClaim = claimsIdentity.FindFirst(ClaimTypes.SerialNumber); if (serialNumberClaim == null) { context.Fail("This is not our issued token. It has no serial."); return; } var userIdString = claimsIdentity.FindFirst(ClaimTypes.UserData).Value; if (!int.TryParse(userIdString, out int userId)) { context.Fail("This is not our issued token. It has no user-id."); return; } var user = _usersService.GetUserById(userId); if (user == null || user.Deleted != 0) { // user has changed his/her password/roles/stat/IsActive context.Fail("This token is expired. Please login again."); } if (user.LockoutEnabled) { context.Fail("Tài khoản đã bị bán"); } if (!(context.SecurityToken is JwtSecurityToken accessToken) || string.IsNullOrWhiteSpace(accessToken.RawData) || !_tokenStoreService.IsValidToken(accessToken.RawData, userId)) { context.Fail("This token is not in our database."); return; } AccessControl.User = user; }
public async Task ValidateAsync(TokenValidatedContext context) { var claimsIdentity = context.Principal.Identity as ClaimsIdentity; if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any()) { context.Fail("This is not our issued token. It has no claims."); return; } var phoneNumberClaim = claimsIdentity.FindFirst(ClaimTypes.MobilePhone); if (phoneNumberClaim == null) { context.Fail("This is not our issued token. It has no phone."); return; } var customerIdString = claimsIdentity.FindFirst(ClaimTypes.UserData).Value; if (!int.TryParse(customerIdString, out int customerId)) { context.Fail("This is not our issued token. It has no customer-id."); return; } var customer = _customerService.GetCustomerById(customerId); if (customer == null || !customer.Active) { // customer has changed his/her password/roles/stat/IsActive context.Fail("This token is expired. Please login again."); } var accessToken = context.SecurityToken as JwtSecurityToken; if (string.IsNullOrWhiteSpace(accessToken?.RawData) || !_tokenStoreService.IsValidToken(accessToken.RawData, customerId)) { context.Fail("This token is not in our database."); } }
public override void OnAuthorization(HttpActionContext actionContext) { if (skipAuthorization(actionContext)) { return; } var accessToken = actionContext.Request.Headers.Authorization.Parameter; if (string.IsNullOrWhiteSpace(accessToken) || accessToken.Equals("undefined", StringComparison.OrdinalIgnoreCase)) { // null token this.HandleUnauthorizedRequest(actionContext); return; } var claimsIdentity = actionContext.RequestContext.Principal.Identity as ClaimsIdentity; if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any()) { // this is not our issued token this.HandleUnauthorizedRequest(actionContext); return; } var userId = claimsIdentity.FindFirst(ClaimTypes.UserData).Value; var serialNumberClaim = claimsIdentity.FindFirst(ClaimTypes.SerialNumber); if (serialNumberClaim == null) { // this is not our issued token this.HandleUnauthorizedRequest(actionContext); return; } if (UsersService == null) { throw new NullReferenceException($"{nameof(UsersService)} is null. Make sure ioc.Policies.SetAllProperties is configured and also IFilterProvider is replaced with SmWebApiFilterProvider."); } var serialNumber = UsersService.GetSerialNumber(userId); if (serialNumber != serialNumberClaim.Value) { // user has changed his/her password/roles/stat/IsActive this.HandleUnauthorizedRequest(actionContext); return; } if (TokenStoreService == null) { throw new NullReferenceException($"{nameof(TokenStoreService)} is null. Make sure ioc.Policies.SetAllProperties is configured and also IFilterProvider is replaced with SmWebApiFilterProvider."); } if (!TokenStoreService.IsValidToken(accessToken, userId)) { // this is not our issued token this.HandleUnauthorizedRequest(actionContext); return; } base.OnAuthorization(actionContext); }