public async Task <ResultModel <JwtResult <CoreUser> > > RefreshToken(CoreUser user)
{
var resultObj = new ResultModel <JwtResult <CoreUser> >();
var claims = GenerateClaims(user);
//var principal = new ClaimsPrincipal(identity);
var refreshTokenInfo = new RefreshTokenInfo()
{
UserId = user.Id,
// Expired Date Refresh Token
ExpiredDate = DateTime.Now.AddDays(37)
};
var identifier = user.CoreCredentials.First().Identifier;
var jwt = await TokenHelper.GenerateJwt(claims, _jwtFactory, identifier, _jwtOptions, new JsonSerializerSettings { Formatting = Formatting.Indented, ReferenceLoopHandling = ReferenceLoopHandling.Ignore });
var result = new JwtResult <CoreUser>
{
Token = jwt,
RefreshToken = TokenHelper.GenerateRefreshToken(refreshTokenInfo, new JsonSerializerSettings {
Formatting = Formatting.Indented, ReferenceLoopHandling = ReferenceLoopHandling.Ignore
})
};
resultObj.Status = ResultStatus.Success;
resultObj.ExtendData = result;
_userDm.Update(user);
return(resultObj);
}
public async Task <JwtResult> GenerateToken(IEnumerable <Claim> claims)
{
var jwtSecurityToken = new JwtSecurityToken(
claims: claims,
issuer: _options.Issuer,
audience: _options.Audience,
expires: _options.Expiration > 0
? DateTime.UtcNow.AddSeconds(_options.Expiration)
: default(DateTime?),
signingCredentials: new SigningCredentials(
new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.Key)),
SecurityAlgorithms.HmacSha256)
);
var accessToken = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
var result = new JwtResult
{
AccessToken = accessToken,
ExpiresAt = DateTime.UtcNow.AddSeconds(_options.Expiration).ToTimestamp()
};
await _refreshTokenStore.SaveTokenAsync(result);
return(result);
}
public Response <JwtResult> GenerateToken(IdentityUser user)
{
if (user == null)
{
return(new Response <JwtResult>());
}
var claims = _claimsBuilder.Build(user);
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.Secret));
var now = DateTime.UtcNow;
var expiration = TimeSpan.FromMinutes(_config.ExpiresInMinutes);
var expirationDate = now.Add(expiration);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = claims,
Expires = expirationDate,
IssuedAt = now,
Issuer = _config.Issuer, // TODO: use url of api instead
Audience = _config.Audience, // TODO: use url from request instead
SigningCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha512Signature)
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
var jwtToken = tokenHandler.WriteToken(token);
var tokenResult = new JwtResult
{
AccessToken = jwtToken,
Expires = expirationDate
};
return(new Response <JwtResult>(tokenResult));
}
public IHttpActionResult Get(string username, string password)
{
JwtResult objJwtResult = new JwtResult();
try
{
UsuarioService usuarioService = new UsuarioService();
Usuario usuario = usuarioService.ObterPorLogin(username);
if (usuario != null && EncriptarSenha.CompararSenhas(password, usuario.Senha))
{
string token = JwtManager.GenerateToken(usuario.IdUsuario.ToString());
objJwtResult.access_token = token;
return(Ok(objJwtResult));
}
else
{
return(Unauthorized());
}
}
catch (Exception erro)
{
return(BadRequest(erro.Message));
}
}
public static async Task <bool> CmdGetJWT(SecureString ParUserName, SecureString ParPassword, WebApiUserTypesEnum ParWebApiUserTypesEnum = WebApiUserTypesEnum.NotAuthorized)
{
if (!LocalData.IsDownloadedSetupData)
{
LocalFunctions.AddError("Bootstrap data is not Downloaded!", MethodBase.GetCurrentMethod(), true, false);
return(false);
}
LocalData.CurrJWT = string.Empty;
try
{
JwtResult tmp_jwt = await WebApiFunctions.CmdDownloadToken(ParUserName, ParPassword, ParWebApiUserTypesEnum);
if (string.IsNullOrEmpty(tmp_jwt.ErrorMessage))
{
LocalData.CurrJWT = tmp_jwt.AccessToken;
}
else
{
LocalFunctions.AddError(tmp_jwt.ErrorMessage, MethodBase.GetCurrentMethod(), true, false);
}
}
catch (Exception ex)
{
LocalFunctions.AddError(ex.Message, MethodBase.GetCurrentMethod(), true, false);
}
return(!string.IsNullOrEmpty(LocalData.CurrJWT));
}
public async Task LoginReturnsOk_WithJwt_WhenCredsValid()
{
JwtResult jwtMock = new JwtResult()
{
Token = "MockToken"
};
var publisherMock = new Mock <ICommandPublisher>(MockBehavior.Strict);
publisherMock
.Setup(m => m.Publish <JwtResult>(It.IsAny <LogGebruikerInCommand>(),
NameConstants.LogGebuikerInCommandQueue, "")).ReturnsAsync(jwtMock);
var target = new AuthenticatieController(publisherMock.Object);
var result = await target.Login(new Credentials()
{
UserName = "******", Password = "******"
});
Assert.IsInstanceOfType(result, typeof(OkObjectResult));
JwtResult jwtResult = (result as OkObjectResult).Value as JwtResult;
Assert.AreEqual("MockToken", jwtResult.Token);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (!Enabled)
{
base.OnActionExecuting(filterContext);
return;
}
string token = filterContext.HttpContext.Request["token"];
JwtResult jwt = JwtUtil.Decode(token);
if (jwt.Success)
{
//获取当前登录用户
IUser iUser = lessContext.GetService <IUser>();
lessContext.CurrentUser = iUser.GetCurrentUser(lessContext);
if (lessContext.CurrentUser == null)
{
jwt.Success = false;
jwt.Msg = $"获取登录帐号 {lessContext.Jwt.Result[BasicConst.JWT_USER].loginName} 信息失败,请重新登录!";
filterContext.HttpContext.Response.AddHeaderTimeOut();
filterContext.Result = new BaseJsonResult()
{
Data = jwt
};
return;
}
//获取当前站点
var sysWebSiteDal = lessContext.GetService <SysWebSiteDal>();
lessContext.WebSite = sysWebSiteDal.GetModel(filterContext.HttpContext.Request["SiteID"]);
//获取权限
IPermissions iPermissions = lessContext.GetService <IPermissions>();
lessContext.Limit = iPermissions.GetPermissions(lessContext, filterContext.RequestContext.HttpContext.Request);
base.OnActionExecuting(filterContext);
return;
}
else
{
filterContext.HttpContext.Response.AddHeaderTimeOut();
if (string.IsNullOrEmpty(WhenNotPassedRedirectUrl))
{
filterContext.Result = new BaseJsonResult()
{
Data = jwt
};
}
else
{
filterContext.Result = new RedirectResult(WhenNotPassedRedirectUrl);
}
}
}
public JsonResult Login()
{
var dict = new Dictionary <string, object>();
dict["limit"] = "10101010100111";
dict["user"] = new { Name = "张三", Age = 25 };
string jwt = JwtUtil.Encode(dict, 10 * 60);
JwtResult result = JwtUtil.Decode(jwt);
dynamic user = (dynamic)result.Result["user"];
string name = user.Name;
return(Json(jwt));
}
public async Task <ActionResult <JwtResult> > Token(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "token")] HttpRequest req,
ILogger log)
{
await CosmosAPI.cosmosDBClientActivity.AddActivityLog(Guid.Empty, "Requested token", TodosCosmos.LocalFunctions.AddThisCaller(new List <string>(), MethodBase.GetCurrentMethod()));
try
{
SymmetricSecurityKey sk = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("asasasassasasasa"));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Console.WriteLine(ex.ToString());
Console.WriteLine(ex.InnerException.Message);
}
//string a = GlobalData.JWTSecret;
//Encoding.ASCII.GetBytes(GlobalData.JWTSecret);
//SymmetricSecurityKey sk = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(GlobalData.JWTSecret));
//SigningCredentials SigningCredentials1 = new SigningCredentials(sk, SecurityAlgorithms.HmacSha256);
//MyTokenProviderOptions _options = new MyTokenProviderOptions
//{
// Audience = "ExampleAudience",
// Issuer = "ExampleIssuer",
// SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(GlobalData.JWTSecret)), SecurityAlgorithms.HmacSha256),
//};
MyTokenProvider tp = new MyTokenProvider(TodosCosmos.LocalFunctions.AddThisCaller(new List <string>(), MethodBase.GetCurrentMethod()));
JwtResult result = await tp.GenerateToken(req, TodosCosmos.LocalFunctions.AddThisCaller(new List <string>(), MethodBase.GetCurrentMethod()));
return(result);
//return new OkObjectResult(JsonSerializer.ToString(result));
}
public JwtResult CreatejwtSecurityToken(String userName, String password)
{
JwtResult result = new JwtResult();
String securityPassword = _securityService.GetSha256Hash(password);
ApplicationUser user = _uow.UserRepository.GetUser(userName, securityPassword);
if (user == null)
{
result.Error = "Invalid username or password";
return(result);
}
if (user != null && !user.IsActive)
{
result.Error = "Користувач деактивованний!";
return(result);
}
var claims = new[]
{
new Claim(ClaimTypes.Name, user.Email),
new Claim(ClaimTypes.Role, user.Role.Name)
};
ClaimsIdentity claimsIdentity = new ClaimsIdentity(claims, "Token", ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType);
var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(JwtConst.SECURITY_KEY));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: JwtConst.ISSUER,
audience: JwtConst.AUDIENCE,
claims: claims,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: creds);
var tokenEncd = new JwtSecurityTokenHandler().WriteToken(token);
result.JwtToken = new JwtToken
{
Token = tokenEncd,
UserName = claimsIdentity.Name
};
return(result);
}
/// <summary>
/// Sign In
/// </summary>
/// <param name="signInModel"></param>
/// <returns></returns>
public async Task <ResultModel <JwtResult <CoreUser> > > SignIn(SignInModel signInModel)
{
var resultObj = new ResultModel <JwtResult <CoreUser> >();
var validateResultObj = Validate(signInModel.LoginTypeCode, signInModel.Identifier, signInModel.Secret);
if (validateResultObj.Status != ResultStatus.Success)
{
resultObj.Messages = validateResultObj.Messages;
resultObj.Status = validateResultObj.Status;
return(resultObj);
}
var user = validateResultObj.ExtendData;
var claims = GenerateClaims(user);
//var principal = new ClaimsPrincipal(identity);
var refreshTokenInfo = new RefreshTokenInfo()
{
UserId = user.Id,
// Expired Date Refresh Token
ExpiredDate = DateTime.Now.AddDays(37)
};
var jwt = await TokenHelper.GenerateJwt(claims, _jwtFactory, signInModel.Identifier, _jwtOptions, new JsonSerializerSettings { Formatting = Formatting.Indented, ReferenceLoopHandling = ReferenceLoopHandling.Ignore });
var result = new JwtResult <CoreUser>
{
User = user,
Token = jwt,
RefreshToken = TokenHelper.GenerateRefreshToken(refreshTokenInfo, new JsonSerializerSettings {
Formatting = Formatting.Indented, ReferenceLoopHandling = ReferenceLoopHandling.Ignore
})
};
resultObj.Status = ResultStatus.Success;
resultObj.ExtendData = result;
_userDm.Update(user);
//result.User.CoreUserRoles.Clear();
result.User.CoreCredentials.Clear();
return(resultObj);
}
public async Task LoginReturnsUnAuthorized_WithJwt_WhenCredsInvalid()
{
JwtResult jwtMock = new JwtResult()
{
Token = "MockToken"
};
var publisherMock = new Mock <ICommandPublisher>(MockBehavior.Strict);
publisherMock
.Setup(m => m.Publish <JwtResult>(It.IsAny <LogGebruikerInCommand>(),
NameConstants.LogGebuikerInCommandQueue, "")).ThrowsAsync(new LoginFailedException("exception"));
var target = new AuthenticatieController(publisherMock.Object);
var result = await target.Login(new Credentials()
{
UserName = "******", Password = "******"
});
Assert.IsInstanceOfType(result, typeof(UnauthorizedResult));
}
public Task SaveTokenAsync(JwtResult jwtResult)
{
return(Task.CompletedTask);
}
public IActionResult CreateToken([FromBody] LoginViewModel login)
{
JwtResult result = serviceFactory.TokenService.CreatejwtSecurityToken(login.Email, login.Password);
return(Ok(result));
}
public async Task <JwtResult> GenerateToken(HttpRequest request, List <string> CallTrace)
{
string UserName = request.Form["UserName"];
UserName = UserName.Substring(0, UserName.Length - 10);
string UserPass = request.Form["UserPass"];
UserPass = UserPass.Substring(0, UserPass.Length - 10);
string UserType = request.Form["UserType"];
UserType = UserType.Substring(0, UserType.Length - 10);
WebApiUserTypesEnum tmpWebApiUserType = (WebApiUserTypesEnum)int.Parse(UserType);
string MachineID = request.Form["MachineID"];
MachineID = MachineID.Substring(0, MachineID.Length - 10);
string Par_Out_Result = string.Empty;
string tmp_IPAddress = request.HttpContext.Connection.RemoteIpAddress.ToString();
var identity = await GetIdentity(UserName, UserPass, tmp_IPAddress, MachineID, tmpWebApiUserType, out Par_Out_Result, TodosCosmos.LocalFunctions.AddThisCaller(CallTrace, MethodBase.GetCurrentMethod()));
if (identity == null)
{
JwtResult result = new JwtResult
{
AccessToken = string.Empty,
ExpiresIn = 0,
ErrorMessage = Par_Out_Result,
};
return(result);
}
var now = DateTime.UtcNow;
var claims = new Claim[]
{
new Claim(JwtRegisteredClaimNames.Sub, "tmp_User"),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, GlobalFunctions.ToUnixEpochDate(now).ToString(), ClaimValueTypes.Integer64),
new Claim("UserID", Par_Out_Result),
new Claim("UserName", UserName.ToLower() + GlobalFunctions.GetRandomAlphaNumeric(10)),
new Claim("MachineID", request.Form["MachineID"]),
new Claim("ClientIP", tmp_IPAddress + GlobalFunctions.GetRandomAlphaNumeric(10)),
new Claim("roles", ((int)tmpWebApiUserType).ToString() + GlobalFunctions.GetRandomAlphaNumeric(10)),
};
// Create the JWT and write it to a string
var jwt = new JwtSecurityToken(
issuer: _options.Issuer,
audience: _options.Audience,
claims: claims,
notBefore: now,
expires: now.Add(_options.Expiration),
signingCredentials: _options.SigningCredentials);
try
{
JwtResult result = new JwtResult
{
AccessToken = new JwtSecurityTokenHandler().WriteToken(jwt),
ExpiresIn = (int)_options.Expiration.TotalSeconds,
ErrorMessage = string.Empty
};
return(result);
}
catch (Exception ex)
{
JwtResult result = new JwtResult
{
AccessToken = string.Empty,
ExpiresIn = 0,
ErrorMessage = ex.Message
};
return(result);
}
}
