/// <summary>
/// Internal method to validate the credentials included in the request,
/// returning an IPrincipal for the resulting authenticated entity.
/// </summary>
private async Task <IPrincipal> ValidateCredentialsAsync(string credentials,
HttpRequestMessage request,
CancellationToken cancellationToken)
{
string _publicKey = "PAA/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAdQB0AGYALQAxADYAIgA/AD4ADQAKADwAUgBTAEEAUABhAHIAYQBtAGUAdABlAHIAcwAgAHgAbQBsAG4AcwA6AHgAcwBpAD0AIgBoAHQAdABwADoALwAvAHcAdwB3AC4AdwAzAC4AbwByAGcALwAyADAAMAAxAC8AWABNAEwAUwBjAGgAZQBtAGEALQBpAG4AcwB0AGEAbgBjAGUAIgAgAHgAbQBsAG4AcwA6AHgAcwBkAD0AIgBoAHQAdABwADoALwAvAHcAdwB3AC4AdwAzAC4AbwByAGcALwAyADAAMAAxAC8AWABNAEwAUwBjAGgAZQBtAGEAIgA+AA0ACgAgACAAPABFAHgAcABvAG4AZQBuAHQAPgBBAFEAQQBCADwALwBFAHgAcABvAG4AZQBuAHQAPgANAAoAIAAgADwATQBvAGQAdQBsAHUAcwA+AHgAUQBqAFoAQwBnAHUATQA4AEkAKwBKAC8AZQB0AGIAagBBAGsAWgBHAC8AcgArAHEATQBpAFcATwBoAGcAZwBoAGMANQB1ADMAOABLAEIAbABMAG8AQwBGAGwAQQBaAGkAUAB0AGQAZQBqADAAUwB3AGUAcABsAFUAcwBPAEIAUAA1AEQAZwBWAGIAUQA0AFAAVQArAFMAQQBrAFAAcwB3AFIATQBWADEAawBtAFoAawBJAG4ANQBVADUAbgB6ADMAOQBXAGwATABMAEMATABSAHQAZABMAEIARQAzAE0ASQBaAE0AegBVAG0AZwBCADUAYQBiAGYAcgBSAGMAVgB6ADMAYgB5AG8AWgBTAFMARgBKAFAAbABIAHUAUwBzAEIANQBsAEEAMwBsAE8ARABwAHMAdwAvAGsATQBCAGsAMQAyADgAegBwAGsAMQBGAGQAdQBBAEUAMwByADMAOABUAHgAVgB3AFgAWABuAGEAawBXACsAOABlAGcASwBNAGEAYQBNADYAaQAwADEAWQBUAGEAawBKAHgASQBJAGgARQBZAEIAeABFAG8AOABLADcALwBQAFIARQBKAGgARQBJAGcANAB0AFoAWABZAEgARQBpAG4AQQB5AEIAUgBYADcAdwBpAEIAWABrADAAOABiAHoAUAAwAG0AVQBoAHMAcwBsAHoAbQBmAEEARQBqAHQAOABsAEUARwBhAGYAWgBmAHgASQA3AG8AbQAzAFcATABmAGwASABwAFIAcABpAGMAbwA3AEMAMgBlAGUATABLAHYAQQBuAHYAVgBjAFUAbQBJADEANgA1AE4ASQBqAGEAZABBAHQAVgBIAE0ATgAxAEIAWgA5AG8AaABtAGYAMQBKADUAaQBzAGUAawBvAHcAUABTAGQANABRAD0APQA8AC8ATQBvAGQAdQBsAHUAcwA+AA0ACgA8AC8AUgBTAEEAUABhAHIAYQBtAGUAdABlAHIAcwA+AA==";
var jwtHandler = new JwtSecurityTokenHandler();
// verify this is a valid JWT token
var isValidJwt = jwtHandler.CanReadToken(credentials);
ClaimsUserManager cum = new ClaimsUserManager();
string Userid = cum.getClaimValue("Id", credentials);
ManageUser manageUser = new ManageUser();
var user = manageUser.GetUserById(Userid);
_publicKey = user.PublicToken;
_audience = user.UserName;
var _secret = Encoding.Unicode.GetBytes(_publicKey);
var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(_secret);
var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(
securityKey, SecurityAlgorithms.HmacSha256Signature);
if (!isValidJwt)
{
return(null);
}
// at this point you would want to validate the JWT internals --
// minimally signing key and lifetime, but probably issuer and
// audience as well. Note some profiles of JWT require validating
// certain features (ex. OAuth).
TokenValidationParameters validationParameters = new TokenValidationParameters
{
ValidateAudience = false,
ValidAudiences = new[] { _audience },
ValidateIssuer = false,
ValidIssuers = new[] { _validIssuer },
RequireSignedTokens = true,
ValidateIssuerSigningKey = true,
IssuerSigningKeys = new[] { securityKey },
//RequireExpirationTime = true,
//ValidateLifetime = true,
//ClockSkew = TimeSpan.FromHours(500), // limit the lifetime padding
//NameClaimType = ClaimTypes.NameIdentifier,
//AuthenticationType = SupportedTokenScheme
};
SecurityToken validatedToken = new JwtSecurityToken();
ClaimsPrincipal principal = jwtHandler.ValidateToken(credentials, validationParameters, out validatedToken);
// Add any other locally-generated claims you might want downstream code
// to have access to.
// In this example we set a few claim names we might re-use across a
// number of token handlers
((ClaimsIdentity)principal.Identity).AddClaim(new Claim("urn:Issuer",
validatedToken.Issuer));
((ClaimsIdentity)principal.Identity).AddClaim(new Claim("urn:TokenScheme",
SupportedTokenScheme));
// if you think any downstream code might want the original token string -
// perhaps because they need it to make downstream calls -
// store it in a standard claim name or the bootstrap context
// for later retrieval by the other filters/action methods
((ClaimsIdentity)principal.Identity).BootstrapContext = credentials;
return(await Task.FromResult(principal));
}