public Task Invoke(HttpContext context, Services.Contracts.IAccountService accountService) { GuardUtils.NotNull(context, nameof(context)); if (!context.Request.Path.Equals(_options.Path, StringComparison.Ordinal)) { return(_next(context)); } if (context.Request.Method.Equals("POST") && context.Request.HasFormContentType) { return(GenerateToken(context, accountService)); } context.Response.StatusCode = StatusCodes.Status400BadRequest; return(context.Response.WriteAsync("Bad request.")); }
private async Task GenerateToken(HttpContext context, Services.Contracts.IAccountService accountService) { var auth_success = false; var username = context.Request.Form["username"]; var password = context.Request.Form["password"]; var authentication = context.Request.Form["authentication"]; if (!string.IsNullOrEmpty(authentication)) { var dynamic = Newtonsoft.Json.JsonConvert.DeserializeObject <dynamic>(authentication.ToString().SafeDecoded()); SortedDictionary <string, string> sArray = new SortedDictionary <string, string>(); sArray.Add("UserName", dynamic.UserName.ToString()); sArray.Add("TimeStamp", dynamic.TimeStamp.ToString()); sArray.Add("Sign", dynamic.Sign.ToString()); if (SecuritySign.VerifyWithTimeStamp(sArray, sArray["Sign"], Convert.ToInt64(sArray["TimeStamp"]))) { auth_success = true; username = dynamic.UserName.ToString(); } else { context.Response.StatusCode = StatusCodes.Status400BadRequest; await context.Response.WriteAsync("Invalid authentication."); } } if (!auth_success) { var identity = await _options.IdentityResolver(username, password, accountService); if (identity == null) { context.Response.StatusCode = StatusCodes.Status400BadRequest; await context.Response.WriteAsync("Invalid username or password."); return; } } var userInfo = await accountService.GetUserAuthInfo(username); var now = DateTime.UtcNow; var claims = new Claim[] { new Claim(JwtRegisteredClaimNames.Sub, username), new Claim(JwtRegisteredClaimNames.Jti, await _options.NonceGenerator()), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUniversalTime().ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64), new Claim(JwtClaimNamesConst.Org, userInfo.OrganizationId.ToString(), ClaimValueTypes.String), new Claim(JwtClaimNamesConst.UseName, userInfo.Name, ClaimValueTypes.String), new Claim(JwtClaimNamesConst.Func, string.Join(",", userInfo.Functions.Select(x => x.ToString()).ToArray())) }; // Create the JWT and write it to a string var jwt = new JwtSecurityToken( issuer: _options.Issuer, audience: _options.Audience, claims: claims, notBefore: now, expires: now.Add(_options.Expiration), signingCredentials: _options.SigningCredentials); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); var response = new { access_token = encodedJwt, expires_in = (int)_options.Expiration.TotalSeconds, user_name = userInfo.Name, user_func = string.Join(",", userInfo.Functions.Select(x => x.ToString()).ToArray()) }; // Serialize and return the response context.Response.ContentType = "application/json"; await context.Response.WriteAsync(JsonConvert.SerializeObject(response, _serializerSettings)); }