/// <summary> /// Generates a new Jwt Access token based on the Sso Login Dto /// </summary> /// <param name="loginDto"></param> /// <returns>Token string</returns> public string GenerateToken(SsoLoginRequestDTO loginDto) { var claimsIdentity = new ClaimsIdentity(new List <Claim>() { new Claim(ClaimNames.Username, loginDto.Username), new Claim(ClaimNames.Password, loginDto.Password), new Claim(ClaimNames.RoleType, loginDto.RoleType), new Claim(ClaimNames.Application, ClaimValues.Ecs) }); var now = DateTime.UtcNow; var symmetricKey = Encoding.UTF8.GetBytes(Secrets.SsoAccessTokenSecret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = claimsIdentity, IssuedAt = now, SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(symmetricKey), SecurityAlgorithms.HmacSha256Signature), }; var tokenHandler = new JwtSecurityTokenHandler(); var stoken = tokenHandler.CreateToken(tokenDescriptor); var token = tokenHandler.WriteToken(stoken); return(token); }
/// <summary> /// Entry point for business logic related to logging in PartialAccounts and Accounts /// </summary> /// <param name="loginDto"></param> /// <returns></returns> public HttpResponseMessage Login(SsoLoginRequestDTO loginDto) { // Partial Account will be null or Account will be null. var partialAccount = _partialAccountLogic.GetPartialAccount(loginDto.Username); var account = _accountLogic.GetSingle(loginDto.Username); // Validate if (partialAccount == null && account == null) { return(new HttpResponseMessage(HttpStatusCode.Unauthorized)); } if (partialAccount != null && account != null) { return(new HttpResponseMessage(HttpStatusCode.InternalServerError)); } if (partialAccount != null) { return(PartialAccountLoginHelper(loginDto, partialAccount)); } if (account != null) { return(AccountLoginHelper(loginDto, account)); } return(new HttpResponseMessage(HttpStatusCode.InternalServerError)); }
public SsoLoginRequestDTO Fetch(AccountCredentialDTO credentials) { var loginDto = new SsoLoginRequestDTO { Username = credentials.Username, Password = credentials.Password, RoleType = _partialAccountLogic.GetPartialAccount(credentials.Username).AccountType }; return(loginDto); }
public SsoLoginRequestDTO Fetch(HttpRequestContext context) { var loginDto = new SsoLoginRequestDTO { Username = SsoJwtManager.Instance.GetClaimValue(context.Principal, ClaimNames.Username), Password = SsoJwtManager.Instance.GetClaimValue(context.Principal, ClaimNames.Password), RoleType = SsoJwtManager.Instance.GetClaimValue(context.Principal, ClaimNames.RoleType) }; return(loginDto); }
public void PrintSsoToken(string password, string roleType, string username) { SsoLoginRequestDTO loginDto = new SsoLoginRequestDTO { Password = password, RoleType = roleType, Username = username }; _instance._output.WriteLine(SsoJwtManager.Instance.GenerateToken(loginDto)); }
public void ShouldBeSameToken(string username, string password, string roleType) { SsoLoginRequestDTO loginDto = new SsoLoginRequestDTO { Password = password, RoleType = roleType, Username = username }; string token1 = SsoJwtManager.Instance.GenerateToken(loginDto); string token2 = SsoJwtManager.Instance.GenerateToken(loginDto); Assert.Equal(token1, token2); }
/// <summary> /// Login for PartialAccount route. /// </summary> /// <param name="loginDto"></param> /// <param name="partialAccount"></param> /// <returns></returns> private HttpResponseMessage PartialAccountLoginHelper(SsoLoginRequestDTO loginDto, PartialAccount partialAccount) { // Provide Partial Account RoleType loginDto.RoleType = partialAccount.AccountType; // Generate our token for them. var partialAccountToken = SsoJwtManager.Instance.GenerateToken(loginDto); return(new HttpResponseMessage { Content = new StringContent(UrlConstants.BaseAppClient + "partial-registration?jwt=" + partialAccountToken), StatusCode = HttpStatusCode.OK }); }
public void ShouldNotBeTheSameToken(int ms, string password, string roleType, string username) { SsoLoginRequestDTO loginDto = new SsoLoginRequestDTO { Password = password, RoleType = roleType, Username = username }; string token1 = SsoJwtManager.Instance.GenerateToken(loginDto); Thread.Sleep(ms); string token2 = SsoJwtManager.Instance.GenerateToken(loginDto); Assert.NotEqual(token1, token2); }
/// <summary> /// Login for Account route. /// </summary> /// <param name="loginDto"></param> /// <param name="account"></param> /// <returns></returns> private HttpResponseMessage AccountLoginHelper(SsoLoginRequestDTO loginDto, Account account) { var saltModel = _saltLogic.GetSalt(loginDto.Username); if (saltModel == null) { return(new HttpResponseMessage(HttpStatusCode.InternalServerError)); } // Make sure you append the salt, not prepend (group decision). var hashedPassword = HashService.Instance.HashPasswordWithSalt(saltModel.PasswordSalt, loginDto.Password, true); if (!account.Password.Equals(hashedPassword)) { return(new HttpResponseMessage(HttpStatusCode.Unauthorized)); } var token = JwtManager.Instance.GenerateToken(loginDto.Username); // Grab the previous access token associated with the account. var accountAccessToken = _jAccessTokenLogic.GetJAccessToken(loginDto.Username); if (accountAccessToken != null) { // Set current account token to expired list. var expiredToken = new ExpiredAccessToken(accountAccessToken.Value, false); _expiredAccessTokenLogic.Create(expiredToken); // Updated new access token. accountAccessToken.Value = token; _jAccessTokenLogic.Update(accountAccessToken); } // Redirect them to our Home page with their credentials logged. return(new HttpResponseMessage { Content = new StringContent(UrlConstants.BaseAppClient + "home?jwt=" + token), StatusCode = HttpStatusCode.OK }); }