public TokenEntities GenerateToken(Guid UserId)
{
Guid token = Guid.NewGuid();
DateTime issuedOn = DateTime.Now;
DateTime expireOn = DateTime.Now.AddSeconds(Convert.ToDouble(ConfigurationManager.AppSettings["AuthTokenExpiry"]));
var tokenModel = new Token()
{
TokenId = token,
UserId = UserId,
AuthToken = token.ToString(),
ExpireOn = expireOn,
IssuedOn = issuedOn
};
_unit.TokenGenericType.Insert(tokenModel);
_unit.Save();
var tokenEnities = new TokenEntities()
{
TokenId = token,
UserId = UserId,
AuthToken = token.ToString(),
ExpireOn = expireOn,
IssuedOn = issuedOn
};
return(tokenEnities);
}
public Models.TokenEntities GenerateToken(int userId)
{
string token = Guid.NewGuid().ToString();
DateTime issuedOn = DateTime.Now;
DateTime expiredOn = DateTime.Now.AddSeconds(
Convert.ToDouble(ConfigurationManager.AppSettings["AuthTokenExpiry"]));
var tokendomain = new Token
{
UserId = userId,
AuthToken = token,
IssuedOn = issuedOn,
ExpiresOn = expiredOn
};
db.Tokens.Add(tokendomain);
db.SaveChanges();
//_unitOfWork.TokenRepository.Insert(tokendomain);
//_unitOfWork.Save();
var tokenModel = new TokenEntities()
{
UserId = userId,
IssuedOn = issuedOn,
ExpiresOn = expiredOn,
AuthToken = token
};
return(tokenModel);
}
protected String GeneretaToken(String users, String password)
{
var fecha = DateTime.Now.AddHours(-7);
String baseAddress = "http://chemita96-001-site1.dtempurl.com";
//String baseAddress = "http://localhost:16669";
TokenEntities tokenEntities = new TokenEntities();
using (var client = new HttpClient())
{
var form = new Dictionary <string, string>
{
{ "grant_type", "password" },
{ "username", users },
{ "password", password },
};
var tokenResponse = client.PostAsync(baseAddress + "/oauth/token", new FormUrlEncodedContent(form)).Result;
//CONVERT
tokenEntities = tokenResponse.Content.ReadAsAsync <TokenEntities>(new[] { new JsonMediaTypeFormatter() }).Result;
if (tokenEntities.accessToken == null)
{
return(null);
}
else
{
var EmployeeBD = new Employee();
EmployeeBD = context.Employee.First(x => x.Users == users);
EmployeeBD.TokenEmployee.AccessToken = tokenEntities.accessToken;
EmployeeBD.TokenEmployee.ExpireInToken = tokenEntities.expiresIn;
EmployeeBD.TokenEmployee.ErrorToken = tokenEntities.error;
EmployeeBD.TokenEmployee.TypeToken = tokenEntities.tokenType;
EmployeeBD.TokenEmployee.RefreshToken = tokenEntities.refreshToken;
EmployeeBD.TokenEmployee.Issued = fecha;
EmployeeBD.TokenEmployee.Expires = fecha.AddHours(24);
EmployeeBD.TokenEmployee.State = ConstantHelper.Status.ACTIVE;
context.SaveChanges();
}
return(tokenEntities.accessToken);
}
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
if (!Request.Cookies.ContainsKey(AccessToken) || !Request.Cookies.ContainsKey(User_Id))
{
Log.Error("No Access Token or User Id found.");
return(await Task.FromResult(AuthenticateResult.NoResult()));
}
if (!AuthenticationHeaderValue.TryParse($"{"Bearer " + Request.Cookies[AccessToken]}",
out AuthenticationHeaderValue headerValue))
{
Log.Error("Could not Parse Token from Authentication Header.");
return(await Task.FromResult(AuthenticateResult.NoResult()));
}
if (!AuthenticationHeaderValue.TryParse($"{"Bearer " + Request.Cookies[User_Id]}",
out AuthenticationHeaderValue headerValueUid))
{
Log.Error("Could not Parse User Id from Authentication Header.");
return(await Task.FromResult(AuthenticateResult.NoResult()));
}
try
{
/* STEP 1. Get the Validation Parameters for our applications JWT Token */
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
/* STEP 2. Create an instance of Jwt token handler */
var handler = new JwtSecurityTokenHandler();
/* STEP 3. Create an instance of Jwt token validation parameters */
TokenValidationParameters validationParameters =
new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidateAudience = true,
ValidIssuer = _appSettings.Site,
ValidAudience = _appSettings.Audience,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
/* STEP 4. Get the Data protection service instance */
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
/* STEP 5. create a protector instance */
var protector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
/* STEP 6. Layer One Unprotect the user id */
var decryptedUid = protector.Unprotect(headerValueUid.Parameter);
/* STEP 7. Layer One Unprotect the user token */
var decryptedToken = protector.Unprotect(headerValue.Parameter);
/* STEP 8. Create an instance of the user tokenModel */
TokenEntities tokenModel = new TokenEntities();
/* STEP 9 Get the existing token for the user from Database using a scoped request */
using (var scope = _provider.CreateScope())
{
var dbContextService = scope.ServiceProvider.GetService <ApplicationDbContext>();
var userToken = dbContextService.Tokens.Include(x => x.User)
.FirstOrDefault(ut => ut.UserId == decryptedUid &&
ut.User.UserName == Request.Cookies[Username] &&
ut.User.Id == decryptedUid &&
ut.User.UserRole == "Administrator");
tokenModel = userToken;
}
/* Step 11. Check if tokenmodel is null */
if (tokenModel == null)
{
return(await Task.FromResult(AuthenticateResult.Fail("You are not authorized to View this Page")));
}
/* STEP 12. Apply second layer of decryption using the key store in the token model */
/* STEP 12.1 Create Protector instance for layer two using token model key */
/* IMPORTANT - If no key exists or key is invalid - exception will be thrown */
IDataProtector layerTwoProtector = protectorProvider.CreateProtector(tokenModel?.EncryptionKeyJwt);
string decryptedTokenLayerTwo = layerTwoProtector.Unprotect(decryptedToken);
/* STEP 13. Validate the token we received - using validation parameters set in step 3 */
/* IMPORTANT - If the validation fails - the method ValidateToken will throw exception */
var validateToken = handler.ValidateToken(decryptedTokenLayerTwo, validationParameters, out var securityToken);
/* STEP 14. Checking Token Signature */
if (!(securityToken is JwtSecurityToken jwtSecurityToken) ||
!jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256,
StringComparison.InvariantCultureIgnoreCase))
{
return(await Task.FromResult(AuthenticateResult.Fail("Your are not authorized")));
}
/* STEP 15. Extract the username from the validated token */
var username = validateToken.Claims.FirstOrDefault(claim => claim.Type == ClaimTypes.NameIdentifier)?.Value;
if (Request.Cookies[Username] != username)
{
return(await Task.FromResult(AuthenticateResult.Fail("You are not authorized to View this Page")));
}
/* STEP 16. Get User by their email */
var user = await _userManager.FindByNameAsync(username);
/* STEP 17. If user does not exist return authentication failed result */
if (user == null)
{
return(await Task.FromResult(AuthenticateResult.Fail("You are not authorized to View this Page")));
}
/* STEP 18. We need to check if the user belongs to the group of user-roles */
if (!UserRoles.Contains(user.UserRole))
{
return(await Task.FromResult(AuthenticateResult.Fail("You are not authorized to View this Page")));
}
/* STEP 19. Now we will create an authentication ticket, as the token is valid */
var identity = new ClaimsIdentity(validateToken.Claims, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return(await Task.FromResult(AuthenticateResult.Success(ticket)));
}
catch (Exception ex)
{
Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
return(await Task.FromResult(AuthenticateResult.Fail("Your are not authorized")));
}
}
private async Task <TokenResponseModel> GenerateNewToken(ApplicationUserEntities user, LoginViewModel model)
{
// Create a key to encrypt the JWT
var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_appSettings.Secret));
// Get user role => check if user is admin
var roles = await _userManager.GetRolesAsync(user);
// Creating JWT token
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new Claim[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.UserName), // Sub - Identifies principal that issued the JWT
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), // Jti - Unique identifier of the token
new Claim(ClaimTypes.NameIdentifier, user.Id), // Unique Identifier of the user
new Claim(ClaimTypes.Role, roles.FirstOrDefault()), // Role of the user
new Claim("LoggedOn", DateTime.Now.ToString(CultureInfo.InvariantCulture)), // Time When Created
}),
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature),
Issuer = _appSettings.Site, // Issuer - Identifies principal that issued the JWT.
Audience = _appSettings.Audience, // Audience - Identifies the recipients that the JWT is intended for.
Expires = (string.Equals(roles.FirstOrDefault(), "Administrator", StringComparison.CurrentCultureIgnoreCase)) ? DateTime.UtcNow.AddMinutes(60) : DateTime.UtcNow.AddMinutes(Convert.ToDouble(_appSettings.ExpireTime))
};
/* Create the unique encryption key for token - 2nd layer protection */
var encryptionKeyRt = Guid.NewGuid().ToString();
var encryptionKeyJwt = Guid.NewGuid().ToString();
/* Get the Data protection service instance */
var protectorProvider = _provider.GetService <IDataProtectionProvider>();
/* Create a protector instance */
var protectorJwt = protectorProvider.CreateProtector(encryptionKeyJwt);
/* Generate Token and Protect the user token */
var token = tokenHandler.CreateToken(tokenDescriptor);
var encryptedToken = protectorJwt.Protect(tokenHandler.WriteToken(token));
/* Create and update the token table */
TokenEntities newRtoken = new TokenEntities();
/* Create refresh token instance */
newRtoken = CreateRefreshToken(_appSettings.ClientId, user.Id, Convert.ToInt32(_appSettings.RtExpireTime));
/* assign the tne JWT encryption key */
newRtoken.EncryptionKeyJwt = encryptionKeyJwt;
newRtoken.EncryptionKeyRt = encryptionKeyRt;
/* Add Refresh Token with Encryption Key for JWT to DB */
try
{
// First we need to check if the user has already logged in and has tokens in DB
var rt = _db.Tokens
.FirstOrDefault(t => t.UserId == user.Id);
if (rt != null)
{
// invalidate the old refresh token (by deleting it)
_db.Tokens.Remove(rt);
// add the new refresh token
_db.Tokens.Add(newRtoken);
}
else
{
await _db.Tokens.AddAsync(newRtoken);
}
// persist changes in the DB
await _db.SaveChangesAsync();
}
catch (Exception ex)
{
Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}",
ex.Message, ex.StackTrace, ex.InnerException, ex.Source);
}
// Return Response containing encrypted token
var protectorRt = protectorProvider.CreateProtector(encryptionKeyRt);
var layerOneProtector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey);
var encAuthToken = new TokenResponseModel
{
Token = layerOneProtector.Protect(encryptedToken),
Expiration = token.ValidTo,
RefreshToken = protectorRt.Protect(newRtoken.Value),
Role = roles.FirstOrDefault(),
Username = user.UserName,
UserId = layerOneProtector.Protect(user.Id),
ResponseInfo = CreateResponse("Auth Token Created", HttpStatusCode.OK)
};
return(encAuthToken);
}
public void Login(LoginEntities model)
{
if (!String.IsNullOrEmpty(model.users) || !String.IsNullOrEmpty(model.password))
{
var employee = context.Employee.FirstOrDefault(x => x.Users == model.users && x.State == ConstantHelper.Status.ACTIVE);
var password = CipherLogic.Cipher(CipherAction.Decrypt, CipherType.UserPassword, employee.Password);
//COMPARATION PASSWORD
if (password == model.password)
{
//DOMAIN
//String baseAddress = "http://chemita96-001-site1.dtempurl.com";
String baseAddress = "http://localhost:16669";
//CREATE A NEW TOKEN FOR EMPLOYEE
if (!employee.TokenEmployeeId.HasValue)
{
var fecha = DateTime.Now.AddHours(-7);
TokenEntities tokenEntities = new TokenEntities();
using (var client = new HttpClient())
{
var form = new Dictionary <string, string>
{
{ "grant_type", "password" },
{ "username", employee.Users },
{ "password", password },
};
var tokenResponse = client.PostAsync(baseAddress + "/oauth/token", new FormUrlEncodedContent(form)).Result;
//CONVERT
tokenEntities = tokenResponse.Content.ReadAsAsync <TokenEntities>(new[] { new JsonMediaTypeFormatter() }).Result;
if (tokenEntities.accessToken != null)
{
//IF TOKEN IS NULL ADD KEY AND SAVE IN DATA BASE
var tokenEmployee = new TokenEmployee();
context.TokenEmployee.Add(tokenEmployee);
tokenEmployee.AccessToken = tokenEntities.accessToken;
tokenEmployee.ExpireInToken = tokenEntities.expiresIn;
tokenEmployee.ErrorToken = tokenEntities.error;
tokenEmployee.TypeToken = tokenEntities.tokenType;
tokenEmployee.RefreshToken = tokenEntities.refreshToken;
tokenEmployee.Issued = fecha;
tokenEmployee.Expires = fecha.AddHours(24);
tokenEmployee.State = ConstantHelper.Status.ACTIVE;
context.SaveChanges();
//LINK EMPLOYEE WITH TOKEN
employee.TokenEmployeeId = tokenEmployee.TokenEmployeeId;
context.SaveChanges();
}
}
//SHOW HOW TO JSON
token.accessToken = tokenEntities.accessToken;
token.tokenType = tokenEntities.tokenType;
token.expiresIn = tokenEntities.expiresIn;
token.refreshToken = tokenEntities.refreshToken;
token.username = employee.Users;
token.issued = fecha;
token.expires = fecha.AddHours(24);
}
}
}
}
public HttpResponseMessage LoginEmployee(LoginEntities model)
{
var HttpResponse = new HttpResponseMessage();
try
{
// IF MODEL IS NULL
if (model == null)
{
HttpResponse = new HttpResponseMessage(HttpStatusCode.NoContent);
response.Code = HttpStatusCode.NoContent;
response.Message = "No Content";
response.Result = null;
HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response));
HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
return(HttpResponse);
}
Employee employee = new Employee();
//VALIDATE DATA
if (!String.IsNullOrEmpty(model.users) || !String.IsNullOrEmpty(model.password))
{
employee = context.Employee.FirstOrDefault(x => x.Users == model.users && x.State == ConstantHelper.Status.ACTIVE);
//EMPLOYEE DO NOT EXIST
if (employee == null)
{
HttpResponse = new HttpResponseMessage(HttpStatusCode.NotFound);
response.Code = HttpStatusCode.NotFound;
response.Message = "Not Found";
response.Result = null;
HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response));
HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
return(HttpResponse);
}
var password = CipherLogic.Cipher(CipherAction.Decrypt, CipherType.UserPassword, employee.Password);
//COMPARATION PASSWORD
if (password == model.password)
{
//DOMAIN
String baseAddress = "http://chemita96-001-site1.dtempurl.com";
//String baseAddress = "http://localhost:16669";
//CREATE A NEW TOKEN FOR EMPLOYEE
if (!employee.TokenEmployeeId.HasValue)
{
var fecha = DateTime.Now.AddHours(-7);
TokenEntities tokenEntities = new TokenEntities();
using (var client = new HttpClient())
{
var form = new Dictionary <string, string>
{
{ "grant_type", "password" },
{ "username", employee.Users },
{ "password", password },
};
var tokenResponse = client.PostAsync(baseAddress + "/oauth/token", new FormUrlEncodedContent(form)).Result;
//CONVERT
tokenEntities = tokenResponse.Content.ReadAsAsync <TokenEntities>(new[] { new JsonMediaTypeFormatter() }).Result;
if (tokenEntities.accessToken == null)
{
HttpResponse = new HttpResponseMessage(HttpStatusCode.BadGateway);
response.Code = HttpStatusCode.BadRequest;
response.Message = "Bad Request";
response.Result = null;
HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response));
HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
return(HttpResponse);
}
else
{
//IF TOKEN IS NULL ADD KEY AND SAVE IN DATA BASE
var tokenEmployee = new TokenEmployee();
context.TokenEmployee.Add(tokenEmployee);
tokenEmployee.AccessToken = tokenEntities.accessToken;
tokenEmployee.ExpireInToken = tokenEntities.expiresIn;
tokenEmployee.ErrorToken = tokenEntities.error;
tokenEmployee.TypeToken = tokenEntities.tokenType;
tokenEmployee.RefreshToken = tokenEntities.refreshToken;
tokenEmployee.Issued = fecha;
tokenEmployee.Expires = fecha.AddHours(24);
tokenEmployee.State = ConstantHelper.Status.ACTIVE;
context.SaveChanges();
//LINK EMPLOYEE WITH TOKEN
employee.TokenEmployeeId = tokenEmployee.TokenEmployeeId;
context.SaveChanges();
}
}
//SHOW HOW TO JSON
token.accessToken = tokenEntities.accessToken;
token.tokenType = tokenEntities.tokenType;
token.expiresIn = tokenEntities.expiresIn;
token.refreshToken = tokenEntities.refreshToken;
token.username = employee.Users;
token.issued = fecha;
token.expires = fecha.AddHours(24);
var company = context.Company.FirstOrDefault(x => x.EmployeeId == employee.EmployeeId);
token.companyId = company.CompanyId;
token.employeeId = employee.EmployeeId;
response.Code = HttpStatusCode.OK;
response.Message = "Success";
response.Result = token;
//RESULT
HttpResponse = new HttpResponseMessage(HttpStatusCode.OK);
HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response));
HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
}
else if (employee.TokenEmployeeId.HasValue)
{
//verificar si el token esta activo
bool verificar = ValidateToken(employee.TokenEmployee.AccessToken);
if (!verificar)
{
var tokenString = employee.TokenEmployee.AccessToken;
var employeeData = context.Employee.FirstOrDefault(x => x.TokenEmployee.AccessToken == tokenString);
var pwd = CipherLogic.Cipher(CipherAction.Decrypt, CipherType.UserPassword, employee.Password);
var newToken = GeneretaToken(employeeData.Users, pwd);
var tokenEmployee = context.TokenEmployee.FirstOrDefault(x => x.AccessToken == newToken);
token.accessToken = tokenEmployee.AccessToken;
token.tokenType = tokenEmployee.TypeToken;
token.expiresIn = tokenEmployee.ExpireInToken;
token.refreshToken = tokenEmployee.RefreshToken;
token.username = employeeData.Users;
token.issued = tokenEmployee.Issued;
token.expires = tokenEmployee.Expires;
var company = context.Company.FirstOrDefault(x => x.EmployeeId == employee.EmployeeId);
token.companyId = company.CompanyId;
token.employeeId = employee.EmployeeId;
}
{
token.accessToken = employee.TokenEmployee.AccessToken;
token.tokenType = employee.TokenEmployee.TypeToken;
token.expiresIn = employee.TokenEmployee.ExpireInToken;
token.refreshToken = employee.TokenEmployee.RefreshToken;
token.username = employee.Users;
token.issued = employee.TokenEmployee.Issued;
token.expires = employee.TokenEmployee.Expires;
var company = context.Company.FirstOrDefault(x => x.EmployeeId == employee.EmployeeId);
token.companyId = company.CompanyId;
token.employeeId = employee.EmployeeId;
}
response.Code = HttpStatusCode.OK;
response.Message = "Success";
response.Result = token;
HttpResponse = new HttpResponseMessage(HttpStatusCode.OK);
HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response));
HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
}
}
}
//EMPLOYEE WAS DELETE
if (employee.State == ConstantHelper.Status.INACTIVE)
{
HttpResponse = new HttpResponseMessage(HttpStatusCode.NotFound);
response.Code = HttpStatusCode.NotFound;
response.Message = "Not Found";
response.Result = null;
HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response));
HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
return(HttpResponse);
}
return(HttpResponse);
}
catch (Exception ex)
{
HttpResponse = new HttpResponseMessage(HttpStatusCode.BadGateway);
response.Message = "Bad Gateway";
response.Result = null;
HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response));
HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
return(HttpResponse);
}
}
