public TokenEntities GenerateToken(Guid UserId) { Guid token = Guid.NewGuid(); DateTime issuedOn = DateTime.Now; DateTime expireOn = DateTime.Now.AddSeconds(Convert.ToDouble(ConfigurationManager.AppSettings["AuthTokenExpiry"])); var tokenModel = new Token() { TokenId = token, UserId = UserId, AuthToken = token.ToString(), ExpireOn = expireOn, IssuedOn = issuedOn }; _unit.TokenGenericType.Insert(tokenModel); _unit.Save(); var tokenEnities = new TokenEntities() { TokenId = token, UserId = UserId, AuthToken = token.ToString(), ExpireOn = expireOn, IssuedOn = issuedOn }; return(tokenEnities); }
public Models.TokenEntities GenerateToken(int userId) { string token = Guid.NewGuid().ToString(); DateTime issuedOn = DateTime.Now; DateTime expiredOn = DateTime.Now.AddSeconds( Convert.ToDouble(ConfigurationManager.AppSettings["AuthTokenExpiry"])); var tokendomain = new Token { UserId = userId, AuthToken = token, IssuedOn = issuedOn, ExpiresOn = expiredOn }; db.Tokens.Add(tokendomain); db.SaveChanges(); //_unitOfWork.TokenRepository.Insert(tokendomain); //_unitOfWork.Save(); var tokenModel = new TokenEntities() { UserId = userId, IssuedOn = issuedOn, ExpiresOn = expiredOn, AuthToken = token }; return(tokenModel); }
protected String GeneretaToken(String users, String password) { var fecha = DateTime.Now.AddHours(-7); String baseAddress = "http://chemita96-001-site1.dtempurl.com"; //String baseAddress = "http://localhost:16669"; TokenEntities tokenEntities = new TokenEntities(); using (var client = new HttpClient()) { var form = new Dictionary <string, string> { { "grant_type", "password" }, { "username", users }, { "password", password }, }; var tokenResponse = client.PostAsync(baseAddress + "/oauth/token", new FormUrlEncodedContent(form)).Result; //CONVERT tokenEntities = tokenResponse.Content.ReadAsAsync <TokenEntities>(new[] { new JsonMediaTypeFormatter() }).Result; if (tokenEntities.accessToken == null) { return(null); } else { var EmployeeBD = new Employee(); EmployeeBD = context.Employee.First(x => x.Users == users); EmployeeBD.TokenEmployee.AccessToken = tokenEntities.accessToken; EmployeeBD.TokenEmployee.ExpireInToken = tokenEntities.expiresIn; EmployeeBD.TokenEmployee.ErrorToken = tokenEntities.error; EmployeeBD.TokenEmployee.TypeToken = tokenEntities.tokenType; EmployeeBD.TokenEmployee.RefreshToken = tokenEntities.refreshToken; EmployeeBD.TokenEmployee.Issued = fecha; EmployeeBD.TokenEmployee.Expires = fecha.AddHours(24); EmployeeBD.TokenEmployee.State = ConstantHelper.Status.ACTIVE; context.SaveChanges(); } return(tokenEntities.accessToken); } }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { if (!Request.Cookies.ContainsKey(AccessToken) || !Request.Cookies.ContainsKey(User_Id)) { Log.Error("No Access Token or User Id found."); return(await Task.FromResult(AuthenticateResult.NoResult())); } if (!AuthenticationHeaderValue.TryParse($"{"Bearer " + Request.Cookies[AccessToken]}", out AuthenticationHeaderValue headerValue)) { Log.Error("Could not Parse Token from Authentication Header."); return(await Task.FromResult(AuthenticateResult.NoResult())); } if (!AuthenticationHeaderValue.TryParse($"{"Bearer " + Request.Cookies[User_Id]}", out AuthenticationHeaderValue headerValueUid)) { Log.Error("Could not Parse User Id from Authentication Header."); return(await Task.FromResult(AuthenticateResult.NoResult())); } try { /* STEP 1. Get the Validation Parameters for our applications JWT Token */ var key = Encoding.ASCII.GetBytes(_appSettings.Secret); /* STEP 2. Create an instance of Jwt token handler */ var handler = new JwtSecurityTokenHandler(); /* STEP 3. Create an instance of Jwt token validation parameters */ TokenValidationParameters validationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, ValidateIssuer = true, ValidateAudience = true, ValidIssuer = _appSettings.Site, ValidAudience = _appSettings.Audience, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateLifetime = true, ClockSkew = TimeSpan.Zero }; /* STEP 4. Get the Data protection service instance */ var protectorProvider = _provider.GetService <IDataProtectionProvider>(); /* STEP 5. create a protector instance */ var protector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey); /* STEP 6. Layer One Unprotect the user id */ var decryptedUid = protector.Unprotect(headerValueUid.Parameter); /* STEP 7. Layer One Unprotect the user token */ var decryptedToken = protector.Unprotect(headerValue.Parameter); /* STEP 8. Create an instance of the user tokenModel */ TokenEntities tokenModel = new TokenEntities(); /* STEP 9 Get the existing token for the user from Database using a scoped request */ using (var scope = _provider.CreateScope()) { var dbContextService = scope.ServiceProvider.GetService <ApplicationDbContext>(); var userToken = dbContextService.Tokens.Include(x => x.User) .FirstOrDefault(ut => ut.UserId == decryptedUid && ut.User.UserName == Request.Cookies[Username] && ut.User.Id == decryptedUid && ut.User.UserRole == "Administrator"); tokenModel = userToken; } /* Step 11. Check if tokenmodel is null */ if (tokenModel == null) { return(await Task.FromResult(AuthenticateResult.Fail("You are not authorized to View this Page"))); } /* STEP 12. Apply second layer of decryption using the key store in the token model */ /* STEP 12.1 Create Protector instance for layer two using token model key */ /* IMPORTANT - If no key exists or key is invalid - exception will be thrown */ IDataProtector layerTwoProtector = protectorProvider.CreateProtector(tokenModel?.EncryptionKeyJwt); string decryptedTokenLayerTwo = layerTwoProtector.Unprotect(decryptedToken); /* STEP 13. Validate the token we received - using validation parameters set in step 3 */ /* IMPORTANT - If the validation fails - the method ValidateToken will throw exception */ var validateToken = handler.ValidateToken(decryptedTokenLayerTwo, validationParameters, out var securityToken); /* STEP 14. Checking Token Signature */ if (!(securityToken is JwtSecurityToken jwtSecurityToken) || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase)) { return(await Task.FromResult(AuthenticateResult.Fail("Your are not authorized"))); } /* STEP 15. Extract the username from the validated token */ var username = validateToken.Claims.FirstOrDefault(claim => claim.Type == ClaimTypes.NameIdentifier)?.Value; if (Request.Cookies[Username] != username) { return(await Task.FromResult(AuthenticateResult.Fail("You are not authorized to View this Page"))); } /* STEP 16. Get User by their email */ var user = await _userManager.FindByNameAsync(username); /* STEP 17. If user does not exist return authentication failed result */ if (user == null) { return(await Task.FromResult(AuthenticateResult.Fail("You are not authorized to View this Page"))); } /* STEP 18. We need to check if the user belongs to the group of user-roles */ if (!UserRoles.Contains(user.UserRole)) { return(await Task.FromResult(AuthenticateResult.Fail("You are not authorized to View this Page"))); } /* STEP 19. Now we will create an authentication ticket, as the token is valid */ var identity = new ClaimsIdentity(validateToken.Claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, Scheme.Name); return(await Task.FromResult(AuthenticateResult.Success(ticket))); } catch (Exception ex) { Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}", ex.Message, ex.StackTrace, ex.InnerException, ex.Source); return(await Task.FromResult(AuthenticateResult.Fail("Your are not authorized"))); } }
private async Task <TokenResponseModel> GenerateNewToken(ApplicationUserEntities user, LoginViewModel model) { // Create a key to encrypt the JWT var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(_appSettings.Secret)); // Get user role => check if user is admin var roles = await _userManager.GetRolesAsync(user); // Creating JWT token var tokenHandler = new JwtSecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(JwtRegisteredClaimNames.Sub, user.UserName), // Sub - Identifies principal that issued the JWT new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), // Jti - Unique identifier of the token new Claim(ClaimTypes.NameIdentifier, user.Id), // Unique Identifier of the user new Claim(ClaimTypes.Role, roles.FirstOrDefault()), // Role of the user new Claim("LoggedOn", DateTime.Now.ToString(CultureInfo.InvariantCulture)), // Time When Created }), SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature), Issuer = _appSettings.Site, // Issuer - Identifies principal that issued the JWT. Audience = _appSettings.Audience, // Audience - Identifies the recipients that the JWT is intended for. Expires = (string.Equals(roles.FirstOrDefault(), "Administrator", StringComparison.CurrentCultureIgnoreCase)) ? DateTime.UtcNow.AddMinutes(60) : DateTime.UtcNow.AddMinutes(Convert.ToDouble(_appSettings.ExpireTime)) }; /* Create the unique encryption key for token - 2nd layer protection */ var encryptionKeyRt = Guid.NewGuid().ToString(); var encryptionKeyJwt = Guid.NewGuid().ToString(); /* Get the Data protection service instance */ var protectorProvider = _provider.GetService <IDataProtectionProvider>(); /* Create a protector instance */ var protectorJwt = protectorProvider.CreateProtector(encryptionKeyJwt); /* Generate Token and Protect the user token */ var token = tokenHandler.CreateToken(tokenDescriptor); var encryptedToken = protectorJwt.Protect(tokenHandler.WriteToken(token)); /* Create and update the token table */ TokenEntities newRtoken = new TokenEntities(); /* Create refresh token instance */ newRtoken = CreateRefreshToken(_appSettings.ClientId, user.Id, Convert.ToInt32(_appSettings.RtExpireTime)); /* assign the tne JWT encryption key */ newRtoken.EncryptionKeyJwt = encryptionKeyJwt; newRtoken.EncryptionKeyRt = encryptionKeyRt; /* Add Refresh Token with Encryption Key for JWT to DB */ try { // First we need to check if the user has already logged in and has tokens in DB var rt = _db.Tokens .FirstOrDefault(t => t.UserId == user.Id); if (rt != null) { // invalidate the old refresh token (by deleting it) _db.Tokens.Remove(rt); // add the new refresh token _db.Tokens.Add(newRtoken); } else { await _db.Tokens.AddAsync(newRtoken); } // persist changes in the DB await _db.SaveChangesAsync(); } catch (Exception ex) { Log.Error("An error occurred while seeding the database {Error} {StackTrace} {InnerException} {Source}", ex.Message, ex.StackTrace, ex.InnerException, ex.Source); } // Return Response containing encrypted token var protectorRt = protectorProvider.CreateProtector(encryptionKeyRt); var layerOneProtector = protectorProvider.CreateProtector(_dataProtectionKeys.ApplicationUserKey); var encAuthToken = new TokenResponseModel { Token = layerOneProtector.Protect(encryptedToken), Expiration = token.ValidTo, RefreshToken = protectorRt.Protect(newRtoken.Value), Role = roles.FirstOrDefault(), Username = user.UserName, UserId = layerOneProtector.Protect(user.Id), ResponseInfo = CreateResponse("Auth Token Created", HttpStatusCode.OK) }; return(encAuthToken); }
public void Login(LoginEntities model) { if (!String.IsNullOrEmpty(model.users) || !String.IsNullOrEmpty(model.password)) { var employee = context.Employee.FirstOrDefault(x => x.Users == model.users && x.State == ConstantHelper.Status.ACTIVE); var password = CipherLogic.Cipher(CipherAction.Decrypt, CipherType.UserPassword, employee.Password); //COMPARATION PASSWORD if (password == model.password) { //DOMAIN //String baseAddress = "http://chemita96-001-site1.dtempurl.com"; String baseAddress = "http://localhost:16669"; //CREATE A NEW TOKEN FOR EMPLOYEE if (!employee.TokenEmployeeId.HasValue) { var fecha = DateTime.Now.AddHours(-7); TokenEntities tokenEntities = new TokenEntities(); using (var client = new HttpClient()) { var form = new Dictionary <string, string> { { "grant_type", "password" }, { "username", employee.Users }, { "password", password }, }; var tokenResponse = client.PostAsync(baseAddress + "/oauth/token", new FormUrlEncodedContent(form)).Result; //CONVERT tokenEntities = tokenResponse.Content.ReadAsAsync <TokenEntities>(new[] { new JsonMediaTypeFormatter() }).Result; if (tokenEntities.accessToken != null) { //IF TOKEN IS NULL ADD KEY AND SAVE IN DATA BASE var tokenEmployee = new TokenEmployee(); context.TokenEmployee.Add(tokenEmployee); tokenEmployee.AccessToken = tokenEntities.accessToken; tokenEmployee.ExpireInToken = tokenEntities.expiresIn; tokenEmployee.ErrorToken = tokenEntities.error; tokenEmployee.TypeToken = tokenEntities.tokenType; tokenEmployee.RefreshToken = tokenEntities.refreshToken; tokenEmployee.Issued = fecha; tokenEmployee.Expires = fecha.AddHours(24); tokenEmployee.State = ConstantHelper.Status.ACTIVE; context.SaveChanges(); //LINK EMPLOYEE WITH TOKEN employee.TokenEmployeeId = tokenEmployee.TokenEmployeeId; context.SaveChanges(); } } //SHOW HOW TO JSON token.accessToken = tokenEntities.accessToken; token.tokenType = tokenEntities.tokenType; token.expiresIn = tokenEntities.expiresIn; token.refreshToken = tokenEntities.refreshToken; token.username = employee.Users; token.issued = fecha; token.expires = fecha.AddHours(24); } } } }
public HttpResponseMessage LoginEmployee(LoginEntities model) { var HttpResponse = new HttpResponseMessage(); try { // IF MODEL IS NULL if (model == null) { HttpResponse = new HttpResponseMessage(HttpStatusCode.NoContent); response.Code = HttpStatusCode.NoContent; response.Message = "No Content"; response.Result = null; HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response)); HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); return(HttpResponse); } Employee employee = new Employee(); //VALIDATE DATA if (!String.IsNullOrEmpty(model.users) || !String.IsNullOrEmpty(model.password)) { employee = context.Employee.FirstOrDefault(x => x.Users == model.users && x.State == ConstantHelper.Status.ACTIVE); //EMPLOYEE DO NOT EXIST if (employee == null) { HttpResponse = new HttpResponseMessage(HttpStatusCode.NotFound); response.Code = HttpStatusCode.NotFound; response.Message = "Not Found"; response.Result = null; HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response)); HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); return(HttpResponse); } var password = CipherLogic.Cipher(CipherAction.Decrypt, CipherType.UserPassword, employee.Password); //COMPARATION PASSWORD if (password == model.password) { //DOMAIN String baseAddress = "http://chemita96-001-site1.dtempurl.com"; //String baseAddress = "http://localhost:16669"; //CREATE A NEW TOKEN FOR EMPLOYEE if (!employee.TokenEmployeeId.HasValue) { var fecha = DateTime.Now.AddHours(-7); TokenEntities tokenEntities = new TokenEntities(); using (var client = new HttpClient()) { var form = new Dictionary <string, string> { { "grant_type", "password" }, { "username", employee.Users }, { "password", password }, }; var tokenResponse = client.PostAsync(baseAddress + "/oauth/token", new FormUrlEncodedContent(form)).Result; //CONVERT tokenEntities = tokenResponse.Content.ReadAsAsync <TokenEntities>(new[] { new JsonMediaTypeFormatter() }).Result; if (tokenEntities.accessToken == null) { HttpResponse = new HttpResponseMessage(HttpStatusCode.BadGateway); response.Code = HttpStatusCode.BadRequest; response.Message = "Bad Request"; response.Result = null; HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response)); HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); return(HttpResponse); } else { //IF TOKEN IS NULL ADD KEY AND SAVE IN DATA BASE var tokenEmployee = new TokenEmployee(); context.TokenEmployee.Add(tokenEmployee); tokenEmployee.AccessToken = tokenEntities.accessToken; tokenEmployee.ExpireInToken = tokenEntities.expiresIn; tokenEmployee.ErrorToken = tokenEntities.error; tokenEmployee.TypeToken = tokenEntities.tokenType; tokenEmployee.RefreshToken = tokenEntities.refreshToken; tokenEmployee.Issued = fecha; tokenEmployee.Expires = fecha.AddHours(24); tokenEmployee.State = ConstantHelper.Status.ACTIVE; context.SaveChanges(); //LINK EMPLOYEE WITH TOKEN employee.TokenEmployeeId = tokenEmployee.TokenEmployeeId; context.SaveChanges(); } } //SHOW HOW TO JSON token.accessToken = tokenEntities.accessToken; token.tokenType = tokenEntities.tokenType; token.expiresIn = tokenEntities.expiresIn; token.refreshToken = tokenEntities.refreshToken; token.username = employee.Users; token.issued = fecha; token.expires = fecha.AddHours(24); var company = context.Company.FirstOrDefault(x => x.EmployeeId == employee.EmployeeId); token.companyId = company.CompanyId; token.employeeId = employee.EmployeeId; response.Code = HttpStatusCode.OK; response.Message = "Success"; response.Result = token; //RESULT HttpResponse = new HttpResponseMessage(HttpStatusCode.OK); HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response)); HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); } else if (employee.TokenEmployeeId.HasValue) { //verificar si el token esta activo bool verificar = ValidateToken(employee.TokenEmployee.AccessToken); if (!verificar) { var tokenString = employee.TokenEmployee.AccessToken; var employeeData = context.Employee.FirstOrDefault(x => x.TokenEmployee.AccessToken == tokenString); var pwd = CipherLogic.Cipher(CipherAction.Decrypt, CipherType.UserPassword, employee.Password); var newToken = GeneretaToken(employeeData.Users, pwd); var tokenEmployee = context.TokenEmployee.FirstOrDefault(x => x.AccessToken == newToken); token.accessToken = tokenEmployee.AccessToken; token.tokenType = tokenEmployee.TypeToken; token.expiresIn = tokenEmployee.ExpireInToken; token.refreshToken = tokenEmployee.RefreshToken; token.username = employeeData.Users; token.issued = tokenEmployee.Issued; token.expires = tokenEmployee.Expires; var company = context.Company.FirstOrDefault(x => x.EmployeeId == employee.EmployeeId); token.companyId = company.CompanyId; token.employeeId = employee.EmployeeId; } { token.accessToken = employee.TokenEmployee.AccessToken; token.tokenType = employee.TokenEmployee.TypeToken; token.expiresIn = employee.TokenEmployee.ExpireInToken; token.refreshToken = employee.TokenEmployee.RefreshToken; token.username = employee.Users; token.issued = employee.TokenEmployee.Issued; token.expires = employee.TokenEmployee.Expires; var company = context.Company.FirstOrDefault(x => x.EmployeeId == employee.EmployeeId); token.companyId = company.CompanyId; token.employeeId = employee.EmployeeId; } response.Code = HttpStatusCode.OK; response.Message = "Success"; response.Result = token; HttpResponse = new HttpResponseMessage(HttpStatusCode.OK); HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response)); HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); } } } //EMPLOYEE WAS DELETE if (employee.State == ConstantHelper.Status.INACTIVE) { HttpResponse = new HttpResponseMessage(HttpStatusCode.NotFound); response.Code = HttpStatusCode.NotFound; response.Message = "Not Found"; response.Result = null; HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response)); HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); return(HttpResponse); } return(HttpResponse); } catch (Exception ex) { HttpResponse = new HttpResponseMessage(HttpStatusCode.BadGateway); response.Message = "Bad Gateway"; response.Result = null; HttpResponse.Content = new StringContent(JsonConvert.SerializeObject(response)); HttpResponse.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); return(HttpResponse); } }