public HomeModule(IConfigProvider configProvider, IJwtWrapper jwtWrapper)
{
Get["/login"] = _ => View["Login"];
Post["/login"] = _ =>
{
var user = this.Bind<UserCredentials>();
//Verify user/pass
if (user.User != "fred" && user.Password != "securepwd")
{
return 401;
}
var jwttoken = new JwtToken()
{
Issuer = "http://issuer.com",
Audience = "http://mycoolwebsite.com",
Claims =
new List<Claim>(new[]
{
new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "Administrator"),
new Claim(ClaimTypes.Name, "Fred")
}),
Expiry = DateTime.UtcNow.AddDays(7)
};
var token = jwtWrapper.Encode(jwttoken, configProvider.GetAppSetting("securekey"), JwtHashAlgorithm.HS256);
return Negotiate.WithModel(token);
};
Get["/"] = _ => "Hello Secure World!";
}
public ClaimsPrincipal ValidateUser(string token)
{
try
{
//Claims don't deserialize :(
//var jwttoken = JsonWebToken.DecodeToObject<JwtToken>(token, configProvider.GetAppSetting("securekey"));
var decodedtoken = JsonWebToken.DecodeToObject(token, configProvider.GetAppSetting("securekey")) as Dictionary <string, object>;
var jwttoken = new JwtToken()
{
Audience = (string)decodedtoken["Audience"],
Issuer = (string)decodedtoken["Issuer"],
Expiry = DateTime.Parse(decodedtoken["Expiry"].ToString()),
};
if (decodedtoken.ContainsKey("Claims"))
{
var claims = new List <Claim>();
for (int i = 0; i < ((ArrayList)decodedtoken["Claims"]).Count; i++)
{
var type = ((Dictionary <string, object>)((ArrayList)decodedtoken["Claims"])[i])["Type"].ToString();
var value = ((Dictionary <string, object>)((ArrayList)decodedtoken["Claims"])[i])["Value"].ToString();
claims.Add(new Claim(type, value));
}
jwttoken.Claims = claims;
}
if (jwttoken.Expiry < DateTime.UtcNow)
{
return(null);
}
//TODO Tidy on 3.8 Mono release
var claimsPrincipal = new ClaimsPrincipal();
var claimsIdentity = new ClaimsIdentity("Token");
claimsIdentity.AddClaims(jwttoken.Claims);
claimsPrincipal.AddIdentity(claimsIdentity);
return(claimsPrincipal);
}
catch (Exception)
{
return(null);
}
}
public ClaimsPrincipal ValidateUser(string token)
{
try
{
//Claims don't deserialize :(
//var jwttoken = JsonWebToken.DecodeToObject<JwtToken>(token, configProvider.GetAppSetting("securekey"));
var decodedtoken = JsonWebToken.DecodeToObject(token, configProvider.GetAppSetting("securekey")) as Dictionary<string, object>;
var jwttoken = new JwtToken()
{
Audience = (string)decodedtoken["Audience"],
Issuer = (string)decodedtoken["Issuer"],
Expiry = DateTime.Parse(decodedtoken["Expiry"].ToString()),
};
if (decodedtoken.ContainsKey("Claims"))
{
var claims = new List<Claim>();
for (int i = 0; i < ((ArrayList)decodedtoken["Claims"]).Count; i++)
{
var type = ((Dictionary<string, object>)((ArrayList)decodedtoken["Claims"])[i])["Type"].ToString();
var value = ((Dictionary<string, object>)((ArrayList)decodedtoken["Claims"])[i])["Value"].ToString();
claims.Add(new Claim(type, value));
}
jwttoken.Claims = claims;
}
if (jwttoken.Expiry < DateTime.UtcNow)
{
return null;
}
//TODO Tidy on 3.8 Mono release
var claimsPrincipal = new ClaimsPrincipal();
var claimsIdentity = new ClaimsIdentity("Token");
claimsIdentity.AddClaims(jwttoken.Claims);
claimsPrincipal.AddIdentity(claimsIdentity);
return claimsPrincipal;
}
catch (Exception)
{
return null;
}
}
