public string GetToken(string audience, string credentials)
{
// Ignoring the credentials, let's add a few claims.
// Instead of retrieving the shared key of the audience,
// just hardcoding a key here. Both TokenIssuer and
// RelyingParty has the same key.
string key = "qqO5yXcbijtAdYmS2Otyzeze2XQedqy+Tp37wQ3sgTQ=";
var token = new SimpleWebToken() {Issuer = "TokenIssuer"};
token.AddClaim(ClaimTypes.Name, "Badri");
token.AddClaim(ClaimTypes.Email, "*****@*****.**");
token.AddClaim(ClaimTypes.Role, "Developer");
token.AddClaim(ClaimTypes.Role, "Administrator");
return token.ToString();
}
public static SimpleWebToken Parse(string token)
{
NameValueCollection items = HttpUtility.ParseQueryString(token);
var swt = new SimpleWebToken();
foreach (string key in items.AllKeys)
{
string item = items[key];
switch (key)
{
case "Issuer":
swt.Issuer = item;
break;
case "Audience":
swt.Audience = item;
break;
case "ExpiresOn":
swt.ExpiresOn = ulong.Parse(item);
break;
case "HMACSHA256":
swt.Signature =
Convert.FromBase64String(item);
break;
default:
swt.AddClaim(key, items[key]);
break;
}
}
string rawToken = swt.ToString(); // Computes HMAC inside ToString()
string computedSignature = HttpUtility.ParseQueryString(rawToken)
["HMACSHA256"];
if (!computedSignature.Equals(Convert.ToBase64String(swt.Signature),
StringComparison.Ordinal))
throw new SecurityTokenValidationException("Signature is invalid");
TimeSpan ts = DateTime.UtcNow - EpochStart;
if (swt.ExpiresOn < Convert.ToUInt64(ts.TotalSeconds))
throw new SecurityTokenException("Token has expired");
return swt;
}
public User AddNewUser(User user)
{
user.Id = Guid.NewGuid();
user.CreatedDateTime = DateTime.UtcNow;
user.LastUpdatedDateTime = DateTime.UtcNow;
// Verify no Duplicate user has been created before, if not, give 20 credit.
// other wise reply error message mention user already exist
user.CreditBalance = 20;
if (string.IsNullOrEmpty(user.Phone))
{
HttpContext.Current.Response.StatusCode = (int)HttpStatusCode.BadRequest;
HttpContext.Current.Response.Output.WriteLine("Missing Phone Number");
}
// Verify phone # is of correct format
// Verify Users has the right Sms Auth Code
_dbContext.Users.Add(user);
_dbContext.SaveChanges();
var dbUser = _dbContext.Users.FirstOrDefault(u => u.FacebookId == user.FacebookId);
// Generate Local Domain Token for user
if (dbUser != null)
{
var swt = new SimpleWebToken();
swt.AddClaim("id", user.Id.ToString());
swt.AddClaim("fbid", user.FacebookId);
var computedToken = swt.ToString();
HttpContext.Current.Response.Headers.Add("Authorization", computedToken);
}
return dbUser;
}
public List<User> GetAllUsers()
{
var users = _dbContext.Users.Where(u => u.FacebookId == _facebookId).Take(1).ToList();
// Generate Local Domain Token for user
if (users.Count != 0)
{
var user = users[0];
var swt = new SimpleWebToken();
swt.AddClaim("id", user.Id.ToString());
swt.AddClaim("fbid", user.FacebookId);
var computedToken = swt.ToString();
HttpContext.Current.Response.Headers.Add("Authorization", computedToken);
}
return users;
}