public static RefreshTokenModel GenerateToken(IConnectionMultiplexer connectionMultiplexer, string cacheKey, IEnumerable <Claim> claims, string key, string issuer = null, string audience = null, double?expires = null) { RSAParameters privateKeyParameters = DigitalSignatureManager.GetKey(key); RsaSecurityKey privateKey = new RsaSecurityKey(privateKeyParameters); SigningCredentials credentials = new SigningCredentials(privateKey, SecurityAlgorithms.RsaSha256); JwtSecurityToken securityToken = new JwtSecurityToken( issuer: issuer, audience: audience, claims: claims, expires: expires.HasValue ? (DateTime?)DateTime.UtcNow.AddMinutes(expires.Value) : null, signingCredentials: credentials); string token = new JwtSecurityTokenHandler().WriteToken(securityToken); string refreshToken = SaltGenerator.Generate(); IDatabase database = connectionMultiplexer.GetDatabase(0); database.StringSet(cacheKey, refreshToken); return(new RefreshTokenModel { Token = token, Expiration = securityToken.ValidTo, RefreshToken = refreshToken }); }
public static RefreshTokenModel RefreshToken(IConnectionMultiplexer connectionMultiplexer, string token, string refreshToken, string privateKey, string publicKey, string issuer = null, string audience = null, double?expires = null) { ClaimsPrincipal principal = GetPrincipalFromExpiredToken(token, publicKey, issuer, audience); string ip = principal.Claims.SingleOrDefault(x => x.Type == "ip").Value; string customerCode = principal.Claims.SingleOrDefault(x => x.Type == "customerCode").Value; string userName = principal.Claims.SingleOrDefault(x => x.Type == ClaimTypes.NameIdentifier).Value; string cacheKey = $"{customerCode}-{userName}-{ip}"; IDatabase database = connectionMultiplexer.GetDatabase(0); var savedRefreshToken = database.StringGet(cacheKey); if (savedRefreshToken != refreshToken) { throw new SecurityTokenException(); } RSAParameters privateKeyParameters = DigitalSignatureManager.GetKey(privateKey); RsaSecurityKey securityKey = new RsaSecurityKey(privateKeyParameters); //var signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)); SigningCredentials credentials = new SigningCredentials(securityKey, SecurityAlgorithms.RsaSha256); var newSecurityToken = new JwtSecurityToken( issuer: issuer, audience: audience, claims: principal.Claims, expires: expires.HasValue ? (DateTime?)DateTime.UtcNow.AddMinutes(expires.Value) : null, signingCredentials: credentials); string newToken = new JwtSecurityTokenHandler().WriteToken(newSecurityToken); string newRefreshToken = SaltGenerator.Generate(); database.StringSet(cacheKey, newRefreshToken); return(new RefreshTokenModel { Token = newToken, Expiration = newSecurityToken.ValidTo, RefreshToken = newRefreshToken }); }
public static TokenValidationParameters GetTokenValidationParameters(string publicKey, string issuer = null, string audience = null) { RSAParameters publicKeyParameters = DigitalSignatureManager.GetKey(publicKey); RsaSecurityKey securityKey = new RsaSecurityKey(publicKeyParameters); return(new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = securityKey, ValidateIssuer = !string.IsNullOrWhiteSpace(issuer), ValidIssuer = issuer, ValidateAudience = !string.IsNullOrWhiteSpace(audience), ValidAudience = audience, ValidateLifetime = true, ClockSkew = TimeSpan.Zero }); }
public static void AddJwt(this IServiceCollection services, IConfiguration configuration) { JwtOptions options = new JwtOptions(); IConfigurationSection section = configuration.GetSection("jwt"); section.Bind(options); services.Configure <JwtOptions>(configuration.GetSection("jwt")); RSAParameters publicKeyParameters = DigitalSignatureManager.GetKey(options.PublicKey); RsaSecurityKey securityKey = new RsaSecurityKey(publicKeyParameters); TokenValidationParameters tokenValidationParameters = TokenManager.GetTokenValidationParameters(options.PublicKey, options.Issuer, options.Audience); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(authorizationOptions => { authorizationOptions.TokenValidationParameters = tokenValidationParameters; authorizationOptions.Events = new JwtBearerEvents { OnAuthenticationFailed = context => { if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) { context.Response.Headers.Add("Token-Expired", "true"); } return(Task.CompletedTask); } }; }); services.AddAuthorization(authorizationOptions => { authorizationOptions.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build(); }); }