public void Validate(TokenValidatedContext context)
{
ClaimsPrincipal userPrincipal = context.Principal;
ClaimsIdentity claimsIdentity = context.Principal.Identity as ClaimsIdentity;
if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any())
{
context.Fail("This is not our issued token. It has no claims.");
return;
}
Claim serialNumberClaim = claimsIdentity.FindFirst(ClaimTypes.SerialNumber);
if (serialNumberClaim == null)
{
context.Fail("This is not our issued token. It has no serial.");
return;
}
string userIdString = claimsIdentity.FindFirst(ClaimTypes.NameIdentifier).Value;
if (!int.TryParse(userIdString, out int userId))
{
context.Fail("This is not our issued token. It has no user-id.");
return;
}
Models.DbModels.User user = userService.FindUser(userId);
if (user == null || user.SerialNumber != serialNumberClaim.Value || user.IsDeleted)
{
// user has changed his/her password/roles/stat/IsActive
context.Fail("This token is expired. Please login again.");
}
JwtSecurityToken accessToken = context.SecurityToken as JwtSecurityToken;
if (accessToken == null || string.IsNullOrWhiteSpace(accessToken.RawData) ||
!tokenStoreService.IsValidToken(accessToken.RawData, userId))
{
context.Fail("This token is not in our database.");
return;
}
//userService.UpdateUserLastActivityDate(userId);
}
public async Task ValidateAsync(TokenValidatedContext context)
{
var claimsIdentity = context.Principal.Identity as ClaimsIdentity;
if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any())
{
context.Fail("This is not our issued token. It has no claims.");
return;
}
var serialNumberClaim = claimsIdentity.FindFirst(ClaimTypes.SerialNumber);
if (serialNumberClaim == null)
{
context.Fail("This is not our issued token. It has no serial.");
return;
}
var userIdString = claimsIdentity.FindFirst(ClaimTypes.UserData).Value;
if (!int.TryParse(userIdString, out int userId))
{
context.Fail("This is not our issued token. It has no user-id.");
return;
}
var user = _usersService.GetUserById(userId);
if (user == null || user.Deleted != 0)
{
// user has changed his/her password/roles/stat/IsActive
context.Fail("This token is expired. Please login again.");
}
if (user.LockoutEnabled)
{
context.Fail("Tài khoản đã bị bán");
}
if (!(context.SecurityToken is JwtSecurityToken accessToken) || string.IsNullOrWhiteSpace(accessToken.RawData) ||
!_tokenStoreService.IsValidToken(accessToken.RawData, userId))
{
context.Fail("This token is not in our database.");
return;
}
AccessControl.User = user;
}
public async Task ValidateAsync(TokenValidatedContext context)
{
var claimsIdentity = context.Principal.Identity as ClaimsIdentity;
if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any())
{
context.Fail("This is not our issued token. It has no claims.");
return;
}
var phoneNumberClaim = claimsIdentity.FindFirst(ClaimTypes.MobilePhone);
if (phoneNumberClaim == null)
{
context.Fail("This is not our issued token. It has no phone.");
return;
}
var customerIdString = claimsIdentity.FindFirst(ClaimTypes.UserData).Value;
if (!int.TryParse(customerIdString, out int customerId))
{
context.Fail("This is not our issued token. It has no customer-id.");
return;
}
var customer = _customerService.GetCustomerById(customerId);
if (customer == null || !customer.Active)
{
// customer has changed his/her password/roles/stat/IsActive
context.Fail("This token is expired. Please login again.");
}
var accessToken = context.SecurityToken as JwtSecurityToken;
if (string.IsNullOrWhiteSpace(accessToken?.RawData) || !_tokenStoreService.IsValidToken(accessToken.RawData, customerId))
{
context.Fail("This token is not in our database.");
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (skipAuthorization(actionContext))
{
return;
}
var accessToken = actionContext.Request.Headers.Authorization.Parameter;
if (string.IsNullOrWhiteSpace(accessToken) ||
accessToken.Equals("undefined", StringComparison.OrdinalIgnoreCase))
{
// null token
this.HandleUnauthorizedRequest(actionContext);
return;
}
var claimsIdentity = actionContext.RequestContext.Principal.Identity as ClaimsIdentity;
if (claimsIdentity?.Claims == null || !claimsIdentity.Claims.Any())
{
// this is not our issued token
this.HandleUnauthorizedRequest(actionContext);
return;
}
var userId = claimsIdentity.FindFirst(ClaimTypes.UserData).Value;
var serialNumberClaim = claimsIdentity.FindFirst(ClaimTypes.SerialNumber);
if (serialNumberClaim == null)
{
// this is not our issued token
this.HandleUnauthorizedRequest(actionContext);
return;
}
if (UsersService == null)
{
throw new NullReferenceException($"{nameof(UsersService)} is null. Make sure ioc.Policies.SetAllProperties is configured and also IFilterProvider is replaced with SmWebApiFilterProvider.");
}
var serialNumber = UsersService.GetSerialNumber(userId);
if (serialNumber != serialNumberClaim.Value)
{
// user has changed his/her password/roles/stat/IsActive
this.HandleUnauthorizedRequest(actionContext);
return;
}
if (TokenStoreService == null)
{
throw new NullReferenceException($"{nameof(TokenStoreService)} is null. Make sure ioc.Policies.SetAllProperties is configured and also IFilterProvider is replaced with SmWebApiFilterProvider.");
}
if (!TokenStoreService.IsValidToken(accessToken, userId))
{
// this is not our issued token
this.HandleUnauthorizedRequest(actionContext);
return;
}
base.OnAuthorization(actionContext);
}
