public SignInResult(string accessToken, string refreshToken, bool newUserCreated, IdenityUser currentUser)
{
AccessToken = accessToken;
RefreshToken = refreshToken;
NewUserCreated = newUserCreated;
CurrentUser = currentUser;
}
public async Task <string> BuildJwtAsync <TUserClaim, TRole, TRoleOfUser>(IdenityUser user, SignInToken signInToken, string?audience)
where TUserClaim : IdentityUserClaim, new()
where TRole : IdentityRole, new()
where TRoleOfUser : IdentityRoleOfUser, new()
{
DateTime utcNow = DateTime.UtcNow;
IEnumerable <Claim> userClaims = await _identityService.GetUserClaimAsync <TUserClaim, TRole, TRoleOfUser>(user).ConfigureAwait(false);
IList <Claim> claims = userClaims.ToList();
claims.Add(new Claim(ClaimExtensionTypes.SignInTokenGuid, signInToken.Guid));
//这个JWT只能在当前DeviceId上使用
claims.Add(new Claim(ClaimExtensionTypes.DeviceId, signInToken.DeviceId));
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
JwtSecurityToken token = handler.CreateJwtSecurityToken(
_options.OpenIdConnectConfiguration.Issuer,
_options.NeedAudienceToBeChecked ? audience : null,
new ClaimsIdentity(claims),
utcNow,
utcNow + _signInOptions.AccessTokenExpireTimeSpan,
utcNow,
_signingCredentials
);
return(handler.WriteToken(token));
}
private Task ChangeSecurityStampAsync(IdenityUser user)
{
user.SecurityStamp = SecurityUtil.CreateUniqueToken();
if (_identityOptions.Events != null)
{
IdentitySecurityStampChangeContext context = new IdentitySecurityStampChangeContext(user.Guid);
return(_identityOptions.Events.SecurityStampChangedAsync(context));
}
return(Task.CompletedTask);
}
/// <summary>
/// 在Claims中放入UserGuid, SecurityStamp, UserClaim表中声明加入JWT的, 所有roleName
/// </summary>
/// <param name="user"></param>
/// <param name="transContext"></param>
/// <returns></returns>
public async Task <IEnumerable <Claim> > CreateClaimsAsync <TUserClaim, TRole, TRoleOfUser>(IdenityUser user, TransactionContext transContext)
where TUserClaim : IdentityUserClaim, new()
where TRole : IdentityRole, new()
where TRoleOfUser : IdentityRoleOfUser, new()
{
IList <Claim> claims = new List <Claim>
{
new Claim(ClaimExtensionTypes.UserGuid, user.Guid),
new Claim(ClaimExtensionTypes.SecurityStamp, user.SecurityStamp),
//new Claim(ClaimExtensionTypes.UserId, user.Id.ToString(GlobalSettings.Culture)),
new Claim(ClaimExtensionTypes.LoginName, user.LoginName ?? ""),
//new Claim(ClaimExtensionTypes.MobilePhone, user.Mobile??""),
//new Claim(ClaimExtensionTypes.IsMobileConfirmed, user.MobileConfirmed.ToString(GlobalSettings.Culture))
};
IEnumerable <TUserClaim> userClaims = await _userClaimBiz.GetAsync <TUserClaim>(user.Guid, transContext).ConfigureAwait(false);
userClaims.ForEach(item =>
{
if (item.AddToJwt)
{
claims.Add(new Claim(item.ClaimType, item.ClaimValue));
}
});
IEnumerable <TRole> roles = await _roleBiz.GetByUserGuidAsync <TRole, TRoleOfUser>(user.Guid, transContext).ConfigureAwait(false);
roles.Select(r => r.Name).ForEach(roleName =>
{
claims.Add(new Claim(ClaimExtensionTypes.Role, roleName));
});
return(claims);
////并行
//return TaskUtil.Concurrence(
// _userClaimBiz.GetAsync<TUserClaim>(user.Guid, transContext),
// _roleBiz.GetByUserGuidAsync<TRole, TRoleOfUser>(user.Guid, transContext),
// userClaims =>
// {
// List<Claim> rts = new List<Claim>();
// userClaims.ForEach((item) =>
// {
// if (item.AddToJwt)
// {
// rts.Add(new Claim(item.ClaimType, item.ClaimValue));
// }
// });
// return rts;
// },
// roles =>
// {
// List<Claim> rts = new List<Claim>();
// roles.Select(r => r.Name).ForEach(roleName => rts.Add(new Claim(ClaimExtensionTypes.Role, roleName)));
// return rts;
// });
}
/// <summary>
/// GetUserClaimAsync
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
/// <exception cref="DatabaseException"></exception>
public async Task <IEnumerable <Claim> > GetUserClaimAsync <TUserClaim, TRole, TRoleOfUser>(IdenityUser user)
where TUserClaim : IdentityUserClaim, new()
where TRole : IdentityRole, new()
where TRoleOfUser : IdentityRoleOfUser, new()
{
TransactionContext transactionContext = await _database.BeginTransactionAsync <TUserClaim>(IsolationLevel.ReadCommitted).ConfigureAwait(false);
try
{
IEnumerable <Claim> claims = await _claimsFactory.CreateClaimsAsync <TUserClaim, TRole, TRoleOfUser>(user, transactionContext).ConfigureAwait(false);
await _database.CommitAsync(transactionContext).ConfigureAwait(false);
return(claims);
}
catch
{
await _database.RollbackAsync(transactionContext).ConfigureAwait(false);
throw;
}
}
/// <summary>
/// PassowrdCheck
/// </summary>
/// <param name="user"></param>
/// <param name="password"></param>
/// <returns></returns>
/// <exception cref="System.Reflection.TargetInvocationException">Ignore.</exception>
/// <exception cref="ObjectDisposedException">Ignore.</exception>
private static bool PassowrdCheck(IdenityUser user, string password)
{
string passwordHash = SecurityUtil.EncryptPwdWithSalt(password, user.Guid);
return(passwordHash.Equals(user.PasswordHash, GlobalSettings.Comparison));
}
