public async Task <IActionResult> Login(LoginModel model) { if (!ModelState.IsValid) { return(View(model)); } var authResult = await _refitAuth.ObterTokenAsync(model); if (authResult.IsSuccessStatusCode) { var authResponse = await authResult.Content.ReadAsStringAsync(); var tokenModel = JsonConvert.DeserializeObject <TokenModel>(authResponse); if (!JwtTokenValidator.ValidaToken(tokenModel.Token)) { ModelState.AddModelError("", "Login inválido!"); return(View(model)); } Response.Cookies.Append("token", tokenModel.Token); return(RedirectToAction("Index", "Home")); } ModelState.AddModelError("", "Login inválido!"); return(View(model)); }
public void ValidateAllTokens(JwtTokenValidator validator) { if (validator == null) { throw new ArgumentNullException(nameof(validator)); } validator.ValidateAllTokens(notif[tokens].Values <string>()); }
public ActionResult Details(string authToken) { TokenData tokenData = new TokenData(); if (JwtTokenValidator.Validate(authAudience, authToken, ref tokenData)) { return(View(tokenData)); } else { return(View("Error")); } }
public void OnActionExecuting(ActionExecutingContext filterContext) { var token = filterContext.RequestContext.HttpContext.Request.QueryString.Get("authToken"); var tokenData = new TokenData(); if (!JwtTokenValidator.Validate(ConfigurationManager.AppSettings["ADAppClientId"], token, ref tokenData)) { filterContext.Result = new ViewResult { ViewName = "401" }; } }
static void Main(string[] args) { const string queueSasKey = "https://testfunctionsfo97a4.queue.core.windows.net/notifqueue?st=2019-09-05T23%3A00%3A14Z&se=2019-10-06T20%3A00%3A00Z&sp=rup&sv=2018-03-28&sig=VgevMRmMB0miZbIQzpOgteyrIlLbwGKfsO48dJ%2F2WtQ%3D"; const string blobSasKey = "https://testfunctionsfo97a4.blob.core.windows.net/notificationblobs?st=2019-08-06T22%3A40%3A12Z&se=2019-09-07T18%3A40%3A00Z&sp=rl&sv=2018-03-28&sr=c&sig=kz5ah8ziqBKn6oyX1FoNihfCSM1fVAc1qvvzwsvjA4c%3D"; var authProvider = AuthSettings.isUserAuthentication ? (MyAuthenticationProvider) new UserAuthenticationProvider() : (MyAuthenticationProvider) new AppOnlyAuthenticationProvider(); GraphServiceClient client = GetAuthenticatedClient(authProvider); var token = authProvider.GetAccessTokenAsync().Result; var subManager = new SubscriptionManager(client, NotificationProcessingSettings.notificationUrl, NotificationProcessingSettings.lifecycleNotificationUrl); //var subs = subManager.GetAllSubscriptionsAsync().Result; subManager.DeleteAllSubscriptionsAsync().Wait(); //var createdSub = subManager.CreateSubscriptionAsync("/users", "updated", "bobState").Result; var createdSub = subManager.CreateSubscriptionAsync("/teams/allMessages", "created,updated", TimeSpan.FromMinutes(58), "bobState", DummyKeyStore.GetPublicKeyLocal(NotificationProcessingSettings.encryptionCertificateId), NotificationProcessingSettings.encryptionCertificateId, true).Result; var messenger = new MessageManager(microsoftGraphCanary, "95432da5-e897-4fd4-8141-3df339ca1141", "19:[email protected]"); var ct = new CancellationToken(); var messengerTask = messenger.StartAsync(ct); Console.WriteLine("Subscription created. Waiting for notifications."); var notifications = NotificationDownloader.LoopOverNotificationsFromQueue(queueSasKey, messengerTask); //var notifications = NotificationDownloader.GetNotificationsFromBlobs(blobSasKey, DateTime.Parse("2019-08-04")); var audiences = new[] { AuthSettings.applicationId }; var validator = new JwtTokenValidator(audiences); validator.InitializeOpenIdConnectConfigurationAsync().Wait(); foreach (var notifContent in notifications) { var p = new NotificationProcessor(notifContent); p.ValidateAllTokens(validator); // renew any subscriptions that require re-authorization foreach (var subId in p.GetSubscriptionsToReauthorize()) { subManager.RenewSubscriptionAsync(subId, TimeSpan.FromMinutes(58)).Wait(); } var results = p.DecryptAllNotifications().ToArray(); // print portions of the content to console, just for fun foreach (var notif in results) { PrintContentToConsole(notif); } } return; }
// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddGrpc(); services.AddDbContext <UserDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"))); services.AddIdentity <Server.DAL.Models.User, Role>() .AddEntityFrameworkStores <UserDbContext>() .AddDefaultTokenProviders(); // Auto Mapper Configurations var mappingConfig = new MapperConfiguration( mc => { mc.AddProfile(new UserManagementMappingProfile()); }); var mapper = mappingConfig.CreateMapper(); services.AddSingleton(mapper); var appSettingsSection = Configuration.GetSection("AppSettings"); services.Configure <AppSettings>(appSettingsSection); // configure jwt authentication var appSettings = appSettingsSection.Get <AppSettings>(); var key = Encoding.ASCII.GetBytes(appSettings.Secret); services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(x => { var validator = new JwtTokenValidator(); x.SecurityTokenValidators.Add(validator); }); services.AddAuthorization(); }
public void JwtToken_Should_Be_Validated() { var response = _openIdClient.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest { Address = "/connect/token", ClientId = "client", ClientSecret = "secret", Scope = "api1" }).Result; string token = response.AccessToken; var validator = new JwtTokenValidator(Options.Create <JwtTokenOptions>(new JwtTokenOptions() { Authority = "https://server" }), _openIdClient); var p = validator.Validate(token).Result; Assert.NotNull(p.FindFirst("iss")); }
public override async Task <AuthResponse> Auth(AuthRequest request, ServerCallContext context) { var user = await _ctx.Users.FirstOrDefaultAsync(t => t.Login == request.Login && t.Password == request.Password); if (user == null) { return(new AuthResponse { Status = ResponseStatus.RsError, ResponseDescription = "Имя пользователя или пароль введены не верно." }); } var token = JwtTokenValidator.GetToken(user.Login, user.Role.ToString()); return(new AuthResponse { Token = token, Status = ResponseStatus.RsOk }); }
public void ProcessRequest(HttpContext context) { try { if (!SetupInfo.IsVisibleSettings(ManagementType.SingleSignOnSettings.ToString())) { _log.DebugFormat("Single sign-on settings are disabled"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled), false); context.ApplicationInstance.CompleteRequest(); return; } var settings = SettingsManager.Instance.LoadSettings <SsoSettings>(TenantProvider.CurrentTenantID); if (!settings.EnableSso) { _log.DebugFormat("Single sign-on is disabled"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsDisabled), false); context.ApplicationInstance.CompleteRequest(); return; } if (context.User.Identity.IsAuthenticated) { _log.DebugFormat("User {0} already authenticated"); context.Response.Redirect(CommonLinkUtility.GetDefault(), false); context.ApplicationInstance.CompleteRequest(); return; } if (context.Request["auth"] == "true") { context.Response.Redirect(settings.SsoEndPoint, false); context.ApplicationInstance.CompleteRequest(); return; } UserInfo userInfo; if (settings.TokenType != TokenTypes.JWT) { _log.Error("Settings TokenType is not JWT"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsEnexpectedTokenType), true); return; } var jwtEncodedString = context.Request.QueryString[JWT]; if (string.IsNullOrWhiteSpace(jwtEncodedString)) { _log.Error("JWT token is null or empty"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsEmptyToken), false); context.ApplicationInstance.CompleteRequest(); return; } _log.Debug("Trying to authenticate using JWT"); var tokenValidator = new JwtTokenValidator(); var audience = context.Request.Url.AbsoluteUri. Replace(context.Request.Url.AbsolutePath, string.Empty).Replace(context.Request.Url.Query, string.Empty); tokenValidator.ValidateJsonWebToken(jwtEncodedString, settings, new List <string> { audience, audience + "/" }); if (tokenValidator.ClaimsPrincipalReceived == null || !tokenValidator.ClaimsPrincipalReceived.Identity.IsAuthenticated || !tokenValidator.CheckJti() || !tokenValidator.IsValidEmail(tokenValidator.ClaimsPrincipalReceived)) { _log.Error("JWT token is not valid"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsNotValidToken), false); context.ApplicationInstance.CompleteRequest(); return; } var jwtUserCreator = new JwtUserCreator(); userInfo = jwtUserCreator.CreateUserInfo(tokenValidator.ClaimsPrincipalReceived, settings.Issuer); if (userInfo == Constants.LostUser) { _log.Error("Can't create userInfo using current JWT token"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsCantCreateUser), false); context.ApplicationInstance.CompleteRequest(); return; } if (userInfo.Status == EmployeeStatus.Terminated) { _log.Error("Current user is terminated"); context.Response.Redirect(AUTH_PAGE + "?m=" + HttpUtility.UrlEncode(Resource.SsoSettingsUserTerminated), false); context.ApplicationInstance.CompleteRequest(); return; } AddUser(tokenValidator.ClaimsPrincipalReceived, userInfo); MessageService.Send(context.Request, MessageAction.LoginSuccessViaSSO); context.Response.Redirect(CommonLinkUtility.GetDefault(), false); context.ApplicationInstance.CompleteRequest(); } catch (Exception e) { _log.ErrorFormat("Unexpected error. {0}", e); context.Response.Redirect(AUTH_PAGE, false); context.ApplicationInstance.CompleteRequest(); } }
private ClaimsPrincipal Verify(string token) { var validator = new JwtTokenValidator(); return(validator.Verify(token)); }
public void ClassLevelSetUp() { _tokenManager = new Mock <ITokenManager>(); _jwtTokenValidator = new JwtTokenValidator(_tokenManager.Object); _jwtTokenValidator.Should().BeOfType(typeof(JwtTokenValidator)); }