public virtual Task <LongSession> FindLongSessionAsync(LongSession longSession) { return(db.LongSessions.FirstOrDefaultAsync(x => x.UserId == longSession.UserId && x.LongToken1 == longSession.LongToken1 && x.LongToken2 == longSession.LongToken2)); }
public async Task <SunClaimsPrincipal> RenewSecurityTokensAsync(HttpResponse response, User user, LongSession longSession = null) { void GenerateTokens(LongSession longSession1) { longSession1.LongToken1 = CryptoRandomizer.GetRandomString(LongSession.LongToken1Length); longSession1.LongToken2 = CryptoRandomizer.GetRandomString(LongSession.LongToken2Length); longSession1.ExpirationDate = DateTime.UtcNow.AddDays(jwtOptions.LongTokenLiveTimeDays); } if (longSession == null) { longSession = new LongSession { UserId = user.Id, DeviceInfo = "" }; GenerateTokens(longSession); longSession.Id = await db.InsertWithInt64IdentityAsync(longSession); } else { GenerateTokens(longSession); await db.UpdateAsync(longSession); } var lat2Token = CreateLong2AuthToken(longSession, out string lat2r); response.Cookies.Append( TokenClaimNames.LongToken2CoockiName, lat2Token, new CookieOptions { Path = "/", HttpOnly = true, IsEssential = true, Expires = longSession.ExpirationDate } ); TokenAndClaimsPrincipal tokenAndClaimsPrincipal = await GenerateShortAuthTokenAsync(user, lat2r, longSession.LongToken2, longSession.Id); string json = JsonConvert.SerializeObject(new { LongToken = new { Token = longSession.LongToken1, Expiration = longSession.ExpirationDate.ToInvariantString() }, ShortToken = tokenAndClaimsPrincipal.Token }, jsonSerializerSettings); response.Headers.Add(Headers.TokensHeaderName, json); return(tokenAndClaimsPrincipal.ClaimsPrincipal); }
public async Task <SunClaimsPrincipal> RenewSecurityTokensAsync(HttpResponse response, int userId, LongSession longSession = null) { var user = await db.Users.FirstOrDefaultAsync(x => x.Id == userId); return(await RenewSecurityTokensAsync(response, user, longSession)); }
private string CreateLong2AuthToken(LongSession longSession, out string lat2r) { var key = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(jwtOptions.LongJwtSecurityKey)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256Signature); lat2r = CryptoRandomizer.GetRandomString(10); List <Claim> claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, longSession.UserId.ToString()), new Claim(TokenClaimNames.LongToken2Ran, lat2r), new Claim(TokenClaimNames.LongToken2Db, longSession.LongToken2), new Claim(TokenClaimNames.SessionId, longSession.Id.ToString()) }; var token = new JwtSecurityToken( issuer: jwtOptions.Issuer, audience: jwtOptions.Issuer, claims: claims.ToArray(), expires: longSession.ExpirationDate, signingCredentials: credentials); return(new JwtSecurityTokenHandler().WriteToken(token)); }
private string CreateLong2Token(LongSession longSession, out string lat2r) { lat2r = CryptoRandomizer.GetRandomString(10); List <Claim> claims = new List <Claim> { new Claim(ClaimTypes.NameIdentifier, longSession.UserId.ToString()), new Claim(TokenClaimNames.LongToken2Ran, lat2r), new Claim(TokenClaimNames.LongToken2Db, longSession.LongToken2), new Claim(TokenClaimNames.SessionId, longSession.Id.ToString()) }; var token = new JwtSecurityToken( claims: claims.ToArray(), expires: longSession.ExpirationDate); return(cryptService.Crypt(CipherSecrets.Long2Jwt, token.Payload.SerializeToJson())); }
public async Task <bool> CreateLongSessionAsync(LongSession longSession) { var savedItem = await db.LongSessions.FirstOrDefaultAsync(x => x.UserId == longSession.UserId && x.FingerPrint == longSession.FingerPrint); if (savedItem != null) { return(false); } savedItem = new LongSession(); savedItem.UserId = longSession.UserId; savedItem.FingerPrint = longSession.FingerPrint; savedItem.Value = longSession.Value; savedItem.Created = DateTime.Now; savedItem.ExpiresIn = DateTime.Now.AddDays(tokenOptions.Value.RefreshTokenLifeTime); await db.LongSessions.AddAsync(savedItem); return(await db.SaveChangesAsync() > 0); }
protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { async Task <AuthenticateResult> DeleteLongSessionAndLogout(long sessionId) { await userManager.DeleteLongSessionAsync(sessionId); jweService.MakeLogoutCookiesAndHeaders(Response); return(AuthenticateResult.NoResult()); } AuthenticateResult Logout(string msg) { jweService.MakeLogoutCookiesAndHeaders(Response); Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine($"\nLogout: {msg}\n"); Console.ResetColor(); return(AuthenticateResult.NoResult()); } try { var cookie = Request.Cookies[TokenClaimNames.LongToken2CoockiName]; if (cookie == null) { return(AuthenticateResult.NoResult()); } JwtSecurityToken jwtLongToken2 = jweService.ReadLong2Token(cookie); if (jwtLongToken2 == null) { return(Logout("No Long2 cookie token")); } var longToken2db = jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.LongToken2Db).Value; SunClaimsPrincipal sunClaimsPrincipal; if (Request.Headers.TryGetValue(Headers.LongToken1HeaderName, out StringValues longToken1db)) { int userId = int.Parse(jwtLongToken2.Claims.First(x => x.Type == ClaimTypes.NameIdentifier).Value); var longSessionToFind = new LongSession { UserId = userId, LongToken1 = longToken1db, LongToken2 = longToken2db }; var longSession = await userManager.FindLongSessionAsync(longSessionToFind); if (longSession == null) { return(Logout("Session not found")); } sunClaimsPrincipal = await jweService.RenewSecurityTokensAsync(Context, userId, longSession); Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("\nToken renews\n"); Console.ResetColor(); } else { string authorization = Request.Headers["Authorization"]; if (string.IsNullOrEmpty(authorization)) { return(Logout("No Authorization header")); } string jwtShortToken = null; if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) { jwtShortToken = authorization.Substring("Bearer ".Length).Trim(); } if (string.IsNullOrEmpty(jwtShortToken)) { return(Logout("No Bearer in Authorization header")); } var claimsPrincipal = jweService.ReadShortToken(jwtShortToken); string lat2ran_1 = jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.LongToken2Ran).Value; string lat2ran_2 = claimsPrincipal.Claims.First(x => x.Type == TokenClaimNames.LongToken2Ran).Value; long sessionId = long.Parse(jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.SessionId).Value); if (!string.Equals(lat2ran_1, lat2ran_2)) { return(await DeleteLongSessionAndLogout(sessionId)); } string lat2db = jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.LongToken2Db).Value; sunClaimsPrincipal = new SunClaimsPrincipal(claimsPrincipal, rolesCache, sessionId, lat2db); } if (jweBlackListService.IsTokenInBlackList(sunClaimsPrincipal.LongToken2Db)) { return(await DeleteLongSessionAndLogout(sunClaimsPrincipal.SessionId)); } if (sunClaimsPrincipal.Roles.ContainsKey(RoleNames.Banned)) { return(await DeleteLongSessionAndLogout(sunClaimsPrincipal.SessionId)); } var authenticationTicket = new AuthenticationTicket(sunClaimsPrincipal, SunJwt.Scheme); return(AuthenticateResult.Success(authenticationTicket)); } catch (Exception e) { return(Logout("Error " + e)); } }
public async Task <SunClaimsPrincipal> RenewSecurityTokensAsync( HttpContext httpContext, User user, LongSession longSession = null) { void GenerateTokens(LongSession longSession1) { longSession1.LongToken1 = CryptoRandomizer.GetRandomString(LongSession.LongToken1Length); longSession1.LongToken2 = CryptoRandomizer.GetRandomString(LongSession.LongToken2Length); longSession1.ExpirationDate = DateTime.UtcNow.AddDays(jweOptions.CurrentValue.LongTokenLiveTimeDays); httpContext.Request.Headers.TryGetValue("User-Agent", out var userAgent); longSession1.DeviceInfo = Parser.GetDefault()?.Parse(userAgent.ToString() ?? "")?.ToString() ?? ""; longSession1.UpdateDate = DateTime.UtcNow; } if (longSession == null) { longSession = new LongSession { UserId = user.Id }; GenerateTokens(longSession); longSession.Id = await db.InsertWithInt64IdentityAsync(longSession); } else { GenerateTokens(longSession); await db.UpdateAsync(longSession); } var lat2Token = CreateLong2Token(longSession, out string lat2r); httpContext.Response.Cookies.Append( TokenClaimNames.LongToken2CoockiName, lat2Token, new CookieOptions { Path = "/", HttpOnly = true, Secure = globalOptions.CurrentValue.IsHttps, IsEssential = true, SameSite = SameSiteMode.Strict, Expires = longSession.ExpirationDate } ); TokenAndClaimsPrincipal tokenAndClaimsPrincipal = await CreateShortTokenAsync(user, lat2r, longSession.LongToken2, longSession.Id); string json = JsonSerializer.Serialize(new { LongToken = longSession.LongToken1, ShortToken = tokenAndClaimsPrincipal.Token, ShortTokenExpiration = tokenAndClaimsPrincipal.Expiration }, SunJson.DefaultJsonSerializerOptions); httpContext.Response.Headers.Add(Headers.TokensHeaderName, json); return(tokenAndClaimsPrincipal.ClaimsPrincipal); }
public virtual LongSession FindLongSession(LongSession longSession) { return(db.LongSessions.FirstOrDefault(x => x.UserId == longSession.UserId && x.LongToken1 == longSession.LongToken1 && x.LongToken2 == longSession.LongToken2)); }