public async Task Invoke(HttpContext httpContext, IOptions <JwtBearerTokenSettings> jwtTokenOptions, UserManager <User> userMgr, RefreshTokenRepository refreshTokenRepository) { string accessToken = httpContext.Request.Cookies["accessToken"]; string refreshToken = httpContext.Request.Cookies["refreshToken"]; httpContext.Items["accessToken"] = httpContext.Request.Cookies["accessToken"]; if (accessToken != null && refreshToken != null) { var tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken token = tokenHandler.ReadJwtToken(accessToken); var expDate = token.ValidTo; if (expDate < DateTime.UtcNow) { var nameid = token.Claims.Where(c => c.Type == "nameid").FirstOrDefault(); RefreshToken refresh = refreshTokenRepository.GetByUserIdAndToken(nameid.Value, refreshToken); User identityUser = await userMgr.FindByIdAsync(nameid.Value); if (refresh != null) { if (refresh.ExpiryOn < DateTime.UtcNow || identityUser.IsLocked == true) { await refreshTokenRepository.Remove(refresh.Id); // Set Token Cookie var cookieOptions = new CookieOptions { HttpOnly = true, Secure = true, SameSite = SameSiteMode.None, Expires = DateTime.UtcNow.AddDays(-1) }; httpContext.Response.Cookies.Append("accessToken", "", cookieOptions); httpContext.Response.Cookies.Append("refreshToken", "", cookieOptions); httpContext.Items["accessToken"] = ""; } else { var key = Encoding.UTF8.GetBytes(jwtTokenOptions.Value.SecretKey); var unique_name = token.Claims.Where(c => c.Type == "unique_name").FirstOrDefault(); var email = token.Claims.Where(c => c.Type == "email").FirstOrDefault(); var role = token.Claims.Where(c => c.Type == "role").FirstOrDefault(); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, nameid.Value), new Claim(ClaimTypes.Name, unique_name.Value), new Claim(ClaimTypes.Email, email.Value), new Claim(ClaimTypes.Role, role.Value) }), Expires = DateTime.UtcNow.AddSeconds(jwtTokenOptions.Value.ExpiryTimeInSeconds), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature), Audience = jwtTokenOptions.Value.Audience, Issuer = jwtTokenOptions.Value.Issuer }; // Set Access Token Cookie var accessTokenCookieOptions = new CookieOptions { HttpOnly = true, Secure = true, SameSite = SameSiteMode.None //Expires = DateTime.UtcNow.AddDays(7) }; httpContext.Response.Cookies.Append("accessToken", tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor)), accessTokenCookieOptions); httpContext.Items["accessToken"] = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor)); } } } } //httpContext.Response.StatusCode = StatusCodes.Status401Unauthorized; await nextDelegate.Invoke(httpContext); }
public async Task <IActionResult> IsLoggedIn() { string accessToken = HttpContext.Request.Cookies["accessToken"]; string refreshToken = HttpContext.Request.Cookies["refreshToken"]; if (accessToken != null && refreshToken != null) { var tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken token = tokenHandler.ReadJwtToken(accessToken); var expDate = token.ValidTo; var nameid = token.Claims.Where(c => c.Type == "nameid").FirstOrDefault(); var unique_name = token.Claims.Where(c => c.Type == "unique_name").FirstOrDefault(); var email = token.Claims.Where(c => c.Type == "email").FirstOrDefault(); var role = token.Claims.Where(c => c.Type == "role").FirstOrDefault(); User identityUser = await userManager.FindByIdAsync(nameid.Value); if (expDate < DateTime.UtcNow) { RefreshToken refresh = refreshTokenRepository.GetByUserIdAndToken(nameid.Value, refreshToken); if (refresh != null) { if (refresh.ExpiryOn < DateTime.UtcNow || identityUser.IsLocked == true) { await refreshTokenRepository.Remove(refresh.Id); // Set Token Cookie var cookieOptions = new CookieOptions { HttpOnly = true, Secure = true, SameSite = SameSiteMode.None, Expires = DateTime.UtcNow.AddDays(-1) }; HttpContext.Response.Cookies.Append("accessToken", "", cookieOptions); HttpContext.Response.Cookies.Append("refreshToken", "", cookieOptions); return(Ok(new { Results = new { Code = "NotLoggedIn", Description = "Not Logged In Yet!" } })); } else { var key = Encoding.UTF8.GetBytes(jwtBearerTokenSettings.SecretKey); //var role = await userMgr.GetRolesAsync(identityUser); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.NameIdentifier, nameid.Value), new Claim(ClaimTypes.Name, unique_name.Value), new Claim(ClaimTypes.Email, email.Value), new Claim(ClaimTypes.Role, role.Value) }), Expires = DateTime.UtcNow.AddSeconds(jwtBearerTokenSettings.ExpiryTimeInSeconds), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature), Audience = jwtBearerTokenSettings.Audience, Issuer = jwtBearerTokenSettings.Issuer }; // Set Access Token Cookie var accessTokenCookieOptions = new CookieOptions { HttpOnly = true, Secure = true, SameSite = SameSiteMode.None //Expires = DateTime.UtcNow.AddDays(7) }; HttpContext.Response.Cookies.Append("accessToken", tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor)), accessTokenCookieOptions); return(Ok(new { Results = new { Info = identityUser, Role = role } })); } } else { return(BadRequest(new { Errors = new { Code = "ExpiredToken", Description = "Token expired!" } })); } } else { return(Ok(new { Results = identityUser, Role = role })); } } return(BadRequest(new { Errors = new { Code = "ExpiredToken", Description = "Token expired!" } })); }