public async Task <IActionResult> GetJwt( [FromBody] SecureAuthenticationModel model, [FromServices] IUserRepository userRepository, [FromServices] ICryptoService cryptoService, [FromServices] IUrlHelper urlHelper) { if (ModelState.IsValid) { var key = cryptoService.RetrieveMergedKey(model.Id); var decryptedContent = await cryptoService.DecryptTripleDESAsync(Convert.FromBase64String(model.Content), key); var userModel = JsonConvert.DeserializeObject <UserAuthenticationModel>(decryptedContent); var user = await userRepository.GetUserAsync(userModel.Username); if (user != null && user.Password == userModel.Password) { var refresh = BuildRefreshJwt(userModel); refreshTokens[refresh] = userModel.Username; return(Json(new SecureJwtModel { OriginId = 0, TokenModel = new TokenModel { Token = BuildJwt(userModel), RefreshToken = refresh, RefreshUrl = urlHelper.Action("RefreshJwt"), Expires = DateTime.Now.AddMinutes(1) } })); } else { return(Unauthorized()); } } else { return(BadRequest(ModelState.ValidationState)); } }
public async Task RequestJwtAsync(UserAuthenticationModel userData, bool forceRefresh) { var fileExists = await _keyStorageContainer.PublicKeyExists(_deviceId); if (forceRefresh || !fileExists || fileExists && string.IsNullOrEmpty(await _storageContainer.ReadFileAsStringAsync(_jwtFilePath))) { var key = _cryptoService.RetrieveMergedKey("server"); var cryptedData = await _cryptoService.EncryptTripleDESAsync(JsonConvert.SerializeObject(userData), key); var jwtRequest = new SecureAuthenticationModel() { Id = _deviceId, Content = Convert.ToBase64String(cryptedData) }; var content = new StringContent(JsonConvert.SerializeObject(jwtRequest), Encoding.UTF8, "application/json"); var response = await _httpClient.PostAsync("api/jwt/requestjwt", content); if (response.IsSuccessStatusCode) { var responseString = await response.Content.ReadAsStringAsync(); var responseModel = JsonConvert.DeserializeObject <SecureJwtModel>(responseString); await _storageContainer.WriteFileAsync(_jwtFilePath, JsonConvert.SerializeObject(responseModel.TokenModel)); } else if (response.StatusCode == HttpStatusCode.Unauthorized) { throw new UnauthorizedAccessException(); } else { await _storageContainer.WriteFileAsync(_jwtFilePath, ""); throw new Exception(response.ReasonPhrase); } } }
public async Task UpdateJwtAsync() { var key = _cryptoService.RetrieveMergedKey("server"); var token = JsonConvert.DeserializeObject <TokenModel>(await _storageContainer.ReadFileAsStringAsync(_jwtFilePath)); var cryptedData = await _cryptoService.EncryptTripleDESAsync(token.RefreshToken, key); var jwtRequest = new SecureAuthenticationModel() { Id = _deviceId, Content = Convert.ToBase64String(cryptedData) }; var content = new StringContent(JsonConvert.SerializeObject(jwtRequest), Encoding.UTF8, "application/json"); _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token.RefreshToken); var response = await _httpClient.PostAsync(token.RefreshUrl, content); if (response.IsSuccessStatusCode) { var responseString = await response.Content.ReadAsStringAsync(); var responseModel = JsonConvert.DeserializeObject <SecureJwtModel>(responseString); await _storageContainer.WriteFileAsync(_jwtFilePath, JsonConvert.SerializeObject(responseModel.TokenModel)); } else if (response.StatusCode == HttpStatusCode.Unauthorized) { await _storageContainer.WriteFileAsync(_jwtFilePath, ""); throw new UnauthorizedAccessException(); } else { await _storageContainer.WriteFileAsync(_jwtFilePath, ""); throw new Exception(response.ReasonPhrase); } }
public async Task <IActionResult> RefreshJwt( [FromBody] SecureAuthenticationModel model, [FromServices] ICryptoService cryptoService, [FromServices] IUrlHelper urlHelper) { if (ModelState.IsValid) { var key = cryptoService.RetrieveMergedKey(model.Id); var refreshToken = await cryptoService.DecryptTripleDESAsync(Convert.FromBase64String(model.Content), key); if (refreshTokens.TryGetValue(refreshToken, out string username)) { return(Json(new SecureJwtModel { OriginId = 0, TokenModel = new TokenModel { Token = BuildJwt(new UserAuthenticationModel { Username = username }), RefreshToken = refreshToken, RefreshUrl = urlHelper.Action("RefreshJwt"), Expires = DateTime.Now.AddMinutes(1) } })); } else { return(Unauthorized()); } } else { return(BadRequest(ModelState.ValidationState)); } }