public static JwtModel setToken(JwtModel md)
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch
var secondsSinceEpoch = Convert.ToInt32(Math.Round((now - unixEpoch).TotalSeconds));
secondsSinceEpoch += 24 * 60 * 60;
md.exp = secondsSinceEpoch;
var payload = new Dictionary <string, object>
{
{ "id", md.userid },
{ "usercode", md.rolecode },
{ "username", md.username },
{ "isadmin", md.isadmin },
{ "rolecode", md.rolecode },
{ "exp", md.exp }
};
var secret = "9720cbfbb0684617a2afbe466e100ba2";
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
md.token = encoder.Encode(payload, secret);
md.message = "获取成功";
md.status_code = 200;
return(md);
}
public void DecodeToObject_Should_Throw_Exception_On_Expired_Claim()
{
const string key = TestData.Key;
const int timeDelta = -1;
var algorithm = new HMACSHA256Algorithm();
var dateTimeProvider = new UtcDateTimeProvider();
var serializer = new JsonNetSerializer();
var validator = new JwtValidator(serializer, dateTimeProvider);
var urlEncoder = new JwtBase64UrlEncoder();
var decoder = new JwtDecoder(serializer, validator, urlEncoder);
var now = dateTimeProvider.GetNow();
var exp = UnixEpoch.GetSecondsSince(now.AddHours(timeDelta));
var encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(new { exp }, key);
Action decodeExpiredJwt =
() => decoder.DecodeToObject <Customer>(token, key, verify: true);
decodeExpiredJwt.Should()
.Throw <TokenExpiredException>("because decoding an expired token should raise an exception when verified");
}
public static string CreateToken(int id)
{
// set expiration to 6 hours
IDateTimeProvider provider = new UtcDateTimeProvider();
DateTime now = provider.GetNow();
now = now.AddHours(6);
// convert to seconds since 1/1/1970 UTC
var expirationInSecondsSinceEpoch = Math.Round((now - JwtValidator.UnixEpoch).TotalSeconds);
var payload = new Dictionary <string, object>
{
{ "id", id.ToString() },
{ "exp", expirationInSecondsSinceEpoch }
};
var secret = ConfigurationManager.AppSettings["jwt.secret"];
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(payload, secret);
return(token);
}
private string GenerateJwt(int key, string secret, int expiryPeriod = 300)
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
int secondsSinceEpoch = (int)Math.Round((now - unixEpoch).TotalSeconds);
int expiry = secondsSinceEpoch + expiryPeriod;
var payload = new Dictionary <string, object>
{
{ "iss", Convert.ToString(key) },
{ "ist", "project" },
{ "iat", secondsSinceEpoch },
{ "exp", expiry }
};
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(payload, secret);
return(token);
}
/// <summary>
/// jwt主要分为三部分:header、playload、secret
/// </summary>
public string GetTokenJwt()
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
//计算从utc时间到现在的经过的秒数
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch
var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds);
//定义playload
var payload = new Dictionary <string, object>
{
{ "name", "MrBug" },
{ "exp", secondsSinceEpoch + 10000 },
{ "jti", "test" }
};
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(payload, secret);
return(token);
}
public string EndcodeTokenWithJWT(User User, byte[] secretKey)
{
try
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var secondsSinceEpoch = UnixEpoch.GetSecondsSince(now.AddMinutes(30));
var payload = new Dictionary <string, object>
{
{ "UserID", User.UserID },
{ "RoleID", User.RoleID },
{ "exp", secondsSinceEpoch }
};
IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); // SHA256 Algorithm
IJsonSerializer serializer = new JsonNetSerializer(); // Convert JSON
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); // Endcode Base 64
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(payload, secretKey);
return(token);
}
catch
{
return(null);
}
}
/// <summary>
/// 创建Token
/// </summary>
/// <param name="userId">用户Id</param>
/// <param name="bAdmin">是否超级管理员</param>
/// <returns></returns>
public static string GetToken(string userId, string corpId, bool bAdmin)
{
//生成过期时间
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow(); //token颁发时间
var exp = now.AddHours(ConstValue.TOKEN_EXPTIME); //token过期时间
var nbf = Convert.ToDateTime(NBF_TIME); //启用日期
var secondsSinceEpoch = Math.Round((now - TOKEN_STARTDATE).TotalSeconds);
var secondsExp = Math.Round((exp - TOKEN_STARTDATE).TotalSeconds);
var secondsNbf = Math.Round((nbf - TOKEN_STARTDATE).TotalSeconds);
//生成token
var payload = new Dictionary <string, object>
{
{ ConstValue.SUB_KEY_NODE, userId }, // 该JWT所面向的用户
{ ConstValue.ISS_KEY_NODE, ISS_VALUE }, //该JWT的签发者
{ ConstValue.IAT_KEY_NODE, secondsSinceEpoch }, //在什么时候签发的token
{ ConstValue.EXP_KEY_NODE, secondsExp }, // token什么时候过期
{ ConstValue.NBF_KEY_NODE, secondsNbf }, //token在此时间之前不能被接收处理
{ ConstValue.JTI_KEY_NODE, JTI_VALUE }, //JWT ID为web token提供唯一标识
{ ConstValue.ADMIN_KEY_NODE, bAdmin }, //是否超级管理员
{ ConstValue.CORP_KEY_NODE, corpId } //是否超级管理员
};
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
return(encoder.Encode(payload, TOKEN_SECRET));;
}
public static string GenerateToken(string userCode)
{
try
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch
var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds);
//3分钟后失效
var payload = new Dictionary <string, object>
{
{ "user", userCode },
{ "exp", secondsSinceEpoch + 60 * 3 },
{ "jti", Guid.NewGuid() }
};
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(payload, secret);
return(token);
}
catch
{
return("");
}
}
//POST: api/Login
public APIResult Post([FromBody] UserLoginModel UserLoginModel)
{
var account = UserLoginModel.Account;
var password = UserLoginModel.Password;
var fooItem = Context.MyUsers.FirstOrDefault(x => x.EmployeeID == account && x.Password == password);
if (fooItem != null)
{
#region 產生這次通過身分驗證的存取權杖 Access Token
string secretKey = MainHelper.SecretKey;
#region 設定該存取權杖的有效期限
IDateTimeProvider provider = new UtcDateTimeProvider();
// 這個 Access Token只有一個小時有效
var now = provider.GetNow().AddHours(1);
var unixEpoch = UnixEpoch.Value; // 1970-01-01 00:00:00 UTC
var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds);
#endregion
string[] fooRole;
if (fooItem.IsManager == true)
{
fooRole = new string[] { "Manager" };
}
else
{
fooRole = new string[0];
}
var jwtToken = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(secretKey)
.AddClaim("iss", UserLoginModel.Account)
.AddClaim("exp", secondsSinceEpoch)
.AddClaim("role", fooRole)
.AddClaim("manager", fooItem.IsManager)
.Build();
#endregion
// 帳號與密碼比對正確,回傳帳密比對正確
this.Request.CreateResponse(HttpStatusCode.OK);
fooResult = new APIResult()
{
Success = true,
Message = $"",
TokenFail = false,
Payload = new UserLoginResultModel()
{
AccessToken = $"{jwtToken}",
MyUser = fooItem
}
};
}
else
{
fooResult.Success = false;
fooResult.Message = $"使用者不存在或者帳號、密碼不正確";
fooResult.TokenFail = false;
fooResult.Payload = null;
}
return(fooResult);
}
public HttpResponseMessage Login([FromBody] TempLoginData data)
{
HttpResponseMessage response = null;
var r = db.TemporaryAccount.Find(data.uid);
if (DateTime.Compare(r.reg_time.AddMinutes(accEffTime), DateTime.UtcNow) < 0)
{
// 臨時帳號accEffTime分鐘內有效
response = this.Request.CreateResponse <APIResult>(HttpStatusCode.Unauthorized, new APIResult()
{
Success = false,
Message = $"",
Payload = $"臨時帳號{accEffTime}分鐘內有效"
});
}
else if (r.pwd == MainHelper.HashPassword(data.pwd))
{
// 帳號與密碼比對正確,回傳帳密比對正確
#region 產生這次通過身分驗證的存取權杖 Access Token
string secretKey = MainHelper.SecretKey;
// 設定該存取權杖的有效期限
IDateTimeProvider provider = new UtcDateTimeProvider();
var expDate = provider.GetNow().AddMinutes(accEffTime); //權杖效期accEffTime分鐘
var unixEpoch = UnixEpoch.Value; // 1970-01-01 00:00:00 UTC
var secondsSinceEpoch = Math.Round((expDate - unixEpoch).TotalSeconds);
//產生Token
var jwtToken = new JwtBuilder()
.WithAlgorithm(new HMACSHA256Algorithm())
.WithSecret(secretKey)
.AddClaim("iss", r.uid.ToString()) //
.AddClaim("exp", secondsSinceEpoch)
.AddClaim("role", new string[] { "User", "People", "Guest" })
.Build();
#endregion
response = this.Request.CreateResponse <APIResult>(HttpStatusCode.OK, new APIResult()
{
Success = true,
Message = $"{r.ancestor_uid}", //回傳祖先的ID 這樣才能用哦~
Payload = $"{jwtToken}"
});
}
else
{
// 密碼錯誤
response = this.Request.CreateResponse <APIResult>(HttpStatusCode.Unauthorized, new APIResult()
{
Success = false,
Message = $"",
Payload = "UID或密碼不正確"
});
}
return(response);
}
public void SetExpiration(int Minutes)
{
IDateTimeProvider TimeProvider = new UtcDateTimeProvider();
var Now = TimeProvider.GetNow();
var SecondsSinceEpoch = UnixEpoch.GetSecondsSince(Now);
var ExpirationTime = SecondsSinceEpoch + (Minutes * 60);
this.Payload.Add("exp", ExpirationTime);
}
private int CurrentTime()
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
int secondsSinceEpoch = (int)Math.Round((now - unixEpoch).TotalSeconds);
return(secondsSinceEpoch);
}
public HttpResponseMessage Login(HttpRequestMessage request, int operationResult, Login login)
{
Result res = new Result();
res.result = "用户不存在";
var resp = request.CreateResponse(HttpStatusCode.InternalServerError, res);
switch (operationResult)
{
case 1:
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch
var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds);
var payload = new Dictionary <string, object>
{
{
"userId", login.UserId
},
{
"password", login.InPassword
},
{ "time", DateTime.Now }
};
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(payload, "UTF-8");
DataConnection pclsCache = new DataConnection();
int a = userInfoMethod.MstUserChangeToken(pclsCache, login.UserId, token);
res.result = "登录成功|" + token;
resp = request.CreateResponse(HttpStatusCode.OK, res);
break;
case 0:
res.result = "用户不存在";
resp = request.CreateResponse(HttpStatusCode.InternalServerError, res);
break;
case -1:
res.result = "密码错误";
resp = request.CreateResponse(HttpStatusCode.BadRequest, res);
break;
case -2:
res.result = "数据库连接失败";
resp = request.CreateResponse(HttpStatusCode.NotFound, res);
break;
default:
break;
}
return(resp);
}
private static double Expires(TimeSpan timeSpan)
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch
var secondsSinceEpoch = Math.Round((now.Add(timeSpan) - unixEpoch).TotalSeconds);
return(secondsSinceEpoch);
}
public static double GetSecondSinceEpoch(int daysFromNow = 0)
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var expiration = provider.GetNow().AddDays(daysFromNow);
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch
var secondsSinceEpoch = Math.Round((expiration - unixEpoch).TotalSeconds);
return(secondsSinceEpoch);
}
public HttpResponseMessage Login(string username, string password)
{
string result = string.Empty;
RuleCommon rule = new RuleCommon();
try
{
tblFW_User objUser = new tblFW_User();
//到数据库进行校验
if (CheckUser(username, password, "", ref objUser) == false)
{
result = rule.JsonStr("error", "用户名或密码错误", "");
return(new HttpResponseMessage {
Content = new StringContent(result, System.Text.Encoding.UTF8, "application/json")
});
}
DateTime dtime = DateTime.Parse(DateTime.Now.ToShortDateString());
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch
var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds);
var payload = new Dictionary <string, object>
{
{ "pass", password },
{ "exp", secondsSinceEpoch + 10000 },
{ "name", username }
};
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(payload, "YYplay");
////返回登录结果、用户信息、用户验证票据信息
//var Token = FormsAuthentication.Encrypt(token);
////将身份信息保存在session中,验证当前请求是否是有效请求
//if (HttpContext.Current.Session[username] == null)
// HttpContext.Current.Session[username] = Token;
LoginInfo lginfo = new LoginInfo();
lginfo.token = token;
result = rule.JsonStr("ok", "", lginfo);
return(new HttpResponseMessage {
Content = new StringContent(result, System.Text.Encoding.UTF8, "application/json")
});
}
catch (Exception e)
{
result = rule.JsonStr("error", e.Message, "");
return(new HttpResponseMessage {
Content = new StringContent(result, System.Text.Encoding.UTF8, "application/json")
});
}
}
/// <summary>
/// Decode a token with the secret and payload values.
/// A expiration time can be setted for the token.
/// </summary>
/// <param name="payload">The payload values, stored in a dictionary</param>
/// <param name="expTime">Time to expirate in seconds</param>
/// <returns>Encoded token</returns>
public string MakeToken(Dictionary <string, object> payload, int expTime = 0)
{
if (expTime != 0)
{
IDateTimeProvider timeDaNet = new UtcDateTimeProvider();
var agora = timeDaNet.GetNow();
var segundos = UnixEpoch.GetSecondsSince(agora) + expTime;
payload.Add("exp", segundos);
}
return(encoder.Encode(payload, secret));
}
public static string Encode(Dictionary <string, object> obj)
{
var secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk";
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
//
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch
var secondsSinceEpoch = provider.GetNow().AddYears(1).toJWTString();
var payload = obj;
var token = encoder.Encode(payload, secret);
return(token);
}
private static readonly int _expire = 60 * 60 * 60 * 600; // seconds
public static string GenerateToken(Employee employee, int expire)
{
try
{
var keySec = _secret;
if (string.IsNullOrWhiteSpace(AppGlobal.NexusConfig.Secret))
{
keySec = AppGlobal.NexusConfig.Secret;
}
if (expire <= 0)
{
expire = _expire;
}
var provider = new UtcDateTimeProvider();
var createTime = provider.GetNow();
var expiredTime = provider.GetNow().AddSeconds(expire);
var secondsSinceEpoch = UnixEpoch.GetSecondsSince(expiredTime);
var payload = new Dictionary <string, object>
{
{ "Employee", employee },
{ "exp", secondsSinceEpoch }
};
IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); // symmetric
JWT.IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(payload, keySec);
return(token);
}
catch (Exception ex)
{
Logger.Write(ex.ToString(), true);
}
return(null);
}
public LoginResult aaa(LoginRequest request)
{
LoginResult rs = new LoginResult();
//假设用户名为"admin",密码为"123"
if (request.UserName == "admin" && request.Password == "123")
{
//如果用户登录成功,则可以得到该用户的身份数据。当然实际开发中,这里需要在数据库中获得该用户的角色及权限
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = UnixEpoch.Value; // 1970-01-01 00:00:00 UTC
var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds);
AuthInfo authInfo = new AuthInfo
{
IsAdmin = true,
Roles = new List <string> {
"admin", "owner"
},
UserName = "******"
};
var payload = new Dictionary <string, object>
{
{ "authInfo", authInfo },
{ "exp", DateTimeOffset.UtcNow.AddSeconds(30).ToUnixTimeSeconds() }
};
try {
//生成token,SecureKey是配置的web.config中,用于加密token的key,打死也不能告诉别人
byte[] key = Encoding.Default.GetBytes(ConfigurationManager.AppSettings["SecureKey"]);
//采用HS256加密算法
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
var token = encoder.Encode(payload, key);
rs.Token = token;
rs.Success = true;
}
catch {
rs.Success = false;
rs.Message = "登陆失败";
}
}
else
{
rs.Success = false;
rs.Message = "用户名或密码不正确";
}
return(rs);
}
protected virtual IHttpActionResult Logout(IDictionary <string, object> jwtPayload)
{
if (ExpiredMinutes > 0)
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch
var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds);
jwtPayload[JwtClaimName.exp.ToString()] = secondsSinceEpoch + ExpiredMinutes * 60;
}
string data = JwtHelper.Encode(jwtPayload, Secret);
return(Succeed(data, "已经退出登陆"));
}
public void DecodeToObject_Should_Decode_Token_After_NotBefore_Becomes_Valid()
{
var serializer = new JsonNetSerializer();
var dateTimeProvider = new UtcDateTimeProvider();
var validTor = new JwtValidator(serializer, dateTimeProvider);
var urlEncoder = new JwtBase64UrlEncoder();
var decoder = new JwtDecoder(serializer, validTor, urlEncoder);
var now = dateTimeProvider.GetNow();
var nbf = UnixEpoch.GetSecondsSince(now);
var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder);
var token = encoder.Encode(new { nbf }, "ABC");
decoder.DecodeToObject <Customer>(token, "ABC", verify: true);
}
/// <summary>
/// 创建token,注意要解析token是一个匿名方式的对象,格式new T{ exp, data }
/// </summary>
/// <param name="payload">自定义数据</param>
/// <param name="month">过期时间,单位min</param>
/// <returns></returns>
public string CreateToken(object data, int min = 60)
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds) + min;
var payload = new
{
exp = secondsSinceEpoch,
data = data
};
return(CreateToken(payload));
}
public static string GenerateToken(User user, int expireMinutes = 20)
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow().AddHours(expireMinutes);
var secondsSinceEpoch = Math.Round((now - UnixEpoch.Value).TotalSeconds);
AuthContextUser auser = new AuthContextUser(user);
var payload = new Dictionary <string, object>
{
{ ClaimTypes.Name, user.LoginName },
{ ClaimTypes.UserData, auser },
{ "exp", secondsSinceEpoch }
};
var token = encoder.Encode(payload, Secret);
return(token);
}
/// <summary>
/// Generate custom signature verified Auth Token
/// </summary>
public string GenerateCustomToken()
{
var privateKey = TestConfiguration.FakeTokenPrivateKey;
var header = new Dictionary <string, object>
{
{ "x5t", "kg2LYs2T0CTjIfj4rt6JIynen38" },
{ "kid", "kg2LYs2T0CTjIfj4rt6JIynen38" }
};
var provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var tokenIssued = UnixEpoch.GetSecondsSince(now);
var expiry = tokenIssued + 3600;
var payload = new Dictionary <string, object>
{
{ "aud", $"{EssauthConfig.EssClientId}" },
{ "iss", $"https://sts.windows.net/{EssauthConfig.TenantId}/" },
{ "iat", tokenIssued },
{ "nbf", tokenIssued },
{ "exp", expiry },
{ "aio", "E2RgYPisIWqdtDHp72InvliZoLuf+m/cOdbklLQrIXRDxgPb23MB" },
{ "appid", $"{EssauthConfig.AutoTestClientId}" },
{ "appidacr", "1" },
{ "idp", $"https://sts.windows.net/{EssauthConfig.TenantId}/" },
{ "oid", "da599026-93fc-4d2a-92c8-94b724e26176" },
{ "rh", "0.AAAASMo0kT1mBUqWijGkLwrtPjtAyT6ZgpBKjswH7mZCEJ8CAP0." },
{ "roles", new string [] { "BatchCreate" } },
{ "sub", "uftNZPaOJaWSYJqHrMIkFhg3rgQ97G9Km9fDl48WQPk" },
{ "tid", "9134ca48-663d-4a05-968a-31a42f0aed3e" },
{ "uti", "KOT0iQPMzESCe4R_Ce94AA" },
{ "ver", "1.0" }
};
var privateKeyBytes = Convert.FromBase64String(privateKey);
using var rsa = RSA.Create();
rsa.ImportRSAPrivateKey(privateKeyBytes, out _);
IJwtAlgorithm algorithm = new RS256Algorithm(rsa, rsa);
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
return(encoder.Encode(header, payload, ""));
}
public string Make(int userType)
{
IDateTimeProvider provider = new UtcDateTimeProvider();
var now = provider.GetNow();
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch
var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds) + TokenTimeOut;
var payload = new Dictionary <string, object>()
{
{ "exp", secondsSinceEpoch },
{ "tp", userType }
};
IJwtAlgorithm algorithm = new HMACSHA256Algorithm();
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);
return(encoder.Encode(payload, Secret));
}
public void DecodeToObject_Should_Throw_Exception_Before_NotBefore_Becomes_Valid()
{
var serializer = new JsonNetSerializer();
var dateTimeProvider = new UtcDateTimeProvider();
var validTor = new JwtValidator(serializer, dateTimeProvider);
var urlEncoder = new JwtBase64UrlEncoder();
var decoder = new JwtDecoder(serializer, validTor, urlEncoder);
var now = dateTimeProvider.GetNow();
var nbf = UnixEpoch.GetSecondsSince(now.AddHours(1));
var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder);
var token = encoder.Encode(new { nbf }, "ABC");
Action action = () => decoder.DecodeToObject <Customer>(token, "ABC", verify: true);
Assert.Throws <SignatureVerificationException>(action);
}
public void DecodeToObject_Should_Throw_Exception_On_Expired_Claim()
{
var serializer = new JsonNetSerializer();
var dateTimeProvider = new UtcDateTimeProvider();
var validator = new JwtValidator(serializer, dateTimeProvider);
var urlEncoder = new JwtBase64UrlEncoder();
var decoder = new JwtDecoder(serializer, validator, urlEncoder);
var now = dateTimeProvider.GetNow();
var exp = (int)(now.AddHours(-1) - JwtValidator.UnixEpoch).TotalSeconds;
var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer, urlEncoder);
var expiredtoken = encoder.Encode(new { exp = exp }, "ABC");
Action action = () => decoder.DecodeToObject <Customer>(expiredtoken, "ABC", verify: true);
action.ShouldThrow <TokenExpiredException>();
}
public void DecodeToObject_Should_Throw_Exception_On_Expired_Claim()
{
var serializer = new JsonNetSerializer();
var dateTimeProvider = new UtcDateTimeProvider();
var validator = new JwtValidator(serializer, dateTimeProvider);
var decoder = new JwtDecoder(serializer, validator);
var now = dateTimeProvider.GetNow();
var hourAgo = now.Subtract(new TimeSpan(1, 0, 0));
var unixTimestamp = (int)(hourAgo - new DateTime(1970, 1, 1)).TotalSeconds;
var encoder = new JwtEncoder(new HMACSHA256Algorithm(), serializer);
var expiredtoken = encoder.Encode(new { exp = unixTimestamp }, "ABC");
Action action = () => decoder.DecodeToObject <Customer>(expiredtoken, "ABC", verify: true);
action.ShouldThrow <TokenExpiredException>();
}
public static double Expiration()
{
try
{
IDateTimeProvider provider = new UtcDateTimeProvider();
int tokenDurationTime = 0;
var now = provider.GetNow();
var durationUntil = UnixEpoch.GetSecondsSince(now) + tokenDurationTime;
return(durationUntil);
}
catch
{
throw new Exception("Can't build expiration time for token");
}
}