public async Task <IActionResult> OnGetAsync() { /* if (!Request.Headers.ContainsKey("Authorization")) * return RedirectToPage("Index"); * * string authorizationHeader = Request.Headers["Authorization"]; * var verifytoken = new VerifyToken(); * var currenttoken = verifytoken.ValidateCurrentToken(authorizationHeader); * * if (!currenttoken) * { * return RedirectToPage("Index"); * } * return Page();*/ if (!Request.Headers.ContainsKey("Authorization")) { return(RedirectToPage("Index")); } string authorizationHeader = Request.Headers["Authorization"]; var validatedToken = await VerifyToken.ValidateToken_new(authorizationHeader); if (validatedToken.ValidTo < DateTime.UtcNow) { Console.WriteLine("Invalid token"); HttpContext.Session.Remove("JWToken"); return(RedirectToPage("Index")); } return(Page()); }
public void TestSerialization() { var sut = new VerifyToken(); JsonHelper.GetSerializedKeys(sut).Should().BeEquivalentTo(new SortedSet <string> { "id", "name", "status", "expires_on", "issued_on", "modified_on", "not_before" }); }
public async Task <IActionResult> ConfirmEmail([FromBody] VerifyToken model) { var token = _userManager.Users .Where(u => u.Email == model.Email) .Select(u => u.VerificationToken) .SingleOrDefault(); if (token != model.Token) { return(BadRequest("The Token Supplied Doesn't Match")); } var userConfirmEmail = await _userManager.FindByEmailAsync(model.Email); userConfirmEmail.EmailConfirmed = true; await _userManager.UpdateAsync(userConfirmEmail); return(new JsonResult("Account Confirmed Login To Continue Transaction")); }
//http://blog.valeriogheri.com/asp-net-webapi-identity-system-how-to-login-with-facebook-access-token public async Task <IHttpActionResult> GoogleLogin(AddExternalLoginBindingModel model) { if (string.IsNullOrEmpty(model.ExternalAccessToken)) { return(BadRequest("Invalid OAuth access token")); } ApplicationUser user = null; // Get the fb access token and make a graph call to the /me endpoint VerifyToken verifyToken = new VerifyToken(); var fbUser = await verifyToken.VerifyGoogleAccessToken(null, model.ExternalAccessToken); if (fbUser == null) { return(BadRequest("Invalid OAuth access token")); } if (!fbUser.aud.Equals(VerifyToken.CLIENT_ID)) { return(BadRequest("Invalid OAuth access token")); } try { using (var dbTransaction = db.Database.BeginTransaction()) { if (model.Email != null) { // model.Email is an application account's email, not google login's email user = await UserManager.FindByEmailAsync(model.Email); if (user == null) { return(BadRequest("Invalid Email")); } // bool isGoogleLoginAlreadyBelongToTheUser = false; var userLogins = await UserManager.GetLoginsAsync(user.Id); foreach (UserLoginInfo userLoginInfo in userLogins) { if (userLoginInfo.LoginProvider.Equals("Google") && userLoginInfo.ProviderKey.Equals(fbUser.sub)) { isGoogleLoginAlreadyBelongToTheUser = true; break; } } if (!isGoogleLoginAlreadyBelongToTheUser) { bool isGoogleLoginAlreadyBelongToSomeOtherUser = db.Users.Where(u => u.Logins.Any(l => l.LoginProvider.Equals("Google") && l.ProviderKey.Equals(fbUser.sub))).Count() > 0; if (isGoogleLoginAlreadyBelongToSomeOtherUser) { return(BadRequest("Invalid OAuth access token")); } else { if (!user.EmailConfirmed && !user.Email.ToLower().Equals(fbUser.Email.ToLower())) { return(BadRequest("Application account's email is not confirmed yet")); } //add login //user.Logins.Add(new IdentityUserLogin() { LoginProvider = "Google", ProviderKey = fbUser.sub }); IdentityResult result = await UserManager.AddLoginAsync(user.Id, new UserLoginInfo("Google", fbUser.sub)); if (!result.Succeeded) { return(GetErrorResult(result)); } //make email confirmed user.EmailConfirmed = true; } } else { //nothing to do } } else { //try to find user user = db.Users.Where(u => u.Logins.Any(l => l.LoginProvider.Equals("Google") && l.ProviderKey.Equals(fbUser.sub))).SingleOrDefault(); if (user == null) { // user not found so //create user and add login string randomPassword; //At least one lower case letter Regex r1 = new Regex("[a-z]+"); //At least one upper case letter Regex r2 = new Regex("[A-Z]+"); //At least one digit Regex r3 = new Regex("[0-9]+"); string NewPassword = System.Web.Security.Membership.GeneratePassword(10, 5); while (!(r1.IsMatch(NewPassword) && r2.IsMatch(NewPassword) && r3.IsMatch(NewPassword))) { //regenerate new password NewPassword = System.Web.Security.Membership.GeneratePassword(10, 5); } randomPassword = NewPassword; user = new ApplicationUser() { UserName = fbUser.Email, Email = fbUser.Email, EmailConfirmed = true }; IdentityResult result = await UserManager.CreateAsync(user, randomPassword); if (!result.Succeeded) { return(GetErrorResult(result)); //return Conflict(); } //user.Logins.Add(new IdentityUserLogin() { LoginProvider = "Google", ProviderKey = fbUser.sub }); IdentityResult result2 = await UserManager.AddLoginAsync(user.Id, new UserLoginInfo("Google", fbUser.sub)); if (!result2.Succeeded) { return(GetErrorResult(result2)); } } else { //nothing to do } } db.SaveChanges(); dbTransaction.Commit(); } } catch (Exception e) { return(Conflict()); } // Finally sign-in the user: this is the key part of the code that creates the bearer token and authenticate the user var identity = new ClaimsIdentity(Startup.OAuthOptions.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id, null, ClaimsIdentity.DefaultIssuer)); identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName, null, ClaimsIdentity.DefaultIssuer)); identity.AddClaim(new Claim("http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider", "ASP.NET Identity", null, ClaimsIdentity.DefaultIssuer)); identity.AddClaim(new Claim("AspNet.Identity.SecurityStamp", user.SecurityStamp, null, ClaimsIdentity.DefaultIssuer)); AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties()); var currentUtc = new Microsoft.Owin.Infrastructure.SystemClock().UtcNow; ticket.Properties.IssuedUtc = currentUtc; var tokenExpirationTimeSpan = TimeSpan.FromDays(14); ticket.Properties.ExpiresUtc = currentUtc.Add(tokenExpirationTimeSpan); var accesstoken = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket); Authentication.SignIn(identity); // Create the response JObject blob = new JObject( new JProperty("userName", user.UserName), new JProperty("access_token", accesstoken), new JProperty("token_type", "bearer"), new JProperty("expires_in", (long)tokenExpirationTimeSpan.TotalSeconds), new JProperty(".issued", ticket.Properties.IssuedUtc.ToString()), new JProperty(".expires", ticket.Properties.ExpiresUtc.ToString()) ); var json = Newtonsoft.Json.JsonConvert.SerializeObject(blob); // Return OK return(Ok(blob)); }