public async Task <IActionResult> Create([FromBody] User user) { string userString = HttpContext.Session.GetString("Login"); userString = userString != null ? userString : ""; User userTruly = DefaultController.privateWeakCheckByPassword(user).Result; if (userTruly == null) { StatisticSender.SendStatistic("Token", DateTime.Now, "Create Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, userString); return(Unauthorized()); } else { var token = new JwtTokenBuilder() .AddSecurityKey(JwtSecurityKey.Create("Test-secret-key-1234")) .AddSubject(userTruly.Login) .AddIssuer("Test.Security.Bearer") .AddAudience("Test.Security.Bearer") .AddClaim(userTruly.Role, userTruly.ID.ToString()) .AddExpiry(200) .Build(); HttpContext.Session.SetString("Token", token.Value); HttpContext.Session.SetString("Login", user.Login); //пихаем новый токен пользователю в бд var values = new JObject(); values.Add("id", userTruly.ID); values.Add("login", userTruly.Login); values.Add("password", userTruly.Password); values.Add("role", userTruly.Role); values.Add("lasttoken", token.Value); var result = await QueryClient.SendQueryToService(HttpMethod.Put, "http://localhost:54196", "/api/Users/" + userTruly.ID, null, values); try { User resultUser = JsonConvert.DeserializeObject <User>(result); StatisticSender.SendStatistic("Token", DateTime.Now, "Create Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), true, userString); return(Ok(resultUser)); } catch { return(Unauthorized()); } } }
public static User CreateToken(User user) { User userTruly = DefaultController.privateWeakCheckByPassword(user).Result; if (userTruly == null) { return(userTruly); } else { var token = new JwtTokenBuilder() .AddSecurityKey(JwtSecurityKey.Create("Test-secret-key-1234")) .AddSubject(userTruly.Login) .AddIssuer("Test.Security.Bearer") .AddAudience("Test.Security.Bearer") .AddClaim(userTruly.Role, userTruly.ID.ToString()) .AddExpiry(200) .Build(); //пихаем новый токен пользователю в бд var values = new JObject(); values.Add("id", userTruly.ID); values.Add("login", userTruly.Login); values.Add("password", userTruly.Password); values.Add("role", userTruly.Role); values.Add("lasttoken", token.Value); var result = QueryClient.SendQueryToService(HttpMethod.Put, "http://localhost:54196", "/api/Users/" + userTruly.ID, null, values).Result; try { User resultUser = JsonConvert.DeserializeObject <User>(result); return(resultUser); } catch { return(userTruly); } } }
public async Task <IActionResult> Refresh() { string userString = HttpContext.Session.GetString("Login"); userString = userString != null ? userString : ""; string login = HttpContext.Session.GetString("Login"); string lastToken = HttpContext.Session.GetString("Token"); if (login != null && login != "") { User user = new Models.AuthorisationService.User() { Login = login, LastToken = lastToken }; var userTruly = DefaultController.privateWeakCheck(user).Result; if (userTruly == null) { SendStatistic("Token", DateTime.Now, "Refresh Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, userString); return(Unauthorized()); } else { var token = new JwtTokenBuilder() .AddSecurityKey(JwtSecurityKey.Create("Test-secret-key-1234")) .AddSubject(userTruly.Login) .AddIssuer("Test.Security.Bearer") .AddAudience("Test.Security.Bearer") .AddClaim(userTruly.Role, userTruly.ID.ToString()) .AddExpiry(200) .Build(); HttpContext.Session.SetString("Token", token.Value); HttpContext.Session.SetString("Login", user.Login); //пихаем новый токен пользователю в бд var values = new JObject(); values.Add("id", userTruly.ID); values.Add("login", userTruly.Login); values.Add("password", userTruly.Password); values.Add("role", userTruly.Role); values.Add("lasttoken", token.Value); /**/ var corrId = string.Format("{0}{1}", DateTime.Now.Ticks, Thread.CurrentThread.ManagedThreadId); /**/ string request; /**/ string requestMessage = values.ToString(); /**/ byte[] responseMessage; HttpClient client = new HttpClient(); client.BaseAddress = new Uri(URLAuthorisation); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); HttpContent content = new StringContent(values.ToString(), Encoding.UTF8, "application/json"); /**/ string requestString = "api/users/" + userTruly.ID; var response = await client.PutAsJsonAsync(requestString, values); /**/ request = "SERVICE: AuthorisationService \r\nPUT: " + URLAuthorisation + "/" + requestString + "\r\n" + client.DefaultRequestHeaders.ToString(); /**/ string responseString = response.Headers.ToString() + "\nStatus: " + response.StatusCode.ToString(); if ((int)response.StatusCode == 500) { string description = "There is no user with ID (" + user.ID + ")"; ResponseMessage message = new ResponseMessage(); message.description = description; message.message = response; SendStatistic("Token", DateTime.Now, "Refresh Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, userString); return(Unauthorized()); } if (response.IsSuccessStatusCode) { /**/ responseMessage = await response.Content.ReadAsByteArrayAsync(); /**/ await LogQuery(request, requestMessage, responseString, responseMessage); } else { /**/ responseMessage = Encoding.UTF8.GetBytes(response.ReasonPhrase); /**/ await LogQuery(request, requestMessage, responseString, responseMessage); SendStatistic("Token", DateTime.Now, "Refresh Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, userString); return(Unauthorized()); } SendStatistic("Token", DateTime.Now, "Refresh Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), true, userString); return(Ok(token.Value)); } } else { return(Unauthorized()); } } //____________________________________________1____________________________________________ //Получаем client_id и scope, а также адрес, куда это кидать // //GET api/token/geturl [Route("geturl")] public IActionResult GetUrl() { RequestGrant rg = new RequestGrant(); return(Ok(rg)); } //____________________________________________2____________________________________________ //Запрашиваем права, кидая client_id и scope и получая страницу с авторизацией //GET api/token/oauth [Route("oauth")] [HttpGet] public IActionResult GetAccess([FromQuery] string client_id, [FromQuery] string scope) { if (clientIDTrue.ToString() != client_id || scopeTrue != scope) { return(Unauthorized()); } return(View()); } //________________________________________________________________________4______________________________ //меняем код на токен доступа, если все правильно //POST api/token/requestToken [Route("RequestToken")] [HttpPost] //public async Task<RedirectResult> RequestTokenToAccessToken([FromBody] RequestAccessToken rat) public async Task <IActionResult> RequestTokenToAccessToken([FromBody] RequestAccessToken rat) { //запрос из бд UserData по code, clientID и clientSecret UserData result = new UserData(); int count = 0; var corrId = string.Format("{0}{1}", DateTime.Now.Ticks, Thread.CurrentThread.ManagedThreadId); string request; byte[] responseMessage; using (var client = new HttpClient()) { client.BaseAddress = new Uri("https://localhost:44336"); client.DefaultRequestHeaders.Accept.Clear(); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); string requestString = "api/userdatas/getbycode?code=" + rat.code; HttpResponseMessage response = await client.GetAsync(requestString); request = "SERVICE: AggregationService \r\nGET: " + "https://localhost:44336" + "/" + requestString + "\r\n" + client.DefaultRequestHeaders.ToString(); string responseString = response.Headers.ToString() + "\nStatus: " + response.StatusCode.ToString(); if (response.IsSuccessStatusCode) { responseMessage = await response.Content.ReadAsByteArrayAsync(); var datas = await response.Content.ReadAsStringAsync(); result = JsonConvert.DeserializeObject <UserData>(datas); } else { responseMessage = Encoding.UTF8.GetBytes(response.ReasonPhrase); string user2 = HttpContext.Session.GetString("Login"); user2 = user2 != null ? user2 : ""; SendStatistic("Api", DateTime.Now, "Index", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, user2); return(Unauthorized()); //return Redirect(""); } await LogQuery(request, responseString, responseMessage); } var token = new JwtTokenBuilder() .AddSecurityKey(JwtSecurityKey.Create("Test-secret-key-1234")) .AddSubject(result.Login) .AddIssuer("Test.Security.Bearer") .AddAudience("Test.Security.Bearer") .AddClaim(result.Role, result.ID.ToString()) .AddExpiry(200) .Build(); HttpContext.Session.SetString("Token", token.Value); //string token = HttpContext.Session.GetString("Token"); //return Ok(token); //Token CurrentToken = new Token() { access_token = token.Value, expires_in = "", token_type = "", scope = "" }; if (rat.clientSecret == result.clientSecret && rat.client_id == result.clientID && rat.code == result.Code) { string uri = "?access_token=" + token.Value + "&token_type=bearer" + "&scope=" + "khfv98sdh2j37ds76fhj" + "&expire_time=" + token.ValidTo.ToString(); return(Ok(uri)); //return Redirect(uri); } else { return(Unauthorized()); //return Redirect(""); } } //GET api/token/token [Route("token")] [HttpGet] public IActionResult Token(string expires, string login) { string token = HttpContext.Session.GetString("Token"); //return Ok(token); Token CurrentToken = new Token() { access_token = token, expires_in = "", token_type = "", scope = "" }; //string uri = "?access_token=" + token + "&expires_in=" + expires + "&token_type=bearer&scope="+scopeTrue; string code = ""; if (login == "sad") { code = "das64917"; } else if (login == "admin") { code = "nimda64917"; } string uri = "?code=" + code + "&method=POST&uri=api/token/requestToken" + "?login="******"?client_id" + clientIDTrue + "?clientSecret" + clientSecretTrue + "?expires" + expires;; return(Ok(uri)); } //________________________________________________________________2.5_____________________________ //на успешную авторизацию выдаем код [Route("oauth")] [HttpPost] public async Task <IActionResult> CreateFromView([Bind("Login, Password")] User user) { string userString = HttpContext.Session.GetString("Login"); userString = userString != null ? userString : ""; var userTruly = DefaultController.privateCheck(user).Result; if (userTruly == null) { SendStatistic("Token", DateTime.Now, "Create Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, userString); return(Unauthorized()); } else { UserData result = new UserData(); int count = 0; var corrId = string.Format("{0}{1}", DateTime.Now.Ticks, Thread.CurrentThread.ManagedThreadId); string request; byte[] responseMessage; using (var client = new HttpClient()) { client.BaseAddress = new Uri("https://localhost:44336"); client.DefaultRequestHeaders.Accept.Clear(); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); string requestString = "api/userdatas/getbylogin?login="******"SERVICE: AggregationService \r\nGET: " + "https://localhost:44336" + "/" + requestString + "\r\n" + client.DefaultRequestHeaders.ToString(); string responseString = response.Headers.ToString() + "\nStatus: " + response.StatusCode.ToString(); if (response.IsSuccessStatusCode) { responseMessage = await response.Content.ReadAsByteArrayAsync(); var datas = await response.Content.ReadAsStringAsync(); result = JsonConvert.DeserializeObject <UserData>(datas); } else { responseMessage = Encoding.UTF8.GetBytes(response.ReasonPhrase); string user2 = HttpContext.Session.GetString("Login"); user2 = user2 != null ? user2 : ""; SendStatistic("Api", DateTime.Now, "Index", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, user2); return(BadRequest("Service unavailable")); } await LogQuery(request, responseString, responseMessage); } RequestAccessToken rat = new RequestAccessToken() { clientSecret = clientSecretTrue, client_id = clientIDTrue, code = result.Code, redirect_uri = "api/token/requestToken" }; return(Ok(rat)); //var token = new JwtTokenBuilder() // .AddSecurityKey(JwtSecurityKey.Create("Test-secret-key-1234")) // .AddSubject(userTruly.Login) // .AddIssuer("Test.Security.Bearer") // .AddAudience("Test.Security.Bearer") // .AddClaim(userTruly.Role, userTruly.ID.ToString()) // .AddExpiry(200) // .Build(); //HttpContext.Session.SetString("Token", token.Value); //HttpContext.Session.SetString("Login", user.Login); ////пихаем новый токен пользователю в бд //var values = new JObject(); //values.Add("id", userTruly.ID); //values.Add("login", userTruly.Login); //values.Add("password", userTruly.Password); //values.Add("role", userTruly.Role); //values.Add("lasttoken", token.Value); ///**/ //var corrId = string.Format("{0}{1}", DateTime.Now.Ticks, Thread.CurrentThread.ManagedThreadId); ///**/ //string request; ///**/ //string requestMessage = values.ToString(); ///**/ //byte[] responseMessage; //HttpClient client = new HttpClient(); //client.BaseAddress = new Uri(URLAuthorisation); //client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); //HttpContent content = new StringContent(values.ToString(), Encoding.UTF8, "application/json"); ///**/ //string requestString = "api/users/" + userTruly.ID; //var response = await client.PutAsJsonAsync(requestString, values); ///**/ //request = "SERVICE: AuthorisationService \r\nPUT: " + URLAuthorisation + "/" + requestString + "\r\n" + client.DefaultRequestHeaders.ToString(); ///**/ //string responseString = response.Headers.ToString() + "\nStatus: " + response.StatusCode.ToString(); //if ((int)response.StatusCode == 500) //{ // string description = "There is no user with ID (" + user.ID + ")"; // ResponseMessage message = new ResponseMessage(); // message.description = description; // message.message = response; // SendStatistic("Token", DateTime.Now, "Create Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, userString); // return Unauthorized(); //} //if (response.IsSuccessStatusCode) //{ // /**/ // responseMessage = await response.Content.ReadAsByteArrayAsync(); // /**/ // await LogQuery(request, requestMessage, responseString, responseMessage); //} //else //{ // /**/ // responseMessage = Encoding.UTF8.GetBytes(response.ReasonPhrase); // /**/ // await LogQuery(request, requestMessage, responseString, responseMessage); // SendStatistic("Token", DateTime.Now, "Create Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, userString); // return Unauthorized(); //} //SendStatistic("Token", DateTime.Now, "Create Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), true, userString); //return Ok(token.Value); //return RedirectToAction("Token", new { expires = token.ValidTo.ToString() , login = userTruly.Login } ); } }
public async Task <IActionResult> Create([FromBody] User user) { string userString = HttpContext.Session.GetString("Login"); userString = userString != null ? userString : ""; var userTruly = DefaultController.privateCheck(user).Result; if (userTruly == null) { SendStatistic("Token", DateTime.Now, "Create Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, userString); return(Unauthorized()); } else { var token = new JwtTokenBuilder() .AddSecurityKey(JwtSecurityKey.Create("Test-secret-key-1234")) .AddSubject(userTruly.Login) .AddIssuer("Test.Security.Bearer") .AddAudience("Test.Security.Bearer") .AddClaim(userTruly.Role, userTruly.ID.ToString()) .AddExpiry(200) .Build(); HttpContext.Session.SetString("Token", token.Value); HttpContext.Session.SetString("Login", user.Login); //пихаем новый токен пользователю в бд var values = new JObject(); values.Add("id", userTruly.ID); values.Add("login", userTruly.Login); values.Add("password", userTruly.Password); values.Add("role", userTruly.Role); values.Add("lasttoken", token.Value); /**/ var corrId = string.Format("{0}{1}", DateTime.Now.Ticks, Thread.CurrentThread.ManagedThreadId); /**/ string request; /**/ string requestMessage = values.ToString(); /**/ byte[] responseMessage; HttpClient client = new HttpClient(); client.BaseAddress = new Uri(URLAuthorisation); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); HttpContent content = new StringContent(values.ToString(), Encoding.UTF8, "application/json"); /**/ string requestString = "api/users/" + userTruly.ID; var response = await client.PutAsJsonAsync(requestString, values); /**/ request = "SERVICE: AuthorisationService \r\nPUT: " + URLAuthorisation + "/" + requestString + "\r\n" + client.DefaultRequestHeaders.ToString(); /**/ string responseString = response.Headers.ToString() + "\nStatus: " + response.StatusCode.ToString(); if ((int)response.StatusCode == 500) { string description = "There is no user with ID (" + user.ID + ")"; ResponseMessage message = new ResponseMessage(); message.description = description; message.message = response; SendStatistic("Token", DateTime.Now, "Create Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, userString); return(Unauthorized()); } if (response.IsSuccessStatusCode) { /**/ responseMessage = await response.Content.ReadAsByteArrayAsync(); /**/ await LogQuery(request, requestMessage, responseString, responseMessage); } else { /**/ responseMessage = Encoding.UTF8.GetBytes(response.ReasonPhrase); /**/ await LogQuery(request, requestMessage, responseString, responseMessage); SendStatistic("Token", DateTime.Now, "Create Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), false, userString); return(Unauthorized()); } SendStatistic("Token", DateTime.Now, "Create Token", Request.HttpContext.Connection.RemoteIpAddress.ToString(), true, userString); return(Ok(token.Value)); }