public string BearerToken(ClientEntity client) { var signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"; var digestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256"; var securityKey = Convert.FromBase64String(client.SecurityKey); var inMemKey = new InMemorySymmetricSecurityKey(securityKey); ClaimsIdentity identity = new ClaimsIdentity(); identity.AddClaim(new Claim("access", client.Access)); JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); SecurityToken securityToken = handler.CreateToken(new SecurityTokenDescriptor() { TokenType = "Bearer", Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddHours(1)), SigningCredentials = new SigningCredentials(inMemKey, signatureAlgorithm, digestAlgorithm), //This data I would get by matching the jwtSecurityToken.Audience to database or something TokenIssuerName = "AuthorizationServer", AppliesToAddress = client.Audience, Subject = identity } ); return handler.WriteToken(securityToken); }
public bool VerifyToken(string token, ClientEntity client) { var secretKey = Convert.FromBase64String(client.SecurityKey); var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters() { ValidIssuer = client.RowKey, ValidAudience = client.Audience, IssuerSigningToken = new BinarySecretSecurityToken(secretKey) }; try { SecurityToken securityToken; tokenHandler.ValidateToken(token, validationParameters, out securityToken); return true; } catch (Exception e) { Console.WriteLine("Error {0}", e.Message); return false; } }