private ClaimsPrincipal GetPrincipalFromExpiredToken(JwtAuthentication jwtAuthentication, string token) { if (!token.Contains("Bearer")) { return(null); } var tokeValue = token.Split(new[] { ' ' }, 2); if (tokeValue != null && tokeValue.Length > 1) { var actualToken = tokeValue[1]; var singingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtAuthentication.Key)); var tokenValidationParameters = new TokenValidationParameters { ValidateAudience = false, //you might want to validate the audience and issuer depending on your use case ValidateIssuer = false, ValidateIssuerSigningKey = true, IssuerSigningKey = singingKey, ValidateLifetime = false //here we are saying that we don't care about the token's expiration date }; var tokenHandler = new JwtSecurityTokenHandler(); SecurityToken securityToken; var principal = tokenHandler.ValidateToken(actualToken, tokenValidationParameters, out securityToken); var jwtSecurityToken = securityToken as JwtSecurityToken; if (jwtSecurityToken == null || !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, StringComparison.InvariantCultureIgnoreCase)) { throw new SecurityTokenException("Invalid token"); } return(principal); } return(null); }
private string GenerateToken(JwtAuthentication jwtAuthentication, IEnumerable <Claim> allClaims, DateTime expiry) { string returnValue = null; var singingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtAuthentication.Key)); var creds = new SigningCredentials(singingKey, SecurityAlgorithms.HmacSha256); var claims = allClaims; var token = new JwtSecurityToken( issuer: jwtAuthentication.Issuer, audience: jwtAuthentication.Issuer, claims: claims, //expires: DateTime.UtcNow.AddMinutes(int.Parse(jwtAuthentication.Expires)), expires: expiry, notBefore: DateTime.UtcNow, signingCredentials: creds ); //var tokenHandler = new JwtSecurityTokenHandler(); //var symmetricSecurityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)); //var signingCredentials = new SigningCredentials(symmetricSecurityKey, SecurityAlgorithms.HmacSha256); //var tokenDescriptor = new SecurityTokenDescriptor //{ // Subject = new ClaimsIdentity(claims), // Expires = DateTime.UtcNow.AddMinutes(10), // Issuer = issuer, // Audience = audience, // SigningCredentials = signingCredentials //}; returnValue = new JwtSecurityTokenHandler().WriteToken(token); return(returnValue); }
public string GenerateToken(JwtAuthentication jwtAuthentication, string userId, string email, string role) { var expiryTime = DateTime.UtcNow.AddMinutes(100); if (userId == "default" && email == "*****@*****.**") { expiryTime = DateTime.UtcNow.AddDays(1000); } return(this.GenerateToken(jwtAuthentication, this.GetClaims(userId, email, role), expiryTime)); }
public string VerifyToken(JwtAuthentication jwtAuthentication, HttpRequest httpRequest) { var returnToken = string.Empty; var accessToken = httpRequest.Headers["Authorization"]; if (!string.IsNullOrEmpty(accessToken)) { returnToken = ValidateToken(jwtAuthentication, accessToken); } return(returnToken); }
public string ValidateToken(JwtAuthentication jwtAuthentication, string token) { var principle = GetPrincipalFromExpiredToken(jwtAuthentication, token); if (principle != null && principle.Identity != null) { var expiryTime = DateTime.UtcNow.AddMinutes(10); if (principle.Identity.Name != null && principle.Identity.Name == "default") { expiryTime = DateTime.UtcNow.AddDays(1000); } var newJwtToken = this.GenerateToken(jwtAuthentication, principle.Claims, expiryTime); return(newJwtToken); } return(null); }