public ActionResult Login([FromBody] LoginViewModel model, [FromServices] IJwtSigningEncodingKey signingEncodingKey, [FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey) { var user = _repository.GetByEmail(model.Email); if (user == null || !_passwordHasher.VerifyIdentityV3Hash(model.Password, user.PasswordHash)) { return(Unauthorized()); } var usersClaims = new [] { new Claim(ClaimTypes.Name, user.Email), new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()) }; var jwtToken = _tokenService.GenerateAccessToken(usersClaims, signingEncodingKey, encryptingEncodingKey); var refreshToken = _tokenService.GenerateRefreshToken(); return(Ok( new { token = jwtToken, refreshToken = refreshToken })); }
public ActionResult <string> Post(AuthenticationRequest authRequest, [FromServices] IJwtSigningEncodingKey signingEncodingKey, [FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey) { var claims = new[] { new Claim(ClaimTypes.NameIdentifier, authRequest.Name) }; var tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken token = tokenHandler.CreateJwtSecurityToken( issuer: "SampleOfWebAPI", audience: "WebAPI", subject: new ClaimsIdentity(claims), notBefore: DateTime.Now, expires: DateTime.Now.AddHours(1), issuedAt: DateTime.Now, signingCredentials: new SigningCredentials( signingEncodingKey.GetKey(), signingEncodingKey.SigningAlgorithm), encryptingCredentials: new EncryptingCredentials( encryptingEncodingKey.GetKey(), encryptingEncodingKey.SigningAlgorithm, encryptingEncodingKey.EncryptingAlgorithm)); string jwtToken = tokenHandler.WriteToken(token); return(jwtToken); }
public TokenGenerator(IConfiguration configuration, IJwtSigningEncodingKey signingEncodingKey, IJwtEncryptingEncodingKey encryptingEncodingKey) { _signingEncodingKey = signingEncodingKey; _encryptingEncodingKey = encryptingEncodingKey; _configuration = configuration; }
public JwtService(IOptions <TokenLifeTimeOptions> tokenLifeTimeOptions, IOptions <AuthOptions> authOptions, IJwtSigningEncodingKey signInEncodingKey, IJwtEncryptingEncodingKey jwtEncryptionEncodingKey, IAesCipher crypt) { this.tokenLifeTimeOptions = tokenLifeTimeOptions; this.authOptions = authOptions; this.signInEncodingKey = signInEncodingKey; this.jwtEncryptionEncodingKey = jwtEncryptionEncodingKey; this.crypt = crypt; }
public AccountHelperTests() { _accountHelper = new AccountHelper(); // Setting up a jwe keys const string signingSecurityKey = "745hvv43uhvfnvu2v"; var signingKey = new SigningSymmetricKey(signingSecurityKey); const string encodingSecurityKey = "dfkng20jfsdjfvsdmvw"; var encryptionEncodingKey = new EncryptingSymmetricKey(encodingSecurityKey); _signingEncodingKey = signingKey; _encryptingEncodingKey = encryptionEncodingKey; }
public AuthService( IMongoManager mongoManager, ILogger <AuthService> logger, IHasher hasher, IJwtSigningEncodingKey signingEncodingKey, IJwtEncryptingEncodingKey encryptingEncodingKey ) { _mongoManager = mongoManager; _logger = logger; _hasher = hasher; _signingEncodingKey = signingEncodingKey; _encryptingEncodingKey = encryptingEncodingKey; }
public IActionResult RefreshToken([FromBody] RefreshTokenViewModel model, [FromServices] IJwtSigningEncodingKey signingEncodingKey, [FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey) { var principal = _tokenService.GetPrincipalFromExpiredToken(model.Token); var username = principal.Identity.Name; var newJwtToken = _tokenService.GenerateAccessToken(principal.Claims, signingEncodingKey, encryptingEncodingKey); var newRefreshToken = _tokenService.GenerateRefreshToken(); return(Ok( new { token = newJwtToken, refreshToken = newRefreshToken })); }
public string GenerateAccessToken(IEnumerable <Claim> claims, IJwtSigningEncodingKey signingEncodingKey, IJwtEncryptingEncodingKey encryptingEncodingKey) { var tokenHandler = new JwtSecurityTokenHandler(); var expiryInMinutes = Convert.ToInt32(_configuration["Jwt:ExpiryInMinutes"]); var jwtToken = tokenHandler.CreateJwtSecurityToken( issuer: _configuration["Jwt:Site"], audience: _configuration["Jwt:Site"], subject: new ClaimsIdentity(claims), notBefore: DateTime.UtcNow, expires: DateTime.UtcNow.AddMinutes(expiryInMinutes), issuedAt: DateTime.UtcNow, signingCredentials: new SigningCredentials( signingEncodingKey.GetKey(), signingEncodingKey.SigningAlgorithm), encryptingCredentials: new EncryptingCredentials( encryptingEncodingKey.GetKey(), encryptingEncodingKey.SigningAlgorithm, encryptingEncodingKey.EncryptingAlgorithm)); return(tokenHandler.WriteToken(jwtToken)); }
public ActionResult <string> Post( AuthenticationRequest authRequest, [FromServices] IJwtSigningEncodingKey signingEncodingKey, [FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey) { // 1. Проверяем данные пользователя из запроса. // ... // 2. Создаем утверждения для токена. var claims = new Claim[] { new Claim(ClaimTypes.NameIdentifier, authRequest.Name) }; // 3. Генерируем JWT. var tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken token = tokenHandler.CreateJwtSecurityToken( issuer: "DemoApp", audience: "DemoAppClient", subject: new ClaimsIdentity(claims), notBefore: DateTime.Now, expires: DateTime.Now.AddMinutes(5), issuedAt: DateTime.Now, signingCredentials: new SigningCredentials( signingEncodingKey.GetKey(), signingEncodingKey.SigningAlgorithm), encryptingCredentials: new EncryptingCredentials( encryptingEncodingKey.GetKey(), encryptingEncodingKey.SigningAlgorithm, encryptingEncodingKey.EncryptingAlgorithm)); var jwtToken = tokenHandler.WriteToken(token); return(jwtToken); }
public async Task <IActionResult> Login([FromHeader(Name = "User-Agent")] string userAgent, [FromHeader(Name = "Authorization")] string authorization, [FromServices] IJwtSigningEncodingKey signingEncodingKey, [FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey) { if (string.IsNullOrEmpty(userAgent) || string.IsNullOrWhiteSpace(userAgent)) { return(Json("Incorrect user-agent info")); } if (string.IsNullOrEmpty(authorization) || string.IsNullOrWhiteSpace(authorization)) { return(Json("Incorrect user data")); } // Decoding from Base64 Authorization Basic <username:password> var clearAuth = authorization.Replace("Basic ", string.Empty); var base64EncodedBytes = Convert.FromBase64String(clearAuth); var base64EncodedString = Encoding.UTF8.GetString(base64EncodedBytes); var credentials = base64EncodedString.Split(":"); if (credentials is null || credentials?.Length != 2) { return(Json("Incorrect data format for authorization")); } // User verification var existUser = await _userRepository.Query() .Where(s => s.Login == credentials[0]) .SingleOrDefaultAsync(); if (existUser is null) { return(Json("Authorization error")); } if (!credentials[1].Equals(existUser?.Password)) { return(Json("Incorrect password")); } // Generate Jwe token var jwtToken = _accountHelper.GenerateJwtToken(existUser, signingEncodingKey, encryptingEncodingKey); var refreshToken = _accountHelper.GenerateRefreshToken(); if (refreshToken is null) { return(Json("Refresh token isn't formed")); } var dtUtcNow = DateTime.UtcNow; var userLogin = new UserLoginModel { RefreshToken = refreshToken, CreateDateUTC = dtUtcNow, ExpireDateUTC = dtUtcNow.AddDays(2), UserAgent = userAgent }; var existUserLogin = await _userLoginRepository.Query() .Where(s => s.UserId == existUser.Id && s.UserAgent == userLogin.UserAgent) .SingleOrDefaultAsync(); // Delete existing login if (existUserLogin != null) { await _userLoginRepository.DeleteAsync(existUserLogin); } existUser.UsersLogins.Add(userLogin); await _userRepository.UpdateAsync(existUser); var response = new { jwtToken, refreshToken }; return(Json(response)); }
public async Task <IActionResult> RefreshToken([FromHeader(Name = "User-Agent")] string userAgent, [FromHeader(Name = "Authorization")] string token, [FromHeader(Name = "Authorization-Refresh")] string refreshToken, [FromServices] IJwtSigningEncodingKey signingEncodingKey, [FromServices] IJwtEncryptingEncodingKey encryptingEncodingKey) { if (userAgent is null) { return(Json("Incorrect user-agent info")); } if (refreshToken is null) { return(Json("Incorrect refresh token")); } // Token validation, decoding var principal = _accountHelper.GetPrincipal(token, false); if (principal is null) { return(Json("Incorrect token")); } var login = principal?.Identity?.Name; var oldUserLogin = await _userLoginRepository.Query() .Where(s => s.User.Login.Equals(login) && s.UserAgent.Equals(userAgent) && s.RefreshToken.Equals(refreshToken)) .SingleOrDefaultAsync(); if (oldUserLogin is null) { return(Json("Incorrect authorization data", HttpStatusCode.Unauthorized)); } // Expire time of refresh tokens are 2 days var dtUtcNow = DateTime.UtcNow; if (oldUserLogin?.ExpireDateUTC <= dtUtcNow) { await _userLoginRepository.DeleteAsync(oldUserLogin); return(Json("Refresh token has been expired", HttpStatusCode.Unauthorized)); } var user = await _userRepository.Query() .Where(s => s.Login.Equals(login)) .SingleOrDefaultAsync(); if (user is null) { return(Json("There is no user with this data")); } // Forming tokens var newJwtToken = _accountHelper.GenerateJwtToken(user, signingEncodingKey, encryptingEncodingKey); var newRefreshToken = _accountHelper.GenerateRefreshToken(); oldUserLogin.RefreshToken = newRefreshToken; oldUserLogin.CreateDateUTC = dtUtcNow; oldUserLogin.ExpireDateUTC = dtUtcNow.AddDays(2); await _userLoginRepository.UpdateAsync(oldUserLogin); var response = new { newJwtToken, newRefreshToken }; return(Json(response)); }
public string GenerateJwtToken(UserModel user, IJwtSigningEncodingKey signingEncodingKey, IJwtEncryptingEncodingKey encryptingEncodingKey) { var claims = new Claim[] { new Claim(ClaimTypes.Name, user?.Login), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()) }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateJwtSecurityToken( issuer: JwtSettings.ValidIssuer, audience: JwtSettings.ValidAudience, subject: new ClaimsIdentity(claims), notBefore: DateTime.Now, expires: DateTime.Now.AddMinutes(5), issuedAt: DateTime.Now, signingCredentials: new SigningCredentials( signingEncodingKey.GetKey(), signingEncodingKey.SigningAlgorithm), encryptingCredentials: new EncryptingCredentials( encryptingEncodingKey.GetKey(), encryptingEncodingKey.SigningAlgorithm, encryptingEncodingKey.EncryptingAlgorithm) ); var jwteString = tokenHandler.WriteToken(token); return(jwteString); }