Exemplo n.º 1
0
        public ClaimsPrincipal GetUserIdentity(NancyContext ctx)
        {
            try
            {
                var authorization = ctx.Request.Headers.Authorization;

                if (string.IsNullOrWhiteSpace(authorization))
                {
                    return(null);
                }

                if (!authorization.StartsWith(TokenPrefix, StringComparison.OrdinalIgnoreCase))
                {
                    return(null);
                }

                var jwtToken = authorization.Substring(TokenPrefix.Length);

                var handler = new JwtSecurityTokenHandler {
                    SetDefaultTimesOnTokenCreation = false
                };

                var principal = handler.ValidateToken(
                    jwtToken,
                    new TokenValidationParameters
                {
                    ValidateIssuer           = false,
                    ValidateAudience         = false,
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKeys        = new[]
                    {
                        new SymmetricSecurityKey(Convert.FromBase64String(_settings.AuthSecretKey)),
                    },
                },
                    out _);

                return(principal);
            }
            catch (Exception ex)
            {
                _monik.SecurityWarning($"Auth exception: {ex}");
                return(null);
            }
        }