public static async Task <IActionResult> Login( [HttpTrigger(AuthorizationLevel.Anonymous, Global.HttpVerbPost, Route = null)] HttpRequest req, [Table(Global.UserTableName, Connection = Global.AzureWebJobsStorage)] CloudTable userCloudTable, ILogger log) { using (var sr = new StreamReader(req.Body)) { var requestBodyJson = sr.ReadToEnd(); var userLoginModel = JsonConvert.DeserializeObject <UserLoginModel>(requestBodyJson); if (!userLoginModel.IsValid()) { log.LogWarning(GlobalMessages.LoginFailedDueToInvalidData); return(new BadRequestObjectResult(GlobalMessages.InvalidDataOneOrMoreValuesWasEmpty)); } var userEntity = await GetUserEntityByUserName(userCloudTable, userLoginModel.UserName); if (userEntity == null) { log.LogWarning(String.Format(GlobalMessages.LoginFailedUserNotInDatabaseFormat, userLoginModel.UserName)); return(new UnauthorizedResult()); } if (userLoginModel.UserName.Equals(userEntity.UserName, StringComparison.OrdinalIgnoreCase) && PasswordHashing.VerifyHashedPassword(userEntity.PasswordHash, userLoginModel.Password)) { var jwtTools = new JwtTools(); var subject = new ClaimsIdentity(new[] { new Claim(Global.ClaimUserName, userEntity.UserName), new Claim(Global.ClaimUserId, userEntity.RowKey) }); var utcExpiresDateTime = DateTime.UtcNow.AddHours(4); // you can change this to meet your requirements for token expiration. var token = jwtTools.CreateToken(Global.Issuer, Global.Audience, subject, utcExpiresDateTime, Global.EncryptionKey); var tokenItemModel = new TokenItemModel { Token = token }; log.LogInformation(String.Format(GlobalMessages.LoginSuccessfulFormat, userLoginModel.UserName)); return(new OkObjectResult(tokenItemModel)); } log.LogWarning(String.Format(GlobalMessages.LoginFailedFormat, userLoginModel.UserName)); return(new UnauthorizedResult()); } }
public void CreateAndDecypherTokens() { var authId = Guid.NewGuid(); var sessionId = Guid.NewGuid(); var scope = new Uri("http://api.example.com/System1"); Func <string, bool> assertFailedReturnFalse = (why) => { Assert.Fail(why); return(false); }; var success = JwtTools.CreateToken(sessionId, authId, scope, TimeSpan.FromDays(1.0), (jwtToken) => { return(jwtToken.ParseToken( (claims) => { Assert.AreEqual(sessionId, claims.GetSessionId(sId => sId)); Assert.AreEqual(authId, claims.GetAuthId(aId => aId)); return true; }, (why) => assertFailedReturnFalse(why), (setting) => assertFailedReturnFalse(setting), (setting, why) => assertFailedReturnFalse(setting + ":" + why), "Example.issuer", "Example.key")); }, (setting) => assertFailedReturnFalse(setting), (setting, why) => assertFailedReturnFalse(setting + ":" + why), "Example.issuer", "Example.key"); Assert.IsTrue(success); }
public Task <IHttpResponse> HandleRouteAsync(Type controllerType, IInvokeResource resourceInvoker, IApplication httpApp, IHttpRequest request, RouteHandlingDelegate continueExecution) { if (!request.RequestUri.TryGetQueryParam(ParameterName, out string apiVoucher)) { if (!request.TryGetHeader(ParameterName, out apiVoucher)) { return(continueExecution(controllerType, httpApp, request)); } } if (request.TryGetAuthorization(out string auth)) { return(continueExecution(controllerType, httpApp, request)); } return(EastFive.Security.VoucherTools.ValidateUrlToken(apiVoucher, async(voucherTokenId) => { return await await voucherTokenId.AsRef <VoucherToken>() .StorageGetAsync( voucherToken => { return EastFive.Security.AppSettings.TokenScope.ConfigurationUri( scope => { var tokenExpiration = TimeSpan.FromMinutes(1.0); request.RequestUri = request.RequestUri.RemoveQueryParameter("api-voucher"); var sessionId = apiVoucher.MD5HashGuid(); var claims = voucherToken.claims; return JwtTools.CreateToken(sessionId, scope, tokenExpiration, claims, (tokenNew) => { request.SetAuthorization(tokenNew); return continueExecution(controllerType, httpApp, request); }, (missingConfig) => continueExecution(controllerType, httpApp, request), (configName, issue) => continueExecution(controllerType, httpApp, request)); }, (why) => continueExecution(controllerType, httpApp, request)); }, () => request .CreateResponse(System.Net.HttpStatusCode.Unauthorized) .AddReason("Voucher token does not exist.") .AsTask()); }, why => request .CreateResponse(System.Net.HttpStatusCode.Unauthorized) .AddReason(why) .AsTask(), why => request .CreateResponse(System.Net.HttpStatusCode.Unauthorized) .AddReason(why) .AsTask(), why => request .CreateResponse(System.Net.HttpStatusCode.Unauthorized) .AddReason(why) .AsTask(), why => request .CreateResponse(System.Net.HttpStatusCode.Unauthorized) .AddReason(why) .AsTask(), (name, why) => request .CreateResponse(System.Net.HttpStatusCode.Unauthorized) .AddReason(why) .AsTask())); }
public Task <IHttpResponse> HandleRouteAsync(Type controllerType, IInvokeResource resourceInvoker, IApplication httpApp, IHttpRequest request, RouteHandlingDelegate continueExecution) { if (!request.RequestUri.TryGetQueryParam( AccessTokenAccountExtensions.QueryParameter, out string accessToken)) { return(continueExecution(controllerType, httpApp, request)); } if (request.GetAuthorization().HasBlackSpace()) { return(continueExecution(controllerType, httpApp, request)); } return(request.RequestUri.ValidateAccessTokenAccount( accessTokenInfo => { return EastFive.Security.AppSettings.TokenScope.ConfigurationUri( scope => { var tokenExpiration = TimeSpan.FromMinutes(1.0); request.RequestUri = request.RequestUri.RemoveQueryParameter( AccessTokenAccountExtensions.QueryParameter); var sessionId = accessTokenInfo.sessionId; var authId = accessTokenInfo.accountId; var duration = accessTokenInfo.expirationUtc - DateTime.UtcNow; return JwtTools.CreateToken(sessionId, authId, scope, duration, tokenCreated: (tokenNew) => { request.SetAuthorization(tokenNew); return continueExecution(controllerType, httpApp, request); }, missingConfigurationSetting: (configName) => continueExecution(controllerType, httpApp, request), invalidConfigurationSetting: (configName, issue) => continueExecution(controllerType, httpApp, request)); }, (why) => continueExecution(controllerType, httpApp, request), () => continueExecution(controllerType, httpApp, request)); }, onAccessTokenNotProvided: () => continueExecution(controllerType, httpApp, request), onAccessTokenInvalid: () => { return request .CreateResponse(System.Net.HttpStatusCode.Forbidden) .AddReason("Access token is invalid") .AsTask(); }, onAccessTokenExpired: () => { return request .CreateResponse(System.Net.HttpStatusCode.Forbidden) .AddReason("Access token is expired") .AsTask(); }, onInvalidSignature: () => { return request .CreateResponse(System.Net.HttpStatusCode.Forbidden) .AddReason("Access token has an invalid signature") .AsTask(); }, onSystemNotConfigured: () => continueExecution(controllerType, httpApp, request))); }