public static IPrincipal GetPrincipal(string tokenString)
{
JwtSecurityToken parsedJwt = null;
IPrincipal principal = AuthenticationTokenManager.ValidateJwtToken(tokenString, out parsedJwt);
return(principal);
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
HttpStatusCode statusCode;
string token;
var authHeader = request.Headers.Authorization;
if (authHeader == null)
{
return(base.SendAsync(request, cancellationToken));
}
if (!TryRetrieveToken(request, out token))
{
statusCode = HttpStatusCode.Unauthorized;
return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(statusCode)));
}
try
{
JwtSecurityToken parsedJwt = null;
IPrincipal principal = AuthenticationTokenManager.ValidateJwtToken(token, out parsedJwt);
//this works for both self hosted using owin and IIS hosted
request.GetRequestContext().Principal = principal;
return(base.SendAsync(request, cancellationToken));
}
catch (SecurityTokenExpiredException)
{
statusCode = HttpStatusCode.Unauthorized;
}
catch (SecurityTokenValidationException)
{
statusCode = HttpStatusCode.Unauthorized;
}
catch (Exception)
{
statusCode = HttpStatusCode.InternalServerError;
}
return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(statusCode)));
}
public static void InvalidateJwtToken(string jwtToken)
{
AuthenticationTokenManager.InvalidateJwtToken(jwtToken);
}
