public async Task <IActionResult> Login([FromBody] LoginRequestModel request)
{
//IUserSQL userRepository = _imisRepository.getUserRepository();
User user = await _imisModules.GetUserModule().GetUserController().GetByUsernameAndPasswordAsync(request.Username, request.Password);
if (user != null)
{
DateTime expirationDate = DateTime.Now.AddDays(double.Parse(_configuration["JwtExpireDays"]));
IEnumerable <Claim> claims = new[]
{
new Claim(ClaimTypes.Name, request.Username)
};
/*var roles = user.GetRolesStringArray();
*
* foreach (var role in roles)
* {
* claims = claims.Append(new Claim(ClaimTypes.Role, role));
* }*/
//claims = claims.Append(new Claim("scope", "read:messages"));
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(user.PrivateKey));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
issuer: _configuration["JwtIssuer"],
audience: _configuration["JwtIssuer"],
claims: claims,
expires: expirationDate,
signingCredentials: creds);
return(Ok(new LoginResponseModel
{
Token = new JwtSecurityTokenHandler().WriteToken(token),
Expires = expirationDate
}));
}
return(Unauthorized());
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasAuthorityRequirement requirement)
{
// If user does not have the scope claim, get out of here
if (!context.User.HasClaim(c => c.Type == ClaimTypes.Name && c.Issuer == requirement.Issuer))
{
return(Task.CompletedTask);
}
// Split the scopes string into an array
//var scopes = context.User.FindFirst(c => c.Type == ClaimTypes.Name && c.Issuer == requirement.Issuer).Value.Split(' ');
var username = context.User.FindFirst(claim => claim.Type == ClaimTypes.Name).Value;
var scopes = _imisModules.GetUserModule().GetUserController().GetByUsername(username).GetRolesStringArray();
// Succeed if the scope array contains the required scope
if (scopes.Any(s => s == requirement.Authority))
{
context.Succeed(requirement);
}
return(Task.CompletedTask);
}
/// <summary>
/// Validated tokens based on user's private key
/// </summary>
/// <param name="securityToken"></param>
/// <param name="validationParameters"></param>
/// <param name="validatedToken"></param>
/// <returns>ClaimsPrincipal</returns>
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
ClaimsPrincipal principal;
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(securityToken) as JwtSecurityToken;
var username = tokenS.Claims.First(claim => claim.Type == ClaimTypes.Name).Value;
//var serviceCollection = new ServiceCollection();
//IUserSQL userRepository = _imisRepository.getUserRepository();
User user = _imisModules.GetUserModule().GetUserController().GetByUsername(username);
if (user != null)
{
TokenValidationParameters tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = validationParameters.ValidateIssuer,
ValidateAudience = validationParameters.ValidateAudience,
ValidateLifetime = validationParameters.ValidateLifetime,
ValidateIssuerSigningKey = true,
ValidIssuer = validationParameters.ValidIssuer,
ValidAudience = validationParameters.ValidAudience,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(user.PrivateKey))
};
principal = _tokenHandler.ValidateToken(securityToken, tokenValidationParameters, out validatedToken);
}
else
{
principal = _tokenHandler.ValidateToken(securityToken, validationParameters, out validatedToken);
}
return(principal);
}
