public bool ValidateRoles(ClaimsPrincipal User, string[] Roles)
{
SortedSet <string> UserRoles = null;
UserRoles = new SortedSet <string>(RolesRepository.GetRolesOfUser(User.GetId()).Select(u => u.Name));
foreach (string Role in Roles)
{
if (!UserRoles.Contains(Role))
{
return(false);
}
}
return(true);
}
public User GenerateToken(User user)
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(options.Value.Secret);
var Claims = new List <Claim>
{
new Claim(ClaimTypes.Name, user.Email.ToLower()),
new Claim("Id", user.Id.ToString()),
new Claim("DateIssued", DateTime.UtcNow.ToString())
};
if (options.Value.ValidateRolesFromToken)
{
List <Claim> RoleClaims = null, PermissionClaims = null;
Task.WaitAll(
Task.Run(() =>
{
RoleClaims = new List <Claim>(from role in rolesRepository.GetRolesOfUser(user.Id)
select new Claim(ClaimTypes.Role, role.Name));
}),
Task.Run(() =>
{
PermissionClaims = new List <Claim>(
from permission in permissionsRepository.GetPermissionsOfUser(user.Id)
select new Claim("Permission", permission.Name));
})
);
Claims.AddRange(RoleClaims);
Claims.AddRange(PermissionClaims);
}
SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(Claims),
Expires = DateTime.UtcNow.AddMinutes(options.Value.TokenExpirationMinutes),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key),
SecurityAlgorithms.HmacSha256Signature)
};
SecurityToken token = tokenHandler.CreateToken(tokenDescriptor);
user.Token = tokenHandler.WriteToken(token);
user.Password = null;
return(user);
}
