private static Func<NancyContext, Response> Before() { return context => { AuthorizationRequest = new AuthorizationRequest(context.Request); TokenRequest = new TokenRequest(context.Request); context.Items["TokenRequest"] = TokenRequest; context.Items["AuthorizationRequest"] = AuthorizationRequest; return null; }; }
public List <ITokenResponse> CreateToken(ITokenRequest request) { TokenResponse response = new TokenResponse(); //The username and password would be pulled either from a secure server //or database in our class library codebase or some other DAL if (Authorize(request)) { var handler = new JwtSecurityTokenHandler(); var claims = new[] { new Claim(ClaimTypes.Name, request.Username), new Claim("CanAccessMovies", "") }; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JWTKey"])); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); // _config["Jwt:Issuer"] //We should create a QA URL and Prod URL in the appsettings.json //then use that here //in the 'issuer' and 'audience' portion //whereby the issueing server is whatever we need it to be //should it be diference than the audience server (audience being //being the Angular app or front end whatever domain name //and the issuing server could be a different domain name altogether //like token.domain.com //and audienc would just be domain.com etc. string issuer = ""; string audience = ""; switch (_configuration["Environment"]) { case "Development": issuer = _configuration["DevelopmentIssuerURL"]; audience = _configuration["DevelopmentAudienceURL"]; break; case "UAT": issuer = _configuration["UATIssuerURL"]; audience = _configuration["UATAudienceURL"]; break; case "Production": issuer = _configuration["ProductionIssuerURL"]; audience = _configuration["ProductionAudienceURL"]; break; default: issuer = ""; audience = ""; break; } DateTime tokenExpirationTime = DateTime.Now.AddMinutes(Convert.ToInt32(_configuration["JWTExpirationLengthInMinutes"])); response = new TokenResponse(); response.Token = new JwtSecurityTokenHandler().WriteToken( new JwtSecurityToken( issuer: "Issuer", audience: "Audience", claims: claims, notBefore: DateTime.Now, expires: tokenExpirationTime, signingCredentials: creds) ); response.expiration = tokenExpirationTime; response.Username = request.Username; } List <ITokenResponse> tokenList = new List <ITokenResponse>(); tokenList.Add(response); return(tokenList); }
public TokenController(ITokenRequest tokenRequest) { _tokenRequest = tokenRequest; }
public async Task <IAuthenticatedUserResult> IsAuthenticated(ITokenRequest request) { if (request == null) { throw new ArgumentNullException(nameof(request)); } var result = new AuthenticatedUserResult(); var validateUserTask = userManagementService.IsValidUser(request.UserName, request.Password); validateUserTask.Wait(); if (!validateUserTask.Result) { result.Success = false; result.Message = UsersMessages.UserNotFoundMessage; return(result); } var user = (User)(await usersRepository.GetByUserName(request.UserName, true)).Object; var app = (App)(await appsRepository.GetByLicense(request.License)).Object; if (!app.IsActive) { result.Success = false; result.Message = AppsMessages.AppDeactivatedMessage; return(result); } if (!app.PermitCollectiveLogins && !app.Users.Any(ua => ua.UserId == user.Id)) { result.Success = false; result.Message = AppsMessages.UserIsNotARegisteredUserOfThisAppMessage; return(result); } var appAdmins = (await appAdminsRepository.GetAll()).Objects.ConvertAll(aa => (AppAdmin)aa); if (!user.IsSuperUser) { if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.ADMIN)) { if (!appAdmins.Any(aa => aa.AppId == app.Id && aa.UserId == user.Id && aa.IsActive)) { var adminRole = user .Roles .FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.ADMIN); user.Roles.Remove(adminRole); } } } else { if (!app.PermitSuperUserAccess) { if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.SUPERUSER)) { var superUserRole = user .Roles .FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.SUPERUSER); user.Roles.Remove(superUserRole); } if (user.Roles.Any(ur => ur.Role.RoleLevel == RoleLevel.ADMIN)) { var adminRole = user .Roles .FirstOrDefault(ur => ur.Role.RoleLevel == RoleLevel.ADMIN); user.Roles.Remove(adminRole); } } } result.User.UpdateWithUserInfo(user); var claim = new List <Claim> { new Claim(ClaimTypes.Name, request.UserName) }; foreach (var role in user.Roles) { var r = (Role)(await rolesRepository.GetById(role.Role.Id)).Object; claim.Add(new Claim(ClaimTypes.Role, r.RoleLevel.ToString())); } var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(tokenManagement.Secret)); var credentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); DateTime expirationLimit; if (app.TimeFrame == TimeFrame.SECONDS) { expirationLimit = DateTime.UtcNow.AddSeconds(app.AccessDuration); } else if (app.TimeFrame == TimeFrame.MINUTES) { expirationLimit = DateTime.UtcNow.AddMinutes(app.AccessDuration); } else if (app.TimeFrame == TimeFrame.HOURS) { expirationLimit = DateTime.UtcNow.AddHours(app.AccessDuration); } else if (app.TimeFrame == TimeFrame.DAYS) { expirationLimit = DateTime.UtcNow.AddDays(app.AccessDuration); } else { expirationLimit = DateTime.UtcNow.AddMonths(app.AccessDuration); } var jwtToken = new JwtSecurityToken( tokenManagement.Issuer, tokenManagement.Audience, claim.ToArray(), notBefore: DateTime.UtcNow, expires: expirationLimit, signingCredentials: credentials ); result.Token = new JwtSecurityTokenHandler().WriteToken(jwtToken); result.Success = true; result.Message = UsersMessages.UserFoundMessage; return(result); }