private string createToken(string username) { DateTime issuedAt = DateTime.UtcNow; DateTime expires = DateTime.UtcNow.AddDays(7); JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, username) }); string dbHash = SecurityProtocol.FetchJwtProtocolKey(); DateTime now = DateTime.UtcNow; SymmetricSecurityKey securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(dbHash)); SigningCredentials signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature); JwtSecurityToken token = (JwtSecurityToken)tokenHandler.CreateJwtSecurityToken( issuer: "Yanal", audience: "Yanal", subject: claimsIdentity, notBefore: issuedAt, expires: expires, signingCredentials: signingCredentials ); string tokenString = tokenHandler.WriteToken(token); return(tokenString); }
public override void OnAuthorization(HttpActionContext actionContext) { try { if (actionContext.Request.Headers.Authorization.Parameter == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } else { string token = ""; TryRetrieveToken(actionContext.Request, out token); try { //when generate jwt string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(token)); string[] usernameAndPassword = decodedToken.Split(':'); string username = usernameAndPassword[0]; string password = usernameAndPassword[1]; // user pass check TblUserPass patient = new UserPassService().SelectUserPassByUsernameAndPassword(username, password); if (patient.id != -1) { Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null); } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } catch { //when check Jwt try { string sec = SecurityProtocol.FetchJwtProtocolKey();//88 string length DateTime now = DateTime.UtcNow; SymmetricSecurityKey securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(sec)); SecurityToken securityToken; JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); TokenValidationParameters validationParameters = new TokenValidationParameters() { ValidAudience = "Yanal", ValidIssuer = "Yanal", ValidateLifetime = true, ValidateIssuerSigningKey = true, LifetimeValidator = LifetimeValidator, IssuerSigningKey = securityKey }; Thread.CurrentPrincipal = handler.ValidateToken(token, validationParameters, out securityToken); HttpContext.Current.User = handler.ValidateToken(token, validationParameters, out securityToken); } catch { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } } } } catch { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); } }