public Task <ResultRequest> BlockUserToken([FromBody] InboundRequest <DtoUserToken> request) { try { var dto = request?.Data; if (dto == null || (string.IsNullOrEmpty(dto.UserId) && string.IsNullOrEmpty(dto.Token))) { return(Task.FromResult(ResultRequest.Error("Access Token request fail", "Invalid request data"))); } var allTokens = string.IsNullOrEmpty(dto.Token); if (allTokens) { UserTokenMapping.Remove(dto.UserId, true); } else { UserTokenMapping.Remove(dto.UserId, new UserToken { UserId = dto.UserId, Token = dto.Token }); } return(Task.FromResult(ResultRequest.Ok())); } catch (Exception e) { return(Task.FromResult(ResultRequest.Error("Access Token request error", e.Message))); } }
public void OnAuthorization(AuthorizationFilterContext context) { var accessToken = context.HttpContext.Request.Headers["Authorization"].ToString(); if (!string.IsNullOrEmpty(accessToken)) { var token = accessToken.Replace("Bearer ", ""); if (!UserTokenMapping.ExistToken(token)) { context.HttpContext.Response.StatusCode = 401; return; } } ; }
public async Task <DtoTokenResponse> GenerateToken(string userName, string password) { var identity = await _authenticationValidation.GetIdentityByLoginPair(userName, password); if (identity == null) { throw new LogicException(ExceptionMessage.InvalidCredentials); } var now = DateTime.UtcNow; // Specifically add the jti (nonce), iat (issued timestamp), and sub (subject/user) claims. // You can add other claims here, if you want: var claims = new List <Claim> { new Claim(JwtRegisteredClaimNames.Sub, identity.Name), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUniversalTime() .ToUnixTimeSeconds() .ToString(), ClaimValueTypes.Integer64) }; claims.AddRange(identity.Claims); var encodedJwt = GetJwt(claims, now); UserTokenMapping.RemoveAllExpired(); UserTokenMapping.Add(identity.Name, new UserToken { UserId = identity.Name, Token = encodedJwt, Expiration = now.Add(_tokenProviderOptions.Expiration) }); var encryptedRefreshToken = GetRefreshToken(claims, identity.Name); var response = new DtoTokenResponse { AccessToken = encodedJwt, ExpiresIn = (int)_tokenProviderOptions.Expiration.TotalSeconds, RefreshToken = encryptedRefreshToken }; return(response); }