public static rs Decode(string token = "") { rs r; var secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk"; try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); // var json = decoder.Decode(token, secret, verify: true); JwtLoginModel model = JsonConvert.DeserializeObject <JwtLoginModel>(json); r = rs.T("Ok", model); } catch (TokenExpiredException) { r = rs.F("Token has expired"); } catch (SignatureVerificationException) { r = rs.F("Token has invalid signature"); } return(r); }
public HttpResponseMessage login(string account, string password) { User user = userDal.login(account, password); HttpResponseMessage h = new HttpResponseMessage(); if (user == null) { h.Content = new StringContent(JsonConvert.SerializeObject(new { stasus = 0, message = "用户名或密码错误" }), Encoding.GetEncoding("UTF-8"), "application/json"); } else { System.Web.HttpContext.Current.Response.Cookies.Add(new HttpCookie("token") { Value = user.Token, Expires = user.Entry_time }); const string secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk"; byte[] key = Encoding.UTF8.GetBytes(secret); IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); //解密 var json = decoder.DecodeToObject <Models.Auth>(user.Token, key, verify: true); h.Content = new StringContent(JsonConvert.SerializeObject(new { json, stasus = 1, user }), Encoding.GetEncoding("UTF-8"), "application/json"); } return(h); }
/// <summary> /// 获取权限验证token值 /// </summary> /// <returns></returns> public string GetAuthToken(UserLoginResponse response) { var token = ""; if (response.IsLoginSuccess == true) { IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); //HMACSHA256加密 IJsonSerializer serializer = new JsonNetSerializer(); //序列化和反序列 IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); //Base64编解码 IDateTimeProvider provider = new UtcDateTimeProvider(); //UTC时间获取 Dictionary <string, object> payload = new Dictionary <string, object>(); payload.Add("iss", response.UserPhone); //iss:发行人 payload.Add("exp", DateTime.Now.AddDays(7).ToUnixTime()); //exp:到期时间 payload.Add("sub", "jwt"); //sub:主题 payload.Add("aud", response.UserPhone); //aud:用户 payload.Add("nbf", DateTime.Now.ToUnixTime()); //nbf:在此之前不可用 payload.Add("iat", DateTime.Now.ToUnixTime()); //iat:发布时间 payload.Add("jti", response.UserId); //jti:JWT ID用于标识该JWT const string secret = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4aKpVo2OHXPwb1R7duLgg"; //服务端 IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder); token = encoder.Encode(payload, secret); } return(token); }
public static ClaimsPrincipal ValidateToken(string token, string secretKey, string audience = null, bool checkExpiration = false, string issuer = null, bool isSecretBase64Encoded = true) { byte[] secret; if (isSecretBase64Encoded) { secret = Convert.FromBase64String(secretKey); } else { secret = Encoding.UTF8.GetBytes(secretKey); } var serializer = new JsonNetSerializer(); var provider = new UtcDateTimeProvider(); var validator = new JwtValidator(serializer, provider); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validator, urlEncoder); var payloadJson = decoder.Decode(token, secret, verify: true); var payloadData = JObject.Parse(payloadJson).ToObject <Dictionary <string, object> >(); // audience check if (!string.IsNullOrEmpty(audience) && payloadData.TryGetValue("aud", out object aud)) { if (!aud.ToString().Equals(audience, StringComparison.Ordinal)) { throw new TokenValidationException(string.Format("Audience mismatch. Expected: '{0}' and got: '{1}'", audience, aud)); } } // expiration check if (checkExpiration && payloadData.TryGetValue("exp", out object exp)) { DateTime validTo = FromUnixTime(long.Parse(exp.ToString())); if (DateTime.Compare(validTo, DateTime.UtcNow) <= 0) { throw new TokenValidationException( string.Format("Token is expired. Expiration: '{0}'. Current: '{1}'", validTo, DateTime.UtcNow)); } } // issuer check if (payloadData.TryGetValue("iss", out object iss)) { if (!string.IsNullOrEmpty(issuer)) { if (!iss.ToString().Equals(issuer, StringComparison.Ordinal)) { throw new TokenValidationException(string.Format("Token issuer mismatch. Expected: '{0}' and got: '{1}'", issuer, iss)); } } else { // if issuer is not specified, set issuer with jwt[iss] issuer = iss.ToString(); } } return(new ClaimsPrincipal(ClaimsIdentityFromJwt(payloadData, issuer))); }
private string GenerateJwt(int key, string secret, int expiryPeriod = 300) { IDateTimeProvider provider = new UtcDateTimeProvider(); var now = provider.GetNow(); var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); int secondsSinceEpoch = (int)Math.Round((now - unixEpoch).TotalSeconds); int expiry = secondsSinceEpoch + expiryPeriod; var payload = new Dictionary <string, object> { { "iss", Convert.ToString(key) }, { "ist", "project" }, { "iat", secondsSinceEpoch }, { "exp", expiry } }; IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder); var token = encoder.Encode(payload, secret); return(token); }
public static JwtModel setToken(JwtModel md) { IDateTimeProvider provider = new UtcDateTimeProvider(); var now = provider.GetNow(); var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); // or use JwtValidator.UnixEpoch var secondsSinceEpoch = Convert.ToInt32(Math.Round((now - unixEpoch).TotalSeconds)); secondsSinceEpoch += 24 * 60 * 60; md.exp = secondsSinceEpoch; var payload = new Dictionary <string, object> { { "id", md.userid }, { "usercode", md.rolecode }, { "username", md.username }, { "isadmin", md.isadmin }, { "rolecode", md.rolecode }, { "exp", md.exp } }; var secret = "9720cbfbb0684617a2afbe466e100ba2"; IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder); md.token = encoder.Encode(payload, secret); md.message = "获取成功"; md.status_code = 200; return(md); }
private void VerifyJsonWebToken() { JsonNetSerializer jsonNetSerializer = new JsonNetSerializer(); UtcDateTimeProvider utcDateTimeProvider = new UtcDateTimeProvider(); JwtBase64UrlEncoder jwtBase64UrlEncoder = new JwtBase64UrlEncoder(); JwtValidator jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); JwtDecoder jwtDecoder = new JwtDecoder(jsonNetSerializer, jwtValidator, jwtBase64UrlEncoder); try { IDictionary <string, object> payloadClaims = jwtDecoder.DecodeToObject(JsonWebToken, CommunicationKey, true); if (!payloadClaims.ContainsKey(IssAtClaims) || !payloadClaims.ContainsKey(ApplicationIdClaims) || !payloadClaims[ApplicationIdClaims].ToString().Equals(ApplicationId, StringComparison.OrdinalIgnoreCase)) { throw new Exception("Jwt中Payload不符合规范"); } IsRequestExpire((long)payloadClaims[IssAtClaims]); } catch (Exception e) { throw new Exception(string.Format("身份认证失败:{0}", e.Message)); } }
/// <summary> /// 解密 /// </summary> /// <param name="token">token令牌</param> /// <param name="key">秘钥</param> /// <returns>登录信息对象</returns> public static Dictionary <string, string> DEcode(string token) { var secret = key; try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); //首先将token转换成json var json = decoder.Decode(token, secret, true); //然后转换成键值对对象 var result = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); //判断登录是否过期,过期则报错,未过期则移除登录时间属性。 if (Convert.ToDateTime(result["timeout"]) < DateTime.Now) { throw new Exception("登录失效,请重新登录"); } result.Remove("timeout"); //返回键值对对象 return(result); } catch (Exception ex) { throw new Exception(ex.Message); } }
/// <summary> /// 创建Token /// </summary> /// <param name="userId">用户Id</param> /// <param name="bAdmin">是否超级管理员</param> /// <returns></returns> public static string GetToken(string userId, string corpId, bool bAdmin) { //生成过期时间 IDateTimeProvider provider = new UtcDateTimeProvider(); var now = provider.GetNow(); //token颁发时间 var exp = now.AddHours(ConstValue.TOKEN_EXPTIME); //token过期时间 var nbf = Convert.ToDateTime(NBF_TIME); //启用日期 var secondsSinceEpoch = Math.Round((now - TOKEN_STARTDATE).TotalSeconds); var secondsExp = Math.Round((exp - TOKEN_STARTDATE).TotalSeconds); var secondsNbf = Math.Round((nbf - TOKEN_STARTDATE).TotalSeconds); //生成token var payload = new Dictionary <string, object> { { ConstValue.SUB_KEY_NODE, userId }, // 该JWT所面向的用户 { ConstValue.ISS_KEY_NODE, ISS_VALUE }, //该JWT的签发者 { ConstValue.IAT_KEY_NODE, secondsSinceEpoch }, //在什么时候签发的token { ConstValue.EXP_KEY_NODE, secondsExp }, // token什么时候过期 { ConstValue.NBF_KEY_NODE, secondsNbf }, //token在此时间之前不能被接收处理 { ConstValue.JTI_KEY_NODE, JTI_VALUE }, //JWT ID为web token提供唯一标识 { ConstValue.ADMIN_KEY_NODE, bAdmin }, //是否超级管理员 { ConstValue.CORP_KEY_NODE, corpId } //是否超级管理员 }; IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder); return(encoder.Encode(payload, TOKEN_SECRET));; }
static void Main(string[] args) { var token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJVc2VySWQiOjEyMywiVXNlck5hbWUiOiJhZG1pbiJ9.Qjw1epD5P6p4Yy2yju3-fkq28PddznqRj3ESfALQy_U"; var secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk"; try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var json = decoder.Decode(token, secret, verify: true); Console.WriteLine(json); Console.ReadKey(); } catch (TokenExpiredException) { Console.WriteLine("Token has expired"); } catch (SignatureVerificationException) { Console.WriteLine("Token has invalid signature"); } }
public static object Get(string token, string tokenKey, string jsonKey) { try { IJsonSerializer serializer = new JsonNetSerializer(); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); string json = decoder.Decode(token, tokenKey, verify: true); var dic = decoder.DecodeToObject <Dictionary <string, object> >(token); return(dic[jsonKey]); } catch (TokenExpiredException ex) { throw new BaseException("请重新登陆,token已失效"); } catch (SignatureVerificationException ex) { throw new BaseException("请重新登陆,签名错误"); } }
public void DecodeToObject_Should_Throw_Exception_On_Expired_Claim() { const string key = TestData.Key; const int timeDelta = -1; var algorithm = new HMACSHA256Algorithm(); var dateTimeProvider = new UtcDateTimeProvider(); var serializer = new JsonNetSerializer(); var validator = new JwtValidator(serializer, dateTimeProvider); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validator, urlEncoder); var now = dateTimeProvider.GetNow(); var exp = UnixEpoch.GetSecondsSince(now.AddHours(timeDelta)); var encoder = new JwtEncoder(algorithm, serializer, urlEncoder); var token = encoder.Encode(new { exp }, key); Action decodeExpiredJwt = () => decoder.DecodeToObject <Customer>(token, key, verify: true); decodeExpiredJwt.Should() .Throw <TokenExpiredException>("because decoding an expired token should raise an exception when verified"); }
public static JwtPayload ToJwtDecodedPayload(this HttpRequest request, string secret) { bool result = request.Headers.TryGetValue("Authorization", out var headers); if (!result) { return(null); } string authHeader = headers.FirstOrDefault(); var authBits = authHeader.Split(' '); if (authBits.Length != 2) { return(null); } if (!authBits[0].ToLowerInvariant().Equals("bearer")) { return(null); } string token = authBits[1]; IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); return(decoder.DecodeToObject <JwtPayload>(token, secret, verify: false)); }
/// <summary> /// 验证Token /// </summary> /// <param name="token"></param> /// <returns></returns> public static string VerifyingToken(string token) { TokenResult tokenResult = new TokenResult(); try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); tokenResult.Code = "200"; tokenResult.Data = "200"; tokenResult.TokenInfo = new JsonNetSerializer().Deserialize <TokenInfo>(decoder.Decode(token, SecretKey, verify: true)); } catch (TokenExpiredException) { tokenResult.Code = "401"; tokenResult.Data = "Token has expired"; } catch (SignatureVerificationException) { tokenResult.Code = "402"; tokenResult.Data = "Token has invalid signature"; } catch { tokenResult.Code = "403"; tokenResult.Data = "Token has invalid Token"; } return(new JsonNetSerializer().Serialize(tokenResult)); }
public void TryValidate_Should_Return_False_And_Exception_Not_Null_When_Crypto_Matches_Signature() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign); signatureData[0]++; // malformed signature var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); Assert.False(isValid); Assert.NotNull(ex); }
//校验用户名密码(对Session匹配,或数据库数据匹配) private bool ValidateTicket(string encryptToken) { try { //解密Ticket IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); string json = "[" + decoder.Decode(encryptToken, "YYplayMerchant", verify: true).ToString() + "]";//token为之前生成的字符串 if (json == null) { return(false); } return(true); } catch (Exception x) { return(false); } }
public static UserInfo DecodeJWTToken(string jwtToken) { try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm); UserInfo dd = decoder.DecodeToObject <UserInfo>(jwtToken, TokenSecretKey, true); return(dd); } catch (TokenExpiredException) { Console.WriteLine("Token has expired"); return(null); } catch (SignatureVerificationException) { Console.WriteLine("Token has invalid signature"); return(null); } }
/// <summary> /// Jwt 解密 /// </summary> /// <returns></returns> public static Dictionary <string, object> Decode(string secret, string token) { try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm); var json = decoder.Decode(token, secret, verify: true); var payload = JsonConvert.DeserializeObject <Dictionary <string, object> >(json); // 去除超时时间 if ((DateTime)payload["timeOut"] < DateTime.Now) { throw new Exception("登录超时,请重新登录"); } payload.Remove("timeOut"); return(payload); } catch (TokenExpiredException) { Console.WriteLine("Token has expired"); throw; } catch (SignatureVerificationException) { Console.WriteLine("签名验证失败,数据可能被篡改"); throw; } }
public async Task <Team> GetTeamByToken(string token) { var serializer = new JsonNetSerializer(); var provider = new UtcDateTimeProvider(); var validator = new JwtValidator(serializer, provider); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validator, urlEncoder); var result = decoder.Decode(token); var jwtToken = JsonConvert.DeserializeObject <JWTToken>(result); string teamName = jwtToken.Sub; using (var client = new HttpClient()) { client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); client.DefaultRequestHeaders.Accept.Add(MediaTypeWithQualityHeaderValue.Parse("application/json")); var response = await client.GetAsync(baseUrl + "team/name/" + teamName).ConfigureAwait(false); if (response.IsSuccessStatusCode) { var team = JsonConvert.DeserializeObject <Team>(await response.Content.ReadAsStringAsync()); return(team); } } return(null); }
/// <summary> /// 获取权限验证token值 /// </summary> /// <param name="name"></param> /// <param name="pwd"></param> /// <returns></returns> public string GetAuthToken(string name, string pwd) { var token = ""; if (name == "王玺凯" && pwd == "123") //登录这块 写到数据库中 { IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); //HMACSHA256加密 IJsonSerializer serializer = new JsonNetSerializer(); //序列化和反序列 IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); //Base64编解码 IDateTimeProvider provider = new UtcDateTimeProvider(); //UTC时间获取 //iss:发行人 //exp:到期时间 //sub:主题 //aud:用户 //nbf:在此之前不可用 //iat:发布时间 //jti:JWT ID用于标识该JWT Dictionary <string, object> payload = new Dictionary <string, object>(); payload.Add("iss", "1707A"); payload.Add("exp", DateTime.Now.AddYears(1).ToUnixTime());//时间戳 payload.Add("sub", "jwt"); payload.Add("aud", "1"); payload.Add("nbf", DateTime.Now.ToUnixTime()); payload.Add("iat", DateTime.Now.ToUnixTime()); payload.Add("jti", "1"); const string secret = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4aKpVo2OHXPwb1R7duLgg";//服务端 IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder); token = encoder.Encode(payload, secret); } return(token); }
public Token ValidateToken(string token) { try{ IJsonSerializer serializer = new JsonNetSerializer(); var provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); // symmetric IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm); string json = decoder.Decode(token, secret, verify: true); Token data = JsonSerializer.Deserialize <Token>(json); data.status = true; data.message = "ok"; return(data); } catch (TokenExpiredException) { return(new Token() { status = false, message = "Token Expirado" }); } catch (SignatureVerificationException) { return(new Token() { status = false, message = "Error Al Leer Token" }); } }
private string AuthUser() { if (Request.Headers.TryGetValue("Authorization", out StringValues authValues)) { var authVal = authValues.First(); if (authVal.StartsWith("Bearer ")) { var token = authVal.Substring("Bearer ".Length); var serializer = new JsonNetSerializer(); var provider = new UtcDateTimeProvider(); var validator = new JwtValidator(serializer, provider); var urlEncoder = new JwtBase64UrlEncoder(); var decoder = new JwtDecoder(serializer, validator, urlEncoder); var tokenJson = decoder.Decode(token); JObject tokenObj = JObject.Parse(tokenJson); // TODO: Need to validate issuer matches the allowed issuer of the DataGraph // TODO: Need to validate issuer signature return(tokenObj.Value <string>("sub")); } else { throw new InvalidOperationException("Invalid Authorization format"); } } else { throw new InvalidOperationException("Authorization header wasn't provided"); } }
public void TryValidate_Should_Return_True_And_Exception_Null_When_Crypto_Matches_Signature() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes(TestData.Key), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); var isValid = jwtValidator.TryValidate(payloadJson, decodedCrypto, decodedSignature, out var ex); isValid.Should() .BeTrue("because the token should have been validated"); ex.Should() .BeNull("because a valid token verified should not raise any exception"); }
private void ProfesorDataForm_Load(object sender, EventArgs e) { string token = jsonWebToken; const string secret = "GQDstcKsx0NHjPOuXOYg5MbeJ1XT0uFiwDVvVBrk"; try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var json = decoder.Decode(token, secret, verify: true); Console.WriteLine(json); rtTeksti.Text = json; var data = Newtonsoft.Json.Linq.JObject.Parse(json); lblName.Text = data["name"] + " "; lblSurname.Text = data["surname"] + ""; lblDegree.Text = data["degree"] + ""; lblSalary.Text = data["salary"] + ""; lblEmail.Text = data["email"] + ""; lblUsername.Text = data["username"] + ""; } catch (TokenExpiredException) { MessageBox.Show("Token has been expired"); } catch (SignatureVerificationException) { MessageBox.Show("Token has invalid signature"); } }
public void Validate_Should_Throw_Exception_When_Crypto_Does_Not_Match_Signature() { const string token = TestData.Token; var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign); ++signatureData[0]; // malformed signature var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); Action validateJwtWithBadSignature = () => jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature); validateJwtWithBadSignature.Should() .Throw <SignatureVerificationException>("because the signature does not match the crypto"); }
// Mark: This method decode and returns Json Web Token public static object decodeJWT(string token) { try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); var json = decoder.Decode(token, ConfigurationManager.AppSettings[Constants.ASK_JWT_KEY], verify: true); Console.WriteLine(json); jpuser payload = JsonConvert.DeserializeObject <jpuser>(Convert.ToString(json)); return(payload); } catch (TokenExpiredException) { //ErrorResponse error = new ErrorResponse(StringConstants.Message.TokenExpired, HttpStatusCode.BadRequest); return(Constants.MSG_ERROR); } catch (SignatureVerificationException) { //ErrorResponse error = new ErrorResponse(StringConstants.Message.TokenInvalidSignature, HttpStatusCode.BadRequest); return(Constants.MSG_ERROR); } }
private static JwtDecoder CreateJwtDecoder() { var serializer = new JsonNetSerializer(); var provider = new UtcDateTimeProvider(); return(new JwtDecoder(serializer, new JwtValidator(serializer, provider), new JwtBase64UrlEncoder())); }
//POST: api/Login public async Task <APIResult> Post([FromBody] UserLoginModel UserLoginModel) { var account = UserLoginModel.Account; var password = UserLoginModel.Password; var fooItem = await db.LOBMyUsers.FirstOrDefaultAsync(x => x.EmployeeID == account && x.Password == password); if (fooItem != null) { #region 產生這次通過身分驗證的存取權杖 Access Token string secretKey = MainHelper.SecretKey; #region 設定該存取權杖的有效期限 IDateTimeProvider provider = new UtcDateTimeProvider(); // 這個 Access Token只有一個小時有效 var now = provider.GetNow().AddHours(1); var unixEpoch = UnixEpoch.Value; // 1970-01-01 00:00:00 UTC var secondsSinceEpoch = Math.Round((now - unixEpoch).TotalSeconds); #endregion string[] fooRole; if (fooItem.IsManager == true) { fooRole = new string[] { "Manager" }; } else { fooRole = new string[0]; } var jwtToken = new JwtBuilder() .WithAlgorithm(new HMACSHA256Algorithm()) .WithSecret(secretKey) .AddClaim("iss", UserLoginModel.Account) .AddClaim("exp", secondsSinceEpoch) .AddClaim("role", fooRole) .AddClaim("manager", fooItem.IsManager) .Build(); #endregion // 帳號與密碼比對正確,回傳帳密比對正確 this.Request.CreateResponse(HttpStatusCode.OK); fooResult = new APIResult() { Success = true, Message = $"", TokenFail = false, Payload = new UserLoginResultModel() { AccessToken = $"{jwtToken}", MyUser = fooItem.ToMyUsers(), } }; } else { fooResult.Success = false; fooResult.Message = $"使用者不存在或者帳號、密碼不正確"; fooResult.TokenFail = false; fooResult.Payload = null; } return(fooResult); }
public string TryValidateToken(string token) { var symmetricKey = Convert.FromBase64String(Secret); try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder, algorithm); var payload = decoder.Decode(token, symmetricKey, true); return(payload); } catch (TokenExpiredException) { return("Token has expired"); } catch (SignatureVerificationException) { return("Token has invalid signature"); } catch (Exception ex) { return(ex.Message); } }
//validates incoming tokens public TokenContent VerifyToken(string token) { TokenContent output; try { IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); string json = decoder.Decode(token, Secret, verify: true); output = JsonConvert.DeserializeObject <TokenContent>(json); } catch (TokenExpiredException) { ErrorMessage = "Token has expired"; Errored = true; return(null); } catch (SignatureVerificationException) { ErrorMessage = "Token has invalid signature"; Errored = true; return(null); } return(output); }
public void Format_Should_Return_DateTime_In_Universal_Format() { // Arrange IDateTimeProvider dateTimeProvider = new UtcDateTimeProvider(); // Act string output = dateTimeProvider.Format(DateTime.UtcNow); // Assert output.Should().MatchRegex(@"^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$"); }