public static bool Verify <TToken, TJwtHeader, TJwtPayload>(
string token,
TokenValidationParameters validationParameters,
out TToken result)
where TToken : class, IJwtToken <TJwtHeader, TJwtPayload>
where TJwtHeader : IJwtHeader
{
result = default(TToken);
try {
var nToken = new JWT.JwtSecurityToken(token.Split(' ').Last());
var header = (TJwtHeader)DictionaryToJObject(nToken.Header).ToObject(typeof(TJwtHeader));
var payload = (TJwtPayload)DictionaryToJObject(nToken.Payload).ToObject(typeof(TJwtPayload));
result = (TToken)FormatterServices.GetUninitializedObject(typeof(TToken));
result.Header = header;
result.Payload = payload;
if (validationParameters == null) //不走驗證
{
return(true);
}
var tokenHandler = new JwtSecurityTokenHandler();
tokenHandler.ValidateToken(token.Split(' ').Last(), validationParameters, out _);
return(true);
} catch {
return(false);
}
}
public ClaimsPrincipal GetPrincipal()
{
try
{
//String jwt = ((String)this.Request.Headers["Authorization"]). Replace("Bearer ", string.Empty);
String authHeader = Request.Headers["Authorization"];
authHeader = authHeader.Replace("Bearer ", "");
var tokenHandler = new JwtSecurityTokenHandler();
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(authHeader);
if (token == null)
return null;
var validationParameters = new TokenValidationParameters()
{
RequireExpirationTime = true,
ValidateIssuer = false,
ValidateAudience = false,
IssuerSigningKey = AuthOptions.GetSymmetricSecurityKey()
};
SecurityToken securityToken;
var principal = tokenHandler.ValidateToken(authHeader, validationParameters, out securityToken);
if(securityToken.ValidTo < DateTime.UtcNow)
{return null;}
return principal;
}
catch (Exception)
{
return null;
}
}
public async Task <string> GenerateEncodedToken(string userName, ClaimsIdentity identity)
{
try
{
var claims = new[]
{
new Claim(Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames.Sub, userName),
new Claim(Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames.Jti, await jwtOptions.JtiGenerator()),
new Claim(Microsoft.IdentityModel.JsonWebTokens.JwtRegisteredClaimNames.Iat, ToUnixEpochDate(jwtOptions.IssuedAt).ToString(), ClaimValueTypes.Integer64),
identity.FindFirst(Helpers.Constants.Strings.JwtClaimIdentifiers.Rol),
identity.FindFirst(Helpers.Constants.Strings.JwtClaimIdentifiers.Id)
};
// Create the JWT security token and encode it.
var jwt = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(
issuer: jwtOptions.Issuer,
audience: jwtOptions.Audience,
claims: claims,
notBefore: jwtOptions.NotBefore,
expires: jwtOptions.Expiration,
signingCredentials: jwtOptions.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
return(encodedJwt);
}
catch (Exception ex)
{
throw ex;
}
}
private string BuildToken(Users user)
{
// key is case-sensitive
var claims = new[] {
new Claim(JwtRegisteredClaimNames.Sub, Configuration["Jwt:Subject"]),
new Claim("id", user.Id.ToString()),
new Claim("username", user.Username),
new Claim("position", user.Position),
new Claim(ClaimTypes.Role, user.Position)
};
var expires = DateTime.Now.AddDays(Convert.ToDouble(Configuration["Jwt:ExpireDay"]));
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(
issuer: Configuration["Jwt:Issuer"],
audience: Configuration["Jwt:Audience"],
claims: claims,
expires: expires,
signingCredentials: creds
);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
async public Task <string> BuildJwtAuthorizationToken(User user, TokenProviderOptions options)
{
var now = DateTime.UtcNow;
// Specifically add the jti (nonce), iat (issued timestamp), and sub (subject/user) claims.
// You can add other claims here, if you want:
var claims = new List <Claim>()
{
new Claim(System.IdentityModel.Tokens.Jwt.JwtRegisteredClaimNames.Sub, user.Id),
new Claim(ClaimTypes.Name, user.Id),
new Claim(System.IdentityModel.Tokens.Jwt.JwtRegisteredClaimNames.Jti, await options.NonceGenerator()),
//new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(now).ToString(), ClaimValueTypes.Integer64)
};
foreach (Rol role in user.Roles)
{
claims.Add(new Claim(ClaimTypes.Role, role.value));
}
var jwt = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(
issuer: options.Issuer,
claims: claims,
notBefore: now,
signingCredentials: options.SigningCredentials);
var encodedJwt = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler().WriteToken(jwt);
return(encodedJwt);
}
public UsersDTO(Users user, System.IdentityModel.Tokens.Jwt.JwtSecurityToken token)
{
Id = user.Id;
Login = user.Login;
Email = user.Email;
Token = token;
Role_Name = user.Role;
}
protected TokenData GetTokenData()
{
var tok = Request.Headers["Authorization"].ToString().Replace("Bearer ", string.Empty);
var handler = new JwtSecurityTokenHandler();
//var tokenS = handler.ReadToken(headerValue.Parameter) as JwtSecurityToken;
var tokenS = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(tok);
var email = tokenS.Claims.First(claim => claim.Type == JwtRegisteredClaimNames.Email).Value;
var id = tokenS.Claims.FirstOrDefault(c => c.Type == JwtRegisteredClaimNames.UniqueName).Value;
return(new TokenData(email, new Guid(id)));
}
/// <summary>
/// 簽名並產生JWT字串
/// </summary>
/// <typeparam name="TJwtHeader">標頭類型</typeparam>
/// <typeparam name="TJwtPayload">內容類型</typeparam>
/// <param name="token">JWT結構</param>
/// <param name="signingCredentials">簽名鑰匙</param>
/// <returns>JWT字串</returns>
public static string Sign <TJwtHeader, TJwtPayload>(
this IJwtToken <TJwtHeader, TJwtPayload> token,
SecurityKey signingCredentials)
where TJwtHeader : IJwtHeader
{
var nToken = new SystemJWT.JwtSecurityToken(signingCredentials: new SigningCredentials(signingCredentials, token.Header.Algorithm));
SetToJwtHeader(token.Header, nToken.Header);
SetToJwtPayload(token.Payload, nToken.Payload);
return("bearer " + new SystemJWT.JwtSecurityTokenHandler().WriteToken(
nToken
));
}
private string GenerateJSONWebToken(User userInfo)
{
_log4net.Info("Token Generation initiated");
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(_config["Jwt:Issuer"],
_config["Jwt:Issuer"],
null,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: credentials);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
//Tạo AccessToken
private string GenerateToken(ThanhVienDangNhapViewModel thanhVienDNVM)
{
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(
claims: new Claim[] {
new Claim(ClaimTypes.Name, thanhVienDNVM.TaiKhoan),
new Claim(ClaimTypes.Role, thanhVienDNVM.MaLoaiThanhVien.ToString()),
},
notBefore: new DateTimeOffset(DateTime.Now).DateTime,
expires: new DateTimeOffset(DateTime.Now.AddMinutes(60)).DateTime,
signingCredentials: new SigningCredentials(SIGNING_KEY, SecurityAlgorithms.HmacSha256)
);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
public string GenerateJWTToken(string name)
{
var JwtToken = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(_config.issuer,
_config.audience,
new[] {
new Claim(ClaimTypes.Name, name)
},
null,
DateTime.Now.AddMinutes(5),
new Microsoft.IdentityModel.Tokens.SigningCredentials(new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.ASCII.GetBytes(_config.secret)),
Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256Signature));
var accessToken = new JwtSecurityTokenHandler().WriteToken(JwtToken);
return(accessToken);
}
public async Task <IActionResult> CreateToken([FromBody] LoginViewModel model)
{
try
{
var user = await _userManager.FindByNameAsync(model.Username);
if (user == null)
{
return(Unauthorized());
}
if (_passwordHasher.VerifyHashedPassword(user, user.PasswordHash, model.Password) == PasswordVerificationResult.Success)
{
var userClaims = await _userManager.GetClaimsAsync(user);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.NameId, user.Id),
new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Email, user.Email)
}.Union(userClaims);
var symmetricSecurityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(this._settings.JwtSecurityToken.Key));
var signingCredentials = new SigningCredentials(symmetricSecurityKey, SecurityAlgorithms.HmacSha256);
var jwtSecurityToken = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(
issuer: this._settings.JwtSecurityToken.Issuer,
audience: this._settings.JwtSecurityToken.Audience,
claims: claims,
expires: DateTime.UtcNow.AddMinutes(5),
signingCredentials: signingCredentials
);
return(Ok(new
{
Token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken),
Expiration = jwtSecurityToken.ValidTo,
Claims = jwtSecurityToken.Claims
}));
}
return(Unauthorized());
}
catch (Exception ex)
{
_logger.LogError($"error while creating token: {ex}");
return(StatusCode((int)HttpStatusCode.InternalServerError, "error while creating token"));
}
}
private string GenerateToken(NguoiDungDangNhap ndDN)
{
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(
claims: new Claim[] {
new Claim(ClaimTypes.Name, ndDN.TaiKhoan),
new Claim(ClaimTypes.Role, ndDN.MaLoaiND),
},
notBefore: new DateTimeOffset(DateTime.Now).DateTime,
expires: new DateTimeOffset(DateTime.Now.AddMinutes(60)).DateTime,
signingCredentials: new SigningCredentials(SIGNING_KEY, SecurityAlgorithms.HmacSha256)
);
//string token1 = new JwtSecurityTokenHandler().WriteToken(token);
return(new JwtSecurityTokenHandler().WriteToken(token));
}
public static void ReadToken(string jwtToken)
{
// To Read Claims on Api Controller
//var jwt = Request.Headers.Authorization.Parameter;
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
System.IdentityModel.Tokens.Jwt.JwtSecurityToken token = handler.ReadJwtToken(jwtToken);
IEnumerable <Claim> claims = token.Claims.ToList();
string id = token.Claims.FirstOrDefault(x => x.Type == "id").Value;
string role = token.Claims.FirstOrDefault(x => x.Type == "role").Value;
string Compcode = token.Claims.FirstOrDefault(x => x.Type == "Compcode").Value;
string Bracode = token.Claims.FirstOrDefault(x => x.Type == "Bracode").Value;
}
/// <summary>
/// Generate user specific JWT string
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public static string GenerateEncodedJWT(OCM.API.Common.Model.User user)
{
var claims = new List <System.Security.Claims.Claim>();
claims.Add(new Claim("UserID", user.ID.ToString()));
claims.Add(new Claim("nonce", user.CurrentSessionToken.ToString()));
var signingKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.ASCII.GetBytes(user.CurrentSessionToken));
var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest);
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(ISSUER, AUDIENCE, claims, DateTime.UtcNow, DateTime.UtcNow.AddMonths(1), signingCredentials);
var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
return(jwt);
}
public IActionResult Login(string returnUrl, LogInModel model)
{
UserProfile findUser = _userService.LogIn(model, out string resultCode);
if (findUser == null)
{
return(Ok(model));
}
// 要存的資訊
var claims = new List <Claim>()
{
new Claim(ClaimTypes.Name, findUser.USER_NO),
new Claim(ClaimTypes.NameIdentifier, findUser.USER_NO),
new Claim(ClaimTypes.MobilePhone, findUser.PHONE ?? "")
};
var roles = findUser.Roles
.Select(r => new Claim(ClaimTypes.Role, LogicCenter.GetEnumName(r.ROLE_ID)));
claims.AddRange(roles);
// Json Web Token 登入
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken
(
issuer: Configuration["Tokens:ValidIssuer"],
audience: Configuration["Tokens:ValidAudience"],
claims: claims,
expires: DateTime.UtcNow.AddHours(1), /* 過期時間 */
signingCredentials: new SigningCredentials(new SymmetricSecurityKey
(System.Text.Encoding.UTF8.GetBytes(Configuration["Tokens:IssuerSigningKey"])),
SecurityAlgorithms.HmacSha256)
);
string tokenString = new JwtSecurityTokenHandler().WriteToken(token);
return(Ok(
new {
user = findUser,
token = tokenString
}));
}
public IActionResult LoginExternal([FromBody] TokenViewModel jwt)
{
var jwtSettings = new JwtSettings
{
Key = _configuration["jwtSettings:key"],
Issuer = _configuration["jwtSettings:issuer"],
Audience = _configuration["jwtSettings:audience"],
MinutesToExpiration = int.Parse(_configuration["jwtSettings:minutesToExpiration"])
};
try
{
var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(jwt.Token);
var email = token.Claims.First(c => c.Type == "email");
var exp = token.Claims.First(c => c.Type == "exp");
//var emailVerified = token.Claims.First(c => c.Type == "email_verified");
if (token.ValidTo > DateTime.UtcNow)
{
var _user = this._userService.Authenticate(email.Value);
if (_user != null)
{
ReadedUserViewModel userViewModel;
string tokenString;
GetToken(jwtSettings, _user, out userViewModel, out tokenString);
return(Ok(new { Token = tokenString, User = userViewModel }));
}
}
return(Unauthorized());
}
catch (Exception)
{
return(Unauthorized());
}
}
