private void attachUserToContext(HttpContext context, AuthenticationInterface userService, string token)
{
try
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
tokenHandler.ValidateToken(token, new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false,
// set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later)
ClockSkew = TimeSpan.Zero
}, out SecurityToken validatedToken);
var jwtToken = (JwtSecurityToken)validatedToken;
var userId = int.Parse(jwtToken.Claims.First(x => x.Type == "id").Value);
var role = new Role {
Name = jwtToken.Claims.First(x => x.Type == "Role").Value
};
// attach user to context on successful jwt validation
context.Items["User"] = userService.GetById(userId);
context.Items["Role"] = role;
}
catch
{
// do nothing if jwt validation fails
// user is not attached to context so request won't have access to secure routes
}
}
public async Task Invoke(HttpContext context, AuthenticationInterface userService)
{
var token = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last();
if (token != null)
{
attachUserToContext(context, userService, token);
}
await _next(context);
}
public BasicAuthenticationHandler(
IOptionsMonitor <AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
ISystemClock clock,
AuthenticationInterface userService,
UserManager <User> userManager)
: base(options, logger, encoder, clock)
{
_userService = userService;
_userManager = userManager;
}
/// <summary>
/// Sets the authentication.
/// </summary>
/// <param name="authentication">Authentication.</param>
public static void SetAuthentication(AuthenticationInterface authentication)
{
ApiConfig.authentication = authentication;
}
public static string GenerateSignature(string URL, string method, string body, string clientId, AsymmetricAlgorithm privateKey, AuthenticationInterface auth = null)
{
OAuthParameters oAuthParameters = new OAuthParameters();
oAuthParameters.setOAuthConsumerKey(clientId);
oAuthParameters.setOAuthNonce(OAuthUtil.GetNonce());
oAuthParameters.setOAuthTimestamp(OAuthUtil.GetTimestamp());
oAuthParameters.setOAuthSignatureMethod("RSA-SHA1");
oAuthParameters.setOAuthVersion("1.0");
if (!string.IsNullOrEmpty(body))
{
string oAuthBodyHash = Util.Base64Encode(Util.Sha1Encode(body));
oAuthParameters.setOAuthBodyHash(oAuthBodyHash);
}
string oAuthSignature = OAuthUtil.RsaSign(OAuthUtil.GetBaseString(URL, method, oAuthParameters.getBaseParameters()), auth);
oAuthParameters.setOAuthSignature(oAuthSignature);
StringBuilder stringBuilder = new StringBuilder();
foreach (KeyValuePair <string, string> current in oAuthParameters.getBaseParameters())
{
if (stringBuilder.Length == 0)
{
stringBuilder.Append(OAuthParameters.OAUTH_KEY).Append(" ");
}
else
{
stringBuilder.Append(",");
}
stringBuilder.Append(current.Key).Append("=\"").Append(Util.UriRfc3986(current.Value)).Append("\"");
}
return(stringBuilder.ToString());
}
public static string RsaSign(string baseString, AuthenticationInterface auth = null)
{
return((auth ?? ApiConfig.GetAuthentication()).SignMessage(baseString));
}
public AuthenticationController(AuthenticationInterface userService)
{
_userService = userService;
}
public void SetAuthentication(AuthenticationInterface authentication)
{
this.authentication = authentication;
}