public HomeModule(IConfigProvider configProvider, IJwtWrapper jwtWrapper)
{
Get["/login"] = _ => View["Login"];
Post["/login"] = _ =>
{
var user = this.Bind <UserCredentials>();
//Verify user/pass
if (user.User != "fred" && user.Password != "securepwd")
{
return(401);
}
var jwttoken = new JwtToken()
{
Issuer = "http://issuer.com",
Audience = "http://mycoolwebsite.com",
Claims =
new List <Claim>(new[]
{
new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "Administrator"),
new Claim(ClaimTypes.Name, "Fred")
}),
Expiry = DateTime.UtcNow.AddDays(7)
};
var token = jwtWrapper.Encode(jwttoken, configProvider.GetAppSetting("securekey"), JwtHashAlgorithm.HS256);
return(Negotiate.WithModel(token));
};
Get["/"] = _ => "Hello Secure World!";
}
public HomeModule(IConfigProvider configProvider, IJwtWrapper jwtWrapper)
{
Get["/login"] = _ => View["Login"];
Post["/login"] = _ =>
{
var user = this.Bind<UserCredentials>();
//Verify user/pass
if (user.User != "fred" && user.Password != "securepwd")
{
return 401;
}
var jwttoken = new JwtToken()
{
Issuer = "http://issuer.com",
Audience = "http://mycoolwebsite.com",
Claims =
new List<Claim>(new[]
{
new Claim("http://schemas.microsoft.com/ws/2008/06/identity/claims/role", "Administrator"),
new Claim(ClaimTypes.Name, "Fred")
}),
Expiry = DateTime.UtcNow.AddDays(7)
};
var token = jwtWrapper.Encode(jwttoken, configProvider.GetAppSetting("securekey"), JwtHashAlgorithm.HS256);
return Negotiate.WithModel(token);
};
Get["/"] = _ => "Hello Secure World!";
}
public ClaimsPrincipal ValidateUser(string token)
{
try
{
//Claims don't deserialize :(
//var jwttoken = JsonWebToken.DecodeToObject<JwtToken>(token, configProvider.GetAppSetting("securekey"));
var decodedtoken = JsonWebToken.DecodeToObject(token, configProvider.GetAppSetting("securekey")) as Dictionary <string, object>;
var jwttoken = new JwtToken()
{
Audience = (string)decodedtoken["Audience"],
Issuer = (string)decodedtoken["Issuer"],
Expiry = DateTime.Parse(decodedtoken["Expiry"].ToString()),
};
if (decodedtoken.ContainsKey("Claims"))
{
var claims = new List <Claim>();
for (int i = 0; i < ((ArrayList)decodedtoken["Claims"]).Count; i++)
{
var type = ((Dictionary <string, object>)((ArrayList)decodedtoken["Claims"])[i])["Type"].ToString();
var value = ((Dictionary <string, object>)((ArrayList)decodedtoken["Claims"])[i])["Value"].ToString();
claims.Add(new Claim(type, value));
}
jwttoken.Claims = claims;
}
if (jwttoken.Expiry < DateTime.UtcNow)
{
return(null);
}
//TODO Tidy on 3.8 Mono release
var claimsPrincipal = new ClaimsPrincipal();
var claimsIdentity = new ClaimsIdentity("Token");
claimsIdentity.AddClaims(jwttoken.Claims);
claimsPrincipal.AddIdentity(claimsIdentity);
return(claimsPrincipal);
}
catch (Exception)
{
return(null);
}
}
public ClaimsPrincipal ValidateUser(string token)
{
Trace.WriteLine("checking token");
try
{
//Claims don't deserialize :(
//var jwttoken = JsonWebToken.DecodeToObject<JwtToken>(token, configProvider.GetAppSetting("securekey"));
var decodedtoken = JsonWebToken.DecodeToObject(token, configProvider.GetAppSetting("secret")) as Dictionary <string, object>;
Trace.WriteLine(decodedtoken);
var jwttoken = new JwtToken()
{
Expiry = (DateTime)decodedtoken["Expiry"],
UserId = (int)decodedtoken["UserId"]
};
if (decodedtoken.ContainsKey("Claims"))
{
var claims = new List <Claim>();
for (int i = 0; i < ((ArrayList)decodedtoken["Claims"]).Count; i++)
{
var type = ((Dictionary <string, object>)((ArrayList)decodedtoken["Claims"])[i])["Type"].ToString();
var value = ((Dictionary <string, object>)((ArrayList)decodedtoken["Claims"])[i])["Value"].ToString();
claims.Add(new Claim(type, value));
}
claims.Add(new Claim("UserId", jwttoken.UserId.ToString()));
jwttoken.Claims = claims;
}
Trace.WriteLine(jwttoken.Expiry);
if (jwttoken.Expiry < DateTime.UtcNow)
{
Trace.WriteLine("expired token");
return(null);
}
return(new ClaimsPrincipal(new ClaimsIdentity(jwttoken.Claims, "Token")));
}
catch (SignatureVerificationException)
{
Trace.WriteLine("signature verification failed");
return(null);
}
}
public AuthModule(IConfigProvider config) : base("/api/v1/auth")
{
Post["/"] = p =>
{
LoginModel model = this.Bind <LoginModel>();
User user = null;
using (var cnn = Connection)
{
user = cnn.Query <User>(
"select * from users where email = @username",
new { username = model.Username }).FirstOrDefault();
}
if (user == null)
{
return(HttpStatusCode.Unauthorized);
}
if (!BCrypt.Net.BCrypt.Verify(model.Password, user.Password))
{
return(HttpStatusCode.Unauthorized);
}
var jwtToken = new JwtToken
{
Expiry = DateTime.UtcNow.AddDays(9999),
UserId = user.Id
};
jwtToken.Claims.Add(user.Email == "*****@*****.**"
? new Claim(ClaimTypes.Role, "Administrator")
: new Claim(ClaimTypes.Role, "User"));
jwtToken.Claims.Add(new Claim(ClaimTypes.Email, user.Email));
jwtToken.Claims.Add(new Claim(ClaimTypes.Name, user.Email));
jwtToken.Claims.Add(new Claim(ClaimTypes.Sid, user.Id.ToString()));
var token = JsonWebToken.Encode(jwtToken, config.GetAppSetting("secret"), JwtHashAlgorithm.HS256);
return(Response.AsJson(token));
};
}