public async Task <IActionResult> Login([FromBody] LoginRequestModel request) { //IUserSQL userRepository = _imisRepository.getUserRepository(); User user = await _imisModules.GetUserModule().GetUserController().GetByUsernameAndPasswordAsync(request.Username, request.Password); if (user != null) { DateTime expirationDate = DateTime.Now.AddDays(double.Parse(_configuration["JwtExpireDays"])); IEnumerable <Claim> claims = new[] { new Claim(ClaimTypes.Name, request.Username) }; /*var roles = user.GetRolesStringArray(); * * foreach (var role in roles) * { * claims = claims.Append(new Claim(ClaimTypes.Role, role)); * }*/ //claims = claims.Append(new Claim("scope", "read:messages")); var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(user.PrivateKey)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken( issuer: _configuration["JwtIssuer"], audience: _configuration["JwtIssuer"], claims: claims, expires: expirationDate, signingCredentials: creds); return(Ok(new LoginResponseModel { Token = new JwtSecurityTokenHandler().WriteToken(token), Expires = expirationDate })); } return(Unauthorized()); }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, HasAuthorityRequirement requirement) { // If user does not have the scope claim, get out of here if (!context.User.HasClaim(c => c.Type == ClaimTypes.Name && c.Issuer == requirement.Issuer)) { return(Task.CompletedTask); } // Split the scopes string into an array //var scopes = context.User.FindFirst(c => c.Type == ClaimTypes.Name && c.Issuer == requirement.Issuer).Value.Split(' '); var username = context.User.FindFirst(claim => claim.Type == ClaimTypes.Name).Value; var scopes = _imisModules.GetUserModule().GetUserController().GetByUsername(username).GetRolesStringArray(); // Succeed if the scope array contains the required scope if (scopes.Any(s => s == requirement.Authority)) { context.Succeed(requirement); } return(Task.CompletedTask); }
/// <summary> /// Validated tokens based on user's private key /// </summary> /// <param name="securityToken"></param> /// <param name="validationParameters"></param> /// <param name="validatedToken"></param> /// <returns>ClaimsPrincipal</returns> public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { ClaimsPrincipal principal; var handler = new JwtSecurityTokenHandler(); var tokenS = handler.ReadToken(securityToken) as JwtSecurityToken; var username = tokenS.Claims.First(claim => claim.Type == ClaimTypes.Name).Value; //var serviceCollection = new ServiceCollection(); //IUserSQL userRepository = _imisRepository.getUserRepository(); User user = _imisModules.GetUserModule().GetUserController().GetByUsername(username); if (user != null) { TokenValidationParameters tokenValidationParameters = new TokenValidationParameters { ValidateIssuer = validationParameters.ValidateIssuer, ValidateAudience = validationParameters.ValidateAudience, ValidateLifetime = validationParameters.ValidateLifetime, ValidateIssuerSigningKey = true, ValidIssuer = validationParameters.ValidIssuer, ValidAudience = validationParameters.ValidAudience, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(user.PrivateKey)) }; principal = _tokenHandler.ValidateToken(securityToken, tokenValidationParameters, out validatedToken); } else { principal = _tokenHandler.ValidateToken(securityToken, validationParameters, out validatedToken); } return(principal); }