JAccessToken C# (CSharp)代码示例

示例#1

0

显示文件

        public override void OnActionExecuted(HttpActionExecutedContext filterContext)
        {
            string accessTokenFromRequest = "";
            {
                var authHeader = filterContext.Request.Headers.Authorization;
                if (authHeader != null)
                {
                    var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader.ToString());

                    // RFC 2617 sec 1.2, "scheme" name is case-insensitive
                    if (authHeaderVal.Scheme.Equals("bearer",
                                                    StringComparison.OrdinalIgnoreCase) &&
                        authHeaderVal.Parameter != null)
                    {
                        accessTokenFromRequest = authHeaderVal.Parameter;
                    }
                }

                // get the access token
                // accessTokenFromRequest = actionContext.Request.Headers.Authorization.ToString();

                string username = "";
                if (JwtManager.Instance.ValidateToken(accessTokenFromRequest, out username))
                {
                    string       tempUsername = string.Copy(username);
                    JAccessToken accessToken  = _jwtRepository.GetSingle(d => d.UserName == tempUsername, d => d.Account);
                    if (accessToken != null)
                    {
                        string accessTokenStored = accessToken.Value;
                        if (accessTokenFromRequest == accessTokenStored)
                        {
                            accessToken.DateTimeIssued = DateTime.UtcNow;
                            accessToken.Value          = JwtManager.Instance.GenerateToken(username);
                            _jwtRepository.Update(accessToken);
                            filterContext.Response.Headers.Add("Authorization", accessToken.Value);
                        }
                        else
                        {
                            filterContext.Response.StatusCode   = System.Net.HttpStatusCode.Unauthorized;
                            filterContext.Response.ReasonPhrase = "Invalid token.";
                        }
                    }
                    else
                    {
                        filterContext.Response.StatusCode   = System.Net.HttpStatusCode.Unauthorized;
                        filterContext.Response.ReasonPhrase = "User does not have a current token.";
                    }
                }
                else
                {
                    if (JwtManager.Instance.ValidateExpiredToken(accessTokenFromRequest, out username))
                    {
                        if (_jwtRepository.Exists(d => d.UserName == username, d => d.Account))
                        {
                            JAccessToken accessToken = _jwtRepository.GetSingle(d => d.UserName == username, d => d.Account);
                            if (accessToken != null)
                            {
                                string accessTokenStored = accessToken.Value;
                                if (accessTokenFromRequest == accessTokenStored && accessToken.DateTimeIssued.AddDays(1).CompareTo(DateTime.Now.ToUniversalTime()) > 0)
                                {
                                    accessToken.DateTimeIssued = DateTime.UtcNow;
                                    accessToken.Value          = JwtManager.Instance.GenerateToken(username);
                                    _jwtRepository.Update(accessToken);
                                    filterContext.Response.Headers.Add("Authorization", accessToken.Value);
                                }
                                else
                                {
                                    filterContext.Response.StatusCode   = System.Net.HttpStatusCode.Unauthorized;
                                    filterContext.Response.ReasonPhrase = "Invalid token.";
                                }
                            }
                            else
                            {
                                filterContext.Response.StatusCode   = System.Net.HttpStatusCode.Unauthorized;
                                filterContext.Response.ReasonPhrase = "User does not have a current token.";
                            }
                        }
                        else
                        {
                            filterContext.Response.StatusCode   = System.Net.HttpStatusCode.Unauthorized;
                            filterContext.Response.ReasonPhrase = "User does not have a current token.";
                        }
                    }
                    else
                    {
                        filterContext.Response.StatusCode   = System.Net.HttpStatusCode.Unauthorized;
                        filterContext.Response.ReasonPhrase = "Invalid token.";
                    }
                }
            }
        }

示例#2

0

显示文件

文件： LoginController.cs 项目： extra-curricular-schooling/ecs-development

        public IHttpActionResult Submit(AccountCredentialDTO credentials)
        {
            // Credentials is already read and deserialized into a DTO. Validate it.
            Validate(credentials);

            // Checks for valid model state
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            // Check to make they are not a new SSO user
            if (_partialAccountRepository.Exists(d => d.UserName == credentials.Username))
            {
                var transformer = new SsoLoginTransformer();
                var ssoLoginDto = transformer.Fetch(credentials);
                var response    = _ssoControllerLogic.Login(ssoLoginDto);
                return(ResponseMessage(response));
            }

            // Proccess any other information.
            if (!_accountRepository.Exists(d => d.UserName == credentials.Username))
            {
                return(Unauthorized());
            }

            if (!_saltRepository.Exists(d => d.UserName == credentials.Username, d => d.Account))
            {
                return(Unauthorized());
            }

            Salt salt;

            try
            {
                salt = _saltRepository.GetSingle(d => d.UserName == credentials.Username, d => d.Account);
            }
            catch (Exception)
            {
                return(Unauthorized());
            }

            // Check app DB for user.
            Account account;

            try
            {
                account = _accountRepository.GetSingle(d => d.UserName == credentials.Username);
            }
            catch (Exception)
            {
                return(Unauthorized());
            }

            if (!account.AccountStatus)
            {
                return(BadRequest("SUSPENDED"));
            }

            // Issue login information
            if (account.Password == HashService.Instance.HashPasswordWithSalt(salt.PasswordSalt, credentials.Password, true))
            {
                var          response = new HttpResponseMessage();
                JAccessToken token;
                var          claims = (List <AccountType>)account.AccountTypes;
                // JWT token already exists
                if (_jwtRepository.Exists(d => d.UserName == account.UserName, d => d.Account))
                {
                    token                = _jwtRepository.GetSingle(d => d.UserName == account.UserName, d => d.Account);
                    token.Value          = JwtManager.Instance.GenerateToken(claims);
                    token.DateTimeIssued = DateTime.UtcNow;
                    _jwtRepository.Update(token);
                }
                // JWT does not exist for this user
                else
                {
                    token = new JAccessToken
                    {
                        Value          = JwtManager.Instance.GenerateToken(claims),
                        UserName       = account.UserName,
                        DateTimeIssued = DateTime.UtcNow
                    };
                    _jwtRepository.Insert(token);
                }

                return(Json(new { AuthToken = token.Value }));
            }
            // Given password does no match the stored hashed password after being hashed
            else
            {
                return(Unauthorized());
            }
        }

示例#3

0

显示文件

文件： JAccessTokenLogic.cs 项目： extra-curricular-schooling/ecs-development

 public void Update(JAccessToken jAccessToken)
 {
     _jAccessTokenRepository.Update(jAccessToken);
 }

示例#4

0

显示文件

文件： JAccessTokenLogic.cs 项目： extra-curricular-schooling/ecs-development

 public void Create(JAccessToken jAccessToken)
 {
     _jAccessTokenRepository.Insert(jAccessToken);
 }

示例#5

0

显示文件

        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            string accessTokenFromRequest = "";

            if (actionContext.Request.Headers.Authorization.ToString() != null)
            {
                var authHeader = actionContext.Request.Headers.Authorization;
                if (authHeader != null)
                {
                    var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader.ToString());

                    // RFC 2617 sec 1.2, "scheme" name is case-insensitive
                    if (authHeaderVal.Scheme.Equals("bearer",
                                                    StringComparison.OrdinalIgnoreCase) &&
                        authHeaderVal.Parameter != null)
                    {
                        accessTokenFromRequest = authHeaderVal.Parameter;
                    }
                }
                // get the access token
                // accessTokenFromRequest = actionContext.Request.Headers.Authorization.ToString();

                string username = "";
                if (JwtManager.Instance.ValidateToken(accessTokenFromRequest, out username))
                {
                    string       tempUsername = string.Copy(username);
                    JAccessToken accessToken  = _jwtRepository.GetSingle(d => d.UserName == tempUsername, d => d.Account);
                    if (accessToken != null)
                    {
                        string accessTokenStored = accessToken.Value;
                        if (accessTokenFromRequest == accessTokenStored)
                        {
                            return(true);
                        }
                        else
                        {
                            return(false);
                        }
                    }
                    else
                    {
                        return(false);
                    }
                }
                // Token is either not valid or expired
                else
                {
                    if (JwtManager.Instance.ValidateExpiredToken(accessTokenFromRequest, out username))
                    {
                        if (_jwtRepository.Exists(d => d.UserName == username, d => d.Account))
                        {
                            JAccessToken accessToken = _jwtRepository.GetSingle(d => d.UserName == username, d => d.Account);
                            if (accessToken != null)
                            {
                                string accessTokenStored = accessToken.Value;
                                if (accessTokenFromRequest == accessTokenStored && accessToken.DateTimeIssued.AddDays(1).CompareTo(DateTime.Now.ToUniversalTime()) > 0)
                                {
                                    return(true);
                                }
                                else
                                {
                                    return(false);
                                }
                            }
                            else
                            {
                                return(false);
                            }
                        }
                        else
                        {
                            return(false);
                        }
                    }
                    else
                    {
                        return(false);
                    }
                }
            }
            else
            {
                return(false);
            }
        }

示例#6

0

显示文件

        public IHttpActionResult RenewToken()
        {
            string accessTokenFromRequest = "";

            // Check authorization header
            if (Request.Headers.Authorization.ToString() != null)
            {
                var authHeader = Request.Headers.Authorization;
                // Retrieve JWT from authorization header
                if (authHeader != null)
                {
                    var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader.ToString());

                    // RFC 2617 sec 1.2, "scheme" name is case-insensitive
                    if (authHeaderVal.Scheme.Equals("bearer",
                                                    StringComparison.OrdinalIgnoreCase) &&
                        authHeaderVal.Parameter != null)
                    {
                        accessTokenFromRequest = authHeaderVal.Parameter;
                    }
                }

                string username = "";
                // Obtain username from JWT if it is valid
                if (JwtManager.Instance.ValidateToken(accessTokenFromRequest, out username))
                {
                    JAccessToken accessToken = _jAccessTokenLogic.GetJAccessToken(username);
                    // Make sure the given username has an existing JWT token
                    if (accessToken != null)
                    {
                        string accessTokenStored = accessToken.Value;
                        // Compare the stored JWT to the given JWT to ensure they are the same
                        if (accessTokenFromRequest == accessTokenStored)
                        {
                            accessToken.DateTimeIssued = DateTime.UtcNow;
                            string token = JwtManager.Instance.GenerateToken(username);
                            accessToken.Value = token;
                            // Update store with new JWT value
                            _jAccessTokenLogic.Update(accessToken);
                            return(Json(new { AuthToken = token }));
                        }
                        else
                        {
                            return(Unauthorized());
                        }
                    }
                    // An existing JWT token was not found for the given username
                    else
                    {
                        return(Unauthorized());
                    }
                }
                // JWT was not valid
                else
                {
                    return(Unauthorized());
                }
            }
            // Authorization header is empty
            else
            {
                return(Unauthorized());
            }
        }

C# (CSharp) JAccessToken示例