public JWTAndRefreshToken Login(string login, string password)
{
var person = _personRepository.GetPersonByLoginAndPassword(login, password);
if (person != null)
{
ClaimsIdentity identity = GetIdentity(login, password);
if (identity == null)
{
jwt = null;
return(null);
}
DateTime timeNow = DateTime.UtcNow;
jwt = new JwtSecurityToken(
issuer: JWTOptions.ISSUER,
audience: JWTOptions.AUDIENCE,
claims: identity.Claims,
notBefore: timeNow,
expires: timeNow.AddMinutes(1),
signingCredentials: new SigningCredentials(
JWTOptions.GetSymmetricSecurityKey(), SecurityAlgorithms.HmacSha256));
string accessToken = new JwtSecurityTokenHandler().WriteToken(jwt);
string refreshToken = Guid.NewGuid().ToString();
person.RefreshToken = refreshToken;
_personRepository.Update(person);
JWTAndRefreshToken JWTAndRefreshToken = new JWTAndRefreshToken {
AccessToken = accessToken, RefreshToken = refreshToken
};
return(JWTAndRefreshToken);
}
return(null);
}
public async Task <string> GenerateEncodedToken(string email, ClaimsIdentity identity)
{
var now = DateTime.UtcNow;
var user = await _userManager.FindByEmailAsync(email);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, email),
new Claim(JwtRegisteredClaimNames.Jti, await JWTOptions.NonceGenerator()),
new Claim(JwtRegisteredClaimNames.Iat, UnixEpochDateGenerator.ToUnixEpochDate(now).ToString(), ClaimValueTypes.Integer64),
identity.FindFirst(Constants.Strings.JwtClaimIdentifiers.Rol),
identity.FindFirst(Constants.Strings.JwtClaimIdentifiers.Id)
};
// создаем JWT-токен
var jwt = new JwtSecurityToken(
issuer: JWTOptions.ISSUER,
audience: JWTOptions.AUDIENCE,
notBefore: now,
claims: claims,
expires: now.Add(TimeSpan.FromMinutes(JWTOptions.LIFETIME)),
signingCredentials: new SigningCredentials(JWTOptions.GetSymmetricSecurityKey(), SecurityAlgorithms.HmacSha256));
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
return(encodedJwt);
}
public void InstallServices(IServiceCollection services, IConfiguration configuration)
{
var JWTOptions = new JWTOptions();
configuration.GetSection(JWTOptions.SectionName).Bind(JWTOptions);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = JWTOptions.Issuer,
ValidateAudience = true,
ValidAudience = JWTOptions.Audience,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = JWTOptions.GetSymmetricSecurityKey()
};
});
}
public JwtSecurityToken CreateJWTToken(UserIdentity identity)
{
var now = DateTime.UtcNow;
var JWTToken = new JwtSecurityToken(
issuer: _JWTOptions.Issuer,
audience: _JWTOptions.Audience,
notBefore: now,
claims: GetClaims(identity),
expires: now.Add(TimeSpan.FromMinutes(_JWTOptions.LifeTime)),
signingCredentials: new SigningCredentials(
key: _JWTOptions.GetSymmetricSecurityKey(),
algorithm: SecurityAlgorithms.HmacSha256)
);
return(JWTToken);
}
private void SetupJWT(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = JWTOptions.ISSUER,
ValidateAudience = true,
ValidAudience = JWTOptions.AUDIENCE,
ValidateLifetime = true,
IssuerSigningKey = JWTOptions.GetSymmetricSecurityKey(),
ValidateIssuerSigningKey = true
};
});
services.AddAuthorization();
}
