public void Create_JWT() { using (new BasicAppHost().Init()) { var jwtProvider = new JwtAuthProvider { AuthKeyBase64 = Config.JwtAuthKeyBase64, ExpireTokensInDays = 3650 }; var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm); var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession { UserAuthId = "1", DisplayName = "test", UserName = "******", IsAuthenticated = true, }, issuer: jwtProvider.Issuer, expireIn: jwtProvider.ExpireTokensIn, audience: jwtProvider.Audience, roles: new[] { "TheRole" }, permissions: new[] { "ThePermission" }); var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm()); jwtToken.Print(); } }
/// <summary> /// Генерация пары токенов для пользователя /// </summary> /// <returns>Пара токенов: Access и Refresh</returns> internal async Task <TokenResult> GenerateToken(User user, TimeSpan?customAccessExpire = null, TimeSpan?customRefreshExpire = null) { //var user = await UserRepository.GetWithIncludesAsync(uid); var sessionId = Guid.NewGuid().ToString(); var token = new TokenResult(); var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider("jwt"); if (jwtProvider?.PublicKey == null) { throw new HttpError(HttpStatusCode.ServiceUnavailable, "AuthProvider does not work"); } var defaultAccessExpire = jwtProvider.ExpireTokensIn; //Можно запросить время жизни токена не больше чем 'defaultAccessExpire' var accExpSpan = (customAccessExpire ?? defaultAccessExpire) >= defaultAccessExpire ? defaultAccessExpire : customAccessExpire.Value; var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession { UserAuthId = user.Id, CreatedAt = DateTime.UtcNow, DisplayName = user.Login, }, issuer: jwtProvider.Issuer, expireIn: accExpSpan); body["useragent"] = Request.UserAgent; body["session"] = sessionId; token.AccessToken = JwtAuthProvider.CreateEncryptedJweToken(body, jwtProvider.PublicKey.Value); var defaultRefreshExpire = jwtProvider.ExpireRefreshTokensIn; var refExpSpan = (customRefreshExpire ?? defaultRefreshExpire) >= defaultRefreshExpire ? defaultRefreshExpire : customRefreshExpire.Value; var refreshBody = JwtAuthProvider.CreateJwtPayload(new AuthUserSession { UserAuthId = user.Id, DisplayName = user.Login, CreatedAt = DateTime.UtcNow, Permissions = new List <string> { RefreshPermission }, }, issuer: jwtProvider.Issuer, expireIn: refExpSpan); refreshBody["useragent"] = Request.UserAgent; refreshBody["session"] = body["session"]; token.RefreshToken = JwtAuthProvider.CreateEncryptedJweToken(refreshBody, jwtProvider.PublicKey.Value); return(token); }
public override void Configure(Container container) { Plugins.Add(new EncryptedMessagesFeature { PrivateKey = SecureConfig.PrivateKeyXml.ToPrivateRSAParameters(), FallbackPrivateKeys = { SecureConfig.FallbackPrivateKeyXml.ToPrivateRSAParameters() }, }); var apiKeyAuth = new ApiKeyAuthProvider(AppSettings); var jwtAuth = new JwtAuthProvider(AppSettings) { AuthKey = AesUtils.CreateKey(), UseTokenCookie = false, // only works with non HTTP Cookies }; Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[] { new CredentialsAuthProvider(AppSettings), apiKeyAuth, jwtAuth, })); container.Register <IAuthRepository>(c => new InMemoryAuthRepository()); var authRepo = container.Resolve <IAuthRepository>(); var userAuth = authRepo.CreateUserAuth( new UserAuth { Email = "*****@*****.**" }, "p@55word"); var apiKeys = apiKeyAuth.GenerateNewApiKeys(userAuth.Id.ToString(), "live"); var apiKeyRepo = (IManageApiKeys)authRepo; apiKeyRepo.StoreAll(apiKeys); LiveApiKey = apiKeys[0]; JwtBearerToken = jwtAuth.CreateJwtBearerToken(new AuthUserSession { UserAuthId = userAuth.Id.ToString(), Email = userAuth.Email, IsAuthenticated = true, }); }
public void Does_validate_multiple_audiences() { var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProviderReader.Name); string CreateJwtWithAudiences(params string[] audiences) { var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm); var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession { UserAuthId = "1", DisplayName = "Test", Email = "*****@*****.**", IsAuthenticated = true, }, issuer: jwtProvider.Issuer, expireIn: jwtProvider.ExpireTokensIn, audiences: audiences); var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm()); return(jwtToken); } jwtProvider.Audiences = new List <string> { "foo", "bar" }; var jwtNoAudience = CreateJwtWithAudiences(); Assert.That(jwtProvider.IsJwtValid(jwtNoAudience)); var jwtWrongAudience = CreateJwtWithAudiences("qux"); Assert.That(!jwtProvider.IsJwtValid(jwtWrongAudience)); var jwtPartialAudienceMatch = CreateJwtWithAudiences("bar", "qux"); Assert.That(jwtProvider.IsJwtValid(jwtPartialAudienceMatch)); jwtProvider.Audience = "foo"; Assert.That(!jwtProvider.IsJwtValid(jwtPartialAudienceMatch)); jwtProvider.Audience = null; Assert.That(jwtProvider.IsJwtValid(jwtPartialAudienceMatch)); }
protected string CreateJwt(RSAParameters privateKey, string algorithm, string audience = null) { var header = JwtAuthProvider.CreateJwtHeader(algorithm); var payload = JwtAuthProvider.CreateJwtPayload(new AuthUserSession { UserAuthId = "1", DisplayName = "Test", Email = "*****@*****.**", // JwtAuthProvider.CreateJwt would fail without ProfileUrl when // there is no initialized AppHost ProfileUrl = "http://myprofile" }, "https://server.example.com", audiences: new [] { audience }, expireIn: TimeSpan.FromDays(7)); var rsaSignFunc = JwtAuthProviderReader.RsaSignAlgorithms[algorithm]; return(JwtAuthProvider.CreateJwt(header, payload, data => rsaSignFunc(privateKey, data))); }
public static void Initialize(Settings settings) { Settings = settings; JWTProvider = new JwtAuthProvider() { AuthKeyBase64 = Settings.Auth.SigningKey, ExpireTokensIn = TimeSpan.FromMinutes(Settings.Auth.TokenValidityMinutes), CreatePayloadFilter = CreatePayload, PopulateSessionFilter = PopulateSession, RequireSecureConnection = false }; AuthFeature = new AuthFeature( () => new UserSession(), new[] { JWTProvider }) { HtmlRedirect = null, IncludeAssignRoleServices = false }; }
public void Can_manually_create_an_authenticated_UserSession_in_Token() { var jwtProvider = CreateJwtAuthProvider(); var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm); var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession { UserAuthId = "1", DisplayName = "Test", Email = "*****@*****.**", IsAuthenticated = true, }, issuer: jwtProvider.Issuer, expireIn: jwtProvider.ExpireTokensIn, audiences: jwtProvider.Audiences, roles: new[] { "TheRole" }, permissions: new[] { "ThePermission" }); var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm()); var client = GetClient(); try { client.Send(new HelloJwt { Name = "no jwt" }); Assert.Fail("should throw"); } catch (WebServiceException ex) { Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized)); } client.SetTokenCookie(jwtToken); var response = client.Send(new HelloJwt { Name = "from Custom JWT" }); Assert.That(response.Result, Is.EqualTo("Hello, from Custom JWT")); }
private string CreateJwtToken() { var jwtProvider = CreateJwtAuthProvider(); var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm); var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession { UserAuthId = "1", DisplayName = "Test", Email = "*****@*****.**", IsAuthenticated = true, }, issuer: jwtProvider.Issuer, expireIn: jwtProvider.ExpireTokensIn, audiences: jwtProvider.Audiences, roles: new[] { "TheRole" }, permissions: new[] { "ThePermission" }); var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm()); return(jwtToken); }
public object Any(CreateRefreshJwt request) { var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProvider.Name); var jwtHeader = new JsonObject { { "typ", "JWTR" }, //RefreshToken { "alg", jwtProvider.HashAlgorithm } }; var keyId = jwtProvider.GetKeyId(Request); if (keyId != null) { jwtHeader["kid"] = keyId; } var now = DateTime.UtcNow; var jwtPayload = new JsonObject { { "sub", request.UserAuthId ?? "1" }, { "iat", now.ToUnixTime().ToString() }, { "exp", (request.JwtExpiry ?? DateTime.UtcNow.AddDays(1)).ToUnixTime().ToString() }, }; if (jwtProvider.Audience != null) { jwtPayload["aud"] = jwtProvider.Audience; } var hashAlgoritm = jwtProvider.GetHashAlgorithm(); var refreshToken = JwtAuthProvider.CreateJwt(jwtHeader, jwtPayload, hashAlgoritm); return(new CreateRefreshJwtResponse { Token = refreshToken }); }
public static ResponseDTO CheckUserLogin(string username, string password, string page, int typeSearch) { ErrorDTO ErrorResponse = new ErrorDTO(); LoginResponseDTO DataResponse = new LoginResponseDTO(); ResponseDTO Response = new ResponseDTO(); SqlConnection con = connection.loadDB(); con.Open(); SqlCommand cmd = new SqlCommand(); cmd.Connection = con; cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.CommandText = "SearchUserData"; SqlParameter param1 = new SqlParameter(); param1.ParameterName = "UserName"; param1.SqlDbType = SqlDbType.NVarChar; if (username != null && username != "") { param1.Value = username; } else { param1.Value = DBNull.Value; } cmd.Parameters.Add(param1); SqlParameter param2 = new SqlParameter(); param2.ParameterName = "Password"; param2.SqlDbType = SqlDbType.NVarChar; if (password != null && password != "") { param2.Value = password; } else { param2.Value = DBNull.Value; } cmd.Parameters.Add(param2); SqlParameter param3 = new SqlParameter(); param3.ParameterName = "TypeSearch"; param3.SqlDbType = SqlDbType.Int; param3.Value = typeSearch; cmd.Parameters.Add(param3); List <UserDTO> ListUsers = new List <UserDTO>(); try { SqlDataReader reader = cmd.ExecuteReader(); if (reader.HasRows) { while (reader.Read()) { UserDTO userModel = new UserDTO(); userModel.ID = Convert.ToInt16(reader["ID"].ToString()); userModel.UserName = reader["username"].ToString(); userModel.FirstName = reader["first_name"].ToString(); userModel.LastName = reader["last_name"].ToString(); userModel.Password = reader["password"].ToString(); userModel.Email = reader["email"].ToString(); userModel.Role = reader["ROLES"].ToString(); userModel.Permission = reader["PERMISSTION"].ToString(); ListUsers.Add(userModel); } } if (ListUsers.Count > 0) { if ((ListUsers[0].Role.ToUpper() != "PAID USER" && ListUsers[0].Role.ToUpper() != "FREE USER" && page == "admin") || (page == "front")) { DataResponse.id = ListUsers[0].ID; DataResponse.token = JwtAuthProvider.GenerateToken(ListUsers[0].UserName, ListUsers[0].Password); Response.Data = DataResponse; } else { ErrorResponse.Code = 404; ErrorResponse.Message = "Authenticate Error"; Response.Error = ErrorResponse; } return(Response); } else { ErrorResponse.Code = 404; ErrorResponse.Message = "Authenticate Error"; Response.Error = ErrorResponse; return(Response); } } catch (Exception ex) { Logger.Error("", ex, Level.ERROR); throw ex; } finally { con.Close(); } }