public async Task <Result> Handle(Command request, CancellationToken cancellationToken) { var tokenHandler = new JwtSecurityTokenHandler(); var jwtOptions = new JwtConfigurationData(); configuration.Bind("jwt", jwtOptions); // Token configurations var tokenLifetime = TimeSpan.FromDays(jwtOptions.LifetimeDays); var now = DateTime.Now; var jwtToken = tokenHandler.CreateJwtSecurityToken(new SecurityTokenDescriptor() { Audience = jwtOptions.Audience, Issuer = jwtOptions.Issuer, Expires = now + tokenLifetime, IssuedAt = now, NotBefore = now, SigningCredentials = new SigningCredentials( JwtSecurity.GetSecurityKey(jwtOptions.SecretKey, jwtOptions.SecurityPhrase), SecurityAlgorithms.HmacSha256 ), }); return(new Result { Token = tokenHandler.WriteToken(jwtToken), ExpiresAt = jwtToken.ValidTo, }); }
public static void AddJwtAuthentication(this IServiceCollection services, IConfiguration configuration) { var jwtOptions = configuration.GetValue <JwtConfigurationData>("Jwt"); services .AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters() { ValidAudience = jwtOptions.Audience, ValidIssuer = jwtOptions.Issuer, IssuerSigningKey = JwtSecurity.GetSecurityKey(jwtOptions.SecretKey, jwtOptions.SecurityPhrase), LifetimeValidator = (notBefore, expires, token, parameters) => { var now = DateTime.UtcNow; return((now >= notBefore) && (now <= expires)); }, // ValidateIssuerSigningKey = true, ValidateLifetime = true, ValidateIssuer = true, ValidateAudience = true, }; // options.Validate(); }); }
public IActionResult Login([FromBody] User user) { ISecurity <User> security = new JwtSecurity(context); return(Ok(JsonConvert.SerializeObject(new { token = security.Login(user) }))); }
public async Task<IActionResult> IssueToken([FromBody] BearerTokenRequest model) { if (!ValidModelState(out var error)) return error; TUser user; switch (model.IdentityType) { case IdentityType.Username: user = await _userManager.FindByNameAsync(model.Identity); break; case IdentityType.Email: user = await _userManager.FindByEmailAsync(model.Identity); if (!user.EmailConfirmed) return NotFound(); break; case IdentityType.PhoneNumber: user = await _userManager.FindByPhoneNumberAsync(model.Identity); if (!user.PhoneNumberConfirmed) return NotFound(); break; default: throw new ArgumentOutOfRangeException(); } if (user == null) return NotFound(); if (user.LockoutEnd.HasValue && user.LockoutEnd > _timestamps.GetCurrentTime()) return Forbid(); if (await _userManager.CheckPasswordAsync(user, model.Password)) { Debug.Assert(nameof(IUserIdProvider.Id) == nameof(IdentityUser.Id)); var claims = await _userManager.GetClaimsAsync(user); if (HttpContext.GetTenantContext<TTenant>() is TenantContext<TTenant> tenantContext) { if (tenantContext.Tenant != null) { claims.Add(new Claim(_securityOptions.Value.Claims.TenantIdClaim, tenantContext.Tenant.Id)); claims.Add(new Claim(_securityOptions.Value.Claims.TenantNameClaim, tenantContext.Tenant.Name)); } } var provider = user.ActLike<IUserIdProvider>(); var token = JwtSecurity.CreateToken(provider, claims, _securityOptions.Value, _apiOptions.Value); return Ok(new { AccessToken = token }); } return Unauthorized(); }
public GetAuthrizationTokenQueryHandler(IMapper mapper , IAuthrizationQueryRepository authrizationQueryRepository , Hashing hashing , JwtSecurity jwtSecurity) { this._mapper = mapper; this._authrizationQueryRepository = authrizationQueryRepository; this._hashing = hashing; this._jwtSecurity = jwtSecurity; }
private SecurityValidationResult ValidateJwt(HttpActionContext actionContext) { try { var authenticationHeader = actionContext.Request.Headers.Authorization; if (authenticationHeader.Scheme.ToUpperInvariant() != "BEARER") { return(new SecurityValidationResult(false, "The authorization header scheme is invalid.")); } if (string.IsNullOrEmpty(authenticationHeader.Parameter)) { return(new SecurityValidationResult(false, "An authorization header value is required.")); } var customerId = JwtSecurity.GetClaimValue(authenticationHeader.Parameter, JwtSecurity.ClaimCustomerId); if (customerId == null) { return(new SecurityValidationResult(false, "The supplied JWT is missing customer id claim.")); } if (_jwtRequestInfo != null) { int parsedCustomerId; int.TryParse(customerId, out parsedCustomerId); if (parsedCustomerId > 0) { _jwtRequestInfo.JwtInfo.CustomerId = parsedCustomerId; } else { return(new SecurityValidationResult(false, "The supplied JWT internal id claim has an invalid value.")); } } return(new SecurityValidationResult(true, string.Empty)); } catch (Exception exception) { // Logging if (_logger.IsErrorEnabled) { _logger.Error("Failed to decode JWT", exception); } return(new SecurityValidationResult(false, "Failed to decode JWT.")); } }
public string CreateToken(IEnumerable <Claim> claims) { var tokenHandler = new JwtSecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), Expires = DateTime.UtcNow.AddMinutes(_jwtSettings.JwtTokenSettings.Expires), SigningCredentials = JwtSecurity.GetPrivateSigningCredential(_jwtSettings), Audience = _jwtSettings.JwtTokenSettings.ValidateAudience ? _jwtSettings.JwtTokenSettings.ValidAudience : null, Issuer = _jwtSettings.JwtTokenSettings.ValidateIssuer ? _jwtSettings.JwtTokenSettings.ValidIssuer : null, }; var token = tokenHandler.CreateToken(tokenDescriptor); return(tokenHandler.WriteToken(token)); }
public async Task <IActionResult> Authenticate([FromBody] LoginRequest request) { try { if (request != null) { var user = await UserHandler.Authenticate(request); if (user == null) { Logger.LogInformation("User authentication failed: " + request.Email); return(Unauthorized()); } if (!user.IsSystemAccount) { Logger.LogInformation("User is not a system account: " + request.Email); return(Unauthorized()); } Logger.LogInformation("User authenticated"); var jwt = JwtSecurity.GenerateToken(user.UserId, user.Email); var loginResponse = new { User = user, CSToken = jwt }; var response = JsonConvert.SerializeObject(loginResponse, new JsonSerializerSettings { Formatting = Formatting.None }); return(Ok(loginResponse)); } return(StatusCode(408, new ErrorResponse() { Message = "Bad Login Request" })); } catch (Exception ex) { Logger.LogError(ex.ToString()); return(StatusCode(505, ex.Message)); } }
public async Task <IActionResult> Token(string username, string password) { if (string.IsNullOrWhiteSpace(username) || string.IsNullOrEmpty(password)) { return(Fail("Недопустимый логин или пароль.")); } var identity = await _accountService.GetIdentityAsync(username, password); if (identity == null) { return(Fail("Неверный логин или пароль.")); } var jwt = JwtSecurity.CreateToken(identity.Claims); var accessToken = new JwtSecurityTokenHandler().WriteToken(jwt); return(Success(new { accessToken, username })); }
public static void JwtConfiguration(this IServiceCollection services, IConfiguration configuration) { var tokenSection = configuration.GetSection("JwtSettings"); var tokenSettings = tokenSection.Get <JwtSettings>(); services.Configure <JwtSettings>(tokenSection); services.AddScoped <IJwtTokenProvider, JwtTokenProvider>(); services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(x => { x.Events = new JwtBearerEvents { //It is the first event that meets and accepts all requests from the Client, whether token or not. OnMessageReceived = context => { return(Task.CompletedTask); }, //If the token sent with the request is valid, it is triggered and verification procedures are performed OnTokenValidated = context => { return(Task.CompletedTask); }, //The token that came with the request is invalid, worn or corrupted OnAuthenticationFailed = context => { return(Task.CompletedTask); }, OnChallenge = context => { return(Task.CompletedTask); } }; x.RequireHttpsMetadata = false; x.SaveToken = true; x.TokenValidationParameters = TokenValidation.TokenParameter(tokenSettings, JwtSecurity.GetPublicSigningCredential(tokenSettings)); }); }
public async Task <IActionResult> RefreshToken([FromRoute] Guid userId, [FromHeader] string authorization, [FromBody] Device deviceInfo) { try { //Null checks if (authorization == null) { return(StatusCode(500, new ErrorResponse() { Message = "Authorization token is missing from header" })); } if (deviceInfo.RefreshToken == null) { return(StatusCode(500, new ErrorResponse() { Message = "Refresh Token is missing from Json body" })); } //Token verification var updatedAuthorization = authorization.Replace("Bearer ", ""); var verifyToken = UserHandler.ReadToken(updatedAuthorization, userId); if (!verifyToken) { return(StatusCode(500, new ErrorResponse() { Message = "UserId does not match Authorized User associated with provided Auth Token" })); } var userInfo = await UserHandler.GetUserById(userId); if (userInfo != null) { var authUser = userInfo; var verifyRefreshToken = UserHandler.ReadToken(deviceInfo.RefreshToken, userId); if (verifyRefreshToken) { var jwt = JwtSecurity.GenerateToken(authUser.UserId, authUser.Email); var jwtRefresh = JwtSecurity.GenerateRefreshToken(authUser.UserId, authUser.Email); var loginResponse = new { User = authUser, CSToken = jwt, RefreshToken = jwtRefresh }; var response = JsonConvert.SerializeObject(loginResponse, new JsonSerializerSettings { Formatting = Formatting.None }); return(Ok(loginResponse)); } return(StatusCode(500, new ErrorResponse() { Message = "Device Refresh token is invalid" })); } Logger.LogInformation("Unable to retrieve user information with the UserId provided"); return(StatusCode(401, new ErrorResponse() { Message = "Unable to retrieve user information with the UserId provided" })); } catch (Exception ex) { Logger.LogError(ex.ToString()); return(StatusCode(505, ex.Message)); } }
public bool ValidateToken(string token) { var tokenHandler = new JwtSecurityTokenHandler(); var tokenValidationParameters = TokenValidation.TokenParameter(_jwtSettings, JwtSecurity.GetPublicSigningCredential(_jwtSettings)); try { tokenHandler.ValidateToken(token.Replace($"{_jwtSettings.TokenType} ", ""), tokenValidationParameters, out SecurityToken securityToken); return(true); } catch { return(false); } }
public async Task <IActionResult> IssueToken([FromBody] BearerTokenRequest model) { if (!Debugger.IsAttached) { return(NotImplemented()); } #if DEBUG var superUser = _securityOptions.Value.SuperUser; if (!superUser.Enabled) { return(NotFound()); } if (!ValidModelState(out var error)) { return(error); } bool isSuperUser; switch (model.IdentityType) { case IdentityType.Username: isSuperUser = superUser.Username == model.Identity; if (!isSuperUser) { return(NotFound()); } break; case IdentityType.Email: isSuperUser = superUser.Email == model.Identity; if (!isSuperUser) { return(NotFound()); } break; case IdentityType.PhoneNumber: isSuperUser = superUser.PhoneNumber == model.Identity; if (!isSuperUser) { return(NotFound()); } break; default: throw new ArgumentOutOfRangeException(); } var encoding = Encoding.UTF8; if (Crypto.ConstantTimeEquals(encoding.GetBytes(model.Password), encoding.GetBytes(_securityOptions.Value.SuperUser.Password))) { Debug.Assert(nameof(IUserIdProvider.Id) == nameof(IObject.Id)); var claims = new List <Claim> { new Claim(ClaimTypes.Role, nameof(SecurityOptions.SuperUser)) }; var provider = new { Id = "87BA0A16-7253-4A6F-A8D4-82DFA1F723C1" }.ActLike <IUserIdProvider>(); var token = JwtSecurity.CreateToken(provider, claims, _securityOptions.Value, _apiOptions.Value); return(Ok(new { AccessToken = token })); } return(Unauthorized()); #endif return(NotImplemented()); }
public SegurancaController(JwtSecurity jwt) { _jwt = jwt; }