private string createToken(string username)
{
DateTime issuedAt = DateTime.UtcNow;
DateTime expires = DateTime.UtcNow.AddDays(7);
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, username)
});
string dbHash = SecurityProtocol.FetchJwtProtocolKey();
DateTime now = DateTime.UtcNow;
SymmetricSecurityKey securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(dbHash));
SigningCredentials signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
JwtSecurityToken token = (JwtSecurityToken)tokenHandler.CreateJwtSecurityToken(
issuer: "Yanal",
audience: "Yanal",
subject: claimsIdentity,
notBefore: issuedAt,
expires: expires,
signingCredentials: signingCredentials
);
string tokenString = tokenHandler.WriteToken(token);
return(tokenString);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
try
{
if (actionContext.Request.Headers.Authorization.Parameter == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string token = "";
TryRetrieveToken(actionContext.Request, out token);
try
{
//when generate jwt
string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(token));
string[] usernameAndPassword = decodedToken.Split(':');
string username = usernameAndPassword[0];
string password = usernameAndPassword[1];
// user pass check
TblUserPass patient = new UserPassService().SelectUserPassByUsernameAndPassword(username, password);
if (patient.id != -1)
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null);
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
catch
{
//when check Jwt
try
{
string sec = SecurityProtocol.FetchJwtProtocolKey();//88 string length
DateTime now = DateTime.UtcNow;
SymmetricSecurityKey securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(sec));
SecurityToken securityToken;
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
ValidAudience = "Yanal",
ValidIssuer = "Yanal",
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
LifetimeValidator = LifetimeValidator,
IssuerSigningKey = securityKey
};
Thread.CurrentPrincipal = handler.ValidateToken(token, validationParameters, out securityToken);
HttpContext.Current.User = handler.ValidateToken(token, validationParameters, out securityToken);
}
catch
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
}
catch
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
