public BreachPrincipal ReadToken(string token, string expectedIssuer, string expectedAudience) { token = ClearCommas(token); var tokenHandler = new JwtSecurityTokenHandler(); var validationOptions = new TokenValidationParameters { IssuerSigningKey = new SymmetricSecurityKey(_jwtTokenSecret), ValidateLifetime = true, ValidateIssuer = true, ValidateAudience = true, ValidIssuer = expectedIssuer, ValidAudiences = expectedAudience?.Split(new[] { ";" }, StringSplitOptions.RemoveEmptyEntries) ?? new string[0] }; Console.WriteLine("Expected audiences: " + string.Join(", ", validationOptions.ValidAudiences)); Debug.WriteLine("Expected audiences: " + string.Join(", ", validationOptions.ValidAudiences)); try { tokenHandler.ValidateToken(token, validationOptions, out SecurityToken st); if (st == null) { return(null); } } catch (Exception ex) { return(null); } var jwtToken = tokenHandler.ReadJwtToken(token); var claims = jwtToken.Payload.Claims.ToList(); var dobClaim = PopClaimValue(claims, DateOfBirth); var user = new TokenBreachUser { Email = PopClaimValue(claims, Email), Id = PopClaimValue(claims, UserId), Username = PopClaimValue(claims, Username), FirstName = PopClaimValue(claims, FirstName), LastName = PopClaimValue(claims, LastName), PhoneNumber = PopClaimValue(claims, PhoneNumber), PassportNumber = PopClaimValue(claims, PassportNumber), NationalInsuranceNumber = PopClaimValue(claims, NationalInsuranceNumber), DateOfBirth = string.IsNullOrEmpty(dobClaim) ? (DateTime?)null : DateTime.ParseExact(dobClaim, "dd/MM/yyyy", CultureInfo.InvariantCulture), Roles = claims.Where(IsRole).Select(x => x.Value).ToArray() }; var gasIdentity = new BreachIdentity(user, claims); return(new BreachPrincipal(gasIdentity)); }
public string CreateToken(TokenBreachUser user, List <Claim> claims) { var tokenHandler = new JwtSecurityTokenHandler(); user.Roles = claims.Where(x => x.Type == ClaimTypes.Role).Select(x => x.Value).ToArray(); var allClaims = claims.Concat(new[] { new Claim(UserId, user.Id.ToString()), new Claim(Email, user.Email), new Claim(Username, user.Username), new Claim(FirstName, user.FirstName), new Claim(LastName, user.LastName), }).ToList(); if (!string.IsNullOrEmpty(user.PhoneNumber)) { allClaims.Add(new Claim(PhoneNumber, user.PhoneNumber)); } if (!string.IsNullOrEmpty(user.PassportNumber)) { allClaims.Add(new Claim(PassportNumber, user.PassportNumber)); } if (!string.IsNullOrEmpty(user.NationalInsuranceNumber)) { allClaims.Add(new Claim(NationalInsuranceNumber, user.NationalInsuranceNumber)); } if (user.DateOfBirth.HasValue) { allClaims.Add(new Claim(DateOfBirth, user.DateOfBirth.Value.ToString("dd/MM/yyyy"))); } var identity = new BreachIdentity(user, allClaims); var request = _httpContextAccessor.HttpContext.Request; var tokenDescriptor = new SecurityTokenDescriptor { IssuedAt = DateTime.UtcNow, Issuer = request.Scheme + "://" + request.Host.ToString() + "/", Audience = _audience, Subject = identity, Expires = DateTime.UtcNow.AddDays(_jwtExpiryInDays), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(_jwtTokenSecret), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); return(tokenHandler.WriteToken(token)); }
public string CreateToken(TokenBreachUser user, IEnumerable <string> roles) { var claims = roles.Select(x => new Claim(ClaimTypes.Role, x)).ToList(); return(CreateToken(user, claims)); }