public async Task Auth_Should_Return_JsonResult_With_TokenResponseViewModel_If_Grant_Type_Is_refresh_token() { this.tokenServiceMock = new Mock <ITokenService>(); this.tokenServiceMock.Setup(m => m.ReplaceUserRefreshToken(It.IsAny <string>(), It.IsAny <string>())) .Returns(Task.FromResult(new Token() { UserId = "user-id", Value = "token-value" })); this.Arrange_Configuration(); this.configurationMock = new Mock <IConfiguration>(); this.tokenController = new TokenController(this.tokenServiceMock.Object, this.configuration); var model = this.CreateTokenRequestModelWithPasswordGrantType(); model.grant_type = "refresh_token"; IActionResult actionResult = await this.tokenController.Auth(model); this.Annihilate(); var jsonResult = actionResult.Should().BeOfType <JsonResult>(); JsonResult result = actionResult as JsonResult; TokenResponseViewModel tokenResponse = result.Value as TokenResponseViewModel; Assert.NotNull(tokenResponse); }
private async Task ExternalLoginCallback_OnUserNotExistingAndCouldCreateNewUser_ReturnsViewResultWithObject() { _userServiceMock.Setup(mock => mock.FindUserByEmail(It.IsAny <string>())).ReturnsAsync((AppUser)null); _userServiceMock.Setup(mock => mock.CreateUserAsync(It.IsAny <UserRegisterViewModel>())).ReturnsAsync(true); UserRegisterViewModel model = new UserRegisterViewModel() { Email = _properEmail }; _userServiceMock.Setup(mock => mock.GetRegisterModel(It.IsAny <ExternalLoginInfo>())).Returns(model); IActionResult result = await _controller.ExternalLoginCallback(null); ViewResult resultObject = result as ViewResult; TokenResponseViewModel resultData = resultObject.ViewData.Model as TokenResponseViewModel; Assert.NotNull(result); Assert.IsType <ViewResult>(result); Assert.Equal("foo1", resultData.DisplayName); Assert.Equal("foo2", resultData.Email); Assert.Equal("foo3", resultData.RefreshToken); Assert.Equal("foo4", resultData.Role); Assert.Equal("foo5", resultData.Token); Assert.Equal("foo6", resultData.User); }
private async Task <IActionResult> GetToken(TokenRequestViewModel viewModel) { var user = await _userAndRoleRepository.GetUserByNameAsync(viewModel.Username); if (user == null && viewModel.Username.Contains("@")) { user = await _userAndRoleRepository.GetUserByEmailAsync(viewModel.Username); } if (user == null || !await _userAndRoleRepository.CheckPasswordAsync(user, viewModel.Password)) { return(new UnauthorizedResult()); } var token = _tokenService.GenerateRefreshToken(viewModel.ClientId, user.Id); await _tokenRepository.AddRefreshToken(token); var accessTokenData = _tokenService.CreateAccessToken(user.Id); var response = new TokenResponseViewModel { Token = accessTokenData.EncodedToken, Expiration = accessTokenData.ExporationTimeInMinutes, RefreshToken = token.Value }; return(Json(response)); }
private async Task <IActionResult> RefreshToken(TokenRequestViewModel viewModel) { var refreshToken = await _tokenRepository.CheckRefreshTokenForClient(viewModel.ClientId, viewModel.RefreshToken); if (refreshToken == null) { return(new UnauthorizedResult()); } var user = await _userAndRoleRepository.GetUserById(refreshToken.UserId); if (user == null) { return(new UnauthorizedResult()); } var newRefreshToken = _tokenService.GenerateRefreshToken(refreshToken.ClientId, refreshToken.UserId); await _tokenRepository.RemoveRefreshToken(refreshToken); await _tokenRepository.AddRefreshToken(newRefreshToken); var tokenData = _tokenService.CreateAccessToken(newRefreshToken.UserId); var response = new TokenResponseViewModel { Expiration = tokenData.ExporationTimeInMinutes, RefreshToken = newRefreshToken.Value, Token = tokenData.EncodedToken }; return(Json(response)); }
public async Task <ActionResult <TokenResponseViewModel> > Post([FromBody] LogonViewModel credentials) { if (!ModelState.IsValid) { return(BadRequest(AuthenticationErrorViewModel.Init(ModelState))); } // user name used at logon is "email" var identity = await GetClaimsIdentity(credentials.UserName, credentials.Password); if (identity == null) { return(BadRequest(AuthenticationErrorViewModel.Init(Errors.AddErrorToModelState("login_failure", "User not known.", ModelState)))); } var user = new UserViewModel { UserName = identity.Name, Id = identity.Claims.Single(c => c.Type == "id").Value }; // log user immediately in var result = await _signin.CheckPasswordSignInAsync(user, credentials.Password, true); if (!result.Succeeded) { return(BadRequest(AuthenticationErrorViewModel.Init(Errors.AddErrorToModelState("login_failure", "Invalid username or password.", ModelState)))); } // Serialize and return the response var response = new TokenResponseViewModel { Id = identity.Claims.Single(c => c.Type == "id").Value, AuthToken = await _jwtFactory.GenerateEncodedToken(credentials.UserName, identity), ExpiresIn = (int)_jwtOptions.ValidFor.TotalSeconds }; return(response); }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { // check if there's an user with the given username var user = await _signInManager.UserManager.FindByNameAsync(model.username); // fallback to support e-mail address instead of username if (user == null && model.username.Contains("@")) { user = await _signInManager.UserManager.FindByEmailAsync(model.username); } if (user == null || !await _signInManager.UserManager.CheckPasswordAsync(user, model.password)) { return(new UnauthorizedResult()); } // username & password matches: create and return the DateTime now = DateTime.UtcNow; // add the registered claims for JWT (RFC7519). // For more info, see https://tools.ietf.org/html/rfc7519#section-4.1 var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, user.Id), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString()) }; var tokenExpirationMins = _configuration.GetValue <int>("Auth:Jwt:TokenExpirationInMinutes"); var issuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(_configuration["Auth:Jwt:Key"])); var token = new JwtSecurityToken( issuer: _configuration["Auth:Jwt:Issuer"], audience: _configuration["Auth:Jwt:Audience"], claims: claims, notBefore: now, expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)), signingCredentials: new SigningCredentials(issuerSigningKey, SecurityAlgorithms.HmacSha256) ); var encodedToken = new JwtSecurityTokenHandler().WriteToken(token); // build & return the response var response = new TokenResponseViewModel() { token = encodedToken, expiration = tokenExpirationMins }; return(Json(response)); } catch (Exception e) { return(new UnauthorizedResult()); } }
public TokenControllerTests() { Thread.CurrentPrincipal = new TestPrincipalWrapper(new Claim(ClaimTypes.Email, _properEmail)); _externalLoginInfoInstance = new ExternalLoginInfo((ClaimsPrincipal)Thread.CurrentPrincipal, "Facebook", "providers_key", "some_display_name"); _returnedResponseTokenModel = new TokenResponseViewModel() { DisplayName = "foo1", Email = "foo2", RefreshToken = "foo3", Role = "foo4", Token = "foo5", User = "******" }; _properRevokeTokenModel = new RevokeTokenRequestViewModel() { UserName = _properName, Token = _properToken, RefreshToken = _properToken }; _properRefreshTokenModel = new RefreshTokenRequestViewModel() { Email = _properEmail, RefreshToken = _properToken }; _properTokenRequestModel = new TokenRequestViewModel() { Email = _properEmail, Password = _properPassword, }; _properUser = new AppUser() { Email = _properEmail }; DefaultHttpContext httpContext = new DefaultHttpContext(); TempDataDictionary tempData = new TempDataDictionary(httpContext, Mock.Of <ITempDataProvider>()) { { "requestIp", "127.0.0.1" } }; _tokenServiceMock = new Mock <ITokenService>(); _userServiceMock = new Mock <IUserService>(); _userServiceMock.Setup(mock => mock.GetIpAddress(It.IsAny <DefaultHttpContext>())).Returns("127.0.0.1"); _userServiceMock.Setup(mock => mock.FindUserByEmail(_properEmail)).ReturnsAsync(_properUser); _userServiceMock.Setup(mock => mock.FindUserByEmail(_wrongEmail)).ReturnsAsync((AppUser)null); _userServiceMock.Setup(mock => mock.VerifyUsersPassword(It.IsAny <AppUser>(), It.IsAny <string>())).ReturnsAsync(true); _userServiceMock.Setup(mock => mock.GetUserRoleAsync(It.IsAny <AppUser>())).ReturnsAsync("User"); _userServiceMock.Setup(mock => mock.GetExternalLogin()).ReturnsAsync(_externalLoginInfoInstance); _userServiceMock.Setup(mock => mock.CreateUserAsync(It.IsAny <UserRegisterViewModel>())).ReturnsAsync(true); _tokenServiceMock.Setup(mock => mock.GenerateTokenResponse(It.IsAny <AppUser>(), It.IsAny <string>(), It.IsAny <string>())).Returns(_returnedResponseTokenModel); _tokenServiceMock.Setup(mock => mock.VerifyRefreshToken(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>())).Returns(true); _tokenServiceMock.Setup(mock => mock.RevokeTokens(_properRevokeTokenModel)).Returns(true); _controller = new TokenController(_tokenServiceMock.Object, _userServiceMock.Object) { TempData = tempData }; }
private async Task <TokenResponseViewModel> GenerateJWT(string email) { var user = await _userManager.FindByEmailAsync(email); var claims = await _userManager.GetClaimsAsync(user); var userRoles = await _userManager.GetRolesAsync(user); //Adicionamos a coleção de Claims do Usuario, que nos informa o que ele tem permissão depois que ele já está autorizado a entrar no sistema. claims.Add(new Claim(JwtRegisteredClaimNames.Sub, user.Id)); claims.Add(new Claim(JwtRegisteredClaimNames.UniqueName, user.Email)); claims.Add(new Claim(JwtRegisteredClaimNames.Email, user.Email)); claims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())); claims.Add(new Claim(JwtRegisteredClaimNames.Nbf, ToUnixEpochDate(DateTime.UtcNow).ToString())); claims.Add(new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(DateTime.UtcNow).ToString(), ClaimValueTypes.Integer64)); foreach (var role in userRoles) { claims.Add(new Claim(ClaimTypes.Role, role)); } var identityClaims = new ClaimsIdentity(); identityClaims.AddClaims(claims); var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = identityClaims, Issuer = _appSettings.Emitter, Audience = _appSettings.ValidIn, Expires = DateTime.UtcNow.AddHours(_appSettings.ExpirationHours), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var encodedToken = tokenHandler.WriteToken(tokenHandler.CreateToken(tokenDescriptor)); var response = new TokenResponseViewModel { AccessToken = encodedToken, ExpiresIn = TimeSpan.FromHours(_appSettings.ExpirationHours).TotalSeconds, UserToken = new UserTokenViewModel { Claims = claims.Select(c => new ClaimViewModel { Type = c.Type, Value = c.Value }), Email = user.Email, Id = user.Id, UniqueName = user.Email } }; return(response); }
private async Task <IActionResult> RefreshToken(TokenRequestViewModel viewModel) { try { var refreshTokenResult = await _queryDispatcher.DispatchAsync <GetTokenQuery, GetTokenQueryResult>(new GetTokenQuery { ClientId = viewModel.ClientId, RefreshToken = viewModel.RefreshToken }); if (refreshTokenResult.Token == null) { return(new UnauthorizedResult()); } var userResult = await _queryDispatcher.DispatchAsync <GetUserByIdQuery, GetUserQueryResult>(new GetUserByIdQuery { UserId = refreshTokenResult.Token.UserId }); if (userResult.User == null) { return(new UnauthorizedResult()); } var newRefreshToken = _tokenService.GenerateRefreshToken(refreshTokenResult.Token.ClientId, refreshTokenResult.Token.UserId); await _commandDispatcher.DispatchAsync <RemoveTokenCommand>(new RemoveTokenCommand { Id = refreshTokenResult.Token.Id }); await _commandDispatcher.DispatchAsync <AddTokenCommand>(new AddTokenCommand { Token = refreshTokenResult.Token }); var tokenData = _tokenService.CreateAccessToken(newRefreshToken.UserId); var response = new TokenResponseViewModel { Expiration = tokenData.ExporationTimeInMinutes, RefreshToken = newRefreshToken.Value, Token = tokenData.EncodedToken }; return(Json(response)); } catch (Exception) { return(new UnauthorizedResult()); } }
public static async Task <TokenResponseViewModel> GenerateJwt(ClaimsIdentity identity, IJwtFactory jwtFactory, string userName, JwtIssuerOptions jwtOptions, JsonSerializerSettings serializerSettings) { var response = new TokenResponseViewModel { id = identity.Claims.Single(c => c.Type == "id").Value, auth_token = await jwtFactory.GenerateEncodedToken(userName, identity), expires_in = (int)jwtOptions.ValidFor.TotalSeconds }; //return JsonConvert.SerializeObject(response, serializerSettings); return(response); }
private async Task <ActionResult <TokenResponseViewModel> > GetToken(TokenRequestViewModel model) { try { var user = await userManager.FindByNameAsync(model.UserName); if (user == null && model.UserName.Contains("@")) { user = await userManager.FindByEmailAsync(model.UserName); } if (user == null || !await userManager.CheckPasswordAsync(user, model.Password)) { return(new UnauthorizedResult()); } var roles = await userManager.GetRolesAsync(user); var now = DateTime.UtcNow; var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, user.Id), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString()) }; var tokenExpirationMins = config.GetValue <int>("Auth:Jwt:TokenExpirationInMinutes"); var issuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["Auth:Jwt:Key"])); var token = new JwtSecurityToken( issuer: config["Auth:Jwt:Issuer"], audience: config["Auth:Jwt:Audience"], claims: claims, notBefore: now, expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)), signingCredentials: new SigningCredentials(issuerSigningKey, SecurityAlgorithms.HmacSha256) ); var encodedToken = new JwtSecurityTokenHandler().WriteToken(token); var response = new TokenResponseViewModel { Token = encodedToken, Expiration = tokenExpirationMins, UserName = user.UserName, FullName = $"{user.FirstName} {user.LastName}", Roles = roles.ToArray <string>() }; return(response); } catch (Exception ex) { return(new UnauthorizedResult()); } }
private async Task <IActionResult> GetToken(TokenRequestViewModel viewModel) { try { var userResult = await _queryDispatcher.DispatchAsync <GetUserByNameQuery, GetUserQueryResult>(new GetUserByNameQuery { UserName = viewModel.Username }); if (userResult.User == null && viewModel.Username.Contains("@")) { userResult = await _queryDispatcher.DispatchAsync <GetUserByEmailQuery, GetUserQueryResult>(new GetUserByEmailQuery { Email = viewModel.Username }); } var checkUserPasswordResult = await _queryDispatcher.DispatchAsync <CheckUserPasswordQuery, CheckUserPasswordQueryResult>(new CheckUserPasswordQuery { User = userResult.User, Password = viewModel.Password }); if (userResult.User == null || !checkUserPasswordResult.IsCorrect) { return(new UnauthorizedResult()); } var token = _tokenService.GenerateRefreshToken(viewModel.ClientId, userResult.User.Id); await _commandDispatcher.DispatchAsync <AddTokenCommand>(new AddTokenCommand { Token = token }); var accessTokenData = _tokenService.CreateAccessToken(userResult.User.Id); var response = new TokenResponseViewModel { Token = accessTokenData.EncodedToken, Expiration = accessTokenData.ExporationTimeInMinutes, RefreshToken = token.Value }; return(Json(response)); } catch (Exception) { return(new UnauthorizedResult()); } }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { var user = await _userManager.FindByNameAsync(model.username); if (user == null && model.username.Contains("@")) { user = await _userManager.FindByEmailAsync(model.username); } if (user == null || !await _userManager.CheckPasswordAsync(user, model.password)) { return(Unauthorized(new UnauthorizedError())); } DateTime now = DateTime.Now; var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, user.Id), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now) .ToUnixTimeSeconds().ToString()) }; var tokenExpirationMins = _configuration.GetValue <int>("Auth:Jwt:TokenExpirationInMinutes"); var issuerSigningKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(_configuration["Auth:Jwt:Key"]) ); var token = new JwtSecurityToken( issuer: _configuration["Auth:Jwt:Issuer"], audience: _configuration["Auth:Jwt:Audience"], claims: claims, notBefore: now, expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)), signingCredentials: new SigningCredentials(issuerSigningKey, SecurityAlgorithms.HmacSha256)); var encodedToken = new JwtSecurityTokenHandler().WriteToken(token); var response = new TokenResponseViewModel() { token = encodedToken, expiration = tokenExpirationMins }; return(Json(response)); } catch (Exception ex) { return(Unauthorized(new UnauthorizedError())); } }
private async Task ExternalLoginCallback_OnNoRemoteErrorAndInfoReceivedAndUserExisting_ReturnsViewResultWithObject() { IActionResult result = await _controller.ExternalLoginCallback(null); ViewResult resultObject = result as ViewResult; TokenResponseViewModel resultData = resultObject.ViewData.Model as TokenResponseViewModel; Assert.NotNull(result); Assert.IsType <ViewResult>(result); Assert.Equal("foo1", resultData.DisplayName); Assert.Equal("foo2", resultData.Email); Assert.Equal("foo3", resultData.RefreshToken); Assert.Equal("foo4", resultData.Role); Assert.Equal("foo5", resultData.Token); Assert.Equal("foo6", resultData.User); }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { Token refreshToken = await this.tokenService.CreateUserRefreshToken(model.username, model.password, model.client_id); CurrentlyLoggedInUsersSingleton.AddNewEntry(model.username, refreshToken.UserId); TokenResponseViewModel tokenResponse = this.CreateAccessToken(refreshToken.UserId, refreshToken.Value, model.username); return(Json(tokenResponse)); } catch (VideoChatWebAppMainException e) when(e is UserNotFoundException || e is UserPasswordMissmatchException) { return(new UnauthorizedResult()); } }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { //check if there's an user with the givem username var user = await UserManager.FindByNameAsync(model.username); if (user == null && model.username.Contains("@")) { user = await UserManager.FindByEmailAsync(model.username); } //check for authorization if (user == null || !await UserManager.CheckPasswordAsync(user, model.password)) { return(new UnauthorizedResult()); } DateTime now = DateTime.UtcNow; var claims = new List <Claim> { new Claim(JwtRegisteredClaimNames.Sub, user.Id), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString()) }; var roles = await UserManager.GetRolesAsync(user); claims.AddRange(roles.Select(role => new Claim(ClaimsIdentity.DefaultRoleClaimType, role))); var tokenExpirationMins = Configuration.GetValue <int>("Customer:Jwt:TokenExpirationInMinutes"); var issuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Customer:Jwt:Key"])); var token = new JwtSecurityToken(issuer: Configuration["Customer:Jwt:Issuer"], audience: Configuration["Customer:Jwt:Audience"], claims: claims, notBefore: now, expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)), signingCredentials: new SigningCredentials(issuerSigningKey, SecurityAlgorithms.HmacSha256)); var encodedToken = new JwtSecurityTokenHandler().WriteToken(token); var response = new TokenResponseViewModel() { token = encodedToken, expiration = tokenExpirationMins }; return(Json(response)); } catch (Exception) { return(new UnauthorizedResult()); } }
public async Task <IActionResult> SignIn(Credentials credentials) { string jwtString; try { jwtString = await this.authService.GetJwt(credentials.Login, credentials.Password); } catch (UserNotFoundException) { return(BadRequest("Invalid login or password.")); } var tokenViewModel = new TokenResponseViewModel() { login = credentials.Login, access_token = jwtString }; return(Ok(tokenViewModel)); }
private TokenResponseViewModel CreateAccessToken(string userId, string refreshToken) { DateTime now = DateTime.UtcNow; // add the registered claims for JWT (RFC7519) // for more info, see: https://tools.ietf.org/html/rfc7519#section-4.1 var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, userId), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString()), // TODO: add additional claims here }; var tokenExpirationMins = Configuration.GetValue <int>("Auth:Jwt:TokenExpirationInMinutes"); var issuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Auth:Jwt:Key"])); var token = new JwtSecurityToken( issuer: Configuration["Auth:Jwt:Issuer"], audience: Configuration["Auth:Jwt:Audience"], claims: claims, notBefore: now, expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)), signingCredentials: new SigningCredentials(issuerSigningKey, SecurityAlgorithms.HmacSha256) ); var encodedToken = new JwtSecurityTokenHandler().WriteToken(token); // build and return the response var response = new TokenResponseViewModel() { token = encodedToken, expiration = tokenExpirationMins, refresh_token = refreshToken }; return(response); }
public static void StoreToken(TokenResponseViewModel token) { var session = HttpContext.Current.Session; session["Token"] = token; }
public async Task <ActionResult> Login(LoginViewModel model) { if (ModelState.IsValid) { const String URI_ADDRESS = "api/Accounts/Login"; try { var client = GlobalWebApiClient.GetClient(); var content = new FormUrlEncodedContent(new[] { new KeyValuePair <string, string>("grant_type", "password"), new KeyValuePair <string, string>("email", model.Email), new KeyValuePair <string, string>("password", model.Password) }); var response = await client.PostAsync(URI_ADDRESS, content); if (response.IsSuccessStatusCode) { var tokenResponse = await response.Content.ReadAsStringAsync(); var vmTokenResponse = new TokenResponseViewModel { AccessToken = tokenResponse }; GlobalWebApiClient.StoreToken(vmTokenResponse); if (vmTokenResponse != null) { Session["Email"] = vmTokenResponse.Username.ToString(); var clientUser = GlobalWebApiClient.GetClient(); var resultLoggedUser = clientUser.GetAsync("api/Accounts/LoggedUser").Result; var resultLoggedEmail = clientUser.GetAsync(@"api/profiles/profile/" + Session["Email"].ToString().EncodeBase64()).Result; if (!resultLoggedEmail.IsSuccessStatusCode) { if (resultLoggedUser.IsSuccessStatusCode) { if (resultLoggedUser != null) { var vmUser = await resultLoggedUser.Content.ReadAsAsync <ProfileViewModel>(); Session["UserId"] = vmUser.ProfileVmId; return(RedirectToAction("Index", "Home")); } } } else { var vmUser = await resultLoggedEmail.Content.ReadAsAsync <ProfileViewModel>(); Session["UserId"] = vmUser.ProfileVmId; return(RedirectToAction("Index", "Home")); } } return(View(model)); } return(View(model)); } catch (Exception ex) { var result = ex.Message; } } return(View(model)); }
private async Task <IActionResult> GetToken(TokenRequestViewModel model) { try { // check if there's an user with the given username var user = await _usermanager.FindByNameAsync(model.username); // fallback to support e-mail address instead of username if (user == null && model.username.Contains("@")) { user = await _usermanager.FindByEmailAsync(model.username); } if (user == null || !await _usermanager.CheckPasswordAsync(user, model.password)) { // user does not exists or password mismatch return(new UnauthorizedResult()); } // username & password matches: create and return the Jwt token. DateTime now = DateTime.UtcNow; // add the registered claims for JWT (RFC7519). // For more info, see https://tools.ietf.org/html/rfc7519#section-4.1 var claims = new List <Claim>() { new Claim(JwtRegisteredClaimNames.Sub, user.Id.ToString()), new Claim(JwtRegisteredClaimNames.NameId, user.Id.ToString()), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), new Claim(JwtRegisteredClaimNames.Iat, new DateTimeOffset(now).ToUnixTimeSeconds().ToString()) // TODO: add additional claims here }; // build claims user roles var userClaims = await _usermanager.GetClaimsAsync(user); var userRoles = await _usermanager.GetRolesAsync(user); if (userClaims != null) { claims.AddRange(userClaims); } foreach (var userRole in userRoles) { claims.Add(new Claim(ClaimTypes.Role, userRole)); var role = await _rolemanager.FindByNameAsync(userRole); if (role != null) { var roleClaims = await _rolemanager.GetClaimsAsync(role); foreach (Claim roleClaim in roleClaims) { claims.Add(roleClaim); } } } var tokenExpirationMins = (int)TokenExpiration.TotalMinutes; // Configuration.GetValue<int>("Auth:Jwt:TokenExpirationInMinutes"); //var issuerSigningKey = new SymmetricSecurityKey( //Encoding.UTF8.GetBytes(Configuration["Auth:Jwt:Key"])); var issuerSigningKey = SecurityKey; var token = new JwtSecurityToken( issuer: Issuer, // Configuration["Auth:Jwt:Issuer"], //audience: Configuration["Auth:Jwt:Audience"], claims: claims, notBefore: now, expires: now.Add(TimeSpan.FromMinutes(tokenExpirationMins)), signingCredentials: new SigningCredentials( issuerSigningKey, SecurityAlgorithms.HmacSha256) ); var encodedToken = new JwtSecurityTokenHandler().WriteToken(token); // build & return the response var response = new TokenResponseViewModel() { token = encodedToken, expiration = tokenExpirationMins }; return(Json(response)); } catch (Exception ex) { return(new UnauthorizedResult()); } }
public TokenResponseViewModel GenerateTokenResponse(AuthenticationTicket ticket) { #region Generate JWT Token var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.Default.GetBytes(JWT.SECRET_KEY); var issuer = JWT.ISSUER; var audience = JWT.AUDIENCE; var identity = ticket.Principal.Identity as ClaimsIdentity; identity.AddClaim(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())); identity.AddClaim(new Claim(JwtRegisteredClaimNames.Sub, ticket.Principal.Identity.Name)); var tokenDescriptor = new SecurityTokenDescriptor { Issuer = issuer, Audience = audience, Subject = identity, IssuedAt = ticket.Properties.IssuedUtc?.UtcDateTime, Expires = ticket.Properties.ExpiresUtc?.UtcDateTime, SigningCredentials = new SigningCredentials( new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature), NotBefore = ticket.Properties.IssuedUtc?.UtcDateTime }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); #endregion var resp = new TokenResponseViewModel(); resp.access_token = tokenString; resp.token_type = "bearer"; if (ticket.Properties.ExpiresUtc != null) { resp.expires_utc = ticket.Properties.ExpiresUtc?.ToString("yyyy-MM-ddTHH:mm:ssZ"); } if (ticket.Properties.IssuedUtc != null) { resp.issued_utc = ticket.Properties.IssuedUtc?.ToString("yyyy-MM-ddTHH:mm:ssZ"); } #region Refresh Token key = Encoding.Default.GetBytes(JWT.REFRESH_SECRET_KEY); issuer = JWT.REFRESH_ISSUER; audience = JWT.REFRESH_AUDIENCE; var id = identity.Name; var refreshIdentity = new ClaimsIdentity( identity.Claims.Where(c => c.Type == identity.NameClaimType), identity.AuthenticationType); var refresh_expires = ticket.Properties.IssuedUtc?.UtcDateTime .AddDays(App.Instance.TokenValidHours * 2); tokenDescriptor = new SecurityTokenDescriptor { Issuer = issuer, Audience = audience, Subject = refreshIdentity, IssuedAt = ticket.Properties.IssuedUtc?.UtcDateTime, Expires = refresh_expires, SigningCredentials = new SigningCredentials( new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature), NotBefore = ticket.Properties.IssuedUtc?.UtcDateTime }; token = tokenHandler.CreateToken(tokenDescriptor); tokenString = tokenHandler.WriteToken(token); resp.refresh_token = tokenString; #endregion resp.employee_code = identity.FindFirst(AppClaimTypes.EmployeeCode).Value; resp.username = identity.FindFirst(AppClaimTypes.Username).Value; resp.role = identity.FindFirst(AppClaimTypes.Role)?.Value; resp.user_id = identity.Name; return(resp); }