public async Task Invoke(HttpContext context, WePartyDBContext dbContext) { var token = context.Request.Headers["Authorization"].FirstOrDefault()?.Split(" ").Last(); if (token != null) { attachUserToContext(context, token, dbContext); } await _next(context); }
public AuthorizationController( WePartyDBContext context, UserManager <ApplicationUser> userManager, SignInManager <ApplicationUser> signInManager, IUserService userService ) { _context = context; _userManager = userManager; _signInManager = signInManager; _userService = userService; }
private void attachUserToContext(HttpContext context, string token, WePartyDBContext dbContext) { try { var key = Encoding.ASCII.GetBytes("b6)Xad<#W!bW3Vdg"); var validationParameters = new TokenValidationParameters() { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false }; var tokenHandler = new JwtSecurityTokenHandler(); SecurityToken validatedToken = null; try { tokenHandler.ValidateToken(token, validationParameters, out validatedToken); } catch (SecurityTokenException ex) { throw ex; } catch (Exception e) { throw; } var jwtToken = (JwtSecurityToken)validatedToken; var userId = jwtToken.Claims.First(x => x.Type == "id").Value; // attach user to context on successful jwt validation var user = dbContext.Users.FirstOrDefault(user => user.Id == userId); context.Items["User"] = user; } catch { // do nothing if jwt validation fails // user is not attached to context so request won't have access to secure routes } }
public UserController(WePartyDBContext context) { _context = context; }
public ApplicationController(WePartyDBContext context) { _context = context; }
public UserService(WePartyDBContext context) { _context = context; }
public FriendshipController(WePartyDBContext context) { _context = context; }