public static string GenerarJSONWebToken(string userInfo) { var secretKey = Encoding.UTF8.GetBytes(_config["JWT:SecretKey"]); var audienceToken = _config["JWT:Audience"]; var issuerToken = _config["JWT:Issuer"]; //editor var expireTime = _config["JWT:ExipireMinutes"]; var securityKey = new SymmetricSecurityKey(secretKey); var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); //var token = new JwtSecurityToken(issuerToken, audienceToken, ca { ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, userInfo) }); // create token to the user var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken( audience: audienceToken, issuer: issuerToken, subject: claimsIdentity, notBefore: DateTime.UtcNow, expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)), signingCredentials: credentials); var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken); return(jwtTokenString); }
public ClaimsPrincipal ObtenerClaims(string jwtToken) { IdentityModelEventSource.ShowPII = true; var secretKey = _configuration["JWT:key"]; var audienceToken = _configuration["JWT:Audience_Token"]; var issuerToken = _configuration["JWT:Issuer_Token"]; var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey)); SecurityToken securityToken; var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); TokenValidationParameters validationParameters = new TokenValidationParameters() { ValidAudience = audienceToken, ValidIssuer = issuerToken, ValidateLifetime = true, ValidateIssuerSigningKey = true, LifetimeValidator = this.LifetimeValidator, IssuerSigningKey = securityKey }; var principal = new ClaimsPrincipal(); try { principal = tokenHandler.ValidateToken(jwtToken, validationParameters, out securityToken); } catch (Exception e) { } // Extract and assign Current Principal and user return(principal); }
public User ValidateJwtToken(string token) { var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes("[SECRET USED TO SIGN AND VERIFY JWT TOKENS, IT CAN BE ANY STRING]"); try { tokenHandler.ValidateToken(token, new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false, // set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later) ClockSkew = TimeSpan.Zero }, out SecurityToken validatedToken); var jwtToken = (JwtSecurityToken)validatedToken; return(new User { Id = Convert.ToInt64(jwtToken.Claims.FirstOrDefault(x => x.Type == nameof(User.Id).ToLowerInvariant()).Value), Name = jwtToken.Claims.FirstOrDefault(x => x.Type == nameof(User.Name).ToLowerInvariant()).Value }); } catch { // return null if validation fails return(null); } }
async public Task <string> BuildJwtAuthorizationToken(User user, TokenProviderOptions options) { var now = DateTime.UtcNow; // Specifically add the jti (nonce), iat (issued timestamp), and sub (subject/user) claims. // You can add other claims here, if you want: var claims = new List <Claim>() { new Claim(System.IdentityModel.Tokens.Jwt.JwtRegisteredClaimNames.Sub, user.Id), new Claim(ClaimTypes.Name, user.Id), new Claim(System.IdentityModel.Tokens.Jwt.JwtRegisteredClaimNames.Jti, await options.NonceGenerator()), //new Claim(JwtRegisteredClaimNames.Iat, ToUnixEpochDate(now).ToString(), ClaimValueTypes.Integer64) }; foreach (Rol role in user.Roles) { claims.Add(new Claim(ClaimTypes.Role, role.value)); } var jwt = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken( issuer: options.Issuer, claims: claims, notBefore: now, signingCredentials: options.SigningCredentials); var encodedJwt = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler().WriteToken(jwt); return(encodedJwt); }
public static Boolean IsUserHasPermission(string accessToken, string formName, string permissionName) { var stream = accessToken; var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var jsonToken = handler.ReadToken(stream); var tokenS = handler.ReadToken(stream) as JwtSecurityToken; List <string> jsonStrPermissions = tokenS.Claims.Where(claim => claim.Type == "role").Select(a => a.Value).ToList(); int permissionValue = 0; foreach (string permission in jsonStrPermissions) { JwtTokenObject result = JsonConvert.DeserializeObject <JwtTokenObject>(permission); if (result.FormName == formName) { permissionValue += PermissionValueDict[result.Permission]; } } ; if (permissionValue >= PermissionValueDict[permissionName]) { return(true); } else { return(false); } }
private string GenerateJwtToken(string userId, string username) { // Function handles create the JWT token based on the provided // user ID and username // Generate the user claims by User Id & Name Claim[] jwtClaims = new[] { new Claim(ClaimTypes.NameIdentifier, userId), new Claim(ClaimTypes.Name, username) }; // Generate the Key, using the App token SymmetricSecurityKey jwtKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(_config.GetSection("AppSettings:Token").Value)); // Generate the creds SigningCredentials credentials = new SigningCredentials(jwtKey, SecurityAlgorithms.HmacSha512Signature); // Create a JWT Desc object SecurityTokenDescriptor jwtDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(jwtClaims), Expires = DateTime.Now.AddDays(1), SigningCredentials = credentials }; System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler jwtHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); // Finally create the JWT token & return it SecurityToken jwtToken = jwtHandler.CreateToken(jwtDescriptor); return(jwtHandler.WriteToken(jwtToken)); }
public static string GenerateTokenJwt(string username) { var ctkn = new ConfigurationTocken(); var secretKey = ctkn.SecretKey; var audienceToken = ctkn.host; var issuerToken = ctkn.host; var expireTime = ctkn.timeExpire; var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey)); var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature); ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, username) }); var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken( audience: audienceToken, issuer: issuerToken, subject: claimsIdentity, notBefore: DateTime.UtcNow, expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)), signingCredentials: signingCredentials); var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken); return(jwtTokenString); }
public static string GenerateToken(Personas user, int expireMinutes = 20) { var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"]; var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"]; var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"]; var expireTime = ConfigurationManager.AppSettings["JWT_EXPIRE_MINUTES"]; var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey)); var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature); // create a claimsIdentity ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, user.PerId.ToString()) }); //se guarda auditoria de ingreso new AuditoriaBI().Save(user.PerId); // create token to the user var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken( audience: audienceToken, issuer: issuerToken, subject: claimsIdentity, notBefore: DateTime.UtcNow, expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)), signingCredentials: signingCredentials); var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken); return(jwtTokenString); }
public static string Gen(string username) { var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); ConfigurationTocken ctkn = new ConfigurationTocken(); var key = System.Text.Encoding.ASCII.GetBytes(ctkn.SecretKey); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, username) }), Expires = DateTime.UtcNow.AddMinutes(ctkn.timeExpire), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); //var userClaims = await _userManager.GetRolesAsync(user); List <Claim> claims = new List <Claim>(); claims.Add(new Claim(JwtRegisteredClaimNames.Sub, username)); claims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())); claims.Add(new Claim(JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(), ClaimValueTypes.Integer64)); var jwt = new JwtSecurityToken( claims: claims); var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); return(encodedJwt); }
public static JWTUserModel GetUserFromToken(string token) { JWTUserModel user = null; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(IssuerSigningKey)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); try { var tokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters() { ValidAudience = ValidAudience, ValidIssuer = ValidIssuer, IssuerSigningKey = creds.Key, ValidateIssuerSigningKey = true, ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = false }; var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var identity = handler.ValidateToken(token, tokenValidationParameters, out Microsoft.IdentityModel.Tokens.SecurityToken validatedToken); if (identity.Identity.IsAuthenticated) { user = GetJWTUser(identity.Claims); user.Access_Token = token; } } catch (Exception ex) { throw ex; } return(user); }
public static string GenerateTokenJwt(string UserName) { // Configuración del Token JWT var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"]; var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"]; var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"]; var expireTime = ConfigurationManager.AppSettings["JWT_EXPIRE_MINUTES"]; var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey)); var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature); //Creamos una ClaimsIdentity ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, UserName) }); //Generamos el Token para el usuario var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken( audience: audienceToken, issuer: issuerToken, subject: claimsIdentity, notBefore: DateTime.UtcNow, expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)), signingCredentials: signingCredentials); var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken); return(jwtTokenString); }
private string GenerateTokenJwt(UserApi user, string unicoIdentificador, DateTime time, DateTime expireTime) { // appsetting for Token JWT var secretKey = EngineData.JwtKey; var audienceToken = EngineData.JwtAudience; var issuerToken = EngineData.JwtIssuer; // var securityKey = new SymmetricSecurityKey(Encoding.Default.GetBytes(secretKey)); var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); // create a claimsIdentity ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, user.Username), new Claim(ClaimTypes.Email, user.Email), new Claim(ClaimTypes.GivenName, user.Password), new Claim(ClaimTypes.DateOfBirth, DateTime.Now.ToString()), new Claim("HoraToken", DateTime.UtcNow.ToString()), new Claim(ClaimTypes.Anonymous, unicoIdentificador) }); // create token to the user var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken( audience: audienceToken, issuer: issuerToken, subject: claimsIdentity, notBefore: time, expires: expireTime, signingCredentials: signingCredentials); string token = tokenHandler.WriteToken(jwtSecurityToken); return(token); }
public static bool TryValidateToken ( string plainTextSecurityKey , string token , out JwtSecurityToken validatedPlainToken , out ClaimsPrincipal claimsPrincipal ) { var r = false; validatedPlainToken = null; claimsPrincipal = null; try { var tokenHandler = new System .IdentityModel .Tokens .Jwt .JwtSecurityTokenHandler(); var jst = ((JwtSecurityToken)tokenHandler.ReadToken(token)); var signingKey = new Microsoft .IdentityModel .Tokens .SymmetricSecurityKey ( Encoding .UTF8 .GetBytes ( plainTextSecurityKey ) ); var tokenValidationParameters = new TokenValidationParameters() { ValidIssuer = jst.Issuer, ValidateIssuer = true, ValidAudiences = jst.Audiences, ValidateAudience = true, IssuerSigningKey = signingKey, ValidateIssuerSigningKey = true, ValidateLifetime = false }; claimsPrincipal = tokenHandler .ValidateToken ( token , tokenValidationParameters , out var validatedPlainToken0 ); validatedPlainToken = validatedPlainToken0 as JwtSecurityToken; r = true; } catch (Exception e) { Console.WriteLine(e); } return(r); }
/// <summary> /// Usado por el Authorization serve /// </summary> /// <param name="data"></param> /// <returns></returns> public string Protect(AuthenticationTicket data) { if (data == null) { throw new ArgumentNullException("data"); } string securityProviderName = string.Empty; data.Properties.Dictionary.TryGetValue("securityProviderName", out securityProviderName); Fwk.Security.Identity.jwtSecurityProvider sec_provider = Fwk.Security.Identity.helper.get_secConfig().GetByName(securityProviderName); var audienceToken = sec_provider.audienceId; var issuerToken = sec_provider.issuer; string symmetricKeyAsBase64 = sec_provider.audienceSecret; var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64); var securityKey = new SymmetricSecurityKey(keyByteArray); var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature); //notBefore //var issuedAt = data.Properties.IssuedUtc; //var expireTime = data.Properties.ExpiresUtc; var expireTime = sec_provider.expires;//ConfigurationManager.AppSettings["JWT_EXPIRE_MINUTES"]; //var token = new JwtSecurityToken(issuerToken, audienceToken, data.Identity.Claims, issuedAt.Value.UtcDateTime, expireTime.Value.UtcDateTime, signingCredentials); //var handler = new JwtSecurityTokenHandler(); //var jwt = handler.WriteToken(token); #region otra manera de generar el token // create a claimsIdentity ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, data.Properties.Dictionary["profesionalName"].ToString()) }); claimsIdentity.AddClaim(new Claim(ClaimTypes.WindowsAccountName, data.Properties.Dictionary["userName"].ToString())); claimsIdentity.AddClaim(new Claim("userName", data.Properties.Dictionary["userName"].ToString())); claimsIdentity.AddClaim(new Claim("userId", data.Properties.Dictionary["userId"].ToString())); if (data.Properties.Dictionary.ContainsKey("email") != false) { claimsIdentity.AddClaim(new Claim("email", data.Properties.Dictionary["email"].ToString())); } //data.Identity.Claims("role"); //Fwk.HelperFunctions.FormatFunctions.GetStringBuilderWhitSeparator(roles, ',').ToString() claimsIdentity.AddClaim(new Claim("roles", data.Properties.Dictionary["roles"].ToString())); var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken( audience: audienceToken, issuer: issuerToken, subject: claimsIdentity, notBefore: DateTime.UtcNow, //antes no issuedAt: DateTime.UtcNow, expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)), signingCredentials: signingCredentials); var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken); #endregion return(jwtTokenString); }
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { HttpStatusCode statusCode; string token; if (!TryRetrieveToken(request, out token)) { statusCode = HttpStatusCode.Unauthorized; return(base.SendAsync(request, cancellationToken)); } try { var claveSecreta = ConfigurationManager.AppSettings["ClaveSecreta"]; var issuerToken = ConfigurationManager.AppSettings["Issuer"]; var audienceToken = ConfigurationManager.AppSettings["Audience"]; var securityKey = new SymmetricSecurityKey( System.Text.Encoding.Default.GetBytes(claveSecreta)); SecurityToken securityToken; var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); TokenValidationParameters validationParameters = new TokenValidationParameters() { ValidAudience = audienceToken, ValidIssuer = issuerToken, ValidateLifetime = true, ValidateIssuerSigningKey = true, // DELEGADO PERSONALIZADO PERA COMPROBAR // LA CADUCIDAD EL TOKEN. LifetimeValidator = this.LifetimeValidator, IssuerSigningKey = securityKey }; // COMPRUEBA LA VALIDEZ DEL TOKEN Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken); HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken); return(base.SendAsync(request, cancellationToken)); } catch (SecurityTokenValidationException ex) { statusCode = HttpStatusCode.Unauthorized; } catch (Exception ex) { statusCode = HttpStatusCode.InternalServerError; } return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(statusCode) { })); }
/// <summary> /// Parses a string into an instance of JwtSecurityToken. /// /// If the 'jwtToken' is in JWE Compact Serialization format, only the protected header will be deserialized. Use ParseToken() to obtain the payload. /// /// JwtSecurityToken see: https://docs.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytoken?view=azure-dotnet /// </summary> /// <param name="input">Parameters for the token parsing.</param> /// <returns>JwtSecurityToken</returns> public static dynamic ReadToken([PropertyTab] ReadTokenInput input) { if (input == null) { return(null); } var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); return(handler.ReadJwtToken(input.JWTToken)); }
public ClaimsPrincipal ValidToken(string payload) { if (_validationParameters != null) { JwtSecurityTokenHandler handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var user = handler.ValidateToken(payload, _validationParameters, out SecurityToken validatedToken); return(user); } return(null); }
public static string GenerateTokenJwt(Guid userId, string userName, string email, List <string> rolesArray, string securityProviderName) { var sec_provider = helper.get_secConfig().GetByName(securityProviderName); if (sec_provider == null) { throw new ArgumentNullException("No se encuentra configurado el proveedor (securityProviderName) en securityConfig.json"); } string symmetricKeyAsBase64 = sec_provider.audienceSecret; var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64); var audienceToken = sec_provider.audienceId; var issuerToken = sec_provider.issuer; var securityKey = new SymmetricSecurityKey(keyByteArray); var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature); var expireTime = 600;// ConfigurationManager.AppSettings["JWT_EXPIRE_MINUTES"]; // create a claimsIdentity ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "") }); //claimsIdentity.AddClaim(new Claim(ClaimTypes.WindowsAccountName, username)); claimsIdentity.AddClaim(new Claim("userName", userName)); claimsIdentity.AddClaim(new Claim("userId", userId.ToString())); if (!string.IsNullOrEmpty(email)) { claimsIdentity.AddClaim(new Claim("email", email)); } if (rolesArray != null && rolesArray.Count() != 0) { var roles = Fwk.HelperFunctions.FormatFunctions.GetStringBuilderWhitSeparator(rolesArray, ',').ToString(); claimsIdentity.AddClaim(new Claim("roles", roles.ToString())); } // create token to the user var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken( audience: audienceToken, issuer: issuerToken, subject: claimsIdentity, notBefore: DateTime.UtcNow.AddMinutes(-10), //antes no para System.IdentityModel.Tokens. es ValidFrom issuedAt: DateTime.UtcNow, expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)), signingCredentials: signingCredentials); var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken); return(jwtTokenString); }
/// <summary> /// Retorna informacion basada en el dominio /// </summary> /// <param name="userName"></param> /// <returns></returns> public static string GenerateTokenJwt_test(string userName) { // appsetting for Token JWT var secretKey = apiAppSettings.serverSettings.apiConfig.api_secretKey; // audiencia quien genera el tocken var audienceToken = apiAppSettings.serverSettings.apiConfig.api_audienceToken; //identifica quien consume y uusa el tocken : El cliente var issuerToken = apiAppSettings.serverSettings.apiConfig.api_issuerToken; //hora de caducidad a partir de la cual el JWT NO DEBE ser aceptado para su procesamiento. var expireTime = apiAppSettings.serverSettings.apiConfig.api_expireTime; var securityKey = new SymmetricSecurityKey(System.Text.Encoding.ASCII.GetBytes(secretKey)); var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature); // create a claimsIdentity ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, userName) }); claimsIdentity.AddClaim(new Claim(ClaimTypes.WindowsAccountName, userName)); //if (aDUser != null) //{ // claimsIdentity.AddClaim(new Claim("FirstName", userName)); // claimsIdentity.AddClaim(new Claim("UserAccountControl", aDUser.UserAccountControl)); // claimsIdentity.AddClaim(new Claim("Department", aDUser.Department)); // claimsIdentity.AddClaim(new Claim("LastName", aDUser.LastName)); // claimsIdentity.AddClaim(new Claim("LoginNameWithDomain", aDUser.LoginNameWithDomain)); // claimsIdentity.AddClaim(new Claim("EmailAddress", aDUser.EmailAddress)); //} //if (groups != null && groups.Count != 0) //{ // var roles = Fwk.HelperFunctions.FormatFunctions.GetStringBuilderWhitSeparator(groups, ',').ToString(); // claimsIdentity.AddClaim(new Claim("groups", roles.ToString())); //} // create token to the user var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var jwtSecurityToken = tokenHandler.CreateJwtSecurityToken( audience: audienceToken, issuer: issuerToken, subject: claimsIdentity, notBefore: DateTime.UtcNow, expires: DateTime.UtcNow.AddMinutes(Convert.ToInt32(expireTime)), signingCredentials: signingCredentials); var jwtTokenString = tokenHandler.WriteToken(jwtSecurityToken); return(jwtTokenString); }
/// <summary> /// /// </summary> /// <param name="request"></param> /// <param name="cancellationToken"></param> /// <returns></returns> protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { //HttpStatusCode statusCode; // Determinar si existe un jwt o no if (!TryRetrieveToken(request, out var token)) { return(base.SendAsync(request, cancellationToken)); } try { var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"]; var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"]; var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"]; var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey)); SecurityToken securityToken; var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters() { ValidAudience = audienceToken, ValidIssuer = issuerToken, ValidateLifetime = true, ValidateIssuerSigningKey = true, LifetimeValidator = this.LifetimeValidator, IssuerSigningKey = securityKey }; // Extraer y asignar el Current Principal y usuario Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken); HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken); return(base.SendAsync(request, cancellationToken)); } catch (SecurityTokenValidationException securityTokenValidation) { var httpResponseMessage = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Indica que el recurso solicitado requiere autenticación. El encabezado WWW-Authenticate contiene los detalles de cómo realizar la autenticación."); LoggingService.Instance.Error(securityTokenValidation); return(Task <HttpResponseMessage> .Factory.StartNew(() => httpResponseMessage, cancellationToken)); } catch (Exception ex) { var httpResponseMessage = request.CreateErrorResponse(HttpStatusCode.InternalServerError, "Indica que se ha producido un error genérico del servidor.Por favor comuníquese con el administrador."); LoggingService.Instance.Error(ex); return(Task <HttpResponseMessage> .Factory.StartNew(() => httpResponseMessage, cancellationToken)); } //return Task<HttpResponseMessage>.Factory.StartNew(() => new HttpResponseMessage(statusCode) { }, cancellationToken); }
public string GetUserType(string jwttoken) { var key = Encoding.ASCII.GetBytes(TokenKey); var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var validations = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false }; var claims = handler.ValidateToken(jwttoken, validations, out var tokenSecure); return(claims.FindFirstValue(ClaimTypes.Role)); }
private string GenerateJwtToken(User user) { var tokenhandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var keys = System.Text.Encoding.ASCII.GetBytes(jwtKey); var tokendescriptor = new Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim("id", user.Id.ToString()) }), Expires = DateTime.UtcNow.AddHours(24), SigningCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(keys), Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256Signature) }; var tokens = tokenhandler.CreateToken(tokendescriptor); return(tokenhandler.WriteToken(tokens)); }
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { HttpStatusCode statusCode; string token; // determine whether a jwt exists or not if (!TryRetrieveToken(request, out token)) { statusCode = HttpStatusCode.Unauthorized; return(base.SendAsync(request, cancellationToken)); } try { var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"]; var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"]; var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"]; var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey)); SecurityToken securityToken; var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); TokenValidationParameters validationParameters = new TokenValidationParameters() { ValidAudience = audienceToken, ValidIssuer = issuerToken, ValidateLifetime = true, ValidateIssuerSigningKey = true, LifetimeValidator = this.LifetimeValidator, IssuerSigningKey = securityKey }; // Extract and assign Current Principal and user Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken); HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken); return(base.SendAsync(request, cancellationToken)); } catch (SecurityTokenValidationException) { statusCode = HttpStatusCode.Unauthorized; } catch (Exception) { statusCode = HttpStatusCode.InternalServerError; } return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(statusCode) { })); }
public static TokenObjectModel GetGoogleAccesToken(string code) { string url = ConfigurationManager.AppSettings["google_auth_url"]; WebClient wc = new WebClient(); wc.QueryString.Add("code", code); wc.QueryString.Add("client_id", ConfigurationManager.AppSettings["client_id"]); wc.QueryString.Add("client_secret", ConfigurationManager.AppSettings["client_secret"]); wc.QueryString.Add("redirect_uri", ConfigurationManager.AppSettings["redirect_uri"]); wc.QueryString.Add("grant_type", ConfigurationManager.AppSettings["grant_type"]); if (code == null) { return(null); } else { var data = wc.UploadValues(url, "POST", wc.QueryString); var responseString = UnicodeEncoding.UTF8.GetString(data); GoogleTokenObjectModel token = JsonConvert.DeserializeObject <GoogleTokenObjectModel>(responseString); var stream = token.id_token; var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var jsonToken = handler.ReadToken(stream); var tokenS = handler.ReadToken(stream) as JwtSecurityToken; string sub = tokenS.Claims.First(claim => claim.Type == "sub").Value; string email = tokenS.Claims.First(claim => claim.Type == "email").Value; string name = tokenS.Claims.First(claim => claim.Type == "name").Value; UserObjectModel userObj = new UserObjectModel(name, email, sub); TokenObjectModel tokenObj = new TokenObjectModel(); bool isUserExists = UserHelper.IsUserRegistered(sub); bool registerSuccess = false; if (!isUserExists) { registerSuccess = UserHelper.RegisterUser(userObj) ? true : false; } if (isUserExists | registerSuccess) { userObj = UserHelper.getUserBySubKey(userObj.Sub); CreateUserSession(userObj); tokenObj = TokenHelper.createToken(userObj); tokenObj = TokenHelper.getTokenByAuthorizationCode(tokenObj.AuthorizationCode); UserTokensObjectModel userTokenObj = new UserTokensObjectModel(userObj.UserId, tokenObj.TokenId); bool success = UserTokensHelper.MapUserToken(userTokenObj); } return(tokenObj); } }
public static void ReadToken(string jwtToken) { // To Read Claims on Api Controller //var jwt = Request.Headers.Authorization.Parameter; var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); System.IdentityModel.Tokens.Jwt.JwtSecurityToken token = handler.ReadJwtToken(jwtToken); IEnumerable <Claim> claims = token.Claims.ToList(); string id = token.Claims.FirstOrDefault(x => x.Type == "id").Value; string role = token.Claims.FirstOrDefault(x => x.Type == "role").Value; string Compcode = token.Claims.FirstOrDefault(x => x.Type == "Compcode").Value; string Bracode = token.Claims.FirstOrDefault(x => x.Type == "Bracode").Value; }
public string GenerateJwtToken(User user) { var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes("[SECRET USED TO SIGN AND VERIFY JWT TOKENS, IT CAN BE ANY STRING]"); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new List <Claim>() { new Claim(nameof(User.Id).ToLowerInvariant(), user.Id.ToString()), new Claim(nameof(User.Name).ToLowerInvariant(), user.Name) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); return(tokenHandler.WriteToken(token)); }
/// <summary> /// Generate user specific JWT string /// </summary> /// <param name="user"></param> /// <returns></returns> public static string GenerateEncodedJWT(OCM.API.Common.Model.User user) { var claims = new List <System.Security.Claims.Claim>(); claims.Add(new Claim("UserID", user.ID.ToString())); claims.Add(new Claim("nonce", user.CurrentSessionToken.ToString())); var signingKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.ASCII.GetBytes(user.CurrentSessionToken)); var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest); var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(ISSUER, AUDIENCE, claims, DateTime.UtcNow, DateTime.UtcNow.AddMonths(1), signingCredentials); var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var jwt = handler.WriteToken(token); return(jwt); }
public Employee Authenticate(string username, string password)//User { var employee = _unitOfWork.EmployeeRepository.GetAll().SingleOrDefault(x => x.UserName == username && DecodePasswordFrom64(x.Password) == password); // return null if user not found if (employee == null) { return(null); } var employeeRoleIds = employee.EmployeeRoles.Select(r => (long)r.RoleId).ToList(); var roles = _unitOfWork.RoleRepository.GetRoles(employeeRoleIds.ToArray());//.Where(r => userRoleIds.Contains(r.Id)); var role = employee.EmployeeRoles.FirstOrDefault().Roles; // authentication successful so generate jwt token var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.JWT_Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, employee.Id.ToString()), new Claim(ClaimTypes.Role, role.Id.ToString()) }), //Expires = DateTime.UtcNow.AddDays(7), Expires = DateTime.UtcNow.AddDays(1), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenToBeSent = tokenHandler.WriteToken(token); //user.Token = tokenHandler.WriteToken(token); // remove password before returning //user.Password = null; employee.Token = tokenToBeSent.ToString(); employee.Password = null; return(employee); //return tokenToBeSent; }
public static ClaimsPrincipal ValidateJwtToken(string jwtToken) { var tokenHandler = new JwtSecurityTokenHandler() { RequireExpirationTime = true }; var now = DateTime.UtcNow; var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.Default.GetBytes(jwtToken)); var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials( securityKey, SecurityAlgorithms.HmacSha256Signature); var header = new JwtHeader(signingCredentials); var payload = new JwtPayload { { "access_token", response }, { "scope", "Read Data Write Data" }, //{ "created","1510553155114"}, //{"jti","2640942c-892c-409a-9ca8-959a538c2128"}, }; var secToken = new JwtSecurityToken(header, payload); var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var tokenString = handler.WriteToken(secToken); var readToken = handler.ReadJwtToken(generatedToken); var rawHeader = readToken.RawHeader; var headers = Base64UrlEncoder.Decode(rawHeader); var myClaims = readToken.Claims; var claims = Base64UrlEncoder.Decode(myClaims.ToString()); //var payload = header + "." + claims; //var signature = Base64UrlEncoder.Decode(HMACSHA256(payload, CLIENT_SECRET)); //var encodedJWT = payload + "." + signature; return(null); }
static string GetJwtFromTokenIssuer() { byte[] key = Convert.FromBase64String("80ssGCKB931r2r8Lm3om1SIt5YY05yBZ34pna3+dYi8="); var symmetricKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(key); //var symmetricKey = new InMemorySymmetricSecurityKey(key); var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(symmetricKey, SecurityAlgorithms.HmacSha256Signature, SecurityAlgorithms.Sha256Digest); var claimsIdentity = new System.Security.Claims.ClaimsIdentity(new System.Security.Claims.Claim[] { new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Johnny") }); var descriptor = new Microsoft.IdentityModel.Tokens.SecurityTokenDescriptor { Subject = claimsIdentity, Audience = "http://localhost:5000/api", Issuer = "http://authzserver.demo", Expires = DateTime.UtcNow.AddMinutes(1), SigningCredentials = signingCredentials }; //var descriptor = new SecurityTokenDescriptor() //{ // TokenIssuerName = "http://authzserver.demo", // AppliesToAddress = "http://localhost:5000/api", // Lifetime = new System.IdentityModel.Protocols.WSTrust.Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(1)), // SigningCredentials = signingCredentials, // Subject = new System.Security.Claims.ClaimsIdentity(new System.Security.Claims.Claim[] // { // new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Johnny") // }) //}; var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(descriptor); return(tokenHandler.WriteToken(token)); }