protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { HttpStatusCode statusCode; string token; if (!TryRetrieveToken(request, out token)) { statusCode = HttpStatusCode.Unauthorized; return(base.SendAsync(request, cancellationToken)); } try { var claveSecreta = ConfigurationManager.AppSettings["ClaveSecreta"]; var issuerToken = ConfigurationManager.AppSettings["Issuer"]; var audienceToken = ConfigurationManager.AppSettings["Audience"]; var securityKey = new SymmetricSecurityKey( System.Text.Encoding.Default.GetBytes(claveSecreta)); SecurityToken securityToken; var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); TokenValidationParameters validationParameters = new TokenValidationParameters() { ValidAudience = audienceToken, ValidIssuer = issuerToken, ValidateLifetime = true, ValidateIssuerSigningKey = true, // DELEGADO PERSONALIZADO PERA COMPROBAR // LA CADUCIDAD EL TOKEN. LifetimeValidator = this.LifetimeValidator, IssuerSigningKey = securityKey }; // COMPRUEBA LA VALIDEZ DEL TOKEN Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken); HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken); return(base.SendAsync(request, cancellationToken)); } catch (SecurityTokenValidationException ex) { statusCode = HttpStatusCode.Unauthorized; } catch (Exception ex) { statusCode = HttpStatusCode.InternalServerError; } return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(statusCode) { })); }
/// <summary> /// /// </summary> /// <param name="request"></param> /// <param name="cancellationToken"></param> /// <returns></returns> protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { //HttpStatusCode statusCode; // Determinar si existe un jwt o no if (!TryRetrieveToken(request, out var token)) { return(base.SendAsync(request, cancellationToken)); } try { var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"]; var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"]; var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"]; var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey)); SecurityToken securityToken; var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters() { ValidAudience = audienceToken, ValidIssuer = issuerToken, ValidateLifetime = true, ValidateIssuerSigningKey = true, LifetimeValidator = this.LifetimeValidator, IssuerSigningKey = securityKey }; // Extraer y asignar el Current Principal y usuario Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken); HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken); return(base.SendAsync(request, cancellationToken)); } catch (SecurityTokenValidationException securityTokenValidation) { var httpResponseMessage = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Indica que el recurso solicitado requiere autenticación. El encabezado WWW-Authenticate contiene los detalles de cómo realizar la autenticación."); LoggingService.Instance.Error(securityTokenValidation); return(Task <HttpResponseMessage> .Factory.StartNew(() => httpResponseMessage, cancellationToken)); } catch (Exception ex) { var httpResponseMessage = request.CreateErrorResponse(HttpStatusCode.InternalServerError, "Indica que se ha producido un error genérico del servidor.Por favor comuníquese con el administrador."); LoggingService.Instance.Error(ex); return(Task <HttpResponseMessage> .Factory.StartNew(() => httpResponseMessage, cancellationToken)); } //return Task<HttpResponseMessage>.Factory.StartNew(() => new HttpResponseMessage(statusCode) { }, cancellationToken); }
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { HttpStatusCode statusCode; string token; // determine whether a jwt exists or not if (!TryRetrieveToken(request, out token)) { statusCode = HttpStatusCode.Unauthorized; return(base.SendAsync(request, cancellationToken)); } try { var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"]; var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"]; var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"]; var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey)); SecurityToken securityToken; var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); TokenValidationParameters validationParameters = new TokenValidationParameters() { ValidAudience = audienceToken, ValidIssuer = issuerToken, ValidateLifetime = true, ValidateIssuerSigningKey = true, LifetimeValidator = this.LifetimeValidator, IssuerSigningKey = securityKey }; // Extract and assign Current Principal and user Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken); HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken); return(base.SendAsync(request, cancellationToken)); } catch (SecurityTokenValidationException) { statusCode = HttpStatusCode.Unauthorized; } catch (Exception) { statusCode = HttpStatusCode.InternalServerError; } return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(statusCode) { })); }
public ClaimsPrincipal ObtenerClaims(string jwtToken) { IdentityModelEventSource.ShowPII = true; var secretKey = _configuration["JWT:key"]; var audienceToken = _configuration["JWT:Audience_Token"]; var issuerToken = _configuration["JWT:Issuer_Token"]; var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey)); SecurityToken securityToken; var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); TokenValidationParameters validationParameters = new TokenValidationParameters() { ValidAudience = audienceToken, ValidIssuer = issuerToken, ValidateLifetime = true, ValidateIssuerSigningKey = true, LifetimeValidator = this.LifetimeValidator, IssuerSigningKey = securityKey }; var principal = new ClaimsPrincipal(); try { principal = tokenHandler.ValidateToken(jwtToken, validationParameters, out securityToken); } catch (Exception e) { } // Extract and assign Current Principal and user return(principal); }
public static JWTUserModel GetUserFromToken(string token) { JWTUserModel user = null; var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(IssuerSigningKey)); var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256); try { var tokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters() { ValidAudience = ValidAudience, ValidIssuer = ValidIssuer, IssuerSigningKey = creds.Key, ValidateIssuerSigningKey = true, ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = false }; var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var identity = handler.ValidateToken(token, tokenValidationParameters, out Microsoft.IdentityModel.Tokens.SecurityToken validatedToken); if (identity.Identity.IsAuthenticated) { user = GetJWTUser(identity.Claims); user.Access_Token = token; } } catch (Exception ex) { throw ex; } return(user); }
public User ValidateJwtToken(string token) { var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes("[SECRET USED TO SIGN AND VERIFY JWT TOKENS, IT CAN BE ANY STRING]"); try { tokenHandler.ValidateToken(token, new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false, // set clockskew to zero so tokens expire exactly at token expiration time (instead of 5 minutes later) ClockSkew = TimeSpan.Zero }, out SecurityToken validatedToken); var jwtToken = (JwtSecurityToken)validatedToken; return(new User { Id = Convert.ToInt64(jwtToken.Claims.FirstOrDefault(x => x.Type == nameof(User.Id).ToLowerInvariant()).Value), Name = jwtToken.Claims.FirstOrDefault(x => x.Type == nameof(User.Name).ToLowerInvariant()).Value }); } catch { // return null if validation fails return(null); } }
public static bool TryValidateToken ( string plainTextSecurityKey , string token , out JwtSecurityToken validatedPlainToken , out ClaimsPrincipal claimsPrincipal ) { var r = false; validatedPlainToken = null; claimsPrincipal = null; try { var tokenHandler = new System .IdentityModel .Tokens .Jwt .JwtSecurityTokenHandler(); var jst = ((JwtSecurityToken)tokenHandler.ReadToken(token)); var signingKey = new Microsoft .IdentityModel .Tokens .SymmetricSecurityKey ( Encoding .UTF8 .GetBytes ( plainTextSecurityKey ) ); var tokenValidationParameters = new TokenValidationParameters() { ValidIssuer = jst.Issuer, ValidateIssuer = true, ValidAudiences = jst.Audiences, ValidateAudience = true, IssuerSigningKey = signingKey, ValidateIssuerSigningKey = true, ValidateLifetime = false }; claimsPrincipal = tokenHandler .ValidateToken ( token , tokenValidationParameters , out var validatedPlainToken0 ); validatedPlainToken = validatedPlainToken0 as JwtSecurityToken; r = true; } catch (Exception e) { Console.WriteLine(e); } return(r); }
public ClaimsPrincipal ValidToken(string payload) { if (_validationParameters != null) { JwtSecurityTokenHandler handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var user = handler.ValidateToken(payload, _validationParameters, out SecurityToken validatedToken); return(user); } return(null); }
public string GetUserType(string jwttoken) { var key = Encoding.ASCII.GetBytes(TokenKey); var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); var validations = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false }; var claims = handler.ValidateToken(jwttoken, validations, out var tokenSecure); return(claims.FindFirstValue(ClaimTypes.Role)); }
public static string DecodeJwt(string tokenString, string keyString) { if (keyString == null) { return(null); } // 鍵 チケットの一部をキーとする //var keyString = tiket.Substring(5,20); var key = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.UTF8.GetBytes(keyString)); // トークン操作用のクラス var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); // トークンの文字列表現 //var tokenString = model.Param; // トークン検証用のパラメータを用意 // Audience, Issuer, Lifetimeに関してはデフォルトで検証が有効になっている // audが空でexpが期限切れなのでValidateAudienceとValidateLifetimeはfalseにしておく var validationParams = new Microsoft.IdentityModel.Tokens.TokenValidationParameters { ValidateAudience = false, ValidIssuer = keyString, ValidateLifetime = false, IssuerSigningKey = key, }; try { // 第三引数にSecurityToken型の変数を参照で渡しておくと、検証済みのトークンが出力される handler.ValidateToken(tokenString, validationParams, out SecurityToken token); var json = ((System.IdentityModel.Tokens.Jwt.JwtSecurityToken)token).Payload.SerializeToJson(); //Dictionary<string, object> dic = list.ToDictionary(item => item.Key, item => item.Value); return(json); } catch (Exception e) { // ValidateTokenで検証に失敗した場合はここにやってくる Console.WriteLine("トークンが無効です: " + e.Message); return(null); } }
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { HttpStatusCode statusCode; string token; var vrlResponse = new ResponseModel(); // determine whether a jwt exists or not if (!TryRetrieveToken(request, out token)) { statusCode = HttpStatusCode.Unauthorized; vrlResponse.RsCode = CodeManager.CODE_200; vrlResponse.RsMessageForUser = CodeManager.MSG_User_200; vrlResponse.RsMessage = "Se ha denegado la autorización para esta solicitud."; vrlResponse.RsContent = statusCode; return(base.SendAsync(request, cancellationToken)); } try { var secretKey = ConfigurationManager.AppSettings["JWT_SECRET_KEY"]; var audienceToken = ConfigurationManager.AppSettings["JWT_AUDIENCE_TOKEN"]; var issuerToken = ConfigurationManager.AppSettings["JWT_ISSUER_TOKEN"]; var securityKey = new SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(secretKey)); SecurityToken securityToken; var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler(); TokenValidationParameters validationParameters = new TokenValidationParameters() { ValidAudience = audienceToken, ValidIssuer = issuerToken, ValidateLifetime = true, ValidateIssuerSigningKey = true, LifetimeValidator = this.LifetimeValidator, IssuerSigningKey = securityKey }; // Extract and assign Current Principal and user Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters, out securityToken); HttpContext.Current.User = tokenHandler.ValidateToken(token, validationParameters, out securityToken); return(base.SendAsync(request, cancellationToken)); } catch (SecurityTokenValidationException s) { statusCode = HttpStatusCode.Unauthorized; vrlResponse.RsCode = CodeManager.CODE_200; vrlResponse.RsMessageForUser = CodeManager.MSG_User_200; vrlResponse.RsMessage = s.Message; vrlResponse.RsContent = statusCode; } catch (Exception e) { statusCode = HttpStatusCode.InternalServerError; vrlResponse.RsCode = CodeManager.CODE_200; vrlResponse.RsMessageForUser = CodeManager.MSG_User_200; vrlResponse.RsMessage = e.Message; vrlResponse.RsContent = statusCode; } return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(statusCode) { Content = new StringContent(JsonConvert.SerializeObject(vrlResponse), System.Text.Encoding.UTF8, "application/json") })); }