public JwtAuthenticationOwinMiddlewareTests() { var signingCredentials = new SigningCredentials( new InMemorySymmetricSecurityKey(Convert.FromBase64String(Key)), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256"); var now = DateTime.UtcNow; var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new [] { new Claim("sub", "Alice"), new Claim("email", "*****@*****.**"), }), TokenIssuerName = Issuer, AppliesToAddress = Audience, Lifetime = new Lifetime(now, now.AddMinutes(LifetimeInMinutes)), SigningCredentials = signingCredentials, }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); _tokenString = tokenHandler.WriteToken(token); }
/// <summary> /// Sets a JWT authorization header on the default request headers of an <see cref="HttpClient"/>. /// </summary> /// <param name="client">The client for which to set the authorization header.</param> /// <param name="signingCertificate">The signing certificate to sign the token.</param> /// <param name="appliesToAddress">The address for which the token is considered valid.</param> /// <param name="claims">The claims that define the user. Leave null for an anonymous user.</param> /// <param name="tokenIssuerName">Name of the token issuer. Defaults to "self".</param> /// <param name="tokenDuration"> /// The token duration for which it's considered valid. Defaults to 2 hours. /// </param> /// <exception cref="ArgumentNullException"> /// <paramref name="signingCertificate"/> is <see langword="null"/>. /// </exception> /// <exception cref="ArgumentException"> /// <paramref name="appliesToAddress"/> is <see langword="null"/> or empty. /// </exception> /// <exception cref="ArgumentException"> /// <paramref name="tokenIssuerName"/> is <see langword="null"/> or empty. /// </exception> public static void SetJwtAuthorizationHeader( this HttpClient client, X509Certificate2 signingCertificate, string appliesToAddress, IEnumerable<Claim> claims = null, string tokenIssuerName = "self", TimeSpan? tokenDuration = null) { signingCertificate.AssertNotNull("signingCertificate"); appliesToAddress.AssertNotNullOrWhitespace("appliesToAddress"); tokenIssuerName.AssertNotNullOrWhitespace("tokenIssuerName"); var now = DateTime.UtcNow; var tokenHandler = new JwtSecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(claims), TokenIssuerName = tokenIssuerName, AppliesToAddress = appliesToAddress, Lifetime = new Lifetime(now, now.Add(tokenDuration ?? TimeSpan.FromHours(2))), SigningCredentials = new X509SigningCredentials(signingCertificate) }; SecurityToken token = tokenHandler.CreateToken(tokenDescriptor); string tokenString = tokenHandler.WriteToken(token); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokenString); }
//http://blog.asteropesystems.com/securing-web-api-requests-with-json-web-tokens/ public string GetToken(string username, List<ActivityClaim> activityClaims) { var tokenHandler = new JwtSecurityTokenHandler(); var now = DateTime.UtcNow; var claims = new ClaimsIdentity(new[] { new Claim( ClaimTypes.UserData, "IsValid", ClaimValueTypes.String ), new Claim( ClaimTypes.Name, username, ClaimValueTypes.String ) }); claims.AddClaims(activityClaims.Select(c => new Claim(ClaimTypes.UserData, c.ToString(), ClaimValueTypes.String))); var tokenDescriptor = new SecurityTokenDescriptor { Subject = claims, TokenIssuerName = "self", AppliesToAddress = "https://api.knowthyshelf.com", Lifetime = new Lifetime(now, now.AddYears(10)), SigningCredentials = new SigningCredentials(new InMemorySymmetricSecurityKey(TOKEN_SECURITY_KEY), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256"), }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); return tokenString; }
public string Post(Credential credential) { if (credential.username == "admin" && credential.password == "123") { var tokenHandler = new JwtSecurityTokenHandler(); var securityKey = Authorization.GetBytes("anyoldrandomtext"); var now = DateTime.UtcNow; var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim( ClaimTypes.UserData,"IsValid", ClaimValueTypes.String, "(local)" ) }), TokenIssuerName = "self", AppliesToAddress = "https://www.mywebsite.com", Lifetime = new Lifetime(now, now.AddMinutes(60)), SigningCredentials = new SigningCredentials(new InMemorySymmetricSecurityKey(securityKey), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256"), }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); return tokenString; } else { return string.Empty; } }
static string CreateTokenWithInMemorySymmetricSecurityKey() { var now = DateTime.UtcNow; var tokenHandler = new JwtSecurityTokenHandler(); var symmetricKey = new RandomBufferGenerator(256 / 8).GenerateBufferFromSeed(256 / 8); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "Tugberk"), new Claim(ClaimTypes.Role, "Sales"), }), TokenIssuerName = "self", AppliesToAddress = "http://www.example.com", Lifetime = new Lifetime(now, now.AddMinutes(2)), SigningCredentials = new SigningCredentials( new InMemorySymmetricSecurityKey(symmetricKey), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256") }; SecurityToken token = tokenHandler.CreateToken(tokenDescriptor); string tokenString = tokenHandler.WriteToken(token); return tokenString; }
public void End2End_OpenIdConnect() { SigningCredentials rsaSigningCredentials = new SigningCredentials( KeyingMaterial.RsaSecurityKey_Private2048, SecurityAlgorithms.RsaSha1Signature, SecurityAlgorithms.Sha256Digest, new SecurityKeyIdentifier(new NamedKeySecurityKeyIdentifierClause("kid", "NGTFvdK-fythEuLwjpwAJOM9n-A")) ); //"<RSAKeyValue><Modulus>rCz8Sn3GGXmikH2MdTeGY1D711EORX/lVXpr+ecGgqfUWF8MPB07XkYuJ54DAuYT318+2XrzMjOtqkT94VkXmxv6dFGhG8YZ8vNMPd4tdj9c0lpvWQdqXtL1TlFRpD/P6UMEigfN0c9oWDg9U7Ilymgei0UXtf1gtcQbc5sSQU0S4vr9YJp2gLFIGK11Iqg4XSGdcI0QWLLkkC6cBukhVnd6BCYbLjTYy3fNs4DzNdemJlxGl8sLexFytBF6YApvSdus3nFXaMCtBGx16HzkK9ne3lobAwL2o79bP4imEGqg+ibvyNmbrwFGnQrBc1jTF9LyQX9q+louxVfHs6ZiVw==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>" RSA rsa = KeyingMaterial.RsaSecurityKey_2048.GetAsymmetricAlgorithm(SecurityAlgorithms.RsaSha1Signature, false) as RSA; OpenIdConnectConfiguration configuration = OpenIdConnectConfigurationRetriever.GetAsync(OpenIdConfigData.OpenIdConnectMetadataFile, CancellationToken.None).Result; JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken jwt = tokenHandler.CreateToken( configuration.Issuer, IdentityUtilities.DefaultAudience, IdentityUtilities.DefaultClaimsIdentity, DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(1), rsaSigningCredentials ); TokenValidationParameters validationParameters = new TokenValidationParameters { IssuerSigningTokens = configuration.SigningTokens, ValidAudience = IdentityUtilities.DefaultAudience, ValidIssuer = configuration.Issuer, }; SecurityToken securityToken = null; tokenHandler.ValidateToken(jwt.RawData, validationParameters, out securityToken); }
public LoginResult PostSignIn([FromBody] LoginCredential credentials) { var auth = new LoginResult() { Authenticated = false }; var userRoles = QueryableDependencies.GetLoginUserRoles(credentials.UserName, credentials.Password); if (userRoles.Count > 0) //if (userRoles.Where(r => r == "CredentialSystem").Any()) { auth.Authenticated = true; var allClaims = userRoles.Select(r => new Claim(ClaimTypes.Role, r.ToString())).ToList(); allClaims.Add(new Claim(ClaimTypes.Name, credentials.UserName)); allClaims.Add(new Claim(ClaimTypes.Role, userRoles[0].ToString())); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(allClaims), AppliesToAddress = ConfigurationManager.AppSettings["JwtAllowedAudience"], TokenIssuerName = ConfigurationManager.AppSettings["JwtValidIssuer"], SigningCredentials = new SigningCredentials(new InMemorySymmetricSecurityKey(JwtTokenValidationHandler.SymmetricKey), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256") }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); auth.Token = tokenString; } return auth; }
static string BearerToken() { var signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"; var digestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256"; var securityKey = Convert.FromBase64String(mainKey); var inMemKey = new InMemorySymmetricSecurityKey(securityKey); ClaimsIdentity identity = new ClaimsIdentity(); identity.AddClaim(new Claim("scope", "Full")); JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); SecurityToken securityToken = handler.CreateToken(new SecurityTokenDescriptor() { TokenType = "Bearer", Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddHours(1)), SigningCredentials = new SigningCredentials(inMemKey, signatureAlgorithm, digestAlgorithm), //This data I would get by matching the jwtSecurityToken.Audience to database or something TokenIssuerName = "PaulsSite", AppliesToAddress = "http://JoshsSite", Subject = identity } ); return handler.WriteToken(securityToken); }
private static void Main(string[] args) { var key = Convert.FromBase64String(SymmetricKey); var credentials = new SigningCredentials( new InMemorySymmetricSecurityKey(key), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256"); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "bhogg"), new Claim(ClaimTypes.GivenName, "Boss"), new Claim(ClaimTypes.Surname, "Hogg"), new Claim(ClaimTypes.Role, "Manager"), new Claim(ClaimTypes.Role, "SeniorWorker"), }), TokenIssuerName = "corp", AppliesToAddress = "http://www.example.com", SigningCredentials = credentials, Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddYears(10)) }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); Console.WriteLine(tokenString); Debug.WriteLine(tokenString); Console.ReadLine(); }
public static string GetJwtToken(this ClaimsIdentity identity, SecurityTokenDescriptor tokenDescriptor) { if (identity == null || tokenDescriptor == null) return null; tokenDescriptor.Subject = identity; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); return tokenString; }
public async Task<Client> FindClientByIdAsync(string clientId) { var clientsUri = $"admin-api/api/clients/{clientId}"; //var cert = Cert.Load(StoreName.My, StoreLocation.CurrentUser, "b512d01195667dbc7c4222ec6fd563ac64e3d450"); //var handler = new WebRequestHandler(); //handler.ClientCertificates.Add(cert); // Retrieve an access token from the IdentityAdmin /authorize OAuth endpoint using (var client = new HttpClient()) { client.BaseAddress = new Uri(this.identityAdminUri); client.DefaultRequestHeaders.Accept.Clear(); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); var cert = Cert.Load(typeof(IOwinBootstrapper).Assembly, "Cert", "idsrv3test.pfx", "idsrv3test"); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim("name", "idServer"), new Claim("role", "IdentityAdminManager"), new Claim("scope", "idadmin-api") }), TokenIssuerName = "idServer", AppliesToAddress = this.identityAdminUri, Lifetime = new Lifetime(DateTime.Now, DateTime.Now.AddMinutes(10)), SigningCredentials = new X509SigningCredentials(cert) }; var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(tokenDescriptor); var accessToken = tokenHandler.WriteToken(securityToken); var jwtParams = new TokenValidationParameters { NameClaimType = "name", RoleClaimType = "role", ValidAudience = this.identityAdminUri, ValidIssuer = "idServer", IssuerSigningToken = new X509SecurityToken(cert) }; SecurityToken validatedToken; tokenHandler.ValidateToken(accessToken, jwtParams, out validatedToken); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); var response = await client.GetAsync(clientsUri); var str = await response.Content.ReadAsStringAsync(); } return null; }
#pragma warning disable 1998 public override async Task<Result> Execute() { Result result = new Result(); try { Console.Out.WriteLine("Generating access token..."); // encryption key string key_s = ConfigurationManager.ConnectionStrings["JWTKey"].ConnectionString; byte[] key_b = new byte[key_s.Length * sizeof(char)]; System.Buffer.BlockCopy(key_s.ToCharArray(), 0, key_b, 0, key_b.Length); // create the token JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); ClaimsIdentity subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Uri, SiteUrl, ClaimValueTypes.String) }); SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor { Subject = subject, TokenIssuerName = "SpSat", Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddHours(4)), SigningCredentials = new SigningCredentials(new InMemorySymmetricSecurityKey(key_b), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256") }; SecurityToken token = tokenHandler.CreateToken(tokenDescriptor); using (ClientContext context = new ClientContext(SiteUrl)) { // authenticate string usernamePassword = ConfigurationManager.ConnectionStrings["SharePoint"].ConnectionString; dynamic usernamePassword_j = Newtonsoft.Json.JsonConvert.DeserializeObject(usernamePassword); string username = usernamePassword_j.username; string password = usernamePassword_j.password; SecureString password_s = new SecureString(); Array.ForEach(password.ToCharArray(), password_s.AppendChar); context.Credentials = new SharePointOnlineCredentials(username, password_s); // write the token to the property bag PropertyValues webProperties = context.Web.AllProperties; webProperties["accessToken"] = tokenHandler.WriteToken(token); context.Web.Update(); context.ExecuteQuery(); } Console.Out.WriteLine("Completed generating access token."); result.Status = Status.Success; } catch (Exception ex) { result.Status = Status.Failure; result.Log.Add(ex.Message); } return result; }
public static string CreateTokenAsBase64(this SecurityTokenDescriptor securityTokenDescriptor) { var tokenHandler = new JwtSecurityTokenHandler(); SecurityToken securityToken = tokenHandler.CreateToken(securityTokenDescriptor); string token = tokenHandler.WriteToken(securityToken); string tokenAsBase64 = token; return tokenAsBase64; }
static string GetClientAssertion(string tenantId, string clientId, X509Certificate2 cert) { var claims = new List<Claim>(); claims.Add(new Claim("sub", clientId)); var handler = new JwtSecurityTokenHandler(); var credentials = new X509SigningCredentials(cert); return handler.CreateToken( issuer: clientId, audience: String.Format(TokenEndpoint, tenantId), subject: new ClaimsIdentity(claims), signingCredentials: credentials).RawData; }
public static string CreateJwtToken(string userName, string role) { var claimList = new List<Claim>() { new Claim(ClaimTypes.Name, userName), new Claim(ClaimTypes.Role, role) //Not sure what this is for }; var tokenHandler = new JwtSecurityTokenHandler() { RequireExpirationTime = true }; var sSKey = new InMemorySymmetricSecurityKey(SecurityConstants.KeyForHmacSha256); var jwtToken = tokenHandler.CreateToken(makeSecurityTokenDescriptor(sSKey, claimList)); return tokenHandler.WriteToken(jwtToken); }
private string GetJwtString(string email, string firstName, string lastName) { var jwtTokenHandler = new JwtSecurityTokenHandler(); var token = jwtTokenHandler.CreateToken(new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim(Authentication.ClaimTypes.Name, email), new Claim(Authentication.ClaimTypes.Email, email), new Claim(Authentication.ClaimTypes.Name, $"{firstName} {lastName}"), new Claim(Authentication.ClaimTypes.GivenName, firstName) }), }); return jwtTokenHandler.WriteToken(token); }
public static Token CreateToken(UserInfo user, string perms) { var claims = new List<Claim>() { new Claim(ClaimTypes.UserData, user.UserId.ToString()), new Claim(ClaimTypes.PrimarySid, user.UserId.ToString()), new Claim(ClaimTypes.Sid, user.UserId.ToString()), new Claim(ClaimTypes.Name, user.FullName.ToString()) }; var key = new InMemorySymmetricSecurityKey(TokenConstants.TokenKey); var jwt = new JwtSecurityTokenHandler() { TokenLifetimeInMinutes = TokenConstants.TokenLifetimeInMinutes }; var token = jwt.CreateToken(CreateSecurityTokenDescriptor(claims, key)); return new Token() { Value = jwt.WriteToken(token), Expiry = TokenConstants.TokenLifetimeInMinutes, User = user.FullName, Perms = perms }; }
public async Task<IActionResult> Post([FromBody] RegistrationRequestModel registrationRequestModel) { if (!ModelState.IsValid) { return HttpUnauthorized(); } if (UserManager.Users.Any(u => u.UserName == registrationRequestModel.UserName)) { return HttpBadRequest($"User {registrationRequestModel.UserName} is already exists"); // throw new DuplicateNameException(); } var result = await UserManager.CreateAsync(new User() { UserName = registrationRequestModel.UserName, Email = registrationRequestModel.Email }, registrationRequestModel.Password); if (!result.Succeeded) { //TODO: change to aprop error return HttpUnauthorized(); } var user = UserManager.Users.First(u => u.UserName == registrationRequestModel.UserName); var roles = await UserManager.GetRolesAsync(user); var claims = new List<Claim>(new Claim[] { new Claim(ClaimTypes.Name, user.UserName) }); claims.AddRange(roles.Select(r => new Claim(ClaimTypes.Role, r))); claims.AddRange(user.Claims.Select(c => new Claim(c.ClaimType, c.ClaimValue))); var identity = new ClaimsIdentity(claims, "JWT"); var handler = new JwtSecurityTokenHandler(); var rsa = new RSACryptoServiceProvider(2048); var rsaParams = rsa.ExportParameters(true); var rsaKey = new RsaSecurityKey(rsaParams); var secKey = string.Empty; // Shared secure key that used for JWT auth var secToken = handler.CreateToken("myself", "myself", identity, DateTime.UtcNow, DateTime.UtcNow.AddDays(1), new SigningCredentials(rsaKey, JwtAlgorithms.RSA_SHA256, JwtAlgorithms.RSA_SHA256, secKey)); var token = handler.WriteToken(secToken); return this.Ok(token); }
/// <summary> /// Generate an token. /// </summary> /// <param name="username">The username.</param> /// <returns></returns> public string Generate(string username) { var tokenHandler = new JwtSecurityTokenHandler(); var now = DateTime.UtcNow; //The contents of the JWT token var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, username) }), TokenIssuerName = JwtTokenGenerator.TokenIssuer, Lifetime = new Lifetime(now, now.AddHours(JwtTokenGenerator.LifetimeInHours)), SigningCredentials = this.credentials }; var token = tokenHandler.CreateToken(tokenDescriptor); return tokenHandler.WriteToken(token); }
public Task<string> GenerateAccessToken(SecurityTokenDescriptor tokenDescriptor, TokenValidationParameters validationParameters) { return Task.Run(() => { tokenDescriptor.SigningCredentials = new X509SigningCredentials(this.cert); var tokenHandler = new JwtSecurityTokenHandler(); var securityToken = tokenHandler.CreateToken(tokenDescriptor); var accessToken = tokenHandler.WriteToken(securityToken); validationParameters.IssuerSigningToken = new X509SecurityToken(this.cert); SecurityToken validatedToken; tokenHandler.ValidateToken(accessToken, validationParameters, out validatedToken); return accessToken; }); }
public void AsymmetricSignatureProvider_Extensibility() { JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler(); string newAlgorithmValue = "bobsYourUncle"; string originalAlgorithmValue = ReplaceAlgorithm(SecurityAlgorithms.RsaSha256Signature, newAlgorithmValue, JwtSecurityTokenHandler.OutboundAlgorithmMap); JwtSecurityToken jwt = handler.CreateToken(issuer: IdentityUtilities.DefaultIssuer, audience: IdentityUtilities.DefaultAudience, signingCredentials: KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2) as JwtSecurityToken; ReplaceAlgorithm(SecurityAlgorithms.RsaSha256Signature, originalAlgorithmValue, JwtSecurityTokenHandler.OutboundAlgorithmMap); // outbound mapped algorithm is "bobsYourUncle", inbound map will not find this ExpectedException expectedException = ExpectedException.SignatureVerificationFailedException(substringExpected: "IDX10502:", innerTypeExpected: typeof(InvalidOperationException)); RunAlgorithmMappingTest(jwt.RawData, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, handler, expectedException); // inbound is mapped to Rsa256 originalAlgorithmValue = ReplaceAlgorithm(newAlgorithmValue, SecurityAlgorithms.RsaSha256Signature, JwtSecurityTokenHandler.InboundAlgorithmMap); RunAlgorithmMappingTest(jwt.RawData, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, handler, ExpectedException.NoExceptionExpected); ReplaceAlgorithm(newAlgorithmValue, originalAlgorithmValue, JwtSecurityTokenHandler.InboundAlgorithmMap); }
static void Main(string[] args) { var securityKey = GetBytes("ThisIsAnImportantStringAndIHaveNoIdeaIfThisIsVerySecureOrNot!"); var tokenHandler = new JwtSecurityTokenHandler(); // Token Creation var now = DateTime.UtcNow; var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "Pedro"), new Claim(ClaimTypes.Role, "Author"), }), TokenIssuerName = "self", AppliesToAddress = "http://www.example.com", Lifetime = new Lifetime(now, now.AddMinutes(2)), SigningCredentials = new SigningCredentials( new InMemorySymmetricSecurityKey(securityKey), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256"), }; var token = tokenHandler.CreateToken(tokenDescriptor); // Generate Token and return string var tokenString = tokenHandler.WriteToken(token); Console.WriteLine(tokenString); // Token Validation var validationParameters = new TokenValidationParameters() { AllowedAudience = "http://www.example.com", SigningToken = new BinarySecretSecurityToken(securityKey), ValidIssuer = "self" }; // from Token to ClaimsPrincipal - easy! var principal = tokenHandler.ValidateToken(tokenString, validationParameters); Console.WriteLine(principal.Claims.Single(x => x.Type == ClaimTypes.Name).Value); Console.ReadLine(); }
internal static JwtSecurityToken CreateTokenFromClaims(IEnumerable<Claim> claims, string secretKey, string audience, string issuer, TimeSpan? lifetime) { DateTime created = DateTime.UtcNow; // we allow for no expiry (if lifetime is null) DateTime? expiry = (lifetime != null) ? created + lifetime : null; var tokenDescriptor = new SecurityTokenDescriptor { AppliesToAddress = audience, TokenIssuerName = issuer, SigningCredentials = new HmacSigningCredentials(secretKey), Lifetime = new Lifetime(created, expiry), Subject = new ClaimsIdentity(claims), }; var securityTokenHandler = new JwtSecurityTokenHandler() { SetDefaultTimesOnTokenCreation = false }; return securityTokenHandler.CreateToken(tokenDescriptor) as JwtSecurityToken; }
public void Can_create_and_validate_token() { var tokenHandler = new JwtSecurityTokenHandler(); var symmetricKey = GetRandomBytes(256 / 8); var now = DateTime.UtcNow; var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, "Pedro"), new Claim(ClaimTypes.NameIdentifier, "*****@*****.**"), new Claim(ClaimTypes.Role, "Author"), new Claim("iat", ToEpochTime(now).ToString(),ClaimValueTypes.Integer), }), TokenIssuerName = "self", AppliesToAddress = "http://www.example.com", Lifetime = new Lifetime(now, now.AddMinutes(2)), SigningCredentials = new SigningCredentials( new InMemorySymmetricSecurityKey(symmetricKey), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256"), }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); Console.WriteLine(tokenString); var validationParameters = new TokenValidationParameters() { AllowedAudience = "http://www.example.com", SigningToken = new BinarySecretSecurityToken(symmetricKey), ValidIssuer = "self" }; var principal = tokenHandler.ValidateToken(tokenString, validationParameters); Assert.True(principal.Identities.First().Claims .Any(c => c.Type == ClaimTypes.Name && c.Value == "Pedro")); Assert.True(principal.Identities.First().Claims .Any(c => c.Type == ClaimTypes.Role && c.Value == "Author")); }
public static string CreateJwtToken(AuthenticationTicket data, string issuer, SigningCredentials signingCredentials) { string audience = issuer; // As JWT doesn't have a mechanism of passing metadata about what claim should be the name/subject the JWT handler // users the default Name claim type. If the identity has another claim type as the name type we need to // switch it to the DefaultNameClaimType. var identity = new ClaimsIdentity(data.Identity); if (identity.NameClaimType != ClaimsIdentity.DefaultNameClaimType && !string.IsNullOrWhiteSpace(identity.Name)) { identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, identity.Name)); identity.RemoveClaim(identity.Claims.First(c => c.Type == identity.NameClaimType)); } // And now do the same for roles. List<Claim> roleClaims = identity.Claims.Where(c => c.Type == identity.RoleClaimType).ToList(); if (identity.RoleClaimType != ClaimsIdentity.DefaultRoleClaimType && roleClaims.Any()) { foreach (var roleClaim in roleClaims) { identity.RemoveClaim(roleClaim); identity.AddClaim(new Claim(ClaimsIdentity.DefaultRoleClaimType, roleClaim.Value, roleClaim.ValueType, roleClaim.Issuer, roleClaim.OriginalIssuer)); } } identity.AddClaims(new[] { new Claim("iat", GetEpocTimeStamp()), new Claim("jti", Guid.NewGuid().ToString("N")) }); Lifetime lifetime = new Lifetime(null, null); if (data.Properties.IssuedUtc != null || data.Properties.ExpiresUtc != null) { lifetime = new Lifetime(data.Properties.IssuedUtc != null ? (DateTime?)((DateTimeOffset)data.Properties.IssuedUtc).UtcDateTime : null, data.Properties.ExpiresUtc != null ? (DateTime?)((DateTimeOffset)data.Properties.ExpiresUtc).UtcDateTime : null); } var handler = new JwtSecurityTokenHandler(); return handler.CreateToken(issuer, audience, identity, lifetime.Created, lifetime.Expires, signingCredentials).RawData; }
public TokenResponse ConvertToJwt(GenericXmlSecurityToken securityToken, string appliesToAddress, string issuerName, X509Certificate2 SigningCertificate) { var subject = this.tokenValidator.ValidateSamlToken(securityToken); var descriptor = new SecurityTokenDescriptor { Subject = subject, AppliesToAddress = appliesToAddress, SigningCredentials = new X509SigningCredentials(SigningCertificate), TokenIssuerName = issuerName, Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(tokenLifeTimeMinutes)) }; var jwtHandler = new JwtSecurityTokenHandler(); var jwt = jwtHandler.CreateToken(descriptor); return new TokenResponse { AccessToken = jwtHandler.WriteToken(jwt), ExpiresIn = tokenLifeTimeMinutes }; }
private static void AddAuthHeader(HttpClient client, string audience = "http://www.enyu.com") { var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); var signingCert = store.Certificates .Cast<X509Certificate2>() .FirstOrDefault(certificate => certificate.Subject == CertificateName); var tokenDescriptor = new SecurityTokenDescriptor { TokenIssuerName = "DMN", AppliesToAddress = audience, SigningCredentials = new X509SigningCredentials(signingCert) }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokenString); }
public string CreateToken(string userId, string login) { var tokenHandler = new JwtSecurityTokenHandler(); ClaimsIdentity claimsIdentity = GetClaimIdentity(userId, login); SigningCredentials sc = new SigningCredentials( new InMemorySymmetricSecurityKey(GetSymmetricKey), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256" ); var tokenDescriptor = new SecurityTokenDescriptor { Subject = claimsIdentity, TokenIssuerName = Issuer, AppliesToAddress = AllowedAudience, Lifetime = new Lifetime(_dtp.Now, _dtp.Now.AddMinutes(TokenLifetimeInMinutes)), SigningCredentials = sc }; var token = tokenHandler.CreateToken(tokenDescriptor); return tokenHandler.WriteToken(token); }
private string GetToken(string user, DateTime? expires) { var handler = new JwtSecurityTokenHandler(); // Here, you should create or look up an identity for the user which is being authenticated. // For now, just creating a simple generic identity. ClaimsIdentity identity = new ClaimsIdentity(new GenericIdentity(user, "TokenAuth"), new[] { new Claim("EntityID", "1", ClaimValueTypes.Integer) }); var securityToken = handler.CreateToken( issuer: tokenOptions.Issuer, audience: tokenOptions.Audience, signingCredentials: tokenOptions.SigningCredentials, subject: identity, expires: expires ); return handler.WriteToken(securityToken); }
private string CreateJwt(string userId, string role) { var key = Convert.FromBase64String(SymmetricKey); var credentials = new SigningCredentials( new InMemorySymmetricSecurityKey(key), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256"); var expiration = DateTime.UtcNow.AddMinutes(20).ToLongTimeString(); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, userId), new Claim(ClaimTypes.Role, role), new Claim("exp", expiration) }), TokenIssuerName = Issuer, AppliesToAddress = Audience, SigningCredentials = credentials }; var tokenHandler = new JwtSecurityTokenHandler(); var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); return tokenString; }