/// <summary> /// Cria um token a partir de um usuário. /// </summary> /// <param name="authResult"></param> internal static AuthResult CreateToken(AuthResult authResult) { SecurityTokenDescriptor descriptor = JWTHandler.CreateSecurityTokenDescriptor(authResult); SecurityToken token = _tokenHandler.CreateToken(descriptor); authResult.ExpiresIn = Convert.ToInt64((token.ValidTo - _epochDate).TotalMilliseconds); authResult.AcessToken = _tokenHandler.WriteToken(token); authResult.TokenType = "JWT"; return(authResult); }
/// <summary> /// Validação da segurança dos webservices /// </summary> /// <param name="actionContext"></param> /// <returns></returns> protected override bool IsAuthorized(HttpActionContext actionContext) { JWTAuthorize autorize = actionContext.ActionDescriptor.GetCustomAttributes <JWTAuthorize>().FirstOrDefault(); AuthResult result = JWTHandler.ValidateToken(); if (result.AuthStatus == AuthStatus.OK) { List <Claim> roleClaims = new List <Claim>(); //Recupera as roles do usuário string roles = result.TokenClaims.Claims.Where(c => c.Type.Equals(ClaimTypes.Role)).Select(r => r.Value).FirstOrDefault(); if (!string.IsNullOrWhiteSpace(roles)) { string[] splitedRoles = roles.Split(";".ToCharArray(), StringSplitOptions.RemoveEmptyEntries); foreach (string role in splitedRoles) { roleClaims.Add(new Claim(ClaimTypes.Role, role)); } } //Adiciona as roles separadas ClaimsIdentity identity = new ClaimsIdentity(result.TokenClaims.Identity, roleClaims, result.TokenClaims.Identity.AuthenticationType, ClaimTypes.Name, ClaimTypes.Role); ClaimsPrincipal mappedPrincipal = new ClaimsPrincipal(identity); Thread.CurrentPrincipal = mappedPrincipal; if (HttpContext.Current != null) { HttpContext.Current.User = mappedPrincipal; } } else if (result.AuthStatus != AuthStatus.ANONYMOUS) { HttpResponseMessage response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest, result); response.Headers.Add("WWW-Authenticate", "xBasic realm=\"\""); throw new HttpResponseException(response); } else if (result.AuthStatus == AuthStatus.ANONYMOUS) { if (autorize != null) { HttpResponseMessage response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest, result); response.Headers.Add("WWW-Authenticate", "xBasic realm=\"\""); throw new HttpResponseException(response); } } return(base.IsAuthorized(actionContext)); }