using System; using System.Configuration; using System.IdentityModel.Tokens; using System.Linq; using System.Net; using System.Net.Http; using System.Security.Claims; using System.ServiceModel.Security.Tokens; using System.Threading; using System.Threading.Tasks; using iiie.Authentication.DBO; using iiie.Logs.DataAccess; using iiie.Logs.DBO; namespace iiie.Authentication.Business.JWT { /// /// Handler for token authentication /// public abstract class TokenValidationHandler : DelegatingHandler { /// /// Gets the token from the HTTP AUthorization header /// /// The HTTP request /// The variable to store the token /// True if the token has been found, false otherwise private static bool TryRetrieveToken(HttpRequestMessage request, out string token) { token = null; var auth = request.Headers.Authorization; if (auth == null || auth.Scheme != "Bearer") return false; token = auth.Parameter; return true; } /// /// Contructs a user dbo from the specified username and salt /// /// The username of the verified token /// The salt in the token /// The user dbo, or null if user is not valid protected abstract BasicUserDbo GetUserDbo(string username, string salt); /// /// Attempts to verify user token /// /// The HTTP request /// Token used for cancelation /// The HTTP response protected override Task SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { HttpStatusCode statusCode; string token; if (!TryRetrieveToken(request, out token)) { return base.SendAsync(request, cancellationToken); } try { JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler { Configuration = new SecurityTokenHandlerConfiguration() { MaxClockSkew = new TimeSpan(0, 1, 0) } }; var stringValidator = ConfigurationManager.AppSettings["StringValidator"]; TokenValidationParameters validationParameters = new TokenValidationParameters() { RequireSignedTokens = true, RequireExpirationTime = true, ValidAudience = stringValidator, ValidateIssuerSigningKey = true, ValidIssuer = "urn:" + stringValidator, IssuerSigningToken = new BinarySecretSecurityToken(Convert.FromBase64String(ConfigurationManager.AppSettings["CredentialKey"])) }; SecurityToken validateToken; ClaimsPrincipal claim = tokenHandler.ValidateToken(token, validationParameters, out validateToken); Thread.CurrentPrincipal = claim; var name = ((ClaimsIdentity)claim.Identity).Claims.FirstOrDefault(x => x.Type == ClaimTypes.Name); var salt = ((ClaimsIdentity)claim.Identity).Claims.FirstOrDefault(x => x.Type == ClaimTypes.Authentication); if (name == null || salt == null) statusCode = HttpStatusCode.Unauthorized; else { var user = GetUserDbo(name.Value, salt.Value); if (user == null) statusCode = HttpStatusCode.Unauthorized; else { UserStorage.BasicUserDbo = user; return base.SendAsync(request, cancellationToken); } } } catch (Exception e) { OpResult.Error(ResultStatus.LoginError, e).Log(); statusCode = HttpStatusCode.Unauthorized; } return Task.Factory.StartNew(() => new HttpResponseMessage(statusCode), cancellationToken); } } }