using System;
using System.IdentityModel.Tokens;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Claims;
using System.ServiceModel.Security.Tokens;
using System.Threading;
using System.Threading.Tasks;
using iiie.Authentication.DBO;
namespace iiie.Authentication.Business.JWT
{
///
/// Handler for token authentication
///
public class TokenValidationHandler : DelegatingHandler
{
///
/// Gets the token from the HTTP AUthorization header
///
/// The HTTP request
/// The variable to store the token
/// True if the token has been found, false otherwise
private static bool TryRetrieveToken(HttpRequestMessage request, out string token)
{
token = null;
var auth = request.Headers.Authorization;
if (auth == null || auth.Scheme != "Bearer")
return false;
token = auth.Parameter;
return true;
}
///
/// Contructs a user dbo from the specified username and salt
///
/// The username of the verified token
/// The salt in the token
/// The user dbo, or null if user is not valid
protected UserDboAuth GetUserDbo(string username, string salt)
{
return null;
}
///
/// Attempts to verify user token
///
/// The HTTP request
/// Token used for cancelation
/// The HTTP response
protected override Task SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
HttpStatusCode statusCode;
string token;
if (!TryRetrieveToken(request, out token))
{
return base.SendAsync(request, cancellationToken);
}
try
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler
{
Configuration = new SecurityTokenHandlerConfiguration()
{
MaxClockSkew = new TimeSpan(0, 1, 0)
}
};
var stringValidator = "";//AuthProvider.Instance.GetValidatorString();
TokenValidationParameters validationParameters = new TokenValidationParameters()
{
RequireSignedTokens = true,
RequireExpirationTime = true,
ValidAudience = stringValidator,
ValidateIssuerSigningKey = true,
ValidIssuer = "urn:" + stringValidator,
IssuerSigningToken = new BinarySecretSecurityToken(Convert.FromBase64String(/*AuthProvider.Instance.GetCredentialKey()*/""))
};
SecurityToken validateToken;
ClaimsPrincipal claim = tokenHandler.ValidateToken(token, validationParameters, out validateToken);
Thread.CurrentPrincipal = claim;
var name = ((ClaimsIdentity)claim.Identity).Claims.FirstOrDefault(x => x.Type == ClaimTypes.Name);
var salt = ((ClaimsIdentity)claim.Identity).Claims.FirstOrDefault(x => x.Type == ClaimTypes.Authentication);
if (name == null || salt == null)
statusCode = HttpStatusCode.Unauthorized;
else
{
var user = GetUserDbo(name.Value, salt.Value);
if (user == null)
statusCode = HttpStatusCode.Unauthorized;
else
return base.SendAsync(request, cancellationToken);
}
}
catch (Exception e)
{
statusCode = HttpStatusCode.Unauthorized;
}
return Task.Factory.StartNew(() =>
new HttpResponseMessage(statusCode), cancellationToken);
}
}
}