Created
October 13, 2016 17:30
-
-
Save ghstahl/ad2872304e658d91ce3e3976b86f713f to your computer and use it in GitHub Desktop.
JWT Identity Helper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public static class IdentityTokenHelper | |
| { | |
| public const string WellKnown_VerifyAccountEmailAction = "b3d17698-011b-4a74-aa0d-1301e01bbb8f"; | |
| public const string WellKnown_NortonAction = "norton::action"; | |
| public const string ValidIssuer = "Norton"; | |
| public static ClaimsPrincipal ValidateJWT(string tokenString,TokenValidationParameters tokenValidationParameters, out SecurityToken validatedToken) | |
| { | |
| var tokenHandler = new JwtSecurityTokenHandler(); | |
| var principal = tokenHandler.ValidateToken(tokenString, tokenValidationParameters, out validatedToken); | |
| return principal; | |
| } | |
| public static ClaimsPrincipal ValidateJWT(string tokenString, out SecurityToken validatedToken) | |
| { | |
| var tokenValidationParameters = new TokenValidationParameters() | |
| { | |
| ValidAudiences = new[] { "https://www.norton.com" }, | |
| IssuerSigningToken = new BinarySecretSecurityToken(EncryptionKey), | |
| ValidIssuer = "Norton", | |
| ValidateLifetime = true | |
| }; | |
| return ValidateJWT(tokenString, tokenValidationParameters, out validatedToken); | |
| } | |
| public static string BuildJWT(IEnumerable<Claim> claims, string issuer, string appliesToAddress, | |
| Lifetime lifetime) | |
| { | |
| var tokenHandler = new JwtSecurityTokenHandler(); | |
| var tokenDescriptor = new SecurityTokenDescriptor | |
| { | |
| Subject = new ClaimsIdentity(claims), | |
| TokenIssuerName = issuer, | |
| AppliesToAddress = appliesToAddress, | |
| Lifetime = lifetime, | |
| SigningCredentials = new SigningCredentials( | |
| new InMemorySymmetricSecurityKey(EncryptionKey), | |
| "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", | |
| "http://www.w3.org/2001/04/xmlenc#sha256"), | |
| }; | |
| var token = tokenHandler.CreateToken(tokenDescriptor); | |
| var tokenString = tokenHandler.WriteToken(token); | |
| return tokenString; | |
| } | |
| public static string BuildUrlEncodedEmailVerifyJWT(HttpRequestBase Request, string nameIdentifier, Lifetime lifetime) | |
| { | |
| var tokenDescriptor = new SecurityTokenDescriptor | |
| { | |
| Subject = new ClaimsIdentity(new Claim[] | |
| { | |
| new Claim(ClaimTypes.NameIdentifier, nameIdentifier), | |
| new Claim(WellKnown_NortonAction,WellKnown_VerifyAccountEmailAction), | |
| }), | |
| TokenIssuerName = "Norton", | |
| AppliesToAddress = "https://www.norton.com", | |
| Lifetime = lifetime, | |
| SigningCredentials = new SigningCredentials( | |
| new InMemorySymmetricSecurityKey(EncryptionKey), | |
| "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", | |
| "http://www.w3.org/2001/04/xmlenc#sha256"), | |
| }; | |
| var tokenHandler = new JwtSecurityTokenHandler(); | |
| var token = tokenHandler.CreateToken(tokenDescriptor); | |
| var tokenString = tokenHandler.WriteToken(token); | |
| byte[] tokenBytes = Encoding.UTF8.GetBytes(tokenString); | |
| var tokenBytesEncoded = HttpServerUtility.UrlTokenEncode(tokenBytes); | |
| return tokenString; | |
| } | |
| static byte[] _encryptionKey; | |
| public static byte[] EncryptionKey | |
| { | |
| get | |
| { | |
| if (_encryptionKey == null) | |
| { | |
| string originalString = "664b9909-71c1-432c-b655-553ae2e2b5eb"; | |
| Guid key = Guid.Parse(originalString); | |
| byte[] myUnprotectedBytes = Encoding.UTF8.GetBytes(originalString); | |
| byte[] myProtectedBytes = MachineKey.Protect(myUnprotectedBytes, originalString); | |
| var urlProtected = HttpServerUtility.UrlTokenEncode(myProtectedBytes); | |
| var symmetricKey = Encoding.UTF8.GetBytes(urlProtected); | |
| _encryptionKey = key.ToByteArray(); | |
| } | |
| return _encryptionKey; | |
| } | |
| } | |
| static SigningCredentials _signingCredentials ; | |
| public static SigningCredentials SigningCredentials | |
| { | |
| get | |
| { | |
| if (_signingCredentials == null) | |
| { | |
| _signingCredentials = new SigningCredentials( | |
| new InMemorySymmetricSecurityKey(EncryptionKey), | |
| "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", | |
| "http://www.w3.org/2001/04/xmlenc#sha256"); | |
| } | |
| return _signingCredentials; | |
| } | |
| } | |
| public static bool IsLocalIpAddress(string host) | |
| { | |
| try | |
| { // get host IP addresses | |
| IPAddress[] hostIPs = Dns.GetHostAddresses(host); | |
| // get local IP addresses | |
| IPAddress[] localIPs = Dns.GetHostAddresses(Dns.GetHostName()); | |
| // test if any host IP equals to any local IP or to localhost | |
| foreach (IPAddress hostIP in hostIPs) | |
| { | |
| // is localhost | |
| if (IPAddress.IsLoopback(hostIP)) return true; | |
| // is local address | |
| foreach (IPAddress localIP in localIPs) | |
| { | |
| if (hostIP.Equals(localIP)) return true; | |
| } | |
| } | |
| } | |
| catch { } | |
| return false; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment