Change to JWT inside Secure Cookie Auth
This commit is contained in:
derek.holloway
@@ -0,0 +1,54 @@
|
||||
|
||||
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Security.Claims;
|
||||
using System.Text;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
|
||||
namespace BoredCareers.Services {
|
||||
public class BoredCareersJWT {
|
||||
public static string GenereateJWTToken(int accountID, bool StayLoggedIn) {
|
||||
var tokenHandler = new JwtSecurityTokenHandler();
|
||||
var key = Encoding.UTF8.GetBytes("your-super-secret-key");
|
||||
|
||||
var tokenDiscriptor = new SecurityTokenDescriptor {
|
||||
Subject = new ClaimsIdentity(new[] {
|
||||
new Claim(ClaimTypes.NameIdentifier, accountID.ToString()),
|
||||
new Claim(ClaimTypes.IsPersistent, StayLoggedIn.ToString())
|
||||
}),
|
||||
Expires = DateTime.UtcNow.AddMinutes(15),
|
||||
IssuedAt = DateTime.UtcNow,
|
||||
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.RsaSha512),
|
||||
Audience = "your-app",
|
||||
Issuer = "your-app"
|
||||
};
|
||||
|
||||
var token = tokenHandler.CreateToken(tokenDiscriptor);
|
||||
return tokenHandler.WriteToken(token);
|
||||
}
|
||||
|
||||
public static void SignIn(HttpResponse Response, bool StayLoggedIn, string jwt) {
|
||||
if (StayLoggedIn) {
|
||||
// Stay logged in cookie
|
||||
Response.Cookies.Append("access_token", jwt, new CookieOptions {
|
||||
Secure = true,
|
||||
HttpOnly = true,
|
||||
SameSite = SameSiteMode.Strict,
|
||||
Expires = DateTime.UtcNow.AddMinutes(15)
|
||||
});
|
||||
}
|
||||
else {
|
||||
// Session cookie
|
||||
Response.Cookies.Append("access_token", jwt, new CookieOptions {
|
||||
Secure = true,
|
||||
HttpOnly = true,
|
||||
SameSite = SameSiteMode.Strict,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
public static void SignOut(HttpResponse Response) {
|
||||
Response.Cookies.Delete("access_token");
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user