Authenticate users with JWT (JSON Web Tokens) with .Net and TypeScript

When creating web applications, it is a common thing to provide a user login function.
And when creating user logins it is required to authenticate them probably using a token which contain the user session data and user role data.

When considering the token creation and authenticate it there are several ways and technologies to do and in this blog I would like to explain how to create token and validate it using JWT (JSON Web Tokens). Read about JWT from here

There are several packages in NuGet store that provide JWT features and in this article I'm going to use System.IdentityModel.Tokens.Jwt 

Install this in your project using the NuGet package manager.

Ok, now let's get started.

1.     Create token

Let's create a class to create token when user log in to the system. 
Create a hased key of SHA256 to use when crating the token. 

using System;
using System.Text;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.IdentityModel.Tokens;

 private const string Secret = "your secret key"; (24 characters in length)
static JwtSecurityTokenHandler tokenhandler = null;

 public static string GenerateToken(string Username, int Id, short TerminalId)
{
    try
    {
        var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Secret));
        var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);

         var header = new JwtHeader(credentials);
        var payload = new JwtPayload
        {
            { "Username", Username },
            { "Id", Id.ToString() },
            { "TerminalId", TerminalId.ToString() },
            { "ExpireOn", DateTime.UtcNow.AddYears(1) }
        };

         var secToken = new JwtSecurityToken(header, payload);
        if (tokenhandler == null)
        {
            tokenhandler = new JwtSecurityTokenHandler();
        }
        tokenhandler = new JwtSecurityTokenHandler();

         var token = tokenhandler.WriteToken(secToken);
        return token;
    }
    catch (Exception ex)
    {
        Logger.Logger.LogError(ex);
        throw;
    }
}


        2. Class to managed logged users

In this scenario I have created a class to save the information about the logged users. So I don't have to retrieve those from the database every time. 

public sealed class LoggedUsers
{
    private static List<string> loggedUsers = null;

     public static void AddLoggedUser(string username)
    {
        if (loggedUsers == null)
        {
            loggedUsers = new List<string>();
        }

         if (!loggedUsers.Contains(username))
        {
            loggedUsers.Add(username);
        }
    }

     public static bool IsLoggedUser(string username)
    {
        if (loggedUsers.Contains(username))
        {
            return true;
        }
        return false;
    }
}

          3. Validate Token

This class will use to validate the created token.

public static bool IsTokenValid(string token)
{
    if (tokenhandler == null)
    {
        tokenhandler = new JwtSecurityTokenHandler();
    }
    var userToken = tokenhandler.ReadJwtToken(token);
    if (userToken != null && userToken.Payload != null)
    {
        if (string.IsNullOrEmpty(userToken.Payload["Username"].ToString())
            || string.IsNullOrEmpty(userToken.Payload["ExpireOn"].ToString()))
        {
            return false;
        }
        var isLoggedUser = LoggedUsers.IsLoggedUser(userToken.Payload["Username"].ToString());
        var tokenExpireOn = DateTime.Parse(userToken.Payload["ExpireOn"].ToString());
        if (isLoggedUser && tokenExpireOn > DateTime.Now)
        {
            return true;
        }
        else
        {
            return false;
        }
    }
    else
    {
        return false;
    }
}

     4. Custom Attribute to Authorize request

I have created a custom attribute so when the request comes with the token to the controller method, we can check the validation and authenticate user or we can deny the request.

[AttributeUsage(AttributeTargets.Method, AllowMultiple = false, Inherited = false)]
public class AuthorizeUserAttribute : AuthorizeAttribute
{
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var userToken = httpContext.Request.Headers["Authorization"];
        var tokenValid = UserTokenManager.IsTokenValid(userToken);
        if (!tokenValid)
        {
            httpContext.Response.AppendHeader("AuthorizeUser", "UnAuthorized");
        }
        return tokenValid;
    }
}

In .Net 4.7 I have found that the overriding method has been changed.
If you are using .Net 4.7 and upper, you have to use this as bellow:

[AttributeUsage(AttributeTargets.Method, AllowMultiple = false, Inherited = false)]
    public class AuthorizeUserAttribute : AuthorizeAttribute
    {
        protected override bool IsAuthorized(HttpActionContext httpContext)
try
            {
                var header = httpContext.Request.Headers;
                var authValue = httpContext.Request.Headers.Where(a => a.Key == "AuthToken").FirstOrDefault().Value;
                if (authValue != null)
                {
                    var token = authValue.First();
                    var tokenValid = TokenHandler.IsTokenValid(token);
                    if (!tokenValid)
                    {
                        if (httpContext.Response == null)
                            httpContext.Response = new HttpResponseMessage();
                        httpContext.Response.Headers.Add("AuthorizeUser", "UnAuthorized");
                    }
                    return tokenValid;
                }
                return true;
            }
            catch (Exception)
            {
                throw;
            }
        }
    }


Read More about creating custom attributes: https://docs.microsoft.com/en-us/dotnet/standard/attributes/writing-custom-attributes

     5. Save token in localstorage

When the token is created we have to store it in the front end because we have to send it with every request to authenticate the user. 
So I have saved it in the local storage.  

private LogIn(){
    let login = this.CreateLogInObject();
    self.userLogInService.LogIn(login, function (result: ResultObject) {
        if(result != null){
            if(result.State == 200 && result.ResultData != null){
                localStorage.setItem("Token", result.ResultData);
            }
        }
    });
}

      6. Send request to server with the token

We are all set now. From now onwards we have to send the token with every request within the ajax call when calling the server and we are going to send it within the header section off the request. 

public TestUserAuthentication = (callback: any) => {
    $.ajax({
        url: '/Login/TestUserAuthentication',
        type: 'GET',
        dataType: 'JSON',
        headers: {"Authorization": localStorage.getItem('Token')},
        success: function (data: ResultObject) {
            callback(data);
        },
        error: function (error) {
            let result = new ResultObject();
            if(error.getResponseHeader("authorizeuser") != undefined || error.getResponseHeader("authorizeuser") != null){
                if(error.getResponseHeader("authorizeuser") == "UnAuthorized"){
                    result.State = 403;
                }else{
                    result.State = 500;
                }
            }
            callback(result);
        }
    });
}

Happy Coding, Peace..

Comments

Post a Comment

Popular posts from this blog

Deploy Angular 8 app to Azure with Azure DevOps

Image
1. Create a Azure Web App. Use the following Configurations:      Runtime Stack: ASP.NET V4.7      Operating System: Windows You can select your own subscription plan, resource group and region.  2. Create a Git repository to hold the Angular app 2.1. Initialize your angular application 2.2. Commit and Push the code.  3. Create a Pipeline in Azure DevOps.  3.1. Login to the Azure DevOps. ( https://dev.azure.com/ ) 3.2. Create a project:          I'll select Private as visibility and Git as Version control.  NOTE: Azure DevOps provides different features.               For this task we are going to focus on Pipelines.  4. Pipeline Part 1: Integrate Git  From the Connect section select: Use the classic editor. 4.1. Select a Source as GitHub and authenticate with your GitHub account using OAuth.  4.2. Select your repository which holds the angular app. 4.3. Select the branch. This is the branch that Azure DevOps will
Read more

Apache ActiveMQ 5 with .Net Core 3.1 and C#

Image
Hi All..   In this post I'm going to explain how to use Apache ActiveMQ 5 (which is a popular Java based messaging server) for .Net Core 3.0+ with C#.  Let's get started. Prerequisites 1. Visual Studio (I'll be using 2019 Community)  2. .Net Core framework (I'll be using 3.1) 3. Java JDK or JRE Installed and Java Environment variable has been set (Since I'm doing in a Windows 10 computer)  Ok.. If you have the above requirements then let's get start the actual work. 1. Download and install ActiveMQ 5  Go to http://activemq.apache.org/components/classic/download/ and download according to your operating system.  I'll download .zip package for Windows 2. Copy the .zip file and put it inside a folder as you like or install with the installers if you download the installer.  If you got the .zip file like me; then extract it inside the folder that you paste the .zip file Then you will get a folder with the ActiveMQ package  3. Start the Active MQ Server  Open th
Read more

Firebase with.Net Core and C#

Image
Hi folks, Are you developing web applications with .net ? Are you supporting mobile applications to communicate with your applications ? Are you thinking of providing realtime capabilities with your apps? Then I suggest you to read on Firebase Real-Time Dataabses by Google. " The Firebase Realtime Database is a cloud-hosted database. Data is stored as JSON and synchronized in realtime to every connected client. " - Google Firebase Team Read more:  https://firebase.google.com/docs/database/ In this post I'm going to discuss what is firebase but I'm going to discuss how to work with it with .Net C#. Firebase doesn't provide a separate library or a nugget to work with .Net, so you might find this bit tricky when you have to work with it from the backend. Senario To demonstrate the solution I will create a scenario. In my scenario we have created a video call function (which is implemented with OpenTok library) and it allows users to create sessions and i
Read more