├── .gitignore ├── Controllers ├── HomeController.cs └── LoginController.cs ├── Models ├── ErrorViewModel.cs └── User.cs ├── Program.cs ├── Properties └── launchSettings.json ├── RefreshTokenAuth.csproj ├── Repositories └── UserRepository.cs ├── Services └── TokenService.cs ├── Settings.cs ├── Startup.cs ├── appsettings.Development.json └── appsettings.json /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Mono auto generated files 17 | mono_crash.* 18 | 19 | # Build results 20 | [Dd]ebug/ 21 | [Dd]ebugPublic/ 22 | [Rr]elease/ 23 | [Rr]eleases/ 24 | x64/ 25 | x86/ 26 | [Ww][Ii][Nn]32/ 27 | [Aa][Rr][Mm]/ 28 | [Aa][Rr][Mm]64/ 29 | bld/ 30 | [Bb]in/ 31 | [Oo]bj/ 32 | [Ll]og/ 33 | [Ll]ogs/ 34 | 35 | # Visual Studio 2015/2017 cache/options directory 36 | .vs/ 37 | # Uncomment if you have tasks that create the project's static files in wwwroot 38 | #wwwroot/ 39 | 40 | # Visual Studio 2017 auto generated files 41 | Generated\ Files/ 42 | 43 | # MSTest test Results 44 | [Tt]est[Rr]esult*/ 45 | [Bb]uild[Ll]og.* 46 | 47 | # NUnit 48 | *.VisualState.xml 49 | TestResult.xml 50 | nunit-*.xml 51 | 52 | # Build Results of an ATL Project 53 | [Dd]ebugPS/ 54 | [Rr]eleasePS/ 55 | dlldata.c 56 | 57 | # Benchmark Results 58 | BenchmarkDotNet.Artifacts/ 59 | 60 | # .NET Core 61 | project.lock.json 62 | project.fragment.lock.json 63 | artifacts/ 64 | 65 | # Tye 66 | .tye/ 67 | 68 | # ASP.NET Scaffolding 69 | ScaffoldingReadMe.txt 70 | 71 | # StyleCop 72 | StyleCopReport.xml 73 | 74 | # Files built by Visual Studio 75 | *_i.c 76 | *_p.c 77 | *_h.h 78 | *.ilk 79 | *.meta 80 | *.obj 81 | *.iobj 82 | *.pch 83 | *.pdb 84 | *.ipdb 85 | *.pgc 86 | *.pgd 87 | *.rsp 88 | *.sbr 89 | *.tlb 90 | *.tli 91 | *.tlh 92 | *.tmp 93 | *.tmp_proj 94 | *_wpftmp.csproj 95 | *.log 96 | *.vspscc 97 | *.vssscc 98 | .builds 99 | *.pidb 100 | *.svclog 101 | *.scc 102 | 103 | # Chutzpah Test files 104 | _Chutzpah* 105 | 106 | # Visual C++ cache files 107 | ipch/ 108 | *.aps 109 | *.ncb 110 | *.opendb 111 | *.opensdf 112 | *.sdf 113 | *.cachefile 114 | *.VC.db 115 | *.VC.VC.opendb 116 | 117 | # Visual Studio profiler 118 | *.psess 119 | *.vsp 120 | *.vspx 121 | *.sap 122 | 123 | # Visual Studio Trace Files 124 | *.e2e 125 | 126 | # TFS 2012 Local Workspace 127 | $tf/ 128 | 129 | # Guidance Automation Toolkit 130 | *.gpState 131 | 132 | # ReSharper is a .NET coding add-in 133 | _ReSharper*/ 134 | *.[Rr]e[Ss]harper 135 | *.DotSettings.user 136 | 137 | # TeamCity is a build add-in 138 | _TeamCity* 139 | 140 | # DotCover is a Code Coverage Tool 141 | *.dotCover 142 | 143 | # AxoCover is a Code Coverage Tool 144 | .axoCover/* 145 | !.axoCover/settings.json 146 | 147 | # Coverlet is a free, cross platform Code Coverage Tool 148 | coverage*.json 149 | coverage*.xml 150 | coverage*.info 151 | 152 | # Visual Studio code coverage results 153 | *.coverage 154 | *.coveragexml 155 | 156 | # NCrunch 157 | _NCrunch_* 158 | .*crunch*.local.xml 159 | nCrunchTemp_* 160 | 161 | # MightyMoose 162 | *.mm.* 163 | AutoTest.Net/ 164 | 165 | # Web workbench (sass) 166 | .sass-cache/ 167 | 168 | # Installshield output folder 169 | [Ee]xpress/ 170 | 171 | # DocProject is a documentation generator add-in 172 | DocProject/buildhelp/ 173 | DocProject/Help/*.HxT 174 | DocProject/Help/*.HxC 175 | DocProject/Help/*.hhc 176 | DocProject/Help/*.hhk 177 | DocProject/Help/*.hhp 178 | DocProject/Help/Html2 179 | DocProject/Help/html 180 | 181 | # Click-Once directory 182 | publish/ 183 | 184 | # Publish Web Output 185 | *.[Pp]ublish.xml 186 | *.azurePubxml 187 | # Note: Comment the next line if you want to checkin your web deploy settings, 188 | # but database connection strings (with potential passwords) will be unencrypted 189 | *.pubxml 190 | *.publishproj 191 | 192 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 193 | # checkin your Azure Web App publish settings, but sensitive information contained 194 | # in these scripts will be unencrypted 195 | PublishScripts/ 196 | 197 | # NuGet Packages 198 | *.nupkg 199 | # NuGet Symbol Packages 200 | *.snupkg 201 | # The packages folder can be ignored because of Package Restore 202 | **/[Pp]ackages/* 203 | # except build/, which is used as an MSBuild target. 204 | !**/[Pp]ackages/build/ 205 | # Uncomment if necessary however generally it will be regenerated when needed 206 | #!**/[Pp]ackages/repositories.config 207 | # NuGet v3's project.json files produces more ignorable files 208 | *.nuget.props 209 | *.nuget.targets 210 | 211 | # Microsoft Azure Build Output 212 | csx/ 213 | *.build.csdef 214 | 215 | # Microsoft Azure Emulator 216 | ecf/ 217 | rcf/ 218 | 219 | # Windows Store app package directories and files 220 | AppPackages/ 221 | BundleArtifacts/ 222 | Package.StoreAssociation.xml 223 | _pkginfo.txt 224 | *.appx 225 | *.appxbundle 226 | *.appxupload 227 | 228 | # Visual Studio cache files 229 | # files ending in .cache can be ignored 230 | *.[Cc]ache 231 | # but keep track of directories ending in .cache 232 | !?*.[Cc]ache/ 233 | 234 | # Others 235 | ClientBin/ 236 | ~$* 237 | *~ 238 | *.dbmdl 239 | *.dbproj.schemaview 240 | *.jfm 241 | *.pfx 242 | *.publishsettings 243 | orleans.codegen.cs 244 | 245 | # Including strong name files can present a security risk 246 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 247 | #*.snk 248 | 249 | # Since there are multiple workflows, uncomment next line to ignore bower_components 250 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 251 | #bower_components/ 252 | 253 | # RIA/Silverlight projects 254 | Generated_Code/ 255 | 256 | # Backup & report files from converting an old project file 257 | # to a newer Visual Studio version. Backup files are not needed, 258 | # because we have git ;-) 259 | _UpgradeReport_Files/ 260 | Backup*/ 261 | UpgradeLog*.XML 262 | UpgradeLog*.htm 263 | ServiceFabricBackup/ 264 | *.rptproj.bak 265 | 266 | # SQL Server files 267 | *.mdf 268 | *.ldf 269 | *.ndf 270 | 271 | # Business Intelligence projects 272 | *.rdl.data 273 | *.bim.layout 274 | *.bim_*.settings 275 | *.rptproj.rsuser 276 | *- [Bb]ackup.rdl 277 | *- [Bb]ackup ([0-9]).rdl 278 | *- [Bb]ackup ([0-9][0-9]).rdl 279 | 280 | # Microsoft Fakes 281 | FakesAssemblies/ 282 | 283 | # GhostDoc plugin setting file 284 | *.GhostDoc.xml 285 | 286 | # Node.js Tools for Visual Studio 287 | .ntvs_analysis.dat 288 | node_modules/ 289 | 290 | # Visual Studio 6 build log 291 | *.plg 292 | 293 | # Visual Studio 6 workspace options file 294 | *.opt 295 | 296 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 297 | *.vbw 298 | 299 | # Visual Studio LightSwitch build output 300 | **/*.HTMLClient/GeneratedArtifacts 301 | **/*.DesktopClient/GeneratedArtifacts 302 | **/*.DesktopClient/ModelManifest.xml 303 | **/*.Server/GeneratedArtifacts 304 | **/*.Server/ModelManifest.xml 305 | _Pvt_Extensions 306 | 307 | # Paket dependency manager 308 | .paket/paket.exe 309 | paket-files/ 310 | 311 | # FAKE - F# Make 312 | .fake/ 313 | 314 | # CodeRush personal settings 315 | .cr/personal 316 | 317 | # Python Tools for Visual Studio (PTVS) 318 | __pycache__/ 319 | *.pyc 320 | 321 | # Cake - Uncomment if you are using it 322 | # tools/** 323 | # !tools/packages.config 324 | 325 | # Tabs Studio 326 | *.tss 327 | 328 | # Telerik's JustMock configuration file 329 | *.jmconfig 330 | 331 | # BizTalk build output 332 | *.btp.cs 333 | *.btm.cs 334 | *.odx.cs 335 | *.xsd.cs 336 | 337 | # OpenCover UI analysis results 338 | OpenCover/ 339 | 340 | # Azure Stream Analytics local run output 341 | ASALocalRun/ 342 | 343 | # MSBuild Binary and Structured Log 344 | *.binlog 345 | 346 | # NVidia Nsight GPU debugger configuration file 347 | *.nvuser 348 | 349 | # MFractors (Xamarin productivity tool) working folder 350 | .mfractor/ 351 | 352 | # Local History for Visual Studio 353 | .localhistory/ 354 | 355 | # BeatPulse healthcheck temp database 356 | healthchecksdb 357 | 358 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 359 | MigrationBackup/ 360 | 361 | # Ionide (cross platform F# VS Code tools) working folder 362 | .ionide/ 363 | 364 | # Fody - auto-generated XML schema 365 | FodyWeavers.xsd 366 | 367 | ## 368 | ## Visual studio for Mac 369 | ## 370 | 371 | 372 | # globs 373 | Makefile.in 374 | *.userprefs 375 | *.usertasks 376 | config.make 377 | config.status 378 | aclocal.m4 379 | install-sh 380 | autom4te.cache/ 381 | *.tar.gz 382 | tarballs/ 383 | test-results/ 384 | 385 | # Mac bundle stuff 386 | *.dmg 387 | *.app 388 | 389 | # content below from: https://github.com/github/gitignore/blob/master/Global/macOS.gitignore 390 | # General 391 | .DS_Store 392 | .AppleDouble 393 | .LSOverride 394 | 395 | # Icon must end with two \r 396 | Icon 397 | 398 | 399 | # Thumbnails 400 | ._* 401 | 402 | # Files that might appear in the root of a volume 403 | .DocumentRevisions-V100 404 | .fseventsd 405 | .Spotlight-V100 406 | .TemporaryItems 407 | .Trashes 408 | .VolumeIcon.icns 409 | .com.apple.timemachine.donotpresent 410 | 411 | # Directories potentially created on remote AFP share 412 | .AppleDB 413 | .AppleDesktop 414 | Network Trash Folder 415 | Temporary Items 416 | .apdisk 417 | 418 | # content below from: https://github.com/github/gitignore/blob/master/Global/Windows.gitignore 419 | # Windows thumbnail cache files 420 | Thumbs.db 421 | ehthumbs.db 422 | ehthumbs_vista.db 423 | 424 | # Dump file 425 | *.stackdump 426 | 427 | # Folder config file 428 | [Dd]esktop.ini 429 | 430 | # Recycle Bin used on file shares 431 | $RECYCLE.BIN/ 432 | 433 | # Windows Installer files 434 | *.cab 435 | *.msi 436 | *.msix 437 | *.msm 438 | *.msp 439 | 440 | # Windows shortcuts 441 | *.lnk 442 | 443 | # JetBrains Rider 444 | .idea/ 445 | *.sln.iml 446 | 447 | ## 448 | ## Visual Studio Code 449 | ## 450 | .vscode/* 451 | !.vscode/settings.json 452 | !.vscode/tasks.json 453 | !.vscode/launch.json 454 | !.vscode/extensions.json 455 | -------------------------------------------------------------------------------- /Controllers/HomeController.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using Microsoft.AspNetCore.Authorization; 3 | using Microsoft.AspNetCore.Mvc; 4 | 5 | namespace RefreshTokenAuth.Controllers 6 | { 7 | [ApiController] 8 | public class HomeController : ControllerBase 9 | { 10 | [HttpGet] 11 | [Route("anonymous")] 12 | [AllowAnonymous] 13 | public string Anonymous() => "Anônimo"; 14 | 15 | [HttpGet] 16 | [Route("authenticated")] 17 | [Authorize] 18 | public string Authenticated() => String.Format("Autenticado - {0}", User.Identity.Name); 19 | 20 | [HttpGet] 21 | [Route("employee")] 22 | [Authorize(Roles = "employee,manager")] 23 | public string Employee() => "Funcionário"; 24 | 25 | [HttpGet] 26 | [Route("manager")] 27 | [Authorize(Roles = "manager")] 28 | public string Manager() => "Gerente"; 29 | } 30 | } -------------------------------------------------------------------------------- /Controllers/LoginController.cs: -------------------------------------------------------------------------------- 1 | using System.Threading.Tasks; 2 | using Microsoft.AspNetCore.Mvc; 3 | using Microsoft.IdentityModel.Tokens; 4 | using RefreshTokenAuth.Models; 5 | using RefreshTokenAuth.Repositories; 6 | using RefreshTokenAuth.Services; 7 | 8 | namespace RefreshTokenAuth.Controllers 9 | { 10 | [ApiController] 11 | public class LoginController : ControllerBase 12 | { 13 | [HttpPost] 14 | [Route("login")] 15 | public async Task> Authenticate([FromBody] User model) 16 | { 17 | var user = UserRepository.Get(model.Username, model.Password); 18 | 19 | if (user == null) 20 | return NotFound(new {message = "Usuário ou senha inválidos"}); 21 | 22 | var token = TokenService.GenerateToken(user); 23 | var refreshToken = TokenService.GenerateRefreshToken(); 24 | TokenService.SaveRefreshToken(user.Username, refreshToken); 25 | 26 | user.Password = ""; 27 | return new 28 | { 29 | user = user, 30 | token = token, 31 | refreshToken = refreshToken 32 | }; 33 | } 34 | 35 | [HttpPost] 36 | [Route("refresh")] 37 | public IActionResult Refresh(string token, string refreshToken) 38 | { 39 | var principal = TokenService.GetPrincipalFromExpiredToken(token); 40 | var username = principal.Identity.Name; 41 | var savedRefreshToken = TokenService.GetRefreshToken(username); 42 | if (savedRefreshToken != refreshToken) 43 | throw new SecurityTokenException("Invalid refresh token"); 44 | 45 | var newJwtToken = TokenService.GenerateToken(principal.Claims); 46 | var newRefreshToken = TokenService.GenerateRefreshToken(); 47 | TokenService.DeleteRefreshToken(username, refreshToken); 48 | TokenService.SaveRefreshToken(username, newRefreshToken); 49 | 50 | return new ObjectResult(new 51 | { 52 | token = newJwtToken, 53 | refreshToken = newRefreshToken 54 | }); 55 | } 56 | } 57 | } -------------------------------------------------------------------------------- /Models/ErrorViewModel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace RefreshTokenAuth.Models 4 | { 5 | public class ErrorViewModel 6 | { 7 | public string RequestId { get; set; } 8 | 9 | public bool ShowRequestId => !string.IsNullOrEmpty(RequestId); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /Models/User.cs: -------------------------------------------------------------------------------- 1 | namespace RefreshTokenAuth.Models 2 | { 3 | public class User 4 | { 5 | public int Id { get; set; } 6 | public string Username { get; set; } 7 | public string Password { get; set; } 8 | public string Role { get; set; } 9 | } 10 | } -------------------------------------------------------------------------------- /Program.cs: -------------------------------------------------------------------------------- 1 | using Microsoft.AspNetCore.Hosting; 2 | using Microsoft.Extensions.Hosting; 3 | 4 | namespace RefreshTokenAuth 5 | { 6 | public class Program 7 | { 8 | public static void Main(string[] args) 9 | { 10 | CreateHostBuilder(args).Build().Run(); 11 | } 12 | 13 | public static IHostBuilder CreateHostBuilder(string[] args) => 14 | Host.CreateDefaultBuilder(args) 15 | .ConfigureWebHostDefaults(webBuilder => 16 | { 17 | webBuilder.UseStartup(); 18 | }); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /Properties/launchSettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "iisSettings": { 3 | "windowsAuthentication": false, 4 | "anonymousAuthentication": true, 5 | "iisExpress": { 6 | "applicationUrl": "http://localhost:9814", 7 | "sslPort": 44343 8 | } 9 | }, 10 | "profiles": { 11 | "IIS Express": { 12 | "commandName": "IISExpress", 13 | "launchBrowser": true, 14 | "environmentVariables": { 15 | "ASPNETCORE_ENVIRONMENT": "Development" 16 | } 17 | }, 18 | "RefreshTokenAuth": { 19 | "commandName": "Project", 20 | "dotnetRunMessages": "true", 21 | "launchBrowser": true, 22 | "applicationUrl": "https://localhost:5001;http://localhost:5000", 23 | "environmentVariables": { 24 | "ASPNETCORE_ENVIRONMENT": "Development" 25 | } 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /RefreshTokenAuth.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | net5.0 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | <_ContentIncludedByDefault Remove="wwwroot\css\site.css" /> 14 | <_ContentIncludedByDefault Remove="wwwroot\favicon.ico" /> 15 | <_ContentIncludedByDefault Remove="wwwroot\js\site.js" /> 16 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-grid.css" /> 17 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-grid.css.map" /> 18 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-grid.min.css" /> 19 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-grid.min.css.map" /> 20 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-reboot.css" /> 21 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-reboot.css.map" /> 22 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-reboot.min.css" /> 23 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap-reboot.min.css.map" /> 24 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap.css" /> 25 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap.css.map" /> 26 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap.min.css" /> 27 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\css\bootstrap.min.css.map" /> 28 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.bundle.js" /> 29 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.bundle.js.map" /> 30 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.bundle.min.js" /> 31 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.bundle.min.js.map" /> 32 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.js" /> 33 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.js.map" /> 34 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.min.js" /> 35 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\dist\js\bootstrap.min.js.map" /> 36 | <_ContentIncludedByDefault Remove="wwwroot\lib\bootstrap\LICENSE" /> 37 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation-unobtrusive\jquery.validate.unobtrusive.js" /> 38 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation-unobtrusive\jquery.validate.unobtrusive.min.js" /> 39 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation-unobtrusive\LICENSE.txt" /> 40 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation\dist\additional-methods.js" /> 41 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation\dist\additional-methods.min.js" /> 42 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation\dist\jquery.validate.js" /> 43 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation\dist\jquery.validate.min.js" /> 44 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery-validation\LICENSE.md" /> 45 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery\dist\jquery.js" /> 46 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery\dist\jquery.min.js" /> 47 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery\dist\jquery.min.map" /> 48 | <_ContentIncludedByDefault Remove="wwwroot\lib\jquery\LICENSE.txt" /> 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /Repositories/UserRepository.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | using System.Linq; 3 | using RefreshTokenAuth.Models; 4 | 5 | namespace RefreshTokenAuth.Repositories 6 | { 7 | public static class UserRepository 8 | { 9 | public static User Get(string username, string password) 10 | { 11 | var users = new List 12 | { 13 | new User {Id = 1, Username = "batman", Password = "batman", Role = "manager"}, 14 | new User {Id = 2, Username = "robin", Password = "robin", Role = "employee"} 15 | }; 16 | 17 | return users.FirstOrDefault(x => x.Username == username && x.Password == password); 18 | } 19 | } 20 | } -------------------------------------------------------------------------------- /Services/TokenService.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.IdentityModel.Tokens.Jwt; 4 | using System.Linq; 5 | using System.Security.Claims; 6 | using System.Security.Cryptography; 7 | using System.Text; 8 | using Microsoft.IdentityModel.Tokens; 9 | using RefreshTokenAuth.Models; 10 | 11 | namespace RefreshTokenAuth.Services 12 | { 13 | public static class TokenService 14 | { 15 | public static string GenerateToken(User user) 16 | { 17 | var tokenHandler = new JwtSecurityTokenHandler(); 18 | var key = Encoding.ASCII.GetBytes(Settings.Secret); 19 | var tokenDescriptor = new SecurityTokenDescriptor 20 | { 21 | Subject = new ClaimsIdentity(new Claim[] 22 | { 23 | new Claim(ClaimTypes.Name, user.Username.ToString()), 24 | new Claim(ClaimTypes.Role, user.Role.ToString()) 25 | }), 26 | Expires = DateTime.UtcNow.AddHours(2), 27 | SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), 28 | SecurityAlgorithms.HmacSha256Signature) 29 | }; 30 | var token = tokenHandler.CreateToken(tokenDescriptor); 31 | return tokenHandler.WriteToken(token); 32 | } 33 | 34 | public static string GenerateToken(IEnumerable claims) 35 | { 36 | var tokenHandler = new JwtSecurityTokenHandler(); 37 | var key = Encoding.ASCII.GetBytes(Settings.Secret); 38 | var tokenDescriptor = new SecurityTokenDescriptor 39 | { 40 | Subject = new ClaimsIdentity(claims), 41 | Expires = DateTime.UtcNow.AddHours(2), 42 | SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), 43 | SecurityAlgorithms.HmacSha256Signature) 44 | }; 45 | var token = tokenHandler.CreateToken(tokenDescriptor); 46 | return tokenHandler.WriteToken(token); 47 | } 48 | 49 | public static string GenerateRefreshToken() 50 | { 51 | var randomNumber = new byte[32]; 52 | using var rng = RandomNumberGenerator.Create(); 53 | rng.GetBytes(randomNumber); 54 | return Convert.ToBase64String(randomNumber); 55 | } 56 | 57 | public static ClaimsPrincipal GetPrincipalFromExpiredToken(string token) 58 | { 59 | var tokenValidationParameters = new TokenValidationParameters 60 | { 61 | ValidateAudience = false, 62 | ValidateIssuer = false, 63 | ValidateIssuerSigningKey = true, 64 | IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Settings.Secret)), 65 | ValidateLifetime = false 66 | }; 67 | 68 | var tokenHandler = new JwtSecurityTokenHandler(); 69 | var principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out var securityToken); 70 | if (securityToken is not JwtSecurityToken jwtSecurityToken || 71 | !jwtSecurityToken.Header.Alg.Equals(SecurityAlgorithms.HmacSha256, 72 | StringComparison.InvariantCultureIgnoreCase)) 73 | throw new SecurityTokenException("Invalid token"); 74 | 75 | return principal; 76 | } 77 | 78 | private static List<(string, string)> _refreshTokens = new(); 79 | 80 | public static void SaveRefreshToken(string username, string refreshToken) 81 | { 82 | _refreshTokens.Add(new(username, refreshToken)); 83 | } 84 | 85 | public static string GetRefreshToken(string username) 86 | { 87 | return _refreshTokens.FirstOrDefault(x => x.Item1 == username).Item2; 88 | } 89 | 90 | public static void DeleteRefreshToken(string username, string refreshToken) 91 | { 92 | var item = _refreshTokens.FirstOrDefault(x => x.Item1 == username && x.Item2 == refreshToken); 93 | _refreshTokens.Remove(item); 94 | } 95 | } 96 | } -------------------------------------------------------------------------------- /Settings.cs: -------------------------------------------------------------------------------- 1 | namespace RefreshTokenAuth 2 | { 3 | public static class Settings 4 | { 5 | public static string Secret = "fedaf7d8863b48e197b9287d492b708e"; 6 | } 7 | } -------------------------------------------------------------------------------- /Startup.cs: -------------------------------------------------------------------------------- 1 | using System.Text; 2 | using Microsoft.AspNetCore.Authentication.JwtBearer; 3 | using Microsoft.AspNetCore.Builder; 4 | using Microsoft.AspNetCore.Hosting; 5 | using Microsoft.Extensions.Configuration; 6 | using Microsoft.Extensions.DependencyInjection; 7 | using Microsoft.Extensions.Hosting; 8 | using Microsoft.IdentityModel.Tokens; 9 | 10 | namespace RefreshTokenAuth 11 | { 12 | public class Startup 13 | { 14 | public Startup(IConfiguration configuration) 15 | { 16 | Configuration = configuration; 17 | } 18 | 19 | public IConfiguration Configuration { get; } 20 | 21 | public void ConfigureServices(IServiceCollection services) 22 | { 23 | services.AddControllers(); 24 | 25 | var key = Encoding.ASCII.GetBytes(Settings.Secret); 26 | services.AddAuthentication(x => 27 | { 28 | x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; 29 | x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; 30 | }) 31 | .AddJwtBearer(x => 32 | { 33 | x.RequireHttpsMetadata = false; 34 | x.SaveToken = true; 35 | x.TokenValidationParameters = new TokenValidationParameters 36 | { 37 | ValidateIssuerSigningKey = true, 38 | IssuerSigningKey = new SymmetricSecurityKey(key), 39 | ValidateIssuer = false, 40 | ValidateAudience = false 41 | }; 42 | }); 43 | } 44 | 45 | public void Configure(IApplicationBuilder app, IWebHostEnvironment env) 46 | { 47 | if (env.IsDevelopment()) 48 | { 49 | app.UseDeveloperExceptionPage(); 50 | } 51 | else 52 | { 53 | app.UseExceptionHandler("/Home/Error"); 54 | app.UseHsts(); 55 | } 56 | 57 | app.UseHttpsRedirection(); 58 | 59 | app.UseRouting(); 60 | 61 | app.UseAuthentication(); 62 | app.UseAuthorization(); 63 | 64 | app.UseEndpoints(endpoints => 65 | { 66 | endpoints.MapControllerRoute( 67 | name: "default", 68 | pattern: "{controller=Home}/{action=Index}/{id?}"); 69 | }); 70 | } 71 | } 72 | } -------------------------------------------------------------------------------- /appsettings.Development.json: -------------------------------------------------------------------------------- 1 | { 2 | "Logging": { 3 | "LogLevel": { 4 | "Default": "Information", 5 | "Microsoft": "Warning", 6 | "Microsoft.Hosting.Lifetime": "Information" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /appsettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "Logging": { 3 | "LogLevel": { 4 | "Default": "Information", 5 | "Microsoft": "Warning", 6 | "Microsoft.Hosting.Lifetime": "Information" 7 | } 8 | }, 9 | "AllowedHosts": "*" 10 | } 11 | --------------------------------------------------------------------------------