using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.Extensions.DependencyInjection; using Microsoft.IdentityModel.Tokens; using System; using System.IdentityModel.Tokens.Jwt; using System.Linq; using System.Security.Claims; namespace Infrastructure.Web { public class JwtTokenValidator : ISecurityTokenValidator { private readonly IServiceProvider _serviceProvider; public JwtTokenValidator(IServiceProvider serviceProvider) { this._serviceProvider = serviceProvider; } public bool CanValidateToken => true; public int MaximumTokenSizeInBytes { get; set; } public bool CanReadToken(string securityToken) => true; public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { try { validatedToken = new JwtSecurityTokenHandler().ReadJwtToken(securityToken); var claims = (validatedToken as JwtSecurityToken).Claims.ToList(); var userName = claims.FirstOrDefault(o => o.Type == ClaimTypes.Name).Value; using var scope = this._serviceProvider.CreateScope(); var userService = scope.ServiceProvider.GetService(); var organId = claims.FirstOrDefault(o => o.Type == ClaimTypes.UserData)?.Value; if (!string.IsNullOrEmpty(organId)) { var organs = userService.GetOrgans(userName); if (!organs.Any(o => o == organId)) { validatedToken = null; return null; } } var claims2 = userService.GetRoles(userName,organId); claims.AddRange(claims2); return new ClaimsPrincipal(new ClaimsIdentity(claims, JwtBearerDefaults.AuthenticationScheme)); } catch (Exception ex) { validatedToken = null; Console.WriteLine(ex.ToString()); } return null; } } }