Passa al contenuto principale

Class JwtAuth

Namespace: TecnoPack.WebServer.JWT
Assembly: CO0002_Templ_FlowpackHMI_V00_26_M.dll

Provides helper methods for generating and validating JSON Web Tokens (JWTs) used for authentication and authorization within the web server.

public static class JwtAuth

Inheritance

object ← JwtAuth

Fields

ACCESS_TOKEN_DURATION_S

The default lifetime of an access token, expressed in seconds.

public const int ACCESS_TOKEN_DURATION_S = 1800

Field Value

int

ACCESS_TOKEN_KEY

The cookie key under which the access token is stored in client requests.

public const string ACCESS_TOKEN_KEY = "accessToken"

Field Value

string

COOKIE_HEADER

The name of the HTTP header used to retrieve cookie values from incoming requests.

public const string COOKIE_HEADER = "Cookie"

Field Value

string

REFRESH_TOKEN_DURATION_S

The default lifetime of a refresh token, expressed in seconds (seven days).

public const int REFRESH_TOKEN_DURATION_S = 604800

Field Value

int

REFRESH_TOKEN_KEY

The cookie key under which the refresh token is stored in client requests.

public const string REFRESH_TOKEN_KEY = "refreshToken"

Field Value

string

Methods

ExtractAuthorizationToken(HttpContextBase)

Retrieves the access token from the incoming request's cookies.

public static string ExtractAuthorizationToken(HttpContextBase ctx)

Parameters

ctx HttpContextBase

The current HTTP context.

Returns

string

The raw access token string.

Exceptions

UnauthorizedAccessException

Thrown when the access-token cookie is missing or malformed.

ExtractRefreshToken(HttpContextBase)

Retrieves the refresh token from the incoming request's cookies.

public static string ExtractRefreshToken(HttpContextBase ctx)

Parameters

ctx HttpContextBase

The current HTTP context.

Returns

string

The raw refresh token string.

Exceptions

UnauthorizedAccessException

Thrown when the refresh-token cookie is missing or malformed.

GenerateAccessToken(string, int, int)

Generates a signed JSON Web Token (JWT) representing an access token.

public static string GenerateAccessToken(string username, int level, int seconds = 1800)

Parameters

username string

The username or subject identifier to include in the token.

level int

The authentication or authorization level assigned to the user.

seconds int

The lifetime of the access token in seconds. Defaults to .

Returns

string

A signed JWT string containing the user's identity, authorization level, and expiration timestamp.

Remarks

The access token expires 30 minutes from the time it is generated.

GenerateAccessTokenCookieHeader(string, int, int)

Creates a Set-Cookie header containing a newly generated access token.

public static (string name, string value) GenerateAccessTokenCookieHeader(string username, int level, int seconds = 1800)

Parameters

username string

The username to embed in the access token.

level int

The authorization level assigned to the user.

seconds int

Optional custom expiration duration for the access token, in seconds. Defaults to .

Returns

(string name, string value)

A tuple representing the header name and value required to set the access-token cookie.

GenerateEmptyAccessTokenCookieHeader()

Creates a Set-Cookie header that clears the access-token cookie on the client.

public static (string name, string value) GenerateEmptyAccessTokenCookieHeader()

Returns

(string name, string value)

A tuple representing the header name and value required to remove the access-token cookie from the client.

Remarks

The generated cookie matches the original access-token cookie scope and immediately expires it by setting Max-Age to zero and an Expires date in the past. This method must be used server-side, as the cookie is marked HttpOnly.

GenerateEmptyRefreshTokenCookieHeader()

Creates a Set-Cookie header that clears the refresh-token cookie on the client.

public static (string name, string value) GenerateEmptyRefreshTokenCookieHeader()

Returns

(string name, string value)

A tuple representing the header name and value required to remove the refresh-token cookie from the client.

Remarks

The generated cookie matches the original refresh-token cookie scope and immediately expires it by setting Max-Age to zero and an Expires date in the past. This method must be invoked server-side, as the cookie is marked HttpOnly.

GenerateRefreshToken(string, int)

Generates a signed JSON Web Token (JWT) representing a refresh token.

public static string GenerateRefreshToken(string username, int seconds = 604800)

Parameters

username string

The username or subject identifier to include in the token.

seconds int

The lifetime of the refresh token in seconds. Defaults to .

Returns

string

A signed JWT string containing the user's identity and an expiration timestamp. The token includes a type claim with the value refresh.

GenerateRefreshTokenCookieHeader(string, int)

Creates a Set-Cookie header containing a newly generated refresh token.

public static (string name, string value) GenerateRefreshTokenCookieHeader(string username, int seconds = 604800)

Parameters

username string

The username to embed in the refresh token.

seconds int

Optional custom expiration duration for the refresh token, in seconds. Defaults to .

Returns

(string name, string value)

A tuple representing the header name and value required to set the refresh-token cookie.

ValidateAndExtractPayload(HttpContextBase)

Validates the access token found in the incoming request and returns its decoded payload.

public static IDictionary<string, object> ValidateAndExtractPayload(HttpContextBase ctx)

Parameters

ctx HttpContextBase

The current HTTP context containing the request.

Returns

IDictionary<string, object>

A dictionary of claims extracted from the validated access token.

Exceptions

UnauthorizedAccessException

Thrown when the access token is missing, expired, or fails validation.

ValidateToken(string)

Validates and decodes a JWT token.

public static IDictionary<string, object> ValidateToken(string token)

Parameters

token string

The token to validate and decode.

Returns

IDictionary<string, object>

A dictionary containing the token's decoded claims if the token is valid.

Remarks

The signature is verified and token expiration is enforced.
On success, the method returns all claims included in the original token.

Exceptions

UnauthorizedAccessException

Thrown when the token is expired or has an invalid signature.

  • Fields
    • ACCESS_TOKEN_DURATION_S
    • ACCESS_TOKEN_KEY
    • COOKIE_HEADER
    • REFRESH_TOKEN_DURATION_S
    • REFRESH_TOKEN_KEY
  • Methods
    • ExtractAuthorizationToken(HttpContextBase)
    • ExtractRefreshToken(HttpContextBase)
    • GenerateAccessToken(string, int, int)
    • GenerateAccessTokenCookieHeader(string, int, int)
    • GenerateEmptyAccessTokenCookieHeader()
    • GenerateEmptyRefreshTokenCookieHeader()
    • GenerateRefreshToken(string, int)
    • GenerateRefreshTokenCookieHeader(string, int)
    • ValidateAndExtractPayload(HttpContextBase)
    • ValidateToken(string)