<%@ WebHandler Language="C#" Class="validGoogleLogin" %> using System; using System.Web; using Google.Apis.Auth; using System.Runtime.Serialization.Json; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using System.Web.Services.Protocols; using System.Security.Cryptography; using System.Text; using System.Web.SessionState; using System.Data; using System.Threading.Tasks; using System.Threading; using System.Collections.Generic; public class validGoogleLogin : System.Web.HttpTaskAsyncHandler { public override async System.Threading.Tasks.Task ProcessRequestAsync(HttpContext context) { result objRet = new result(); DataContractJsonSerializer json = new DataContractJsonSerializer(objRet.GetType()); context.Response.ContentType = "application/json;charset=utf-8"; string jwt = (context.Request["jwt"] == null) ? "" : context.Request["jwt"].ToString();//回傳憑證 string remember = (context.Request["rem"] == null) ? "N" : context.Request["rem"].ToString(); if (jwt == "") { objRet.ret = "no"; objRet.err_code = "0001"; objRet.message = "無JWT資料可以登入!"; json.WriteObject(context.Response.OutputStream, objRet); return; } //validate it using Google.Apis.Auth (null if invalid) //var validPayload = await GoogleJsonWebSignature.ValidateAsync(jwt); GoogleJsonWebSignature.Payload payload = await ValidateGoogleTokenAsync(jwt); if (payload == null) { objRet.ret = "no"; objRet.err_code = "0002"; objRet.message = "JWT驗證失敗!"; json.WriteObject(context.Response.OutputStream, objRet); return; } string googleID = System.Web.Configuration.WebConfigurationManager.AppSettings["googleOAuthID"].ToString(); string audience = payload.Audience.ToString(); if (audience != googleID) { objRet.ret = "no"; objRet.err_code = "0003"; objRet.message = "JWT驗證失敗!"; json.WriteObject(context.Response.OutputStream, objRet); return; } string userId = payload.Subject; string email = payload.Email; string name = payload.Name; string user_sql = string.Format("select * from users where user_email = '{0}' and user_onjob = 'Y'", email); autoBindDataTable objUser = new autoBindDataTable(user_sql); if (objUser.dataRows.Count == 0) { objRet.ret = "no"; objRet.err_code = "0004"; objRet.message = "無此Email帳號於PRM系統中，請直屬主管加入!"; json.WriteObject(context.Response.OutputStream, objRet); return; } string token_key = CreateRandomCode(36); string user_uid = objUser.dataRows[0]["user_uid"].ToString(); string id = objUser.dataRows[0]["user_id"].ToString(); autoBindDataTable dataToken = new autoBindDataTable("select * from token where token_sn = -1"); DataRow rowToken = dataToken.newRow; dataToken.dataRows.Add(rowToken); rowToken["token_key"] = token_key; rowToken["user_uid"] = user_uid; rowToken["token_isremember"] = remember; rowToken["token_expireddate"] = DateTime.Now.AddMinutes(60); HttpCookie tokenCookie = new HttpCookie("token"); HttpCookie idCookie = new HttpCookie("id"); tokenCookie["token"] = token_key; tokenCookie["uid"] = user_uid; idCookie["id"] = id; idCookie.Expires = DateTime.Now.AddDays(31); if (remember == "Y") { tokenCookie.Expires = DateTime.Now.AddDays(10); rowToken["token_expireddate"] = DateTime.Now.AddDays(10); } dataToken.updateDataTable(); context.Response.Cookies.Add(tokenCookie); context.Response.Cookies.Add(idCookie); objRet.ret = "yes"; json.WriteObject(context.Response.OutputStream, objRet); } private static async Task ValidateGoogleTokenAsync(string idToken) { try { var payload = await GoogleJsonWebSignature.ValidateAsync(idToken); if (payload == null || string.IsNullOrEmpty(payload.Email)) throw new UnauthorizedAccessException("Invalid Google Token"); return payload; } catch (Exception ex){ string exM = ex.Message; throw new UnauthorizedAccessException("Invalid Google Token"); return null; } } public string CreateRandomCode(int Number) { string allChar = "0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z"; string[] allCharArray = allChar.Split(','); string randomCode = ""; Random rand = new Random(Guid.NewGuid().GetHashCode()); for (int i = 0; i <= Number - 1; i++) { int t = rand.Next(allCharArray.Length); randomCode += allCharArray[t]; } return randomCode; } public class result { public string ret = "no"; public string err_code = "0000"; public string message = ""; } public bool IsReusable { get { return false; } } }