private OutgoingWebResponse GetResponse(IRequest request, CreateAccessToken jsonRequest)
{
var authZServer = new AuthorizationServer(OAuthorizationServer);
if (request.ContentType == MimeTypes.Json)
{
// Request is coming from A JSON client
return(authZServer.HandleTokenRequest(ConvertJsonRequestToFormRequest(request, jsonRequest)));
}
// Request is likely coming from DNOA client
return(authZServer.HandleTokenRequest((HttpRequestBase)request.OriginalRequest));
}
public ActionResult Issue()
{
var authorizationServer = new AuthorizationServer(new AuthorizationServerHost());
var response = authorizationServer.HandleTokenRequest(Request).AsActionResult();
return(response);
}
protected void Page_Load(object sender, EventArgs e)
{
if (!Request.IsSecureConnection)
{
throw new HttpException((int)HttpStatusCode.Forbidden, "Authorization requests MUST be on a secure channel");
}
if (String.IsNullOrEmpty(Request.PathInfo))
{
AuthorizationServer authorizationServer = new AuthorizationServer(new OAuth2AuthorizationServer());
OutgoingWebResponse wr = authorizationServer.HandleTokenRequest();
Response.Clear();
Response.ContentType = "application/json; charset=utf-8";
Response.Write(wr.Body);
Response.End();
}
else
{
using (OAuthServiceCall service = new OAuthServiceCall(Request))
{
Response.Clear();
Response.ContentType = service.ContentType;
service.Execute(Response.OutputStream);
Response.End();
}
}
}
// POST /token
public HttpResponseMessage AccessToken(HttpRequestMessage request)
{
var authServer = new AuthorizationServer(new OAuth2AuthorizationServer());
var message = authServer.HandleTokenRequest(request);
return(message.AsHttpResponseMessage());
}
public HttpResponseMessage Post([FromBody] OAuth2Token request)
{
var result = _authServer.HandleTokenRequest(Request.GetRequestBase());
return(new HttpResponseMessage
{
Content = new StringContent(result.Body, Encoding.UTF8, "application/json")
});
}
//[Authorize]
public ActionResult Token()
{
// var authorizationRequest = Session["AuthorizationRequest"] as EndUserAuthorizationRequest;
var response = authorizationServer.HandleTokenRequest(Request);
//here you need to save the tokens for the specific user and client before sending it
return(response.AsActionResult());
}
/// <summary>
/// The OAuth 2.0 token endpoint.
/// </summary>
/// <returns>The response to the Client.</returns>
public ActionResult Token()
{
using (OAuth2AuthorizationServer server = (new OAuth2AuthorizationServer(new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToPfx"], ConfigurationManager.AppSettings["CertificatePassword"]),
new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToCertificate"]))))
{
AuthorizationServer authorizationServer = new AuthorizationServer(server);
OutgoingWebResponse response = authorizationServer.HandleTokenRequest(this.Request);
return(response.AsActionResult());
}
}
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (!Request.IsSecureConnection)
{
throw new HttpException((int)HttpStatusCode.Forbidden, "Authorization requests MUST be on a secure channel");
}
if (String.IsNullOrEmpty(Request.PathInfo))
{
AuthorizationServer authorizationServer = new AuthorizationServer(new OAuth2AuthorizationServer());
OutgoingWebResponse wr = authorizationServer.HandleTokenRequest();
Response.Clear();
Response.ContentType = "application/json; charset=utf-8";
Response.Write(wr.Body);
Response.End();
}
else
{
using (OAuthServiceCall service = new OAuthServiceCall(Request))
{
Response.Clear();
Response.ContentType = service.ContentType;
service.Execute(Response.OutputStream);
Response.End();
}
}
}
catch (Exception ex)
{
var o = Request.Params["dbg"];
if (o != null)
{
Response.Clear();
Response.ContentType = "text/plain";
Response.ContentEncoding = System.Text.Encoding.UTF8;
Response.Write("Error: " + ex.Message + "\r\n");
Response.Write(ex.ToStringDescriptive() + "\r\n");
Response.Flush();
Response.End();
}
else
{
throw;
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (!Request.IsSecureConnection)
{
throw new HttpException((int)HttpStatusCode.Forbidden, "Authorization requests MUST be on a secure channel");
}
if (String.IsNullOrEmpty(Request.PathInfo))
{
AuthorizationServer authorizationServer = new AuthorizationServer(new OAuth2AuthorizationServer());
OutgoingWebResponse wr = authorizationServer.HandleTokenRequest();
Response.Clear();
Response.ContentType = "application/json; charset=utf-8";
Response.Write(wr.Body);
HttpContext.Current.Response.Flush(); // Sends all currently buffered output to the client.
HttpContext.Current.Response.SuppressContent = true; // Gets or sets a value indicating whether to send HTTP content to the client.
HttpContext.Current.ApplicationInstance.CompleteRequest(); // Causes ASP.NET to bypass all events and filtering in the HTTP pipeline chain of execution and directly execute the EndRequest event.
}
else
{
using (OAuthServiceCall service = new OAuthServiceCall(Request))
{
Response.Clear();
Response.ContentType = service.ContentType;
service.Execute(Response.OutputStream);
HttpContext.Current.Response.Flush(); // Sends all currently buffered output to the client.
HttpContext.Current.Response.SuppressContent = true; // Gets or sets a value indicating whether to send HTTP content to the client.
HttpContext.Current.ApplicationInstance.CompleteRequest(); // Causes ASP.NET to bypass all events and filtering in the HTTP pipeline chain of execution and directly execute the EndRequest event.
}
}
}
catch (Exception ex)
{
Response.Clear();
Response.ContentType = "text/plain";
Response.StatusCode = (int)HttpStatusCode.InternalServerError;
Response.ContentEncoding = System.Text.Encoding.UTF8;
Response.Write("Error: " + ex.Message + "\r\n");
Response.Write(ex.ToStringDescriptive() + "\r\n");
Response.Flush();
Response.End();
}
}
/// <summary>
/// Create a request token from the request.
/// </summary>
/// <param name="httpRequest">The current http request.</param>
/// <param name="rawUri">A System.Uri object containing information regarding the URL of the current request.</param>
/// <param name="queryString">The collection of HTTP query string variables.</param>
/// <param name="form">The collection of form variables.</param>
/// <param name="headers">The collection of HTTP headers.</param>
/// <param name="cookies">The collection of cookies sent by the client.</param>
/// <param name="responseHeaders">The response headers for the request.</param>
/// <param name="returnType">The type of response to return.</param>
/// <returns>The token if successful; else null.</returns>
private object CreateToken(HttpRequestBase httpRequest, Uri rawUri, NameValueCollection queryString,
NameValueCollection form, NameValueCollection headers, HttpCookieCollection cookies,
out System.Net.WebHeaderCollection responseHeaders, int returnType)
{
OutgoingWebResponse outgoingWebResponse = null;
AccessTokenSuccessResponse accessTokenSuccessResponse = null;
IProtocolMessage message = null;
string codeKey = null;
string refreshToken = null;
string clientID = null;
string nonce = null;
try
{
// Make sure that all the passed parameters are valid.
if (httpRequest == null)
{
throw new ArgumentNullException("httpRequest");
}
if (rawUri == null)
{
throw new ArgumentNullException("rawUri");
}
if (queryString == null)
{
throw new ArgumentNullException("queryString");
}
if (form == null)
{
throw new ArgumentNullException("form");
}
if (headers == null)
{
throw new ArgumentNullException("headers");
}
if (cookies == null)
{
throw new ArgumentNullException("cookies");
}
// Set the crytography key store values.
_authorizationServer.AuthorizationServerServices.CryptoKeyStore.ExpiryDateTime = DateTime.UtcNow.AddYears(1);
_authorizationServer.AuthorizationServerServices.CryptoKeyStore.GetCodeKey = true;
// Attempt to find the 'code' parameter in the form.
IEnumerable <string> codeKeys = form.AllKeys.Where(u => u.EndsWith("code"));
if (codeKeys == null || codeKeys.Count() < 1)
{
// Attempt to find the 'code' parameter in the query string.
if (queryString != null || queryString.Keys.Count > 0)
{
if (queryString["code"] != null)
{
codeKey = queryString["code"];
}
}
}
else
{
codeKey = form["code"];
}
// If a code value exists.
if (!String.IsNullOrEmpty(codeKey))
{
// Get the nonce data for the code value.
nonce = _tokenStore.GetNonce(codeKey);
}
// Attempt to find the 'refresh_token' parameter in the form.
IEnumerable <string> refreshTokens = form.AllKeys.Where(u => u.EndsWith("refresh_token"));
if (refreshTokens == null || refreshTokens.Count() < 1)
{
// Attempt to find the 'refresh_token' parameter in the query string.
if (queryString != null || queryString.Keys.Count > 0)
{
if (queryString["refresh_token"] != null)
{
refreshToken = queryString["refresh_token"];
}
}
}
else
{
refreshToken = form["refresh_token"];
}
// Pass a refresh token
if (!String.IsNullOrEmpty(refreshToken))
{
string clientIdentifier = null;
string clientSecret = null;
// Get the refresh token data from the http request.
_oAuthAuthorizationServer.GetRefreshTokenData(queryString, form, out clientIdentifier, out clientSecret);
// Get the nonce data for the code value.
nonce = _tokenStore.GetNonce(refreshToken, clientIdentifier, clientSecret);
}
// Handles an incoming request to the authorization server's token endpoint.
message = _authorizationServer.HandleTokenRequest(nonce, out clientID, out accessTokenSuccessResponse, httpRequest);
// Set the crytography key store values after finding the client identifier.
_authorizationServer.AuthorizationServerServices.CryptoKeyStore.ClientIndetifier = clientID;
// Handles an incoming request to the authorization server's token endpoint.
outgoingWebResponse = _authorizationServer.HandleTokenRequestPrepareResponse(message);
// Update the access token.
if (accessTokenSuccessResponse != null)
{
if (!String.IsNullOrEmpty(accessTokenSuccessResponse.AccessToken))
{
_tokenStore.UpdateAccessToken(accessTokenSuccessResponse.AccessToken, nonce, accessTokenSuccessResponse.RefreshToken);
}
}
// What type should be returned.
switch (returnType)
{
case 0:
// The complete html body.
responseHeaders = outgoingWebResponse.Headers;
return(outgoingWebResponse.Body);
default:
// Default is html body.
responseHeaders = outgoingWebResponse.Headers;
return(outgoingWebResponse.Body);
}
}
catch (Exception ex)
{
// Get the current token errors.
responseHeaders = null;
_tokenError = ex.Message;
return(null);
}
}
/// <summary>
/// The OAuth 2.0 token endpoint.
/// </summary>
/// <returns>The response to the Client.</returns>
public ActionResult Token()
{
var authorizationServer = new AuthorizationServer(new OAuth2AuthorizationServerHost());
return(authorizationServer.HandleTokenRequest(this.Request).AsActionResultMvc5());
}