Beispiel #1
0
        /// <summary>
        /// Attempts to extract client identification/authentication information from a message.
        /// </summary>
        /// <param name="authorizationServerHost">The authorization server host.</param>
        /// <param name="requestMessage">The incoming message.</param>
        /// <param name="clientIdentifier">Receives the client identifier, if one was found.</param>
        /// <returns>The level of the extracted client information.</returns>
        public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier)
        {
            Requires.NotNull(authorizationServerHost, "authorizationServerHost");
            Requires.NotNull(requestMessage, "requestMessage");

            ClientAuthenticationModule authenticator = null;
            ClientAuthenticationResult result        = ClientAuthenticationResult.NoAuthenticationRecognized;

            clientIdentifier = null;

            foreach (var candidateAuthenticator in this.authenticators)
            {
                string candidateClientIdentifier;
                var    resultCandidate = candidateAuthenticator.TryAuthenticateClient(authorizationServerHost, requestMessage, out candidateClientIdentifier);

                ErrorUtilities.VerifyProtocol(
                    result == ClientAuthenticationResult.NoAuthenticationRecognized || resultCandidate == ClientAuthenticationResult.NoAuthenticationRecognized,
                    "Message rejected because multiple forms of client authentication ({0} and {1}) were detected, which is forbidden by the OAuth 2 Protocol Framework specification.",
                    authenticator,
                    candidateAuthenticator);

                if (resultCandidate != ClientAuthenticationResult.NoAuthenticationRecognized)
                {
                    authenticator    = candidateAuthenticator;
                    result           = resultCandidate;
                    clientIdentifier = candidateClientIdentifier;
                }
            }

            return(result);
        }
Beispiel #2
0
 /// <summary>
 /// 通过密码进行客户端验证
 /// </summary>
 /// <param name="authorizationServerHost"></param>
 /// <param name="clientIdentifier"></param>
 /// <param name="clientSecret"></param>
 /// <returns></returns>
 protected static ClientAuthenticationResult TryAuthenticateClientBySecret(IAuthorizationServerHost authorizationServerHost, string clientIdentifier, string clientSecret)
 {
     if (!string.IsNullOrEmpty(clientIdentifier))
     {
         var client = authorizationServerHost.GetClient(clientIdentifier);
         if (client != null)
         {
             if (!string.IsNullOrEmpty(clientSecret))
             {
                 if (client.IsValidClientSecret(clientSecret))
                 {
                     return(ClientAuthenticationResult.ClientAuthenticated);
                 }
                 else
                 {
                     return(ClientAuthenticationResult.ClientAuthenticationRejected);
                 }
             }
             else
             {
                 return(ClientAuthenticationResult.ClientIdNotAuthenticated);
             }
         }
         else
         {
             return(ClientAuthenticationResult.ClientAuthenticationRejected);
         }
     }
     else
     {
         return(ClientAuthenticationResult.NoAuthenticationRecognized);
     }
 }
Beispiel #3
0
		/// <summary>
		/// Attempts to extract client identification/authentication information from a message.
		/// </summary>
		/// <param name="authorizationServerHost">The authorization server host.</param>
		/// <param name="requestMessage">The incoming message.</param>
		/// <param name="clientIdentifier">Receives the client identifier, if one was found.</param>
		/// <returns>The level of the extracted client information.</returns>
		public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) {
			Requires.NotNull(authorizationServerHost, "authorizationServerHost");
			Requires.NotNull(requestMessage, "requestMessage");

			ClientAuthenticationModule authenticator = null;
			ClientAuthenticationResult result = ClientAuthenticationResult.NoAuthenticationRecognized;
			clientIdentifier = null;

			foreach (var candidateAuthenticator in this.authenticators) {
				string candidateClientIdentifier;
				var resultCandidate = candidateAuthenticator.TryAuthenticateClient(authorizationServerHost, requestMessage, out candidateClientIdentifier);

				ErrorUtilities.VerifyProtocol(
					result == ClientAuthenticationResult.NoAuthenticationRecognized || resultCandidate == ClientAuthenticationResult.NoAuthenticationRecognized,
					"Message rejected because multiple forms of client authentication ({0} and {1}) were detected, which is forbidden by the OAuth 2 Protocol Framework specification.",
					authenticator,
					candidateAuthenticator);

				if (resultCandidate != ClientAuthenticationResult.NoAuthenticationRecognized) {
					authenticator = candidateAuthenticator;
					result = resultCandidate;
					clientIdentifier = candidateClientIdentifier;
				}
			}

			return result;
		}
Beispiel #4
0
 /// <summary>
 /// Initializes a new instance of the <see cref="AuthorizationServer"/> class.
 /// </summary>
 /// <param name="authorizationServer">The authorization server.</param>
 /// <param name="clientAuthenticationModules">The list client authentication modules.</param>
 public AuthorizationServer(IAuthorizationServerHost authorizationServer, IList <ClientAuthenticationModule> clientAuthenticationModules)
 {
     this.aggregatingClientAuthenticationModule = new AggregatingClientCredentialReader(this.clientAuthenticationModules);
     this.Channel = new OAuth2AuthorizationServerChannel(authorizationServer, this.aggregatingClientAuthenticationModule);
     this.clientAuthenticationModules.AddRange(clientAuthenticationModules);
     this.ScopeSatisfiedCheck = DefaultScopeSatisfiedCheck;
 }
Beispiel #5
0
 public AuthorizationServer(IAuthorizationServerHost authorizationServer)
 {
     this.aggregatingClientAuthenticationModule = new AggregatingClientCredentialReader(this.clientAuthenticationModules);
     this.Channel = new OAuth2AuthorizationServerChannel(authorizationServer, this.aggregatingClientAuthenticationModule);
     this.clientAuthenticationModules.AddRange(OAuth2AuthorizationServerSection.Configuration.ClientAuthenticationModules.CreateInstances(true, null));
     this.ScopeSatisfiedCheck = DefaultScopeSatisfiedCheck;
 }
Beispiel #6
0
		/// <summary>
		/// Initializes a new instance of the <see cref="AuthorizationServer"/> class.
		/// </summary>
		/// <param name="authorizationServer">The authorization server.</param>
		public AuthorizationServer(IAuthorizationServerHost authorizationServer) {
			Requires.NotNull(authorizationServer, "authorizationServer");
			this.aggregatingClientAuthenticationModule = new AggregatingClientCredentialReader(this.clientAuthenticationModules);
			this.Channel = new OAuth2AuthorizationServerChannel(authorizationServer, this.aggregatingClientAuthenticationModule);
			this.clientAuthenticationModules.AddRange(OAuth2AuthorizationServerSection.Configuration.ClientAuthenticationModules.CreateInstances(true));
			this.ScopeSatisfiedCheck = DefaultScopeSatisfiedCheck;
		}
Beispiel #7
0
        /// <summary>
        /// Validates a client identifier and shared secret against the authoriation server's database.
        /// </summary>
        /// <param name="authorizationServerHost">The authorization server host; cannot be <c>null</c>.</param>
        /// <param name="clientIdentifier">The alleged client identifier.</param>
        /// <param name="clientSecret">The alleged client secret to be verified.</param>
        /// <returns>An indication as to the outcome of the validation.</returns>
        protected static ClientAuthenticationResult TryAuthenticateClientBySecret(IAuthorizationServerHost authorizationServerHost, string clientIdentifier, string clientSecret)
        {
            Requires.NotNull(authorizationServerHost, "authorizationServerHost");

            if (!string.IsNullOrEmpty(clientIdentifier))
            {
                var client = authorizationServerHost.GetClient(clientIdentifier);
                if (client != null)
                {
                    if (!string.IsNullOrEmpty(clientSecret))
                    {
                        if (client.IsValidClientSecret(clientSecret))
                        {
                            return(ClientAuthenticationResult.ClientAuthenticated);
                        }
                        else                             // invalid client secret
                        {
                            return(ClientAuthenticationResult.ClientAuthenticationRejected);
                        }
                    }
                    else                         // no client secret provided
                    {
                        return(ClientAuthenticationResult.ClientIdNotAuthenticated);
                    }
                }
                else                     // The client identifier is not recognized.
                {
                    return(ClientAuthenticationResult.ClientAuthenticationRejected);
                }
            }
            else                 // no client id provided.
            {
                return(ClientAuthenticationResult.NoAuthenticationRecognized);
            }
        }
Beispiel #8
0
		/// <summary>
		/// Attempts to extract client identification/authentication information from a message.
		/// </summary>
		/// <param name="authorizationServerHost">The authorization server host.</param>
		/// <param name="requestMessage">The incoming message.</param>
		/// <param name="clientIdentifier">Receives the client identifier, if one was found.</param>
		/// <returns>The level of the extracted client information.</returns>
		public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) {
			Requires.NotNull(authorizationServerHost, "authorizationServerHost");
			Requires.NotNull(requestMessage, "requestMessage");

			clientIdentifier = requestMessage.ClientIdentifier;
			return TryAuthenticateClientBySecret(authorizationServerHost, requestMessage.ClientIdentifier, requestMessage.ClientSecret);
		}
Beispiel #9
0
        /// <summary>
        /// Attempts to extract client identification/authentication information from a message.
        /// </summary>
        /// <param name="authorizationServerHost">The authorization server host.</param>
        /// <param name="requestMessage">The incoming message.</param>
        /// <param name="clientIdentifier">Receives the client identifier, if one was found.</param>
        /// <returns>The level of the extracted client information.</returns>
        public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier)
        {
            Requires.NotNull(authorizationServerHost, "authorizationServerHost");
            Requires.NotNull(requestMessage, "requestMessage");

            clientIdentifier = requestMessage.ClientIdentifier;
            return(TryAuthenticateClientBySecret(authorizationServerHost, requestMessage.ClientIdentifier, requestMessage.ClientSecret));
        }
Beispiel #10
0
        private static IChannelBindingElement[] InitializeBindingElements(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule)
        {
            var bindingElements = new List <IChannelBindingElement>();

            bindingElements.Add(new MessageValidationBindingElement(clientAuthenticationModule));
            bindingElements.Add(new TokenCodeSerializationBindingElement());

            return(bindingElements.ToArray());
        }
Beispiel #11
0
        /// <summary>
        /// Initializes the binding elements for the OAuth channel.
        /// </summary>
        /// <param name="authorizationServer">The authorization server.</param>
        /// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
        /// <returns>
        /// An array of binding elements used to initialize the channel.
        /// </returns>
        private static IChannelBindingElement[] InitializeBindingElements(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule)
        {
            var bindingElements = new List <IChannelBindingElement>();

            // The order they are provided is used for outgoing messgaes, and reversed for incoming messages.
            bindingElements.Add(new MessageValidationBindingElement(clientAuthenticationModule));
            bindingElements.Add(new TokenCodeSerializationBindingElement());

            return(bindingElements.ToArray());
        }
Beispiel #12
0
        public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier)
        {
            var credential = OAuthUtilities.ParseHttpBasicAuth(requestMessage.Headers);

            if (credential != null)
            {
                clientIdentifier = credential.UserName;
                return(TryAuthenticateClientBySecret(authorizationServerHost, credential.UserName, credential.Password));
            }
            clientIdentifier = null;
            return(ClientAuthenticationResult.NoAuthenticationRecognized);
        }
Beispiel #13
0
		/// <summary>
		/// Attempts to extract client identification/authentication information from a message.
		/// </summary>
		/// <param name="authorizationServerHost">The authorization server host.</param>
		/// <param name="requestMessage">The incoming message.</param>
		/// <param name="clientIdentifier">Receives the client identifier, if one was found.</param>
		/// <returns>The level of the extracted client information.</returns>
		public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) {
			Requires.NotNull(authorizationServerHost, "authorizationServerHost");
			Requires.NotNull(requestMessage, "requestMessage");

			var credential = OAuthUtilities.ParseHttpBasicAuth(requestMessage.Headers);
			if (credential != null) {
				clientIdentifier = credential.UserName;
				return TryAuthenticateClientBySecret(authorizationServerHost, credential.UserName, credential.Password);
			}

			clientIdentifier = null;
			return ClientAuthenticationResult.NoAuthenticationRecognized;
		}
Beispiel #14
0
        /// <summary>
        /// Gets information about the client with a given identifier.
        /// </summary>
        /// <param name="authorizationServer">The authorization server.</param>
        /// <param name="clientIdentifier">The client identifier.</param>
        /// <returns>The client information.  Never null.</returns>
        internal static IClientDescription GetClientOrThrow(this IAuthorizationServerHost authorizationServer, string clientIdentifier)
        {
            Requires.NotNullOrEmpty(clientIdentifier, "clientIdentifier");

            try {
                var result = authorizationServer.GetClient(clientIdentifier);
                ErrorUtilities.VerifyHost(result != null, OAuthStrings.ResultShouldNotBeNull, authorizationServer.GetType().FullName, "GetClient(string)");
                return(result);
            } catch (KeyNotFoundException ex) {
                throw ErrorUtilities.Wrap(ex, AuthServerStrings.ClientOrTokenSecretNotFound);
            } catch (ArgumentException ex) {
                throw ErrorUtilities.Wrap(ex, AuthServerStrings.ClientOrTokenSecretNotFound);
            }
        }
Beispiel #15
0
		/// <summary>
		/// Creates a serializer/deserializer for this type.
		/// </summary>
		/// <param name="authorizationServer">The authorization server that will be serializing/deserializing this authorization code.  Must not be null.</param>
		/// <returns>A DataBag formatter.</returns>
		internal static IDataBagFormatter<AuthorizationCode> CreateFormatter(IAuthorizationServerHost authorizationServer) {
			Requires.NotNull(authorizationServer, "authorizationServer");

			var cryptoStore = authorizationServer.CryptoKeyStore;
			ErrorUtilities.VerifyHost(cryptoStore != null, OAuthStrings.ResultShouldNotBeNull, authorizationServer.GetType(), "CryptoKeyStore");

			return new UriStyleMessageFormatter<AuthorizationCode>(
				cryptoStore,
				AuthorizationCodeKeyBucket,
				signed: true,
				encrypted: true,
				compressed: false,
				maximumAge: MaximumMessageAge,
				decodeOnceOnly: authorizationServer.NonceStore);
		}
Beispiel #16
0
		/// <summary>
		/// Creates a serializer/deserializer for this type.
		/// </summary>
		/// <param name="authorizationServer">The authorization server that will be serializing/deserializing this authorization code.  Must not be null.</param>
		/// <returns>A DataBag formatter.</returns>
		internal static IDataBagFormatter<AuthorizationCode> CreateFormatter(IAuthorizationServerHost authorizationServer) {
			Requires.NotNull(authorizationServer, "authorizationServer");
			Contract.Ensures(Contract.Result<IDataBagFormatter<AuthorizationCode>>() != null);

			var cryptoStore = authorizationServer.CryptoKeyStore;
			ErrorUtilities.VerifyHost(cryptoStore != null, OAuthStrings.ResultShouldNotBeNull, authorizationServer.GetType(), "CryptoKeyStore");

			return new UriStyleMessageFormatter<AuthorizationCode>(
				cryptoStore,
				AuthorizationCodeKeyBucket,
				signed: true,
				encrypted: true,
				compressed: false,
				maximumAge: MaximumMessageAge,
				decodeOnceOnly: authorizationServer.NonceStore);
		}
Beispiel #17
0
        public static IDataBagFormatter <AuthorizationCode> CreateFormatter(IAuthorizationServerHost authorizationServer)
        {
            var cryptoStore = authorizationServer.CryptoKeyStore;

            ErrorUtilities.VerifyHost(cryptoStore != null, OAuthStrings.ResultShouldNotBeNull, authorizationServer.GetType(), "CryptoKeyStore");

            return(new UriStyleMessageFormatter <AuthorizationCode>(
                       cryptoStore,
                       AuthorizationCodeKeyBucket,
                       signed: true,
                       encrypted: true,
                       compressed: false,
                       maximumAge: MaximumMessageAge,
                       decodeOnceOnly: authorizationServer.NonceStore
                       ));
        }
Beispiel #18
0
        internal OAuth2Coordinator(
            AuthorizationServerDescription serverDescription,
            IAuthorizationServerHost authServerHost,
            TClient client,
            Action <TClient> clientAction,
            Action <AuthorizationServer> authServerAction)
            : base(clientAction, authServerAction)
        {
            Requires.NotNull(serverDescription, "serverDescription");
            Requires.NotNull(authServerHost, "authServerHost");
            Requires.NotNull(client, "client");

            this.serverDescription = serverDescription;
            this.authServerHost    = authServerHost;
            this.client            = client;

            this.client.ClientIdentifier           = OAuth2TestBase.ClientId;
            this.client.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter(OAuth2TestBase.ClientSecret);
        }
Beispiel #19
0
		/// <summary>
		/// Validates a client identifier and shared secret against the authoriation server's database.
		/// </summary>
		/// <param name="authorizationServerHost">The authorization server host; cannot be <c>null</c>.</param>
		/// <param name="clientIdentifier">The alleged client identifier.</param>
		/// <param name="clientSecret">The alleged client secret to be verified.</param>
		/// <returns>An indication as to the outcome of the validation.</returns>
		protected static ClientAuthenticationResult TryAuthenticateClientBySecret(IAuthorizationServerHost authorizationServerHost, string clientIdentifier, string clientSecret) {
			Requires.NotNull(authorizationServerHost, "authorizationServerHost");

			if (!string.IsNullOrEmpty(clientIdentifier)) {
				var client = authorizationServerHost.GetClient(clientIdentifier);
				if (client != null) {
					if (!string.IsNullOrEmpty(clientSecret)) {
						if (client.IsValidClientSecret(clientSecret)) {
							return ClientAuthenticationResult.ClientAuthenticated;
						} else { // invalid client secret
							return ClientAuthenticationResult.ClientAuthenticationRejected;
						}
					} else { // no client secret provided
						return ClientAuthenticationResult.ClientIdNotAuthenticated;
					}
				} else { // The client identifier is not recognized.
					return ClientAuthenticationResult.ClientAuthenticationRejected;
				}
			} else { // no client id provided.
				return ClientAuthenticationResult.NoAuthenticationRecognized;
			}
		}
Beispiel #20
0
 public OAuth2AuthorizationServerChannel(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule)
     : base(MessageTypes, InitializeBindingElements(authorizationServer, clientAuthenticationModule))
 {
     this.AuthorizationServer = authorizationServer;
 }
Beispiel #21
0
		/// <summary>
		/// Attempts to extract client identification/authentication information from a message.
		/// </summary>
		/// <param name="authorizationServerHost">The authorization server host.</param>
		/// <param name="requestMessage">The incoming message.</param>
		/// <param name="clientIdentifier">Receives the client identifier, if one was found.</param>
		/// <returns>The level of the extracted client information.</returns>
		public abstract ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier);
Beispiel #22
0
		/// <summary>
		/// Initializes a new instance of the <see cref="OAuth2AuthorizationServerChannel"/> class.
		/// </summary>
		/// <param name="authorizationServer">The authorization server.</param>
		/// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
		protected internal OAuth2AuthorizationServerChannel(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule)
			: base(MessageTypes, InitializeBindingElements(authorizationServer, clientAuthenticationModule)) {
			Requires.NotNull(authorizationServer, "authorizationServer");
			this.AuthorizationServer = authorizationServer;
		}
Beispiel #23
0
		/// <summary>
		/// Initializes the binding elements for the OAuth channel.
		/// </summary>
		/// <param name="authorizationServer">The authorization server.</param>
		/// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
		/// <returns>
		/// An array of binding elements used to initialize the channel.
		/// </returns>
		private static IChannelBindingElement[] InitializeBindingElements(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule) {
			Requires.NotNull(authorizationServer, "authorizationServer");
			Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule");

			var bindingElements = new List<IChannelBindingElement>();

			// The order they are provided is used for outgoing messgaes, and reversed for incoming messages.
			bindingElements.Add(new MessageValidationBindingElement(clientAuthenticationModule));
			bindingElements.Add(new TokenCodeSerializationBindingElement());

			return bindingElements.ToArray();
		}
Beispiel #24
0
 /// <summary>
 /// Initializes a new instance of the <see cref="OAuth2AuthorizationServerChannel"/> class.
 /// </summary>
 /// <param name="authorizationServer">The authorization server.</param>
 /// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
 protected internal OAuth2AuthorizationServerChannel(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule)
     : base(MessageTypes, InitializeBindingElements(authorizationServer, clientAuthenticationModule))
 {
     Requires.NotNull(authorizationServer, "authorizationServer");
     this.AuthorizationServer = authorizationServer;
 }
Beispiel #25
0
		/// <summary>
		/// Initializes a new instance of the <see cref="AuthorizationServer"/> class.
		/// </summary>
		/// <param name="authorizationServer">The authorization server.</param>
		public AuthorizationServer(IAuthorizationServerHost authorizationServer) {
			Requires.NotNull(authorizationServer, "authorizationServer");
			this.Channel = new OAuth2AuthorizationServerChannel(authorizationServer);
		}
Beispiel #26
0
 public abstract ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier);