public override Task ValidateClientAuthentication(
ValidateClientAuthenticationContext context)
{
// Since there's only one application and since it's a public client
// (i.e a client that cannot keep its credentials private), call Skipped()
// to inform the server the request should be accepted without
// enforcing client authentication.
context.Skipped();
return(Task.FromResult(0));
}
public override Task ValidateClientAuthentication(ValidateClientAuthenticationContext context)
{
if (context.ClientId.Equals(_securityConfig.Value.ClientId)
&&
context.ClientSecret.Equals(_securityConfig.Value.ClientSecret))
{
context.Validated();
}
return(Task.FromResult <object>(null));
}
public async Task ValidateClientAuthentication(ValidateClientAuthenticationContext context)
{
var data = await context.HttpContext.RequestFormDataDictionaryAsync();
if (data?.ContainsKey("grant_type") == true && data["grant_type"].ToString() == "password")
{
context.Identity.AddClaim(new System.Security.Claims.Claim("Role", "Admin"));
context.Validated(data.ContainsKey("username") ? data["username"].ToString() : string.Empty);
}
else
{
context.Rejected();
}
}
public override async Task ValidateClientAuthentication(ValidateClientAuthenticationContext context)
{
// Note: client authentication is not mandatory for non-confidential client applications like mobile apps
// (except when using the client credentials grant type) but this authorization server uses a safer policy
// that makes client authentication mandatory and returns an error if client_id or client_secret is missing.
// You may consider relaxing it to support the resource owner password credentials grant type
// with JavaScript or desktop applications, where client credentials cannot be safely stored.
// In this case, call context.Skipped() to inform the server middleware the client is not trusted.
if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret))
{
context.Rejected(
error: "invalid_request",
description: "Missing credentials: ensure that your credentials were correctly " +
"flowed in the request body or in the authorization header");
return;
}
var database = context.HttpContext.RequestServices.GetRequiredService <ApplicationContext>();
// Retrieve the application details corresponding to the requested client_id.
var application = await(from entity in database.Applications
where entity.ApplicationID == context.ClientId
select entity).SingleOrDefaultAsync(context.HttpContext.RequestAborted);
if (application == null)
{
context.Rejected(
error: "invalid_client",
description: "Application not found in the database: ensure that your client_id is correct");
return;
}
if (!string.Equals(context.ClientSecret, application.Secret, StringComparison.Ordinal))
{
context.Rejected(
error: "invalid_client",
description: "Invalid credentials: ensure that you specified a correct client_secret");
return;
}
context.Validated();
}
public override Task ValidateClientAuthentication(ValidateClientAuthenticationContext context)
{
if (context.ClientId == "AspNetContribSample")
{
// Note: the context is marked as skipped instead of validated because the client
// is not trusted (JavaScript applications cannot keep their credentials secret).
context.Skipped();
}
else
{
// If the client_id doesn't correspond to the
// intended identifier, reject the request.
context.Rejected();
}
return(Task.FromResult(0));
}
/// <summary>
/// Validates whether the client is a valid known application in our system.
/// </summary>
public override async Task ValidateClientAuthentication(ValidateClientAuthenticationContext context)
{
var query = new ClientValidator(context.ClientId, context.ClientSecret);
var result = await ExecuteMessage(context, query);
if (!result.Succeeded)
{
context.Rejected(
error: "invalid_client",
description: "Client not found in the database: ensure that your client_id is correct");
return;
}
context.HttpContext.Items.Add("as:clientAllowedOrigin", result.AllowedOrigin);
context.Validated();
}
public override Task ValidateClientAuthentication(
ValidateClientAuthenticationContext context)
{
context.Skipped();
return(Task.FromResult <object>(null));
}
