/// <summary>
/// Retrieves the bearer token from cache.
/// </summary>
/// <param name="authenticationSettings">The authentication settings.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">authenticationSettings.Username
/// or
/// authenticationSettings.TenantName
/// or
/// refreshToken</exception>
public static AccessTokenResponse RetrieveBearTokenFromCache(Oauth2AuthenticationSettings authenticationSettings)
{
if (string.IsNullOrEmpty(authenticationSettings.Username))
{
throw new ArgumentNullException("authenticationSettings.Username");
}
if (string.IsNullOrEmpty(authenticationSettings.TenantName))
{
throw new ArgumentNullException("authenticationSettings.TenantName");
}
string key = string.Concat("AuthHash:", EncryptionHelper.Md5Encryption.GetMd5Hash(string.Concat(authenticationSettings.TenantName, authenticationSettings.Username)));
//Cache Token in Memory
var memoryCachingService = new MemoryCacheProvider();
var accessTokenResponse = memoryCachingService.Fetch <AccessTokenResponse>(key);
//If token is within the threshold of expiring get refresh token.
var timspan = accessTokenResponse.ExpiresOn - DateTime.Now;
//if (accessTokenResponse.ExpiresOn >= DateTime.Now - SecurityTokenConstants.TokenLifeTimeEndOfLifeThreshold)
if (timspan > new TimeSpan(0, 0, 0, 0) && timspan < SecurityTokenConstants.TokenLifeTimeEndOfLifeThreshold)
{
accessTokenResponse = RetrieveNewRefreshBearToken(authenticationSettings, accessTokenResponse.RefreshToken);
}
return(accessTokenResponse);
}
/// <summary>
/// Retrieves the new refresh bearer token.
/// </summary>
/// <param name="authenticationSettings">The authentication settings.</param>
/// <param name="refreshToken">The refresh token.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">authenticationSettings.ClientId
/// or
/// authenticationSettings.ClientSecret
/// or
/// authenticationSettings.Url
/// or
/// authenticationSettings.Username
/// or
/// authenticationSettings.TenantName
/// or
/// expiredToken</exception>
public static AccessTokenResponse RetrieveNewRefreshBearToken(Oauth2AuthenticationSettings authenticationSettings, string refreshToken)
{
//Not working get a invalid Grant error.
//http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app-using-asp-net-web-api-2-owin/
if (string.IsNullOrEmpty(authenticationSettings.ClientId))
{
throw new ArgumentNullException("authenticationSettings.ClientId");
}
if (string.IsNullOrEmpty(authenticationSettings.ClientSecret))
{
throw new ArgumentNullException("authenticationSettings.ClientSecret");
}
if (string.IsNullOrEmpty(authenticationSettings.Url))
{
throw new ArgumentNullException("authenticationSettings.Url");
}
if (string.IsNullOrEmpty(authenticationSettings.Username))
{
throw new ArgumentNullException("authenticationSettings.Username");
}
if (string.IsNullOrEmpty(authenticationSettings.TenantName))
{
throw new ArgumentNullException("authenticationSettings.TenantName");
}
if (string.IsNullOrEmpty(refreshToken))
{
throw new ArgumentNullException("refreshToken");
}
var oauthClient = new OAuth2Client(new Uri(authenticationSettings.Url + "token"), authenticationSettings.ClientId, authenticationSettings.ClientSecret);
var accessTokenResponse = oauthClient.RequestAccessTokenRefreshToken(refreshToken, new Dictionary <string, string>
{
{ OAuth2Constants.ClientId, authenticationSettings.ClientId },
{ OAuth2Constants.ClientSecret, authenticationSettings.ClientSecret }
});
string key = string.Concat("AuthHash:", EncryptionHelper.Md5Encryption.GetMd5Hash(string.Concat(authenticationSettings.TenantName, authenticationSettings.Username)));
//Cache Token in Memory
var memoryCachingService = new MemoryCacheProvider();
memoryCachingService.SetCache(key, accessTokenResponse, SecurityTokenConstants.TokenLifeTime);
return(accessTokenResponse);
}
public static IEnumerable <Claim> GetClaims(Oauth2AuthenticationSettings oauth2AuthenticationSettings, string token)
{
using (var handler = new WebRequestHandler())
{
handler.ServerCertificateValidationCallback = CertificateHelper.ServerCertificateValidationCallbackAllowAll;
using (var httpClient = new HttpClient(handler))
{
httpClient.BaseAddress = new Uri(oauth2AuthenticationSettings.Url);
httpClient.DefaultRequestHeaders.Accept.Clear();
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
//Basic Auth Way
//httpClient.SetBasicAuthentication();
//Token Way
httpClient.SetBearerToken(token);
var response = httpClient.GetAsync("api/authentication/claims/").Result;
var result = response.Content.ReadAsStringAsync().Result;
if (string.IsNullOrEmpty(result))
{
throw new Exception("Could not find claims for user: "******"{\"wrapper\":" + result + "}");
var claims = new List <Claim>();
foreach (var obj in jobject["wrapper"])
{
claims.Add(new Claim(obj["m_type"].ToString(),
obj["m_value"].ToString(),
obj["m_valueType"].ToString(),
obj["m_issuer"].ToString(),
obj["m_originalIssuer"].ToString()));
}
claims.Add(new Claim(ClaimsConstants.TenantNameClaimType, oauth2AuthenticationSettings.TenantName));
claims.Add(new Claim(ClaimsConstants.UserNameWithoutTenant, oauth2AuthenticationSettings.Username));
return(claims);
}
}
}
/// <summary>
/// Retrieves the new bearer token.
/// </summary>
/// <param name="authenticationSettings">The authentication settings.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">
/// authenticationSettings.ClientId
/// or
/// authenticationSettings.ClientSecret
/// or
/// authenticationSettings.Url
/// or
/// authenticationSettings.Password
/// or
/// authenticationSettings.Username
/// or
/// authenticationSettings.TenantName
/// </exception>
public static AccessTokenResponse RetrieveNewBearToken(Oauth2AuthenticationSettings authenticationSettings)
{
if (string.IsNullOrEmpty(authenticationSettings.ClientId))
{
throw new ArgumentNullException("authenticationSettings.ClientId");
}
if (string.IsNullOrEmpty(authenticationSettings.ClientSecret))
{
throw new ArgumentNullException("authenticationSettings.ClientSecret");
}
if (string.IsNullOrEmpty(authenticationSettings.Url))
{
throw new ArgumentNullException("authenticationSettings.Url");
}
if (string.IsNullOrEmpty(authenticationSettings.Password))
{
throw new ArgumentNullException("authenticationSettings.Password");
}
if (string.IsNullOrEmpty(authenticationSettings.Username))
{
throw new ArgumentNullException("authenticationSettings.Username");
}
if (string.IsNullOrEmpty(authenticationSettings.TenantName))
{
throw new ArgumentNullException("authenticationSettings.TenantName");
}
var oauthClient = new OAuth2Client(new Uri(authenticationSettings.Url + "token"), authenticationSettings.ClientId, authenticationSettings.ClientSecret);
var accessTokenResponse = oauthClient.RequestAccessTokenUserName(authenticationSettings.Username, authenticationSettings.Password, authenticationSettings.TenantName);
string key = string.Concat("AuthHash:", EncryptionHelper.Md5Encryption.GetMd5Hash(string.Concat(authenticationSettings.TenantName, authenticationSettings.Username)));
//Cache Token in Memory
var memoryCachingService = new MemoryCacheProvider();
memoryCachingService.SetCache(key, accessTokenResponse, SecurityTokenConstants.TokenLifeTime);
return(accessTokenResponse);
}
/// <summary>
/// Retrieves the bearer token from cache or gets a new token.
/// </summary>
/// <param name="authenticationSettings">The authentication settings.</param>
/// <returns></returns>
/// <exception cref="System.ArgumentNullException">
/// authenticationSettings.ClientId
/// or
/// authenticationSettings.ClientSecret
/// or
/// authenticationSettings.Url
/// or
/// authenticationSettings.Password
/// or
/// authenticationSettings.Username
/// or
/// authenticationSettings.TenantName
/// </exception>
public static AccessTokenResponse RetrieveBearTokenFromCacheOrNew(Oauth2AuthenticationSettings authenticationSettings)
{
if (string.IsNullOrEmpty(authenticationSettings.ClientId))
{
throw new ArgumentNullException("authenticationSettings.ClientId");
}
if (string.IsNullOrEmpty(authenticationSettings.ClientSecret))
{
throw new ArgumentNullException("authenticationSettings.ClientSecret");
}
if (string.IsNullOrEmpty(authenticationSettings.Url))
{
throw new ArgumentNullException("authenticationSettings.Url");
}
if (string.IsNullOrEmpty(authenticationSettings.Password))
{
throw new ArgumentNullException("authenticationSettings.Password");
}
if (string.IsNullOrEmpty(authenticationSettings.Username))
{
throw new ArgumentNullException("authenticationSettings.Username");
}
if (string.IsNullOrEmpty(authenticationSettings.TenantName))
{
throw new ArgumentNullException("authenticationSettings.TenantName");
}
var oauthClient = new OAuth2Client(new Uri(authenticationSettings.Url + "token"), authenticationSettings.ClientId, authenticationSettings.ClientSecret);
string key = string.Concat("AuthHash:", EncryptionHelper.Md5Encryption.GetMd5Hash(string.Concat(authenticationSettings.TenantName, authenticationSettings.Username)));
//Cache Token in Memory
var memoryCachingService = new MemoryCacheProvider();
var accessTokenResponse = memoryCachingService.FetchAndCache(key, () =>
oauthClient.RequestAccessTokenUserName(authenticationSettings.Username, authenticationSettings.Password, authenticationSettings.TenantName),
SecurityTokenConstants.TokenLifeTime);
//If token is within the threshold of expiring get refresh token.
var timspan = accessTokenResponse.ExpiresOn - DateTime.Now;
//if (accessTokenResponse.ExpiresOn >= DateTime.Now - SecurityTokenConstants.TokenLifeTimeEndOfLifeThreshold)
if (timspan > new TimeSpan(0, 0, 0, 0) && timspan < SecurityTokenConstants.TokenLifeTimeEndOfLifeThreshold)
{
accessTokenResponse = RetrieveNewRefreshBearToken(authenticationSettings, accessTokenResponse.RefreshToken);
}
if (accessTokenResponse == null || accessTokenResponse.ExpiresOn <= DateTime.Now)
{
memoryCachingService.ClearCache(key);
accessTokenResponse = memoryCachingService.FetchAndCache(key, () =>
oauthClient.RequestAccessTokenUserName(authenticationSettings.Username, authenticationSettings.Password, authenticationSettings.TenantName),
SecurityTokenConstants.TokenLifeTime);
return(accessTokenResponse);
}
return(accessTokenResponse);
}