public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
context.SetError("invalid_clientId", "client_Id is not set");
return Task.FromResult<object>(null);
}
var resource = ResourceStore.FindResource(context.ClientId);
if (resource == null)
{
context.SetError("invalid_clientId", string.Format("Invalid client_id '{0}'", context.ClientId));
return Task.FromResult<object>(null);
}
context.Validated();
return Task.FromResult<object>(null);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId = string.Empty;
string clientSecret = string.Empty;
Client client = null;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
//Remove the comments from the below line context.SetError, and invalidate context
//if you want to force sending clientId/secrects once obtain access tokens.
context.Validated();
//context.SetError("invalid_clientId", "ClientId should be sent.");
return Task.FromResult<object>(null);
}
using (AuthRepository _repo = new AuthRepository())
{
client = _repo.FindClient(context.ClientId);
}
if (client == null)
{
context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId));
return Task.FromResult<object>(null);
}
if (client.ApplicationType == ApplicationTypes.NativeConfidential)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return Task.FromResult<object>(null);
}
else
{
if (client.Secret != HashHelper.GetHash(clientSecret))
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return Task.FromResult<object>(null);
}
}
}
if (!client.Active)
{
context.SetError("invalid_clientId", "Client is inactive.");
return Task.FromResult<object>(null);
}
context.OwinContext.Set<string>("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set<string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
context.Validated();
return Task.FromResult<object>(null);
}
/// <summary>
/// Validates the client id
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
// Gets the clientid and client secret from authenticate header
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
// try to get form values
context.TryGetFormCredentials(out clientId, out clientSecret);
}
// Validate clientid and clientsecret. You can omit validating client secret if none is provided in your request (as in sample client request above)
var validClient = true;//!string.IsNullOrWhiteSpace(clientId);
if (validClient)
{
// Need to make the client_id available for later security checks
context.OwinContext.Set<string>("as:client_id", clientId);
context.Validated();
}
else
{
context.Rejected();
}
return Task.FromResult(0);
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) {
var clientId = context.Parameters["client_id"];
if (!string.IsNullOrWhiteSpace(clientId)) {
var grantType = context.Parameters["grant_type"];
var clientSecret = context.Parameters["client_secret"];
switch (grantType) {
case GrantType.Password:
case GrantType.ClientCredentials:
{
/* web application */
if (clientSecret == Application.WebApplication.ConsumerSecret) {
context.Validated(clientId);
return;
}
/* mobile application */
if (clientSecret == Application.MobileApplication.ConsumerSecret) {
context.Validated(clientId);
return;
}
}
break;
case GrantType.RefreshToken:
default:
context.Validated(clientId);
return;
}
}
context.Rejected();
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
//TODO Validate null property
string id, secret;
context.TryGetFormCredentials(out id, out secret);
var type = context.Parameters.Get("type");
switch (type)
{
case "admin":
if (id == null) id = context.Parameters.Get("Username") + "_SysAdmin";
context.Validated();
break;
case "app":
if (secret != null) context.Validated();
break;
default:
if (id != null) context.Validated();
type = string.Empty;
break;
}
context.OwinContext.Set<string>("as:client_id", id);
context.OwinContext.Set<string>("as:client_secret", secret);
context.OwinContext.Set<string>("as:type", type);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string AuthorizeSecretKey = context.Parameters["authorizeSecretKey"];
if (AuthorizeSecretKey != AValues.AuthorizeSecretKey)
{
context.SetError("invalid_clientId", string.Format("SecretKey '{0}' is not true.", AuthorizeSecretKey));
return Task.FromResult<object>(null);
}
string clientId = string.Empty;
string clientSecret = string.Empty;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
context.Validated();
return Task.FromResult<object>(null);
}
UserViewModel user = RedisHelp.GetLoginUserCache(int.Parse(context.ClientId));
if (user == null)
{
context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId));
return Task.FromResult<object>(null);
}
context.Validated();
return Task.FromResult<object>(null);
}
/// <summary>
/// 第一步:客户端认证
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string grant_type = context.Parameters[Constant.GrantTypes.GrantType];
if (grant_type == Constant.GrantTypes.Password)
{
string username = context.Parameters[Constant.GrantTypes.UserName];
string password = context.Parameters[Constant.GrantTypes.Password];
//TODO 调用登录逻辑
bool loginFlag = true;
if (loginFlag)
{
//把当前用户存入上下文
context.OwinContext.Set<string>("loginuser", username);
bool flag = context.Validated();
}
else
{
context.Rejected();
return;
}
}
else if (grant_type == Constant.GrantTypes.RefreshToken)
{
bool flag = context.Validated();
}
else
{
context.Rejected();
return;
}
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
var clientId = string.Empty;
var clientSecret = string.Empty;
Client client = null;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
context.Validated();
return Task.FromResult<object>(null);
}
using (var _repo = new AuthRepository())
{
client = _repo.FindClient(context.ClientId);
}
if (client == null)
{
context.SetError("invalid_clientId",
string.Format("Client '{0}' is not registered in the system.", context.ClientId));
return Task.FromResult<object>(null);
}
if (client.ApplicationType == ApplicationTypes.NativeConfidential)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return Task.FromResult<object>(null);
}
if (client.Secret != TokenHelper.GetHash(clientSecret))
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return Task.FromResult<object>(null);
}
}
if (!client.Active)
{
context.SetError("invalid_clientId", "Client is inactive.");
return Task.FromResult<object>(null);
}
context.OwinContext.Set("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
context.Validated();
return Task.FromResult<object>(null);
}
/// <summary>
/// 第一步:客户端认证
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string grant_type = context.Parameters[Paths.GrantType];
if (grant_type == Paths.GrantTypes.Password)
{
string username = context.Parameters[Paths.UserName];
string password = context.Parameters[Paths.Password];
//调用登录逻辑
UserViewModel user = this.Login(username, password);
if (user != null)
{
//把当前用户存入上下文
context.OwinContext.Set<UserViewModel>("loginuser", user);
bool flag = context.Validated();
}
else
{
//context.Rejected();
//context.Rejected();
//return;
throw new BusinessException("请确认用户名和密码输入正确");
}
}
else if (grant_type == Paths.GrantTypes.RefreshToken)
{
bool flag = context.Validated();
}
else
{
throw new BusinessException("refresh token error");
//context.Rejected();
//return;
}
#region 其他两种认证方式 暂时不做
//else if (grant_type == Paths.GrantTypes.ClientCredentials || grant_type == Paths.GrantTypes.AuthorizationCode)
//{
// string clientId;
// string clientSecret;
// //TryGetBasicCredentials 指Client可以按照Basic身份验证的规则提交ClientId和ClientSecret
// //TryGetFormCredentials 指Client可以把ClientId和ClientSecret放在Post请求的form表单中提交
// if (context.TryGetBasicCredentials(out clientId, out clientSecret) || context.TryGetFormCredentials(out clientId, out clientSecret))
// {
// //grant_type:client_credentials
// //暂时不支持
// context.Rejected();
// return;
// }
//}
#endregion
}
public override async Task ValidateClientAuthentication(
OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
context.OwinContext.Response.Headers["Access-Control-Allow-Origin"] = "*";
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (clientId != null)
{
UserManager dbContext = context.OwinContext.Get<UserManager>();
try
{
var client = await dbContext.FindAsync(clientId, clientSecret);
if (client != null)
{
// Client has been verified.
client.AuthGrant = OAuthGrant.ResourceOwner;
context.OwinContext.Set<User>("oauth:client", client);
context.Validated(clientId);
}
else
{
// Client could not be validated.
context.Rejected();
context.SetError("invalid_client Client credentials are invalid.");
}
}
catch
{
// Could not get the client through the IClientManager implementation.
context.Rejected();
context.SetError("server_error");
}
}
else
{
//for my implementation if no client id is provided use only the user/pass
context.Validated(clientId);
}
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
await Task.FromResult<object>(null);
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// OAuth2 supports the notion of client authentication
// this is not used here
await TaskEx.Run(() => { context.Validated(); });
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
//first try to get the client details from the Authorization Basic header
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
//no details in the Authorization Header so try to find matching post values
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (string.IsNullOrWhiteSpace(clientId) || string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("client_not_authorized", "invalid client details");
return Task.FromResult<object>(null);
}
var dataLayer = new RepoManager(new DataLayerDapper()).DataLayer;
var audienceDto = dataLayer.GetAudience(clientId);
if (audienceDto == null || !clientSecret.Equals(audienceDto.Secret))
{
context.SetError("unauthorized_client", "unauthorized client");
return Task.FromResult<object>(null);
}
context.Validated();
return Task.FromResult<object>(null);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// validate client credentials
// should be stored securely (salted, hashed, iterated)
string id, secret;
if (context.TryGetBasicCredentials(out id, out secret))
{
var client = _dbContext
.ApiClients
.AsEnumerable()
.SingleOrDefault(c => c.Id.ToString() == id && c.IsBlacklisted == false);
if (client != null)
{
// need to make the client_id available for later security checks
context.OwinContext.Set("as:client_id", client.Id.ToString());
//context.OwinContext.Set("as:client_name", client.Name);
context.Validated();
return Task.FromResult<object>(null);
}
}
context.Rejected();
return Task.FromResult<object>(null);
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
try
{
string clientId, clientSecret;
if (context.TryGetBasicCredentials(out clientId, out clientSecret) || context.TryGetFormCredentials(out clientId, out clientSecret))
{
if (Validator.ValidateClient(clientId, clientSecret))
{
context.Validated();
}
}
else
{
context.SetError("Invalid credentials");
context.Rejected();
}
}
catch (Exception e)
{
context.SetError("Server error");
context.Rejected();
}
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// Note: We only support resource owner password grants, in which case there is no client_id involved
if (context.ClientId == null) context.Validated();
return Task.FromResult<object>(null);
}
public override async Task ValidateClientAuthentication(
OAuthValidateClientAuthenticationContext context)
{
// This call is required...
// but we're not using client authentication, so validate and move on...
await Task.FromResult(context.Validated());
}
/// <summary>
/// 验证Client Credentials[client_id与client_secret]
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
//http://localhost:48339/token
//grant_type=client_credentials&client_id=irving&client_secret=123456&scope=user order
/*
grant_type 授与方式(固定为 “client_credentials”)
client_id 分配的调用oauth的应用端ID
client_secret 分配的调用oaut的应用端Secret
scope 授权权限。以空格分隔的权限列表,若不传递此参数,代表请求用户的默认权限
*/
//validate client credentials should be stored securely (salted, hashed, iterated)
string clientId;
string clientSecret;
//context.TryGetBasicCredentials(out clientId, out clientSecret);
context.TryGetFormCredentials(out clientId, out clientSecret);
//验证用户名密码
var clientValid = await _clientAuthorizationService.ValidateClientAuthorizationSecretAsync(clientId, clientSecret);
if (!clientValid)
{
//Flurl 404 问题
//context.Response.StatusCode = Convert.ToInt32(HttpStatusCode.OK);
//context.Rejected();
context.SetError(AbpConstants.InvalidClient, AbpConstants.InvalidClientErrorDescription);
return;
}
//need to make the client_id available for later security checks
context.OwinContext.Set<string>("as:client_id", clientId);
context.Validated(clientId);
}
/// <summary>
/// responsible for validating if the Resource server (audience) is already registered in our Authorization server by reading the client_id value from the request
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null && String.IsNullOrWhiteSpace(clientId))
{
context.SetError("invalid_clientId", "client_Id is not set");
}
else if (!context.HasError)
{
var audience = AudiencesStore.Instance.FindAudience(context.ClientId);
if (audience == null)
{
context.SetError("invalid_clientId", String.Format("Client '{0}' is not registered in the system.", context.ClientId));
}
else
{
context.OwinContext.Set("as:clientId", clientId);
context.OwinContext.Set("as:clientAllowedOrigin", audience.AllowedOrigin);
context.Validated();
}
}
return Task.FromResult<object>(null);
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
string id, secret;
if (context.TryGetFormCredentials(out id, out secret))
{
context.OwinContext.Set<string>("as:client_id", id);
context.Validated();
//if (secret == "secret")
//{
// // need to make the client_id available for later security checks
// context.OwinContext.Set<string>("as:client_id", id);
// context.Validated();
//}
}
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// Resource owner password credentials does not provide a client ID.
if (context.ClientId == null) context.Validated();
return Task.FromResult<object>(null);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
return Task.FromResult<object>(null);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
try
{
var username = context.Parameters["username"];
var password = context.Parameters["password"];
if (identityService.AuthenticateUser(username, password))
{
context.OwinContext.Set("securityApi:username", username);
context.Validated();
}
else
{
context.SetError("Invalid credentials");
context.Rejected();
}
}
catch(Exception exception)
{
context.SetError(exception.Message);
context.Rejected();
}
return Task.FromResult(0);
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
await Task.Run(() =>
{
context.Validated();
});
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId = string.Empty;
string clientSecret = string.Empty;
string symmetricKeyAsBase64 = string.Empty;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
context.SetError("invalid_clientId", "client_Id is not set");
return Task.FromResult<object>(null);
}
var audience = AudiencesStore.FindAudience(context.ClientId);
if (audience == null)
{
context.SetError("invalid_clientId", string.Format("Invalid client_id '{0}'", context.ClientId));
return Task.FromResult<object>(null);
}
context.Validated();
return Task.FromResult<object>(null);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
try
{
var username = context.Parameters["username"];
var password = context.Parameters["password"];
if (username == password)
{
context.OwinContext.Set("otf:username", username);
context.Validated();
}
else
{
context.SetError("Invalid credentials");
context.Rejected();
}
}
catch
{
context.SetError("Server error");
context.Rejected();
}
return Task.FromResult(0);
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
await Task.Factory.StartNew(() =>
{
context.Validated();
});
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext ctx)
{
string clientId = string.Empty;
string clientSecret = string.Empty;
Client client = null;
if(!ctx.TryGetBasicCredentials(out clientId,out clientSecret))
{
ctx.TryGetFormCredentials(out clientId, out clientSecret);
}
if(ctx.ClientId == null)
{
ctx.SetError("No clientId specified ! ");
return Task.FromResult<object>(null);
}
using(AuthRepository _repo = new AuthRepository())
{
client = _repo.FindClient(clientId);
}
if(client == null)
{
ctx.SetError("clientId not found !");
return Task.FromResult<object>(null);
}
if (client.ApplicationType == ApplicationTypes.Native)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
ctx.SetError("invalid_clientId", "Client secret should be sent.");
return Task.FromResult<object>(null);
}
else
{
if (client.Secret != GetHash(clientSecret))
{
ctx.SetError("invalid_clientId", "Client secret is invalid.");
return Task.FromResult<object>(null);
}
}
}
if (!client.Active)
{
ctx.SetError("invalid_clientId", "Client is inactive.");
return Task.FromResult<object>(null);
}
ctx.OwinContext.Set<string>("as:clientAllowedOrigin", client.AllowedOrigin);
ctx.OwinContext.Set<string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
ctx.Validated();
return Task.FromResult<object>(null);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId = "jeremy";
string clientSecret = string.Empty;
context.TryGetFormCredentials(out clientId, out clientSecret);
context.OwinContext.Set<string>("as:client_id", clientId);
context.Validated(clientId);
return base.ValidateClientAuthentication(context);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// Die Kennwortanmeldeinformationen des Ressourcenbesitzers stellen keine Client-ID bereit.
if (context.ClientId == null)
{
context.Validated();
}
return Task.FromResult<object>(null);
}
public override async Task ValidateClientAuthentication(Microsoft.Owin.Security.OAuth.OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}