public async Task <AuthenticationProviderResult <RefreshToken> > ValidateRefreshToken(
ApplicationClient client,
string refreshTokenTicket)
{
var response = new AuthenticationProviderResult <RefreshToken>()
{
IsSuccessful = false,
ResponseMessage = "",
Result = null
};
var existingRefreshToken = await this.dataService
.RefreshTokens
.FindByCondition(r => r.ApplicationClientId == client.Id &&
r.ProtectedTicket == refreshTokenTicket);
if (existingRefreshToken == null)
{
response.ResponseMessage = "Invalid token";
return(response);
}
if (existingRefreshToken.ExpiresUtc < DateTime.Now.ToUniversalTime())
{
response.ResponseMessage = "Token expired";
return(response);
}
response.IsSuccessful = true;
response.Result = existingRefreshToken;
return(response);
}
public async Task <AuthenticationProviderResult <ApplicationClient> > ValidateApplicationClientAsync(HttpRequest request)
{
var response = new AuthenticationProviderResult <ApplicationClient>()
{
IsSuccessful = false,
ResponseMessage = "",
Result = null
};
var clientId = request.Headers["client_id"];
if (string.IsNullOrEmpty(clientId))
{
response.ResponseMessage = "Client Id is not set";
return(response);
}
if (!Guid.TryParse(clientId, out Guid validClientID))
{
response.ResponseMessage = "Invalid client Id";
return(response);
}
var client = await this.dataService.ApplicationClients.FindByIdAsync(validClientID);
if (client == null)
{
response.ResponseMessage = "Invalid client Id";
return(response);
}
if (!client.Enabled)
{
response.ResponseMessage = "Client is inactive";
return(response);
}
if (client.ApplicationClientType == ApplicationClientType.Confidential)
{
var clientSecret = request.Headers["client_secret"];
if (string.IsNullOrEmpty(clientSecret))
{
response.ResponseMessage = "Client secret is not set";
return(response);
}
;
if (client.Base64Secret != clientSecret)
{
response.ResponseMessage = "Client secret do not match";
return(response);
}
}
response.IsSuccessful = true;
response.Result = client;
return(response);
}
public async Task <AuthenticationProviderResult <ApplicationUser> > ValidateUserAuthenticationAsync(UserForAuthenticationDto userDto)
{
var response = new AuthenticationProviderResult <ApplicationUser>()
{
IsSuccessful = false,
ResponseMessage = "",
Result = null
};
var user = await this.dataService.UserManager.FindByEmailAsync(userDto.Email);
if (user == null)
{
response.ResponseMessage = "Username or password is incorrect";
return(response);
}
// if (!user.EmailConfirmed)
// {
// response.ResponseMessage = "Email not confirmed";
// return response;
// }
var result = await this.signInManager.PasswordSignInAsync(user.UserName, userDto.Password, false, true);
if (result.Succeeded)
{
response.IsSuccessful = true;
response.Result = user;
return(response);
}
else if (result.IsLockedOut)
{
response.ResponseMessage = "User is lockout";
return(response);
}
else
{
response.ResponseMessage = "Username or password is incorrect";
return(response);
}
}
public async Task <AuthenticationProviderResult <ApplicationUser> > ValidateUserAsync(Guid userId)
{
var response = new AuthenticationProviderResult <ApplicationUser>()
{
IsSuccessful = false,
ResponseMessage = "",
Result = null
};
var user = await this.dataService.UserManager.FindByIdAsync(userId.ToString());
response.ResponseMessage = "Unauthorized";
if (user == null)
{
return(response);
}
if (!await this.signInManager.CanSignInAsync(user))
{
return(response);
}
if (this.dataService.UserManager.SupportsUserLockout && await this.dataService.UserManager.IsLockedOutAsync(user))
{
response.ResponseMessage = "User is lockout";
return(response);
}
// ToDo When Email confirmation available
// if (!user.EmailConfirmed)
// {
// response.ResponseMessage = "Email not confirmed";
// return response;
// }
response.IsSuccessful = true;
response.ResponseMessage = "";
response.Result = user;
return(response);
}
private async Task <AuthenticationDto> CreateAuthentificationDto(AuthenticationProviderResult <ApplicationClient> isValidClient,
AuthenticationProviderResult <ApplicationUser> isAuthorize)
{
var userClaims = await this.authenticationProvider.GetUserClaimsAsync(isAuthorize.Result);
var userRoles = await this.authenticationProvider.GetUserRolesAsync(isAuthorize.Result);
var claims = await this.jWTProvider.GetValidClaims(isAuthorize.Result, userRoles, userClaims);
var token = this.jWTProvider.GenerateToken(claims, isValidClient.Result.JWTAudienceCategory);
var refreshToken = await this.refreshTokenProvider.GenerateRefreshToken(isAuthorize.Result, isValidClient.Result);
var bearerToken = new AuthenticationDto()
{
Id = Guid.Parse(isAuthorize.Result.Id),
Email = isAuthorize.Result.Email,
Roles = userRoles,
Claims = userClaims,
Token = token,
RefreshToken = refreshToken
};
return(bearerToken);
}
