public async Task <IHttpActionResult> Test()
{
using (Db.Operations db = new Db.Operations())
{
Client client = db.FindClient("mainApp");
return(Ok("Client found. Allowed origin: " + client.AllowedOrigin));
}
}
private string ValidateClientAndRedirectUri(HttpRequestMessage request, ref string redirectUriOutput)
{
Uri redirectUri;
var redirectUriString = GetQueryString(Request, "redirect_uri");
if (string.IsNullOrWhiteSpace(redirectUriString))
{
return("redirect_uri is required");
}
bool validUri = Uri.TryCreate(redirectUriString, UriKind.Absolute, out redirectUri);
if (!validUri)
{
return("redirect_uri is invalid");
}
var clientId = GetQueryString(Request, "client_id");
if (string.IsNullOrWhiteSpace(clientId))
{
return("client_Id is required");
}
Client client = null;
using (Db.Operations ops = new Db.Operations())
{
client = ops.FindClient(clientId);
}
if (client == null)
{
return(string.Format("Client_id '{0}' is not registered in the system.", clientId));
}
if (!string.Equals(client.AllowedOrigin, redirectUri.GetLeftPart(UriPartial.Authority), StringComparison.OrdinalIgnoreCase))
{
return(string.Format("The given URL is not allowed by Client_id '{0}' configuration.", clientId));
}
redirectUriOutput = redirectUri.AbsoluteUri;
return(string.Empty);
}
/// <summary>
/// The route of this method is defined by Settings.TokenEndpointPath endpoint, e.g. /token
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that
// client are present on the request. If the web application accepts Basic authentication credentials,
// context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header.
// If the web application accepts "client_id" and "client_secret" as form encoded POST parameters,
// context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body.
// If context.Validated is not called the request will not proceed further.
string clientId = string.Empty;
string clientSecret = string.Empty;
#region Load ClientId and ClientSecret from the request
bool BodyAuthentication = false;
bool HeaderAuthentication = false;
BodyAuthentication = context.TryGetFormCredentials(out clientId, out clientSecret);
if (!BodyAuthentication)
{
HeaderAuthentication = context.TryGetBasicCredentials(out clientId, out clientSecret);
if (!HeaderAuthentication)
{
AuthRequest authRequest = context.GetAuthRequest();
if (authRequest != null)
{
clientId = authRequest.client_id;
clientSecret = authRequest.client_secret;
}
}
}
if (string.IsNullOrWhiteSpace(clientId))
{
// Remove the comments from the below lines if you want to force sending clientId/secrects
// once access token is obtained
context.Rejected();
context.SetError("invalid_clientId", "ClientId should be sent.");
return(Task.FromResult <object>(null));
}
#endregion
Client client = null;
#region Validate Client from the database
using (Db.Operations _repo = new Db.Operations())
{
client = _repo.FindClient(clientId);
}
if (client == null)
{
context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", clientId));
return(Task.FromResult <object>(null));
}
if (client.ApplicationType == Models.ApplicationTypes.NativeConfidential)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
else
{
if (client.Secret != Helper.GetHash(clientSecret))
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
}
if (!client.Active)
{
context.SetError("invalid_clientId", "Client is inactive.");
return(Task.FromResult <object>(null));
}
#endregion
context.OwinContext.Set <string>("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
context.Validated(clientId); // This sets context.ClientId parameter
return(Task.FromResult <object>(null));
}