public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
_iAuthorizationBus = (IAuthorizationBus)GlobalConfiguration.Configuration.DependencyResolver.GetService(typeof(IAuthorizationBus));
string clientId = string.Empty;
string clientSecret = string.Empty;
ClientDTO client = null;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
context.Validated();
return(Task.FromResult <object>(null));
}
client = _iAuthorizationBus.FindClient(context.ClientId);
if (client == null)
{
context.SetError("invalid_clientId");
return(Task.FromResult <object>(null));
}
if (client.ApplicationType == ApplicationTypes.Client_NativeConfidentialApplication)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", Resources.ClientSecretShouldBeSent);
return(Task.FromResult <object>(null));
}
else
{
if (client.Secret != Helper.GetHash(clientSecret))
{
context.SetError("invalid_clientId", Resources.InvalidClientSecret);
return(Task.FromResult <object>(null));
}
}
}
if (!client.Active)
{
context.SetError("invalid_clientId", Resources.ClientInactive);
return(Task.FromResult <object>(null));
}
context.OwinContext.Set <string>("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}
private string ValidateClientAndRedirectUri(HttpRequestMessage request, ref string redirectUriOutput)
{
Uri redirectUri;
var redirectUriString = GetQueryString(Request, "redirect_uri");
if (string.IsNullOrWhiteSpace(redirectUriString))
{
throw new ValidationException(Resources.InvalidRedirectUri);
}
bool validUri = Uri.TryCreate(redirectUriString, UriKind.Absolute, out redirectUri);
if (!validUri)
{
throw new ValidationException(Resources.InvalidRedirectUri);
}
var clientId = GetQueryString(Request, "client_id");
if (string.IsNullOrWhiteSpace(clientId))
{
throw new ValidationException(Resources.ClientIdIsRequired);
}
var client = _iAuthorizationBus.FindClient(clientId);
if (client == null)
{
throw new ForbiddenException(string.Format(Resources.ClientIdNotRegistred, clientId));
}
if (!string.Equals(client.AllowedOrigin, "*") && !string.Equals(client.AllowedOrigin, redirectUri.GetLeftPart(UriPartial.Authority), StringComparison.OrdinalIgnoreCase))
{
throw new UnauthorizedAccessException(string.Format(Resources.ClientIdDoesNotHaveEnoughRight, clientId));
}
redirectUriOutput = redirectUri.AbsoluteUri;
return(string.Empty);
}
