public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
//try
//{
var clientid = context.Ticket.Properties.Dictionary["as:client_id"];
if (string.IsNullOrEmpty(clientid))
{
return;
}
//TODO: I removed hashed tokens to reduce database size
//var refreshTokenId = Guid.NewGuid().ToString("n");
var service = WebApiTokenEN.GetService("");
var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime");
WebApiToken token = WebApiTokenEN.GetEntityObjectT();
token.WebApiTokenID = Guid.NewGuid();
token.WebApiClientID = WebApiClientEN.GetService().GetByClientCode(clientid).WebApiClientID;
token.UserID = Convert.ToInt64(context.Ticket.Identity.Name);
token.IssuedUtc = DateTime.UtcNow;
token.ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime));
token.ProtectedTicket = context.SerializeTicket();
context.Ticket.Properties.IssuedUtc = token.IssuedUtc;
context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
service.AddToken(token);
context.SetToken(token.WebApiTokenID.ToString("n"));
//}
//catch (Exception ex)
//{
// var result = UIUtils.GetExceptionActionResult(ex);
// context.Response.
//}
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
try
{
string clientId = string.Empty;
string clientSecret = string.Empty;
vWebApiClient client = null;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
//Remove the comments from the below line context.SetError, and invalidate context
//if you want to force sending clientId/secrects once obtain access tokens.
context.Validated();
context.SetError("invalid_clientId", "ClientId should be sent.");
return(Task.FromResult <object>(null));
}
client = WebApiClientEN.GetService("").GetByClientCode(clientId);
if (client == null)
{
context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId));
return(Task.FromResult <object>(null));
}
if (client.CheckSecret)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
else
{
if (client.SecretKey != clientSecret)
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
}
if (!client.IsActive)
{
context.SetError("invalid_clientId", "Client is inactive.");
return(Task.FromResult <object>(null));
}
if (client.UserApprovalStatusID != (byte)EntityEnums.UserApprovalStatusEnum.Approved)
{
context.SetError("invalid_clientId", "Client is locked or cancelled.");
return(Task.FromResult <object>(null));
}
if (client.SiteID != 0) // if the access was not to the top root of all xecare sites
{
if (FWUtils.SecurityUtils.GetCurrentSiteID() != client.SiteID)
{
context.SetError("invalid_clientId", "Client doesn't access to API of this current site.");
return(Task.FromResult <object>(null));
}
}
context.OwinContext.Set <string>("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshLifeTimeMinutes.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}
catch (Exception ex)
{
var msg = FWUtils.ExpLogUtils.ExceptionTranslator.TryToTranslate(ex).Message;
context.SetError("error", msg);
return(Task.FromResult <object>(null));
}
}
