public HttpResponseMessage Post(int id, ScopeModel model)
{
if (!ModelState.IsValid)
{
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
}
var app = config.Applications.All.SingleOrDefault(x => x.ID == id);
if (app == null)
{
return Request.CreateResponse(HttpStatusCode.NotFound);
}
var scope = new Scope();
scope.Name = model.Name;
scope.Description = model.Description;
scope.Emphasize = model.Emphasize;
app.Scopes.Add(scope);
config.SaveChanges();
return Request.CreateResponse(HttpStatusCode.OK, new {
scope.ID,
scope.Name,
scope.Description,
scope.Emphasize
});
}
public HttpResponseMessage Post(int id, ScopeModel model)
{
if (!ModelState.IsValid)
{
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.GetErrors());
}
var app = _config.Applications.All.SingleOrDefault(x => x.ID == id);
if (app == null)
{
return Request.CreateResponse(HttpStatusCode.NotFound);
}
if (app.Scopes.Any(x => x.Name == model.Name))
{
ModelState.AddModelError("", "That Scope name is already in use.");
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.GetErrors());
}
var scope = new Scope
{
Name = model.Name,
DisplayName = model.DisplayName,
Description = model.Description,
Emphasize = model.Emphasize
};
app.Scopes.Add(scope);
_config.SaveChanges();
return Request.CreateResponse(HttpStatusCode.OK, new {
scope.ID,
scope.Name,
scope.DisplayName,
scope.Description,
scope.Emphasize
});
}
private void PopulateData()
{
var resourceOwnerClient = new Client
{
Name = "Resource Owner Flow Client",
ClientId = "roclient",
ClientSecret = "secret",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Flow = OAuthFlow.ResourceOwner,
AllowRefreshToken = true
};
var codeClient = new Client
{
Name = "Code Flow Client",
ClientId = "codeclient",
ClientSecret = "secret",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
AllowRefreshToken = true,
Flow = OAuthFlow.Code,
RedirectUris = new List<ClientRedirectUri>
{
new ClientRedirectUri
{
Uri = "https://prod.local",
Description = "Production"
},
new ClientRedirectUri
{
Uri = "https://test.local",
Description = "Test"
}
}
};
var implicitClient = new Client
{
Name = "Implicit Flow Client",
ClientId = "implicitclient",
ClientSecret = "secret",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
AllowRefreshToken = false,
Flow = OAuthFlow.Implicit,
RedirectUris = new List<ClientRedirectUri>
{
new ClientRedirectUri
{
Uri = "https://test2.local",
Description = "Test"
}
}
};
var trustedClient = new Client
{
Name = "Trusted Client",
ClientId = "trustedclient",
ClientSecret = "secret",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
AllowRefreshToken = false,
Flow = OAuthFlow.ResourceOwner,
};
var readScope = new Scope
{
AllowedClients = new List<Client> { codeClient, implicitClient, resourceOwnerClient },
Name = "read",
Description = "Read data",
Emphasize = false
};
var browseScope = new Scope
{
AllowedClients = new List<Client> { codeClient, implicitClient, resourceOwnerClient },
Name = "browse",
Description = "Browse data",
Emphasize = false
};
var searchScope = new Scope
{
AllowedClients = new List<Client> { codeClient, resourceOwnerClient },
Name = "search",
Description = "Search data",
Emphasize = false
};
var writeScope = new Scope
{
AllowedClients = new List<Client> { resourceOwnerClient },
Name = "write",
Description = "write data",
Emphasize = true
};
var deleteScope = new Scope
{
AllowedClients = new List<Client> { trustedClient },
Name = "delete",
Description = "delete data",
Emphasize = true
};
var application = new Application
{
Name = "Test Application",
Namespace = "test",
Scopes = new List<Scope> { readScope, browseScope, searchScope, writeScope, deleteScope },
RequireConsent = true,
TokenLifetime = 60
};
_applications.Add(application);
}
public static void Populate()
{
Database.SetInitializer(new DropCreateDatabaseIfModelChanges<AuthorizationServerContext>());
try
{
var db = DependencyResolver.Current.GetService<AuthorizationServerContext>();
var resourceOwnerClient = db.Clients.Find("roclient");
var CodeClient = db.Clients.Find("codeclient");
var ImplicitClient = db.Clients.Find("implicitclient");
var client = db.Clients.Find("client");
var assertionClient = db.Clients.Find("assertionclient");
if (client == null)
{
client = new Client
{
Enabled = true,
Name = "Client",
ClientId = "client",
Flow = OAuthFlow.Client
};
client.SetSharedSecret("secret");
db.Clients.Add(client);
db.SaveChanges();
}
if (assertionClient == null)
{
assertionClient = new Client
{
Enabled = true,
Name = "Assertion Client",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
ClientId = "assertionclient",
Flow = OAuthFlow.Assertion
};
assertionClient.SetSharedSecret("secret");
db.Clients.Add(assertionClient);
db.SaveChanges();
}
if (resourceOwnerClient == null)
{
resourceOwnerClient = new Client
{
Enabled = true,
Name = "Resource Owner Flow Client",
ClientId = "roclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Flow = OAuthFlow.ResourceOwner,
AllowRefreshToken = true
};
resourceOwnerClient.SetSharedSecret("secret");
db.Clients.Add(resourceOwnerClient);
db.SaveChanges();
}
if (CodeClient == null)
{
CodeClient = new Client
{
Enabled = true,
Name = "Code Flow Client",
ClientId = "codeclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
AllowRefreshToken = true,
Flow = OAuthFlow.Code,
RedirectUris = new List<ClientRedirectUri>
{
new ClientRedirectUri
{
Uri = "https://prod.local",
Description = "Production"
},
new ClientRedirectUri
{
Uri = "https://test.local",
Description = "Test"
},
new ClientRedirectUri
{
Uri = "https://localhost:44303/callback",
Description = "Local Test"
}
}
};
CodeClient.SetSharedSecret("secret");
db.Clients.Add(CodeClient);
db.SaveChanges();
}
if (ImplicitClient == null)
{
ImplicitClient = new Client
{
Enabled = true,
Name = "Implicit Flow Client",
ClientId = "implicitclient",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
AllowRefreshToken = false,
Flow = OAuthFlow.Implicit,
RedirectUris = new List<ClientRedirectUri>
{
new ClientRedirectUri
{
Uri = "https://test2.local",
Description = "Test"
},
new ClientRedirectUri
{
Uri = "https://localhost:44300/callback.cshtml",
Description = "JavaScript Callback Page"
},
new ClientRedirectUri
{
Uri = "ms-app://s-1-15-2-4224567138-2162094511-1976135278-3909242924-69295690-1380993013-1329561029/",
Description = "Win Store App"
}
}
};
ImplicitClient.SetSharedSecret("secret");
db.Clients.Add(ImplicitClient);
db.SaveChanges();
}
//if (!db.SigningKeys.Any())
//{
// db.SigningKeys.Add(new X509CertificateReference
// {
// Name = "Default X509 Cert",
// Location = System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,
// FindValue = "CN=idsrv.local",
// FindType = System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectDistinguishedName,
// StoreName = System.Security.Cryptography.X509Certificates.StoreName.My
// });
// db.SaveChanges();
//}
if (!db.Applications.Any())
{
var readScope = new Scope
{
AllowedClients = new List<Client> { CodeClient, ImplicitClient, resourceOwnerClient, client, assertionClient },
Name = "read",
DisplayName = "Read data",
Description = "Allows to read data",
Emphasize = false
};
var searchScope = new Scope
{
AllowedClients = new List<Client> { CodeClient, resourceOwnerClient },
Name = "search",
DisplayName = "Search data",
Description = "Allows to search for data",
Emphasize = false
};
var writeScope = new Scope
{
AllowedClients = new List<Client> { resourceOwnerClient },
Name = "write",
DisplayName = "Write data",
Description = "Allows to write data",
Emphasize = true
};
var key = new SymmetricKey { Name = "Demo signing key" };
key.SetValue(Convert.FromBase64String("1fTiS2clmPTUlNcpwYzd5i4AEFJ2DEsd8TcUsllmaKQ="));
var application = new Application
{
Enabled = true,
Name = "User management",
Namespace = "users",
Audience = "users",
Description = "This app manages your users",
LogoUrl = "http://en.opensuse.org/images/0/0b/Icon-user.png",
Scopes = new List<Scope> { readScope, searchScope, writeScope },
RequireConsent = true,
TokenLifetime = 60,
AllowRefreshToken = true,
AllowRememberConsentDecision = true,
SigningKey = key
};
db.Applications.Add(application);
db.SaveChanges();
}
}
catch (Exception)
{
throw;
}
}
private void PopulateData()
{
var resourceOwnerClient = new Client
{
Name = "Resource Owner Flow Client",
ClientId = "roclient",
ClientSecret = "secret",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Flow = OAuthFlow.ResourceOwner,
AllowRefreshToken = true
};
var CodeClient = new Client
{
Name = "Code Flow Client",
ClientId = "codeclient",
ClientSecret = "secret",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
AllowRefreshToken = true,
Flow = OAuthFlow.Code,
RedirectUris = new RedirectUris
{
new RedirectUri
{
Uri = "https://prod.local",
Description = "Production"
},
new RedirectUri
{
Uri = "https://test.local",
Description = "Test"
}
}
};
var ImplicitClient = new Client
{
Name = "Implicit Flow Client",
ClientId = "implicitclient",
ClientSecret = "secret",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
AllowRefreshToken = false,
Flow = OAuthFlow.Implicit,
RedirectUris = new RedirectUris
{
new RedirectUri
{
Uri = "https://test2.local",
Description = "Test"
}
}
};
var readScope = new Scope
{
AllowedClients = new Clients { CodeClient, ImplicitClient, resourceOwnerClient },
Name = "read",
Description = "Read data",
Emphasize = false
};
var searchScope = new Scope
{
AllowedClients = new Clients { CodeClient, resourceOwnerClient },
Name = "search",
Description = "Search data",
Emphasize = false
};
var writeScope = new Scope
{
AllowedClients = new Clients { resourceOwnerClient },
Name = "write",
Description = "write data",
Emphasize = true
};
var application = new Application
{
Name = "User management",
Namespace = "users",
Scopes = new Scopes { readScope, searchScope, writeScope },
Clients = new Clients { CodeClient, ImplicitClient, resourceOwnerClient },
ShowConsent = true,
TokenLifetime = 60
};
_applications.Add(application);
}
public void Init()
{
DataProtectection.Instance = new NoProtection();
globalConfiguration = new GlobalConfiguration() { Issuer = "Test Issuer" };
rocv = new Mock<IResourceOwnerCredentialValidation>();
config = new Mock<IAuthorizationServerConfiguration>();
handleManager = new Mock<IStoredGrantManager>();
assertionGrantValidator = new Mock<IAssertionGrantValidation>();
clientManager = new Mock<IClientManager>();
tokenService = new TokenService(globalConfiguration);
#region Setup Test Client
string secret = "12345678";
byte[] encodedByte = System.Text.ASCIIEncoding.ASCII.GetBytes(secret);
string base64EncodedSecret = Convert.ToBase64String(encodedByte);
_Client = new Client()
{
ClientId = "MobileAppShop",
ClientSecret = base64EncodedSecret,
Flow = OAuthFlow.ResourceOwner,
AllowRefreshToken = true
};
#endregion
#region Setup Test Application
var scope = new Scope();
scope.Name = "read";
scope.AllowedClients = new List<Client>();
scope.AllowedClients.Add(_Client);
_Scopes = new List<Scope>();
_Scopes.Add(scope);
string symmetricKey = "C33333333333333333333333335=";
byte[] keybytes = Convert.FromBase64String(symmetricKey);
SecurityKey securityKey = new InMemorySymmetricSecurityKey(keybytes);
_Application = new Application()
{
Name = "Test Application 1",
Scopes = _Scopes,
Audience = "Test Audience",
TokenLifetime = 1,
AllowRefreshToken = true,
};
#endregion
#region Setup Example StoredGrant
Claim[] resourceOwnerClaims = { new Claim("Username", "JohnSmith"), new Claim("sub", "JohnSmith") };
_StoredGrant = new StoredGrant()
{
GrantId = "MyFavouriteRefrehToken1234",
CreateRefreshToken = true,
Client = _Client,
ResourceOwner = resourceOwnerClaims.ToStoredGrantClaims().ToList(),
Expiration = DateTime.Now.AddDays(1),
RefreshTokenExpiration = DateTime.Now.AddMonths(1),
Type = StoredGrantType.RefreshTokenIdentifier,
Scopes = _Scopes,
Application = _Application
};
#endregion
#region Setup Mocking Objects
// IAuthorizationServerConfiguration
config.Setup(x => x.FindApplication(It.IsNotNull<string>()))
.Returns((string name) =>
{
return _Application;
});
config.Setup(x => x.GlobalConfiguration).Returns(() => globalConfiguration);
// IClientManager
clientManager.Setup(x => x.Get(It.IsNotNull<string>()))
.Returns((string clientId) =>
{
return _Client;
});
// IResourceOwnerCredentialValidation
rocv.Setup(x => x.Validate(It.IsNotNull<string>(), It.IsNotNull<string>()))
.Returns((string username, string password) =>
{
return Principal.Create("Test", resourceOwnerClaims);
});
// IStoredGrantManager
handleManager.Setup(x => x.Get(It.IsNotNull<string>()))
.Returns((string grantIdentifier) =>
{
return _StoredGrant;
});
#endregion
_TokenController = new TokenController(
rocv.Object,
config.Object,
handleManager.Object,
assertionGrantValidator.Object,
tokenService,
clientManager.Object);
_TokenController.Request = new HttpRequestMessage();
_TokenController.Request.SetConfiguration(new HttpConfiguration());
}
public static void Populate()
{
Database.SetInitializer(new DropCreateDatabaseIfModelChanges<AuthorizationServerContext>());
try
{
var db = DependencyResolver.Current.GetService<Thinktecture.AuthorizationServer.EF.AuthorizationServerContext>();
if (!db.GlobalConfiguration.Any())
{
var config = new GlobalConfiguration
{
AuthorizationServerName = "Thinktecture AuthorizationServer",
Issuer = "ThinktectureAuthorizationServer",
Administrators = new List<AuthorizationServerAdministrator>
{
new AuthorizationServerAdministrator{NameID="dominick"},
new AuthorizationServerAdministrator{NameID="brock"},
}
};
db.GlobalConfiguration.Add(config);
db.SaveChanges();
}
var resourceOwnerClient = db.Clients.Find("roclient");
var CodeClient = db.Clients.Find("codeclient");
var ImplicitClient = db.Clients.Find("implicitclient");
var client = db.Clients.Find("client");
if (client == null)
{
client = new Client
{
Enabled = true,
Name = "Client",
ClientId = "client",
ClientSecret = "secret",
Flow = OAuthFlow.Client
};
db.Clients.Add(client);
db.SaveChanges();
}
if (resourceOwnerClient == null)
{
resourceOwnerClient = new Client
{
Enabled = true,
Name = "Resource Owner Flow Client",
ClientId = "roclient",
ClientSecret = "secret",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
Flow = OAuthFlow.ResourceOwner,
AllowRefreshToken = true
};
db.Clients.Add(resourceOwnerClient);
db.SaveChanges();
}
if (CodeClient == null)
{
CodeClient = new Client
{
Enabled = true,
Name = "Code Flow Client",
ClientId = "codeclient",
ClientSecret = "secret",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
AllowRefreshToken = true,
Flow = OAuthFlow.Code,
RedirectUris = new List<ClientRedirectUri>
{
new ClientRedirectUri
{
Uri = "https://prod.local",
Description = "Production"
},
new ClientRedirectUri
{
Uri = "https://test.local",
Description = "Test"
},
new ClientRedirectUri
{
Uri = "https://localhost:44303/callback",
Description = "Local Test"
}
}
};
db.Clients.Add(CodeClient);
db.SaveChanges();
}
if (ImplicitClient == null)
{
ImplicitClient = new Client
{
Enabled = true,
Name = "Implicit Flow Client",
ClientId = "implicitclient",
ClientSecret = "secret",
AuthenticationMethod = ClientAuthenticationMethod.SharedSecret,
AllowRefreshToken = false,
Flow = OAuthFlow.Implicit,
RedirectUris = new List<ClientRedirectUri>
{
new ClientRedirectUri
{
Uri = "https://test2.local",
Description = "Test"
},
new ClientRedirectUri
{
Uri = "ms-app://s-1-15-2-4224567138-2162094511-1976135278-3909242924-69295690-1380993013-1329561029/",
Description = "Win Store App"
}
}
};
db.Clients.Add(ImplicitClient);
db.SaveChanges();
}
if (!db.SigningKeys.Any())
{
db.SigningKeys.Add(new X509CertificateReference
{
Name = "Default X509 Cert",
Location = System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,
FindValue = "CN=idsrv.local",
FindType = System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectDistinguishedName,
StoreName = System.Security.Cryptography.X509Certificates.StoreName.My
});
db.SaveChanges();
}
if (!db.Applications.Any())
{
var readScope = new Scope
{
AllowedClients = new List<Client> { CodeClient, ImplicitClient, resourceOwnerClient, client },
Name = "read",
Description = "Read data",
Emphasize = false
};
var searchScope = new Scope
{
AllowedClients = new List<Client> { CodeClient, resourceOwnerClient },
Name = "search",
Description = "Search data",
Emphasize = false
};
var writeScope = new Scope
{
AllowedClients = new List<Client> { resourceOwnerClient },
Name = "write",
Description = "write data",
Emphasize = true
};
var application = new Application
{
Enabled = true,
Name = "User management",
Namespace = "users",
Audience = "users",
Description = "This app manages your users",
LogoUrl = "http://en.opensuse.org/images/0/0b/Icon-user.png",
Scopes = new List<Scope> { readScope, searchScope, writeScope },
RequireConsent = true,
TokenLifetime = 60,
AllowRefreshToken = true,
SigningKey = new SymmetricKey { Name="main signing key", Value = Convert.FromBase64String("1fTiS2clmPTUlNcpwYzd5i4AEFJ2DEsd8TcUsllmaKQ=") }
};
db.Applications.Add(application);
db.SaveChanges();
}
}
catch (Exception ex)
{
throw;
}
}
