public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
context.SetError(InvalidClientId, "client_Id is not set");
return(Task.FromResult <object>(null));
}
var audience = AudienceService.FindAudience(context.ClientId);
if (audience == null)
{
context.SetError(InvalidClientId, string.Format("Invalid client_id '{0}'", context.ClientId));
return(Task.FromResult <object>(null));
}
context.Validated();
return(Task.FromResult <object>(null));
}
private Audience GetAudience(string name)
{
var options = new DbContextOptionsBuilder <GhDbContext>();
string connectstr = Configuration["DbConnection"];
options.UseSqlServer(connectstr);
var dbContext = new GhDbContext(options.Options);
AudienceService service = new AudienceService(dbContext);
return(service.GetByName(name));
}
public string Protect(AuthenticationTicket data)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
var audienceId = data.Properties.Dictionary.ContainsKey(AudiencePropertyKey)
? data.Properties.Dictionary[AudiencePropertyKey]
: null;
if (string.IsNullOrWhiteSpace(audienceId))
{
throw new InvalidOperationException("AuthenticationTicket.Properties does not include audience");
}
var audience = AudienceService.FindAudience(audienceId);
var signingKey = new HmacSigningCredentials(TextEncodings.Base64Url.Decode(audience.SecretKey));
var issued = data.Properties.IssuedUtc ?? DateTimeOffset.UtcNow;
var expires = data.Properties.ExpiresUtc ?? DateTimeOffset.UtcNow;
var token = new JwtSecurityToken(
issuer,
audienceId,
data.Identity.Claims,
issued.UtcDateTime,
expires.UtcDateTime,
signingKey);
var handler = new JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
return(jwt);
}
public override void OnActionExecuting(ActionExecutingContext context)
{
string userId = context.HttpContext.User.Identity.Name;
if (string.IsNullOrWhiteSpace(AuthId))
{
context.Result = new StatusCodeResult(405);
return;
}
if (context.HttpContext.User.Identity.IsAuthenticated == false)
{
context.Result = new StatusCodeResult(405);
return;
}
AudienceService services = context.HttpContext.RequestServices.GetService(typeof(AudienceService)) as AudienceService;
Permission permission = services.GetPermissingById(this.AuthId, userId);
if (permission == null)
{
context.Result = new StatusCodeResult(405);
return;
}
base.OnActionExecuting(context);
}
