internal static SaaSScopeBase Create(string[] scope, BaseValidatingTicketContext <OAuthAuthorizationServerOptions> context, AuthRepository auth, AuthProductRepository authProduct) { var worker = Create(scope, auth, authProduct); worker.Context = context; return(worker); }
private static void VerifyAuthentication(BaseValidatingTicketContext <OAuthAuthorizationServerOptions> context, AuthenticatedUser response) { if (response != null && response.UserName != EmailAddress.Empty) { BuildToken(context, response); } else { context.SetError("Autorization Error", "The username or password is incorrect!"); context.Response.Headers.Add("AuthorizationResponse", new[] { "401" }); } }
private static void GrantResourceOwnerCredentials( BaseValidatingTicketContext <OAuthAuthorizationServerOptions> context, SignInStatus status, ClaimsIdentity user, string clientId) { if (status == SignInStatus.Success) { var identity = new ClaimsIdentity("JWT"); identity.AddClaim(new Claim(JwtRegisteredClaimNames.Sub, user.Name)); // identity.AddClaim(new Claim(ClaimTypes.Sid, user.Id)); identity.AddClaims( from claim in user.Claims where string.Equals(claim.Type, ClaimTypes.Role, StringComparison.OrdinalIgnoreCase) // || // claim.ClaimType.Contains(SecurityExtensions.PermissionClaimTypePrefix) select new Claim(claim.Type, claim.Value)); var props = new AuthenticationProperties( new Dictionary <string, string> { { "audience", clientId ?? string.Empty } }); var ticket = new AuthenticationTicket(identity, props); context.Validated(ticket); } else { switch (status) { case SignInStatus.Failure: context.SetError("invalid_grant", "The user name or password is incorrect"); break; case SignInStatus.LockedOut: context.SetError("invalid_grant.locked", "The user account is locked"); break; case SignInStatus.RequiresVerification: context.SetError("invalid_grant.unverified", "The user account requires verification"); break; default: context.SetError("invalid_grant.error", "Unexpected failure. SignIn status: " + status); break; } } }
private static void BuildToken(BaseValidatingTicketContext <OAuthAuthorizationServerOptions> context, AuthenticatedUser response) { var claims = new ClaimsIdentity(context.Options.AuthenticationType); claims.AddClaim(new Claim("Permissions", JsonConvert.SerializeObject(response.Permissions))); claims.AddClaim(new Claim("UserOrgUnitId", JsonConvert.SerializeObject(response.OrgUnitId))); claims.AddClaim(new Claim("UserId", JsonConvert.SerializeObject(new Guid(response.Id.ToString())))); claims.AddClaim(new Claim("UserName", response.UserName.ToString())); claims.AddClaim(new Claim("RoleId", JsonConvert.SerializeObject(response.RoleId))); claims.AddClaim(new Claim("Email", response.EmailAddress.ToString())); // claims.AddClaim(new Claim("SId", JsonConvert.SerializeObject(response.SId))); claims.AddClaim(new Claim("IpAddress", context.Request.RemoteIpAddress)); context.Validated(claims); }
private async Task CreateAuthenticationSignInInfo(BaseValidatingTicketContext <OAuthAuthorizationServerOptions> context, Formular.BaaS.Domain.User baasUser) { using (UserManager <ApplicationUser, int> userManager = _userManagerFactory()) { var user = new ApplicationUser(baasUser); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user, context.Options.AuthenticationType); ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); } }
private void InvalidGrant(BaseValidatingTicketContext context) { context.Reject(error: OpenIdConnectConstants.Errors.InvalidGrant, description: "Invalid user credentials."); }