public bool Evaluate(EvaluationContext evaluationContext, ref object state)
{
// get the authenticated client identity
var client = GetClientIdentity(evaluationContext);
string tenantName;
string userName = client.Name;
if (userName.Contains("\\"))
{
var parts = userName.Split('\\');
tenantName = parts[0];
userName = parts[1];
}
else
{
throw new Exception("Cannot determine tenant and username.");
}
_oauth2AuthenticationSettings.Username = userName;
_oauth2AuthenticationSettings.TenantName = tenantName;
var accessTokenResponse = BearerTokenHelper.RetrieveBearTokenFromCache(_oauth2AuthenticationSettings);
var claims = ClaimsWebApiHelper.GetClaims(_oauth2AuthenticationSettings, accessTokenResponse.AccessToken);
((System.Security.Claims.ClaimsIdentity)client).AddClaims(claims);
// set the custom principal
evaluationContext.Properties["Principal"] = new GenericPrincipal(client, null);
return(true);
}
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException();
}
string tenantName;
if (userName.Contains("\\"))
{
var parts = userName.Split('\\');
tenantName = parts[0];
userName = parts[1];
}
else
{
throw new Exception("Cannot determine tenant and username.");
}
_oauth2AuthenticationSettings.Username = userName;
_oauth2AuthenticationSettings.TenantName = tenantName;
_oauth2AuthenticationSettings.Password = password;
var accessTokenResponse = BearerTokenHelper.RetrieveBearTokenFromCacheOrNew(_oauth2AuthenticationSettings);
ClaimsWebApiHelper.Authenticate(_oauth2AuthenticationSettings.Url, accessTokenResponse.AccessToken);
}
private static IEnumerable <Claim> GetClaimsForUser(string userName, string tenantName)
{
try
{
_oauth2AuthenticationSettings.Username = userName;
_oauth2AuthenticationSettings.TenantName = tenantName;
var accessTokenResponse = BearerTokenHelper.RetrieveBearTokenFromCache(_oauth2AuthenticationSettings);
var claims = ClaimsWebApiHelper.GetClaims(_oauth2AuthenticationSettings, accessTokenResponse.AccessToken);
return(claims);
}
catch (Exception ex)
{
_logger.WriteLogEntry(tenantName, null, MethodBase.GetCurrentMethod().Name + " " + ex.ToString() + " " + ex.Message, LogLevelType.Error, ex);
throw;
}
}
private static bool AuthenticateUser(string userName, string password)
{
string tenantName = "";
try
{
var parts = userName.Split('\\');
if (parts.Length > 1)
{
tenantName = parts[0];
userName = parts[1];
}
else
{
throw new AuthenticationException("Could not determine tenant name and user name")
{
StatusCode = HttpStatusCode.Unauthorized,
ReasonPhrase = "Could not determine tenant name and user name"
};
}
_oauth2AuthenticationSettings.Password = password;
_oauth2AuthenticationSettings.Username = userName;
_oauth2AuthenticationSettings.TenantName = tenantName;
//Get Token for this user.
var accessTokenResponse = BearerTokenHelper.RetrieveBearTokenFromCacheOrNew(_oauth2AuthenticationSettings);
if (accessTokenResponse == null || string.IsNullOrEmpty(accessTokenResponse.AccessToken))
{
throw new AuthenticationException("Unable to retrieve token")
{
StatusCode = HttpStatusCode.Unauthorized,
ReasonPhrase = "Unable to retrieve token"
};
}
//If token was cached we did not guarantee that tenant, user name and password are correct.
//We only verified that the tenant and user name are the same.
var memoryCachingService = new MemoryCacheProvider();
var hashedPassword = memoryCachingService.FetchAndCache(accessTokenResponse.AccessToken, () => EncryptionHelper.Md5Encryption.GetMd5Hash(password), SecurityTokenConstants.TokenLifeTime);
if (EncryptionHelper.Md5Encryption.GetMd5Hash(password) != hashedPassword)
{
throw new AuthenticationException("username or password does not match")
{
StatusCode = HttpStatusCode.Unauthorized,
ReasonPhrase = "username or password does not match"
}
}
;
//Validates that the token is good.
ClaimsWebApiHelper.Authenticate(_oauth2AuthenticationSettings.Url, accessTokenResponse.AccessToken);
}
catch (Exception ex)
{
_logger.WriteLogEntry(tenantName, null, MethodBase.GetCurrentMethod().Name + " " + ex.GetInnerMostException(), LogLevelType.Error, ex);
throw;
}
return(true);
}
