public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
UserRepository _userRepository = new UserRepository();
var user = _userRepository.GetUserByUserName(context.UserName);
if (user == null)
{
context.SetError("invalid_grant", "Invalid username and/or password.");
return(Task.FromResult <object>(null));
}
else
{
if (user.Password != context.Password)
{
context.SetError("invalid_grant", "Invalid username and/or password.");
return(Task.FromResult <object>(null));
}
else
{
var identity = new ClaimsIdentity("JWT");
identity.AddClaim(new Claim(ClaimTypes.Name, user.Id.ToString()));
identity.AddClaim(new Claim("UserId", user.Id.ToString()));
var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, null);
context.Validated(ticket);
return(base.GrantResourceOwnerCredentials(context));
}
}
}
//
// Summary:
// Called when a request to the Token endpoint arrives with a "grant_type" of "password".
// This occurs when the user has provided name and password credentials directly
// into the client application's user interface, and the client application is using
// those to acquire an "access_token" and optional "refresh_token". If the web application
// supports the resource owner credentials grant type it must validate the context.Username
// and context.Password as appropriate. To issue an access token the context.Validated
// must be called with a new ticket containing the claims about the resource owner
// which should be associated with the access token. The application should take
// appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
// The default behavior is to reject this grant type. See also http://tools.ietf.org/html/rfc6749#section-4.3.2
//
// Parameters:
// context:
// The context of the event carries information in and results out.
//
// Returns:
// Task to enable asynchronous execution
public override async Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context)
{
var userName = context.UserName;
var password = context.Password;
var user = databaseManager.LoginByUsernamePassword(userName, password).ToList();
if (user == null || user.Count() <= 0)
{
context.SetError("invalid_grant", "The user name and password is incorrect");
return;
}
var claims = new List <System.Security.Claims.Claim>();
var userInfo = user.FirstOrDefault();
claims.Add(new System.Security.Claims.Claim(
System.Security.Claims.ClaimTypes.Name, userInfo.username));
// Setting claim identities for OAuth2
var oAuthClaimIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.Owin.Security.OAuth.OAuthDefaults.AuthenticationType);
var cookiesClaimIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.Owin.Security.Cookies.CookieAuthenticationDefaults.AuthenticationType);
// Setting user authentication
var properties = CreateProperties(userInfo.username);
var ticket = new Microsoft.Owin.Security.AuthenticationTicket(oAuthClaimIdentity, properties);
// Grant access to user
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesClaimIdentity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
IdentityUser user;
using (AuthRepository _repo = new AuthRepository())
{
user = await _repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
Microsoft.Owin.Security.AuthenticationProperties properties = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary<string, string>
{
{ "userId", user.Id }
});
Microsoft.Owin.Security.AuthenticationTicket ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, properties);
// the above didn't worked so working around for the same
context.Validated(ticket);
// context.Validated(identity);
}
/// <summary>
/// 发放。授权资源访问凭证
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async System.Threading.Tasks.Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context)
{
//return base.GrantResourceOwnerCredentials(context);
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
//鉴定ClientID之后。授权来源
if (allowedOrigin == null)
{
allowedOrigin = this.userClientAuth? "*" : this.AnoymouseAllowedOrigins;
}
/////ngauthenticationweb Access-Control-Allow-Origin //来源鉴定
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", allowedOrigin.Split(','));
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "GET", "POST", "PUT", "DELETE" });
Microsoft.AspNet.Identity.EntityFramework.IdentityUser user =
await authRepository.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "用户名,密码不正确");
return;
}
//claim based 认证
var identity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, context.UserName));
identity.AddClaim(new System.Security.Claims.Claim("sub", context.UserName));
identity.AddClaim(new System.Security.Claims.Claim("role", "user"));
//identity.AddClaim(new System.Security.Claims.Claim("test", "test"));
var claims = MallAuth.ServerCache.GlobalCache.getInstance().getUserClaims(context.UserName);
foreach (var item in claims)
{
identity.AddClaim(new System.Security.Claims.Claim(item.Type, item.Value));
}
///额外的响应参数.注意这个和Claim不同
var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId
},
{
"userName", context.UserName
}
});
var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props);
context.Validated(ticket);
//context.Validated(identity);
}
public override async Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
if (allowedOrigin == null)
{
allowedOrigin = "*";
}
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
using (AuthRepository repo = new AuthRepository())
{
Microsoft.AspNet.Identity.EntityFramework.IdentityUser user = await repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name and password doesnt match the records");
return;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary<string, string>
{
{
"as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId
},
{
"userName", context.UserName
}
});
var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public override Task GrantRefreshToken(Microsoft.Owin.Security.OAuth.OAuthGrantRefreshTokenContext context)
{
var orginalClient = context.Ticket.Properties.Dictionary["as:client_id"];
var currentClient = context.ClientId;
if (orginalClient != currentClient)
{
context.SetError("invalid_clientId", "Refresh token is issued to a different clientId.");
return Task.FromResult<object>(null);
}
var newIdentity = new ClaimsIdentity(context.Ticket.Identity);
newIdentity.AddClaim(new Claim("newClaim", "newValue"));
var newTicket = new Microsoft.Owin.Security.AuthenticationTicket(newIdentity, context.Ticket.Properties);
context.Validated(newTicket);
return Task.FromResult<object>(null);
}
