public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { UserRepository _userRepository = new UserRepository(); var user = _userRepository.GetUserByUserName(context.UserName); if (user == null) { context.SetError("invalid_grant", "Invalid username and/or password."); return(Task.FromResult <object>(null)); } else { if (user.Password != context.Password) { context.SetError("invalid_grant", "Invalid username and/or password."); return(Task.FromResult <object>(null)); } else { var identity = new ClaimsIdentity("JWT"); identity.AddClaim(new Claim(ClaimTypes.Name, user.Id.ToString())); identity.AddClaim(new Claim("UserId", user.Id.ToString())); var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, null); context.Validated(ticket); return(base.GrantResourceOwnerCredentials(context)); } } }
// // Summary: // Called when a request to the Token endpoint arrives with a "grant_type" of "password". // This occurs when the user has provided name and password credentials directly // into the client application's user interface, and the client application is using // those to acquire an "access_token" and optional "refresh_token". If the web application // supports the resource owner credentials grant type it must validate the context.Username // and context.Password as appropriate. To issue an access token the context.Validated // must be called with a new ticket containing the claims about the resource owner // which should be associated with the access token. The application should take // appropriate measures to ensure that the endpoint isn’t abused by malicious callers. // The default behavior is to reject this grant type. See also http://tools.ietf.org/html/rfc6749#section-4.3.2 // // Parameters: // context: // The context of the event carries information in and results out. // // Returns: // Task to enable asynchronous execution public override async Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context) { var userName = context.UserName; var password = context.Password; var user = databaseManager.LoginByUsernamePassword(userName, password).ToList(); if (user == null || user.Count() <= 0) { context.SetError("invalid_grant", "The user name and password is incorrect"); return; } var claims = new List <System.Security.Claims.Claim>(); var userInfo = user.FirstOrDefault(); claims.Add(new System.Security.Claims.Claim( System.Security.Claims.ClaimTypes.Name, userInfo.username)); // Setting claim identities for OAuth2 var oAuthClaimIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.Owin.Security.OAuth.OAuthDefaults.AuthenticationType); var cookiesClaimIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.Owin.Security.Cookies.CookieAuthenticationDefaults.AuthenticationType); // Setting user authentication var properties = CreateProperties(userInfo.username); var ticket = new Microsoft.Owin.Security.AuthenticationTicket(oAuthClaimIdentity, properties); // Grant access to user context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesClaimIdentity); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); IdentityUser user; using (AuthRepository _repo = new AuthRepository()) { user = await _repo.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim("sub", context.UserName)); identity.AddClaim(new Claim("role", "user")); Microsoft.Owin.Security.AuthenticationProperties properties = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary<string, string> { { "userId", user.Id } }); Microsoft.Owin.Security.AuthenticationTicket ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, properties); // the above didn't worked so working around for the same context.Validated(ticket); // context.Validated(identity); }
/// <summary> /// 发放。授权资源访问凭证 /// </summary> /// <param name="context"></param> /// <returns></returns> public override async System.Threading.Tasks.Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context) { //return base.GrantResourceOwnerCredentials(context); var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin"); //鉴定ClientID之后。授权来源 if (allowedOrigin == null) { allowedOrigin = this.userClientAuth? "*" : this.AnoymouseAllowedOrigins; } /////ngauthenticationweb Access-Control-Allow-Origin //来源鉴定 context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", allowedOrigin.Split(',')); context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "GET", "POST", "PUT", "DELETE" }); Microsoft.AspNet.Identity.EntityFramework.IdentityUser user = await authRepository.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "用户名,密码不正确"); return; } //claim based 认证 var identity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, context.UserName)); identity.AddClaim(new System.Security.Claims.Claim("sub", context.UserName)); identity.AddClaim(new System.Security.Claims.Claim("role", "user")); //identity.AddClaim(new System.Security.Claims.Claim("test", "test")); var claims = MallAuth.ServerCache.GlobalCache.getInstance().getUserClaims(context.UserName); foreach (var item in claims) { identity.AddClaim(new System.Security.Claims.Claim(item.Type, item.Value)); } ///额外的响应参数.注意这个和Claim不同 var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary <string, string> { { "as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId }, { "userName", context.UserName } }); var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props); context.Validated(ticket); //context.Validated(identity); }
public override async Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context) { var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin"); if (allowedOrigin == null) { allowedOrigin = "*"; } context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); using (AuthRepository repo = new AuthRepository()) { Microsoft.AspNet.Identity.EntityFramework.IdentityUser user = await repo.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name and password doesnt match the records"); return; } } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); identity.AddClaim(new Claim("sub", context.UserName)); identity.AddClaim(new Claim("role", "user")); var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary<string, string> { { "as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId }, { "userName", context.UserName } }); var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props); context.Validated(ticket); }
public override Task GrantRefreshToken(Microsoft.Owin.Security.OAuth.OAuthGrantRefreshTokenContext context) { var orginalClient = context.Ticket.Properties.Dictionary["as:client_id"]; var currentClient = context.ClientId; if (orginalClient != currentClient) { context.SetError("invalid_clientId", "Refresh token is issued to a different clientId."); return Task.FromResult<object>(null); } var newIdentity = new ClaimsIdentity(context.Ticket.Identity); newIdentity.AddClaim(new Claim("newClaim", "newValue")); var newTicket = new Microsoft.Owin.Security.AuthenticationTicket(newIdentity, context.Ticket.Properties); context.Validated(newTicket); return Task.FromResult<object>(null); }