public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var allowedOrigin = "NONE"; List <ClientAllowedOrigin> _allowedOrigins; _allowedOrigins = await UnitOfWork.ClientStore.ListAllowedOrigins(new Guid()); string _originPath = NullHandlers.NES(context.Request.Headers["Origin"]); if (_originPath == "") { allowedOrigin = "*"; } else { string _originCompare = _originPath.ToLower().Trim(); if (_originCompare.LastIndexOf("/") != (_originCompare.Length - 1)) { _originCompare += "/"; } foreach (ClientAllowedOrigin _origin in _allowedOrigins) { string _allowedCompare = _origin.AllowedURL.ToLower().Trim(); if ((_allowedCompare.LastIndexOf("/") != (_allowedCompare.Length - 1)) && (_allowedCompare != "*")) { _allowedCompare += "/"; } if ((_origin.AllowedURL.ToLower().Trim() == "*") || (_origin.AllowedURL.ToLower().Trim() == _originCompare)) { allowedOrigin = _originPath; break; } } } context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); string hashedTokenId = Infrastructure.Encryption.GetHash(context.Token); var refreshToken = await UnitOfWork.RefreshTokenStore.FindById(hashedTokenId); if (refreshToken != null) { //Get protectedTicket from refreshToken class context.DeserializeTicket(refreshToken.ProtectedTicket); var originalClient = context.Ticket.Properties.Dictionary["as:client_id"]; var currentClient = context.OwinContext.Get <string>("as:current_client_id"); if (originalClient.ToLower().Trim() == currentClient.ToLower().Trim()) { var result = await UnitOfWork.RefreshTokenStore.DeleteAsync(hashedTokenId); } } }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { Client client = context.OwinContext.Get <Client>("as:requested_client"); string _authToken = String.Empty; if (client != null) { foreach (var _header in context.OwinContext.Request.Headers) { if (_header.Key.ToLower() == "authorization") { if (_header.Value.Length > 0) { _authToken = _header.Value[0]; break; } } } } if (_authToken.IndexOf("Bearer ", StringComparison.CurrentCultureIgnoreCase) == 0) { _authToken = _authToken.Substring(7, _authToken.Length - 7); } var allowedOrigin = "NONE"; List <ClientAllowedOrigin> _allowedOrigins; if (!(client == null)) { _allowedOrigins = client.AllowedOrigins; } else { _allowedOrigins = await UnitOfWork.ClientStore.ListAllowedOrigins(new Guid()); } string _originPath = NullHandlers.NES(context.Request.Headers["Origin"]); if (_originPath == "") { allowedOrigin = "*"; } else { string _originCompare = _originPath.ToLower().Trim(); if (_originCompare.LastIndexOf("/") != (_originCompare.Length - 1)) { _originCompare += "/"; } foreach (ClientAllowedOrigin _origin in _allowedOrigins) { string _allowedCompare = _origin.AllowedURL.ToLower().Trim(); if ((_allowedCompare.LastIndexOf("/") != (_allowedCompare.Length - 1)) && (_allowedCompare != "*")) { _allowedCompare += "/"; } if ((_origin.AllowedURL.ToLower().Trim() == "*") || (_origin.AllowedURL.ToLower().Trim() == _originCompare)) { allowedOrigin = _originPath; Client _sourceClient = await UnitOfWork.ClientStore.FindByURL(_allowedCompare); if (_sourceClient != null) { context.OwinContext.Set <Client>("as:source_client", _sourceClient); } break; } } } context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); AuthenticationProperties prop = new AuthenticationProperties(); ClaimsIdentity oAuthIdentity = null; User user = null; //If the passed authentication token is empty then attempt to load the user from the username and password and then insert it into the AuthenticationTicket. //If the authentication token is not empty the ndecode the token and take the user identity from the token and place it in the new token for the remote resource. if (_authToken == "") { user = await UserManager.FindAsync(context.UserName, context.Password); if ((user == null) || ((user.Locked == true) && (user.LockedUntil.HasValue == true) && (user.LockedUntil.Value > DateTime.Now))) { if (user == null) { user = await UnitOfWork.UserStore.FindByEmailAsync(context.UserName); if (user != null) { if ((user.Locked == true) && (user.LockedUntil.HasValue == true) && (user.LockedUntil.Value > DateTime.Now)) { user.FailedLoginCount = 0; context.SetError("invalid_grant", "This user account is temporarily locked. Please try again later."); } else { user.FailedLoginCount += 1; context.SetError("invalid_grant", "The user name or password is incorrect."); } } else { context.SetError("invalid_grant", "The user name or password is incorrect."); } } if (user != null) { if (user.FailedLoginCount >= 3) { user.Locked = true; user.LockedUntil = DateTime.Now.AddMinutes(10); } await UnitOfWork.UserStore.UpdateAsync(user); } return; } else { //Clear all currently stored expired refresh tokens. await UnitOfWork.RefreshTokenStore.ClearExpiredAsync(); } if (user.Locked == true) { user.FailedLoginCount = 0; user.Locked = false; user.LockedUntil = null; await UnitOfWork.UserStore.UpdateAsync(user); } oAuthIdentity = await UserManager.GenerateUserIdentityAsync(user, "JWT"); oAuthIdentity.AddClaims(UnitOfWork.ClaimStore.GetClaims(user)); prop.Dictionary.Add("as:user_id", NullHandlers.NES(user.Id)); } else { Guid _userId = new Guid(); AuthenticationTicket _authTicket = context.Options.AccessTokenFormat.Unprotect(_authToken); ClaimsIdentity _ident = _authTicket.Identity; foreach (Claim _claim in _ident.Claims) { foreach (var _prop in _claim.Properties) { if (_prop.Value == "nameid") { _userId = NullHandlers.NGUID(_claim.Value); break; } } if (_userId != Guid.Empty) { break; } } if ((_userId == Guid.Empty) || (_ident == null)) { throw new Exception("Invalid Authentication Token"); } oAuthIdentity = _ident; prop.Dictionary.Add("as:user_id", NullHandlers.NES(_userId)); } prop.Dictionary.Add("as:issuer", ConfigurationManager.AppSettings["as:IssuerId"]); if (client == null) { prop.Dictionary.Add("as:client_id", ConfigurationManager.AppSettings["as:AudienceId"]); prop.Dictionary.Add("as:client_secret", ConfigurationManager.AppSettings["as:AudienceSecret"]); } else { prop.Dictionary.Add("as:client_id", client.ClientId); prop.Dictionary.Add("as:client_secret", client.Secret); } var ticket = new AuthenticationTicket(oAuthIdentity, prop); context.Validated(ticket); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { Client client = context.OwinContext.Get <Client>("as:requested_client"); var allowedOrigin = "NONE"; List <ClientAllowedOrigin> _allowedOrigins; if (!(client == null)) { _allowedOrigins = client.AllowedOrigins; } else { _allowedOrigins = await UnitOfWork.ClientStore.ListAllowedOrigins(new Guid()); } string _originPath = NullHandlers.NES(context.Request.Headers["Origin"]); if (_originPath == "") { allowedOrigin = "*"; } else { string _originCompare = _originPath.ToLower().Trim(); if (_originCompare.LastIndexOf("/") != (_originCompare.Length - 1)) { _originCompare += "/"; } foreach (ClientAllowedOrigin _origin in _allowedOrigins) { string _allowedCompare = _origin.AllowedURL.ToLower().Trim(); if ((_allowedCompare.LastIndexOf("/") != (_allowedCompare.Length - 1)) && (_allowedCompare != "*")) { _allowedCompare += "/"; } if ((_origin.AllowedURL.ToLower().Trim() == "*") || (_origin.AllowedURL.ToLower().Trim() == _originCompare)) { allowedOrigin = _originPath; break; } } } context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); User user = await UnitOfWork.UserManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } //if (!user.EmailConfirmed) //{ // context.SetError("invalid_grant", "User did not confirm email."); // return; //} ClaimsIdentity oAuthIdentity = await UnitOfWork.UserManager.GenerateUserIdentityAsync(user, "JWT"); oAuthIdentity.AddClaims(UnitOfWork.ClaimStore.GetClaims(user)); //oAuthIdentity.AddClaims(RolesFromClaims.CreateRolesBasedOnClaims(oAuthIdentity)); AuthenticationProperties prop = new AuthenticationProperties(); prop.Dictionary.Add("as:issuer", "http://localhost:50378"); prop.Dictionary.Add("as:user_id", NullHandlers.NES(user.Id)); prop.Dictionary.Add("as:client_id", ConfigurationManager.AppSettings["as:AudienceId"]); prop.Dictionary.Add("as:client_secret", ConfigurationManager.AppSettings["as:AudienceSecret"]); var ticket = new AuthenticationTicket(oAuthIdentity, prop); context.Validated(ticket); }