public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
//CORS
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
//CORS
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
//next line added from:
//http://stackoverflow.com/questions/26046441/current-user-in-owin-authentication
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (var repo = new AuthRepository())
{
var user = await repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("id", user.Id));
var isAdmin = repo.HasRole(user, "Administrator");
identity.AddClaim(new Claim("is_admin", isAdmin.ToString()));
identity.AddClaim(isAdmin
? new Claim(ClaimTypes.Role, "Administrator")
: new Claim(ClaimTypes.Role, "DashboardUser"));
context.Validated(identity);
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
try
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
//認証処理
//LDAPに対して uid + password で認証を行う
var userManager = new LdapUserManager(new LdapUserStore());
var ldapUser = await userManager.FindAsync(context.UserName, context.Password);
if (ldapUser == null)
{
//認証失敗
context.SetError("invalid_grant", "The username or password is incorrect.");
return;
}
//ユーザーを表す ClaimsIdentity を作成する
var identity = await userManager.CreateIdentityAsync(ldapUser, context.Options.AuthenticationType);
identity.AddClaim(new Claim("dn", ldapUser.DistinguishedName));
identity.AddClaim(new Claim("uid", ldapUser.Id));
context.Validated(identity);
//認証登録
context.Request.Context.Authentication.SignIn(identity);
}
catch (Exception e)
{
context.SetError("Application Error", e.Message);
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
try
{
//using (IUserRepository _repository = new UserRepository(DataContextHelper.CurrentDataContext))
//{
// var user = _repository.Get(context.UserName);
// if (user == null)
// throw new Exception("Usuário ou senha inválidos");
// user.Authenticate(context.UserName, context.Password);
// GenericIdentity genericIdentity = new GenericIdentity(user.Email);
// var identity = new ClaimsIdentity(genericIdentity, null, context.Options.AuthenticationType, null, null);
// identity.AddClaim(new Claim("sub", context.UserName));
// identity.AddClaim(new Claim("role", "user"));
// context.Validated(identity);
//}
}
catch (Exception ex)
{
//context.SetError("invalid_grant", ex.Message);
//LogErrorHelper.Register(ex);
return;
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
// Try get the useraccount by provided username
var userAccount = _uow.UserAccountRepository.Get(context.UserName);
// If the useraccount was not found, reject the token request
if (userAccount == null)
{
context.Rejected();
return;
}
// If password is invalid, reject the token request
if (!PasswordHelper.Verify(userAccount.Password, userAccount.Salt, context.Password))
{
context.Rejected();
return;
}
// Create identity which will be included in the token
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
// All claims added here will be written to the token. Thus claims should
// be added with moderation
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "administrator"));
// Validate the reqeust and return a token
context.Validated(identity);
}
// Called when a request to the Token endpoint arrives with a "grant_type" of "password".
// This occurs when the user has provided name and password credentials directly
// into the client application's user interface, and the client application is using
// those to acquire an "access_token" and optional "refresh_token".
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var userManager = context.OwinContext.GetUserManager<GbmonoUserManager>();
// lookup user by user name and password
GbmonoUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "用户名或密码不正确。");
return;
}
// create user identity for Bearer token
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType);
// create user identity for cookie
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType);
// create properties, user name or other extra information
AuthenticationProperties properties = CreateProperties(user);
// initialize a new instance of the Microsoft.Owin.Security.AuthenticationTicket
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
// call the context.Validated(ticket) to tell the OAuth server to protect the ticket as an access token and send it out in JSON payload.
// to issue an access token the context.Validated must be called with a new ticket containing the claims about the resource owner
// which should be associated with the access token.
context.Validated(ticket);
// Signs the cookie identity so it can send the authentication cookie.
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
//Taking UserName and Password as inputs and validated them against our ASP.NET Identity System
//if credential is valid, then generate an identity for this logged in user.
//
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = "*";
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
var userManager = context.OwinContext.GetUserManager<TRAPUserManager>();
User user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
//if (!user.EmailConfirmed)
//{
// context.SetError("invalid_grant", "User did not confirm email.");
// return;
//}
ClaimsIdentity authIdentity = await user.GenerateUserIdentityAsync(userManager, "JWT");
//AuthenticationTicket contains user identity information and authentication state
var authTicket = new AuthenticationTicket(authIdentity, null);
context.Validated(authTicket);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
// Allow CORS on the token middleware provider
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
//TODO
// Usually this would be done via dependency injection
// But I haven't got it to work with the OWIN startup class yet
AppDBContext _ctx = new AppDBContext();
UserRepository _repo = new UserRepository(_ctx);
IdentityUser user = await _repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
if (allowedOrigin == null) allowedOrigin = "*";
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
var user = await _identityRepository.FindUserAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
identity.AddClaim(new Claim("sub", context.UserName));
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{
"as:client_id", context.ClientId ?? string.Empty
},
{
"userName", context.UserName
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
if (context.Request.Headers["devicetoken"] != null)
{
if (user.DeviceToken != context.Request.Headers["devicetoken"])
{
user.DeviceToken = context.Request.Headers["devicetoken"];
userManager.Update(user);
}
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin",
new[] { ConfigurationManager.AppSettings["internal:origins"] });
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (UserManager<IdentityUser> userManager = _userManagerFactory())
{
try
{
IdentityUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName, user.Roles.First().Role.Name);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
catch (Exception)
{
throw;
}
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var user = userRepository.Get(w => w.UserName == context.UserName && w.Password == context.Password);
//var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
//ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
if (user.Roles.Count() > 0)
{
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, user.Roles.FirstOrDefault().Name));
}
//ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
// OAuthDefaults.AuthenticationType);
//ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
// CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = "*";
ApplicationUser appUser = null;
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
using (AuthRepository _repo = new AuthRepository())
{
appUser = await _repo.FindUser(context.UserName, context.Password);
if (appUser == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
identity.AddClaim(new Claim("PSK", appUser.PSK));
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{
"userName", context.UserName
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] {"*"});
try
{
using (var userManager = new UserManager<User>(new UserStore<User>(new ElearningDbContext())))
{
var user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invaild_grant", "The user name or password is incorrect");
return;
}
}
}
catch (Exception ex)
{
var a = ex;
throw;
}
var identity = new ClaimsIdentity("JWT");
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
var properties = new AuthenticationProperties(new Dictionary<string, string>
{
{
"audience", context.ClientId ?? string.Empty
}
});
var ticket = new AuthenticationTicket(identity, properties);
context.Validated(ticket);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
//List<Claim> roles = oAuthIdentity.Claims.Where(c => c.Type == ClaimTypes.Role).ToList();
//AuthenticationProperties properties = CreateProperties(user.UserName, Newtonsoft.Json.JsonConvert.SerializeObject(roles.Select(x => x.Value)));
string role = "";
if (oAuthIdentity.Claims.Where(c => c.Type == ClaimTypes.Role).Any())
{
role = oAuthIdentity.Claims.Where(c => c.Type == ClaimTypes.Role).First().Value;
}
AuthenticationProperties properties = CreateProperties(user.UserName, role);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "El nombre de usuario o la contraseña no son correctos.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
new LogsController().AddLogLogin(LogsController.LOGIN, "ApplicationUser", user);
String role = "";
IList<String> roles = userManager.GetRoles(user.Id);
foreach (String obj in roles)
{
role += obj;
}
AuthenticationProperties properties = CreateProperties(user.UserName, role);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
UserAccount user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType);
string fullName = user.FirstName;
if (!string.IsNullOrEmpty(user.LastName))
{
fullName = fullName + " " + user.LastName;
}
AuthenticationProperties properties = CreateProperties(user.UserName, fullName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
oAuthIdentity.AddClaims(new List<Claim> {
new Claim(ClaimTypes.NameIdentifier, fullName),
new Claim (ClaimTypes.Name, fullName)
});
context.Request.Context.Authentication.SignIn(properties, new ClaimsIdentity[] { cookiesIdentity, oAuthIdentity });
}
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
// Dummy check here, you need to do your DB checks against membership system http://bit.ly/SPAAuthCode
if (context.UserName != context.Password)
{
context.SetError("invalid_grant", "The user name or password is incorrect");
//return;
return Task.FromResult<object>(null);
}
var identity = new ClaimsIdentity("JWT");
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "Manager"));
identity.AddClaim(new Claim(ClaimTypes.Role, "Supervisor"));
var props =
new AuthenticationProperties(
new Dictionary<string, string>
{
{
"audience",
context.ClientId ?? string.Empty
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
return Task.FromResult<object>(null);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] {"*"});
var identity = new ClaimsIdentity(DefaultAuthenticationTypes.ApplicationCookie);
var userManager = Startup.UserManagerFactory();
var user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
identity.AddClaim(new Claim("id", user.StaffId.ToString()));
identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
var listOfRoles = await userManager.GetRolesAsync(user.Id);
if (listOfRoles.Contains("admin"))
{
identity.AddClaim(new Claim("role", "admin"));
}
else
{
identity.AddClaim(new Claim("role", "user"));
}
context.Validated(identity);
var ctx = HttpContext.Current.GetOwinContext();
var authManager = ctx.Authentication;
authManager.SignIn(identity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "http://hawkwareapps.com" });
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Credentials", new[] { "true" });
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "*" });
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Headers", new[] { "Content-Type, X-Requested-With" });
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
List<string> roles = new List<string>();
IdentityUser user = new IdentityUser();
using (AuthRepository _repo = new AuthRepository())
{
user = await _repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "Потребителското име или паролата не са верни.");
return;
}
else
{
roles = await _repo.GetRolesForUser(user.Id);
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
foreach (var item in roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, item));
}
context.Validated(identity);
context.Response.Headers.Add("UserRoles", roles.ToArray());
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (AuthRepository _repo = new AuthRepository())
{
IdentityUser user = await _repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
var roles = await _repo.FindUserRoles(user.Id);
foreach (var r in roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, r));
}
//identity.AddClaim(new Claim("sub", context.UserName));
context.Validated(identity);
}
}
/// <summary>
/// oAuth Resource Password Login Flow
/// 1. Checks the password with the Identity API
/// 2. Create a user identity for the bearer token
/// 3. Create a user identity for the cookie
/// 4. Calls the context.Validated(ticket) to tell the oAuth2 server to protect the ticket as an access token and send it out in JSON payload
/// 5. Signs the cookie identity so it can send the authentication cookie
/// </summary>
/// <param name="context">The authorization context</param>
/// <returns>Task</returns>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (ApplicationUserManager userManager = _userManagerFactory())
{
UserProfile user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "Invalid user or password");
return;
}
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,
CookieAuthenticationDefaults.AuthenticationType);
var justCreatedIdentity = await userManager.FindByNameAsync(user.UserName);
var roles = await userManager.GetRolesAsync(justCreatedIdentity.Id);
AuthenticationProperties properties = CreateProperties(user.UserName, roles.ToArray(), user.EmailConfirmed);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = "*";
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
if (context.UserName != "*****@*****.**" || context.Password != "%baG7cadence")
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var claims = new List<Claim>();
//claims.Add(new Claim(ClaimTypes., context.UserName));
var data = await context.Request.ReadFormAsync();
var identity = new ClaimsIdentity("JWT");
//identity.AddClaims(claims);
int daysSignedIn = 14;
context.Options.AccessTokenExpireTimeSpan = TimeSpan.FromDays(daysSignedIn);
var ticket = new AuthenticationTicket(identity, null);
context.Validated(ticket);
}
//Taking UserName and Password as inputs and validated them against our ASP.NET Identity System
//if credential is valid, then generate an identity for this logged in user.
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = "*";
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
var userManager = context.OwinContext.GetUserManager<TRAPUserManager>();
User user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
//if (!user.EmailConfirmed)
//{
// context.SetError("invalid_grant", "User did not confirm email.");
// return;
//}
ClaimsIdentity authIdentity = await user.GenerateUserIdentityAsync(userManager, "JWT");
List<Claim> roles = authIdentity.Claims.Where(c => c.Type == ClaimTypes.Role).ToList();
AuthenticationProperties properties = CreateProperties(user.UserName, Newtonsoft.Json.JsonConvert.SerializeObject(roles.Select(x => x.Value)));
//AuthenticationTicket contains user identity information and authentication state
var authTicket = new AuthenticationTicket(authIdentity, properties);
context.Validated(authTicket);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (var projectContext = new ProjectContext())
{
using (var unitOfWork = new UnitOfWork(projectContext))
{
IdentityUser user = await unitOfWork.Users.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
IdentityUser user;
using (var _repo = new AuthRepository())
{
user = await _repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("userId", user.Id));
if (user.Id == "c417fc8e-5bae-410f-b2ee-463afe2fdeaa")
identity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{
"userId", user.Id
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
/// <summary>
/// 验证用户名与密码 [Resource Owner Password Credentials Grant[username与password]|grant_type=password&username=irving&password=654321]
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
//validate user credentials (验证用户名与密码) should be stored securely (salted, hashed, iterated)
var userValid = await _accountService.ValidateUserNameAuthorizationPwdAsync(context.UserName, context.Password);
if (!userValid)
{
//context.Rejected();
context.SetError(AbpConstants.AccessDenied, AbpConstants.AccessDeniedErrorDescription);
return;
}
var claimsIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
var ticket = new AuthenticationTicket(claimsIdentity, new AuthenticationProperties());
context.Validated(ticket);
/*
//create identity
var claimsIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
claimsIdentity.AddClaim(new Claim("sub", context.UserName));
claimsIdentity.AddClaim(new Claim("role", "user"));
// create metadata to pass on to refresh token provider
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{"as:client_id", context.ClientId }
});
var ticket = new AuthenticationTicket(claimsIdentity, props);
context.Validated(ticket);
*/
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext oauthCtx)
{
oauthCtx.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
if (oauthCtx.UserName == null || oauthCtx.Password == null)
{
oauthCtx.SetError("invalid_grant", "No Credentials");
return;
}
Person person;
using (var dbCtx = new UserMetadataCtx())//UserCtx())
{
person = await dbCtx.People.Include(user => user.Security)
.Include(user => user.Student)
.Include(user => user.Faculty)
.SingleOrDefaultAsync(user => user.Email == oauthCtx.UserName);
}
if (person == null)
{
oauthCtx.SetError("invalid_grant", "Invalid username or password");
return;
}
var hasValidPassword = PasswordHash.ValidatePassword(oauthCtx.Password, person.Security.PasswordHash);
if (!hasValidPassword)
{
oauthCtx.SetError("invalid_grant", "Invalid username or password");
return;
}
var identity = UserAuthToken.GetClaimId;
identity.AddClaim(new Claim(ClaimTypes.PrimarySid, person.PersonId.ToString()));
switch (person.MpInstituteRole)
{
case MpInstituteRoleId.Student:
identity.AddClaim(new Claim(ClaimTypes.Role, MpInstituteRole.Student));
break;
case MpInstituteRoleId.Faculty:
identity.AddClaim(new Claim(ClaimTypes.Role, MpInstituteRole.Faculty));
if (person.Faculty.IsCourseAdmin)
{
identity.AddClaim(new Claim(ClaimTypes.Role, MpInstituteRole.ISA));
}
else
{
identity.AddClaim(new Claim(ClaimTypes.Role, MpInstituteRole.notISA));
}
break;
default:
identity.AddClaim(new Claim(ClaimTypes.Role, MpInstituteRoleId.Student));
break;
}
_idToken = new IdToken
{
TokenExpire = DateTime.Now.Add(TimeSpan.FromHours(24)),
TokenExpireWarning = DateTime.Now.Add(TimeSpan.FromHours(23)),
LastName = person.LastName,
FirstName = person.FirstName,
Email = person.Email,
MpAffiliation = person.MpAffiliation,
MpComponent = person.MpComponent,
MpPaygrade = person.MpPaygrade,
MpGender = person.MpGender,
MpInstituteRole = person.MpInstituteRole,
RegistrationComplete = person.RegistrationComplete,
PersonId = person.PersonId
};
var ticket = new AuthenticationTicket(identity, null);
oauthCtx.Validated(ticket);
await Task.FromResult(oauthCtx.Validated());
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
}
/// <summary>
/// Grant resource owner credentials overload method.
/// </summary>
/// <param name="context">Context parameter</param>
/// <returns>Returns when task is completed</returns>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
// Initialization.
string usernameVal = (String.IsNullOrEmpty(context.UserName)) ? "" : context.UserName;
string passwordVal = (String.IsNullOrEmpty(context.Password)) ? "" : context.Password;
//var user = this.databaseManager.LoginByUsernamePassword(usernameVal, passwordVal).ToList();
IFormCollection parameters = await context.Request.ReadFormAsync();
string deviceDetails = parameters.Get("DeviceDetails");
deviceDetails = (String.IsNullOrEmpty(deviceDetails)) ? "" : deviceDetails;
string deviceUDID = parameters.Get("DeviceUDID");
deviceUDID = (String.IsNullOrEmpty(deviceUDID)) ? "" : deviceUDID;
string deviceTYPE = parameters.Get("DeviceTYPE");
deviceTYPE = (String.IsNullOrEmpty(deviceTYPE)) ? "" : deviceTYPE;
string mobileDatetime = parameters.Get("MobileDateTime");
mobileDatetime = (String.IsNullOrEmpty(mobileDatetime)) ? "" : mobileDatetime;
string fcmToken = parameters.Get("FcmToken");
fcmToken = (String.IsNullOrEmpty(fcmToken)) ? "" : fcmToken;
string serviceTYPE = parameters.Get("ServiceTYPE");
serviceTYPE = (String.IsNullOrEmpty(serviceTYPE)) ? "" : serviceTYPE;
Users userobject = new Users();
userobject.userName = usernameVal;
userobject.passWord = passwordVal;
userobject.deviceDetails = deviceDetails;
userobject.deviceUDID = deviceUDID;
userobject.deviceTYPE = deviceTYPE;
userobject.mobileDatetime = mobileDatetime;
userobject.fcmToken = fcmToken;
userobject.serviceTYPE = serviceTYPE;
string userID = "";
string isLead = "";
string teamIDs = "";
JsonStandardResponse sendOtpResponse = null;
if (userobject.serviceTYPE.ToLower() == "login")
{
/*if (userobject.userName != "admin" || userobject.passWord != "admin")
* {
* context.SetError("invalid_grant", "The user name or password is incorrect.");
* return;
* }*/
if (userobject.passWord.Length < 8)
{
context.SetError("invalid_grant", "Password length must be must be equal or greater than 8 characters.");
return;
}
DateTime dateTime;
try
{
dateTime = DateTime.ParseExact(userobject.mobileDatetime, "MM-dd-yyyy HH:mm:ss", CultureInfo.InvariantCulture);
}
catch (FormatException)
{
context.SetError("invalid_grant", "invalid datetime format required is MM-dd-yyyy HH:mm:ss");
return;
}
//Login from credentials
//Verification.
//string Status = new UserProfile().VerifyUserCredentials(userobject, Constants.GetConnectionString());
string Status = new UserProfile().VerifyUserCredentialsFromAD(userobject, Constants.GetConnectionString());
if (Status != "Success")
{
context.SetError("invalid_grant", Status);
return;
}
new UserProfile().InsertUserFcmToken(userobject, Constants.GetConnectionString());
userobject.passWord = "";
}
else if (userobject.serviceTYPE.ToLower() == "adminlogin")
{
/*if (userobject.userName != "admin" || userobject.passWord != "admin")
* {
* context.SetError("invalid_grant", "The user name or password is incorrect.");
* return;
* }*/
if (userobject.passWord.Length < 8)
{
context.SetError("invalid_grant", "Password length must be must be equal or greater than 8 characters.");
return;
}
DateTime dateTime;
try
{
dateTime = DateTime.ParseExact(userobject.mobileDatetime, "MM-dd-yyyy HH:mm:ss", CultureInfo.InvariantCulture);
}
catch (FormatException)
{
context.SetError("invalid_grant", "invalid datetime format required is MM-dd-yyyy HH:mm:ss");
return;
}
//Login from credentials
//Verification.
string Status = new UserProfile().VerifyUserCredentials(userobject, Constants.GetConnectionString());
//string Status = new UserProfile().VerifyUserCredentialsFromAD(userobject, Constants.GetConnectionString());
if (Status != "Success")
{
context.SetError("invalid_grant", Status);
return;
}
new UserProfile().InsertUserFcmToken(userobject, Constants.GetConnectionString());
userobject.passWord = "";
}
else if (userobject.serviceTYPE.ToLower() == "refreshtoken")
{
//Checks DeviceUDID whether it is logged in or not
if (userobject.deviceUDID == "" || userobject.userName == "")
{
context.SetError("invalid_grant", "device udid or user name cannot be empty!");
return;
}
//Login Status Verification.
Users obj = new UserProfile().checkUserLoginStatus(userobject, Constants.GetConnectionString());
if (obj == null)
{
context.SetError("invalid_grant", "no session found against device udid and user name!");
return;
}
}
else
{
context.SetError("invalid_grant", "Invalid Request!");
return;
}
Users userobj = new UserProfile().checkUserLoginStatus(userobject, Constants.GetConnectionString());
if (userobj != null)
{
userobject.ID = userobj.ID;
Users obj = new UserProfile().getUserByUserNameAndUserID(userobject, Constants.GetConnectionString());
userID = obj.ID;
isLead = obj.isLead;
//teamDetailsJson = new JavaScriptSerializer().Serialize(obj.teams);
teamIDs = string.Join(",", obj.teams.Select(x => x.ID).ToArray());
}
var claims = new List <Claim>();
//claims.Add(new Claim("serviceTYPE", userobject.serviceTYPE.ToLower()));
//claims.Add(new Claim("userName", usernameVal));
IDictionary <string, string> data = new Dictionary <string, string>
{
{ "serviceTYPE", userobject.serviceTYPE.ToLower() },
{ "userName", usernameVal },
{ "userID", userID },
{ "isLead", isLead },
{ "teamIDs", teamIDs }
//{ "UserDetails", JsonConvert.SerializeObject(new UserProfile().checkUserLoginStatus(userobject, Constants.GetConnectionString()))}
};
// Setting Claim Identities for OAUTH 2 protocol.
ClaimsIdentity oAuthClaimIdentity = new ClaimsIdentity(claims, OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesClaimIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationType);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthClaimIdentity, new AuthenticationProperties(data));
// Grant access to authorize user.
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesClaimIdentity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (var unitOfWork = new UnitOfWorkFactory().Create())
{
string requestIPAddress = GetIpAddress();
var auditLog = new AuditActivityLog()
{
SenderUserID = context.UserName,
SenderRequestURL = HttpContext.Current.Request.Url.OriginalString,
SenderIP = requestIPAddress,
AuditDateTime = DateTime.Now
};
var auditId = unitOfWork.AuditRepository.CreateAuditActivityLog(auditLog);
unitOfWork.Commit();
try
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var clientUser = unitOfWork.UserRepository.GetUserByName(x => x, context.UserName,
new List <Expression <Func <ClientUser, object> > > {
x => x.Client,
x => x.UserIPAddresses
});
if (clientUser == null || !(await unitOfWork.UserRepository.IsPasswordValidAsync(clientUser, context.Password)))
{
throw new AuthenticationException("The user name or password is incorrect.");
}
auditLog.LoginUser = clientUser;
auditLog.InsightEmail = clientUser.Email;
if (!clientUser.Active)
{
throw new AuthenticationException("The user account is disabled.");
}
if (clientUser.Client == null)
{
throw new AuthenticationException("The user account doesn't have a client associated with it.");
}
DateTime nowDateTime = DateTime.UtcNow;
//Check whitelisting of IP addresses
if (clientUser.Client.WhitelistIPs)
{
List <ClientIPAddresses> userIPWhiteList = clientUser.UserIPAddresses == null ? null : clientUser.UserIPAddresses.Where(x => (x.IPAddress4 == requestIPAddress)).ToList();
if (userIPWhiteList == null || userIPWhiteList.Count() == 0)
{
throw new AuthenticationException("Connection denied.");
}
}
//Check number of open tokens limit
int openTokensLimit = clientUser.Client.OpenTokensLimit;
if (openTokensLimit == 0 && !Int32.TryParse(ConfigurationManager.AppSettings["opentokenslimit"], out openTokensLimit))
{
openTokensLimit = 0;
}
if (openTokensLimit > 0)
{
List <ClientConnections> openConnections = unitOfWork.AuditRepository.GetConnectionsByClient(x => x, clientUser.Client.id)
.Where(x => nowDateTime >= x.TokenStartDateTimeUTC && nowDateTime <= x.TokenEndDateTimeUTC).ToList();
if (openConnections != null && openConnections.Count() > openTokensLimit)
{
throw new AuthenticationException("Total number of open connection per client exceeds the limit.");
}
}
//Set timeouts
int tokenTimespanSec = clientUser.Client.TokenTimeOut;
if (tokenTimespanSec == 0 && !Int32.TryParse(ConfigurationManager.AppSettings["timeoutseconds"], out tokenTimespanSec))
{
tokenTimespanSec = 900;
}
DateTime tokenExpiration = nowDateTime.AddSeconds(tokenTimespanSec);
auditLog.TokenStartDateTimeUTC = nowDateTime;
auditLog.TokenEndDateTimeUTC = tokenExpiration;
unitOfWork.Commit();
//record new connection
var newConnection = new ClientConnections()
{
LoginUser = clientUser,
ConnectionClientAccount = clientUser.Client,
ConnectionAuditLog = auditLog,
TokenStartDateTimeUTC = nowDateTime,
TokenEndDateTimeUTC = tokenExpiration
};
unitOfWork.AuditRepository.CreateClientConnectionLog(newConnection);
//Generate claims for the token
var identity = new ClaimsIdentity("JWT");
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Email, clientUser.Email));
identity.AddClaim(new Claim(ClaimTypes.Expiration, tokenExpiration.ToString()));
identity.AddClaim(new Claim("LogId", auditId.ToString()));
var tokenEnd = DateTime.UtcNow.AddSeconds(tokenTimespanSec);
var ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
context.Validated(ticket);
}
catch (Exception ex)
{
if (ex is AuthenticationException)
{
context.SetError("invalid_grant", ex.Message);
}
else
{
context.SetError("invalid_grant", String.Format("Internal Error (Please contact Exiger support with reference ID: {0})", auditLog.Id));
}
auditLog.ErrorMessage = ex.Message;
}
finally
{
unitOfWork.Commit();
}
}
return;
}
private System.Threading.Tasks.Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (!string.IsNullOrEmpty(context.UserName) && !string.IsNullOrEmpty(context.Password))
{
var rockContext = new RockContext();
var userLoginService = new UserLoginService(rockContext);
//Older Avalanche Clients use __PHONENUMBER__+1 prefix vs the newer SMS_ prefix
//This makes sure we are using the new ROCK external sms authentication
var userName = context.UserName.Replace("__PHONENUMBER__+1", "SMS_");
//SMS login does not use the phone number as the username.
//Instead we need to change it to use the person's id.
if (userName.StartsWith("SMS_"))
{
string error;
var smsAuthentication = new SMSAuthentication();
var person = smsAuthentication.GetNumberOwner(userName.Split('_').Last(), rockContext, out error);
if (person != null)
{
userName = string.Format("SMS_{0}", person.Id);
}
//If we cannot find a person, do nothing and just pass through the existing username
}
var userLogin = userLoginService.GetByUserName(userName);
if (userLogin != null && userLogin.EntityType != null)
{
var component = AuthenticationContainer.GetComponent(userLogin.EntityType.Name);
if (component != null && component.IsActive &&
(!component.RequiresRemoteAuthentication || component.TypeName == "Rock.Security.ExternalAuthentication.SMSAuthentication"))
{
if (component.Authenticate(userLogin, context.Password))
{
if ((userLogin.IsConfirmed ?? true) && !(userLogin.IsLockedOut ?? false))
{
OAuthContext oAuthContext = new OAuthContext();
ClientScopeService clientScopeService = new ClientScopeService(oAuthContext);
AuthorizationService authorizationService = new AuthorizationService(oAuthContext);
ClientService clientService = new ClientService(oAuthContext);
var scopes = (context.Scope.FirstOrDefault() ?? "").Split(',');
bool scopesApproved = false;
Client OAuthClient = clientService.GetByApiKey(context.ClientId.AsGuid());
string[] authorizedScopes = authorizationService.Queryable().Where(a => a.Client.Id == OAuthClient.Id && a.UserLogin.UserName == userName && a.Active == true).Select(a => a.Scope.Identifier).ToArray <string>();
if (!clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Any() ||
(authorizedScopes != null && scopes.Where(s => !authorizedScopes.Select(a => a.ToLower()).Contains(s.ToLower())).Count() == 0))
{
scopesApproved = true;
}
if (scopesApproved)
{
var identity = new ClaimsIdentity(new GenericIdentity(userName, OAuthDefaults.AuthenticationType));
//only allow claims that have been requested and the client has been authorized for
foreach (var scope in scopes.Where(s => clientScopeService.Queryable().Where(cs => cs.ClientId == OAuthClient.Id && cs.Active == true).Select(cs => cs.Scope.Identifier.ToLower()).Contains(s.ToLower())))
{
identity.AddClaim(new Claim("urn:oauth:scope", scope));
}
UserLoginService.UpdateLastLogin(userName);
context.Validated(identity);
return(System.Threading.Tasks.Task.FromResult(0));
}
else
{
context.SetError("Authentication Error", "All scopes are not authorized for this user.");
}
}
if (!userLogin.IsConfirmed ?? true)
{
context.SetError("Authentication Error", "Account email is unconfirmed.");
}
if (userLogin.IsLockedOut ?? false)
{
context.SetError("Authentication Error", "Account is locked.");
}
}
else
{
context.SetError("Authentication Error", "Invalid Username/Password.");
}
}
else
{
context.SetError("Authentication Error", "Invalid Authentication Configuration.");
}
}
else
{
context.SetError("Authentication Error", "Invalid Username/Password.");
}
}
else
{
context.SetError("Authentication Error", "Invalid Username/Password.");
}
context.Rejected();
return(System.Threading.Tasks.Task.FromResult(0));
}
async public override System.Threading.Tasks.Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
try
{
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var header = context.OwinContext.Response.Headers.SingleOrDefault(h => h.Key == "Access-Control-Allow-Origin");
if (header.Equals(default(KeyValuePair <string, string[]>)))
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
}
using (SSRepository ssRepo = new SSRepository())
{
if (await ssRepo.ValidateUserAsync(null, context.UserName, context.Password))
{
context.SetError("invalid_grant", "The username or password is incorrect.");
return;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
catch (Exception ex)
{
context.SetError("serviceunreachable", ex.Message.ToString());
return;
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
if (allowedOrigin == null)
{
allowedOrigin = "*";
}
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
string dept = null;
//_appbl = new IdentityClientBL(context.OwinContext.Get<InfraEntities>());
//IdentityClient app = await new IdentityClientBL(context.OwinContext.Get<InfraEntities>()).GetByName(context.ClientId);
IdentityClient app = await new IdentityClientBL(new InfraEntities()).GetByName(context.ClientId);
if (!app.Validation.IsValid)
{
context.Rejected();
context.SetError("error: invalid_client");
return;
}
//_userbl = new IdentityUserBL(context.OwinContext.Get<InfraEntities>());
//_userbl = new IdentityUserBL(new InfraEntities(), _logger);
//var user = await new IdentityUserBL(context.OwinContext.Get<InfraEntities>()).GetByUserIdByLogin(context.UserName, context.Password); //check table USERLOGIN
var user = await new IdentityUserBL(new InfraEntities()).GetByUserIdByLogin(context.UserName, context.Password); //check table USERLOGIN
if (user == Guid.Empty) //if exists in USERLOGIN(not used atm.. always null)
{
//var mgr = context.OwinContext.GetUserManager<ApplicationUserManager>();
//var result = await mgr.FindAsync(context.UserName, context.Password);
//IdentityUser userdto = await new IdentityUserBL(context.OwinContext.Get<InfraEntities>()).AuthenticateAsync(context.UserName, context.Password);
IdentityUser userdto = await new IdentityUserBL(new InfraEntities()).AuthenticateAsync(context.UserName, context.Password);
if (userdto == null)
{
context.Rejected();
context.SetError("The password or username is incorrect");
return;
}
if (!userdto.Validation.IsValid)
{
context.Rejected();
context.SetError(userdto.Validation.Errors.FirstOrDefault().ErrorMessage);
return;
}
dept = userdto.Department.ToString();
}
//var permissions = await new IdentityUserBL(context.OwinContext.Get<InfraEntities>()).ListAdministrativePermissionAsync(context.UserName, app.Applicationname.ToString());
var permissions = await new IdentityUserBL(new InfraEntities()).ListAdministrativePermissionAsync(context.UserName, app.Applicationname.ToString());
if (context.Scope != null || context.Scope.GetEnumerator().MoveNext())
{
foreach (var item in context.Scope)
{
//permissions.Add(item);
//var additionalscope = await new IdentityUserBL(context.OwinContext.Get<InfraEntities>()).ListAdministrativePermissionAsync(context.UserName, item.ToString());
var additionalscope = await new IdentityUserBL(new InfraEntities()).ListAdministrativePermissionAsync(context.UserName, item.ToString());
foreach (var additionalscopeitem in additionalscope)
{
permissions.Add(additionalscopeitem);
}
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("aud", app.Applicationid.ToString()));
identity.AddClaim(new Claim("role", "user"));
identity.AddClaim(new Claim("system", app.Applicationname.ToString()));
identity.AddClaim(new Claim("department", dept));
identity.AddClaim(new Claim("permissions", JsonConvert.SerializeObject(permissions)));
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId
},
{
"userName", context.UserName
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
internal static void SetInvalidGrantErrorAndReject(this OAuthGrantResourceOwnerCredentialsContext context)
{
context.SetErrorAndReject("invalid_grant", "The username or password is incorrect");
}
public Task OnGrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
return(Task.FromResult(0));;
}
private static void SetErrorAndReject(this OAuthGrantResourceOwnerCredentialsContext context, string error, string description)
{
context.SetError(error, description);
context.Rejected();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
ApplicationUser user;
// find user by username first
var userName = await userManager.FindByNameAsync(context.UserName);
if (userName != null)
{
user = await userManager.FindAsync(context.UserName, context.Password);
// When a user is lockedout, this check is done to ensure that even if the credentials are valid
// the user can not login until the lockout duration has passed
if (await userManager.IsLockedOutAsync(userName.Id))
{
context.SetError("lockout", string.Format("Your account has been locked out for {0} minutes due to multiple failed login attempts.", ConfigurationManager.AppSettings["DefaultAccountLockoutTimeSpan"]));
return;
}
// if user is subject to lockouts and the credentials are invalid
// record the failure and check if user is lockedout and display message, otherwise,
// display the number of attempts remaining before lockout
else if (await userManager.GetLockoutEnabledAsync(userName.Id) && user == null)
{
// Record the failure which also may cause the user to be locked out
await userManager.AccessFailedAsync(userName.Id);
string message;
if (await userManager.IsLockedOutAsync(userName.Id))
{
message = string.Format("Your account has been locked out for {0} minutes due to multiple failed login attempts.", ConfigurationManager.AppSettings["DefaultAccountLockoutTimeSpan"]);
}
else
{
int accessFailedCount = await userManager.GetAccessFailedCountAsync(userName.Id);
int attemptsLeft =
Convert.ToInt32(
ConfigurationManager.AppSettings["MaxFailedAccessAttemptsBeforeLockout"]) -
accessFailedCount;
message = string.Format(
"Invalid credentials. You have {0} more attempt(s) before your account gets locked out.", attemptsLeft);
}
context.SetError("lockout", message);
return;
}
else if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
else if (user.Inactive)
{
context.SetError("invalid_grant", "The user name is Inactive. Please contact Administrator.");
return;
}
else if (user.IsNYAttorneyPortalUser == false)
{
context.SetError("invalid_grant", "The user name is Invalid. Please contact Administrator.");
return;
}
else
{
// When token is verified correctly, clear the access failed count used for lockout
await userManager.ResetAccessFailedCountAsync(userName.Id);
userName.LastLoginDate = DateTime.Now;
userName.LoginCount = userName.LoginCount + 1;
userManager.Update(userName);
}
}
else
{
context.SetError("invalid_grant", "User name is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, "JWT");
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
//ati login
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
try
{
UnitOfWork unitOfWork = new UnitOfWork();
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var roles = userManager.GetRoles(user.Id).First();
var scope = context.Scope.ToList();
var customerId = Convert.ToInt32(context.Scope[0]);
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
if (roles == "Company")
{
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "Company"));
}
else if (roles == "User")
{
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "User"));
}
else
{
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "xuser"));
}
oAuthIdentity.AddClaim(new Claim("sub", context.UserName));
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, "Vahid"));
AuthenticationProperties properties = CreateProperties(user.UserName, (context.ClientId == null) ? string.Empty : context.ClientId);
properties.Dictionary.Add("AuthId", user.Id);
var company = await unitOfWork.CompanyRepository.GetViewCompanyByMobile(context.UserName);
if (roles == "Company")
{
if (company != null)
{
properties.Dictionary.Add("Name", company.Name);
properties.Dictionary.Add("UserId", company.Id.ToString());
properties.Dictionary.Add("Image", string.IsNullOrEmpty(company.ImageUrl) ? "" : company.ImageUrl.ToString());
properties.Dictionary.Add("Role", "Company");
// properties.Dictionary.Add("EmployeeId", employee.Id.ToString());
}
}
else
{
//ViewPerson person = await unitOfWork.PersonRepository.GetViewPersonByUserId(user.Id);
if (company != null)
{
properties.Dictionary.Add("Name", company.FullName);
properties.Dictionary.Add("UserId", company.Id.ToString());
properties.Dictionary.Add("Image", string.IsNullOrEmpty(company.ImageUrl) ? "" : company.ImageUrl.ToString());
properties.Dictionary.Add("Role", "User");
// properties.Dictionary.Add("EmployeeId", employee.Id.ToString());
}
}
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
catch (Exception ex)
{
int i = 0;
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
try
{
_panelRepository = Bootstrapper.WindsorContainer.Resolve <IPanelRepository>();
string deviceId = context.OwinContext.Get <string>("as:device_id");
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
if (allowedOrigin == null)
{
allowedOrigin = "*";
}
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
var client = _repository.FindClient(context.ClientId);
if (client == null)
{
context.SetError("invalid_clientId", $"Client '{context.ClientId}' is not registered in the system.");
return;
}
if (client.ApplicationType == ApplicationType.JavaScript)
{
var user = await _panelRepository.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var roles = await _panelRepository.GetUserRoles(user);
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("FirstName", user.FirstName));
identity.AddClaim(new Claim("LastName", user.LastName));
identity.AddClaim(new Claim("UserId", user.Id));
foreach (var role in roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
}
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", context.ClientId ?? string.Empty
},
{
"userId", user.Id
},
{
"firstName", user.FirstName
},
{
"lastName", user.LastName
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
else if (client.ApplicationType == ApplicationType.CustomerUserApp || client.ApplicationType == ApplicationType.ShopUserApp)
{
var appUser = _userManager.Users.SingleOrDefault(item => item.PhoneNumber == context.UserName);
var rolesApp = await _repository.GetUserRoles(appUser);
if (appUser == null)
{
context.SetError("invalid_grant", "کاربر یافت نشد");
return;
}
switch (client.ApplicationType)
{
case ApplicationType.CustomerUserApp:
{
if (!appUser.CustomerIsActive)
{
context.SetError("invalid_grant", "کاربر غیرفعال می باشد");
}
break;
}
case ApplicationType.ShopUserApp:
{
if (!appUser.ShopIsActive)
{
context.SetError("invalid_grant", "کاربر غیرفعال می باشد");
}
break;
}
}
await VerifyPhoneNumber(appUser, context.Password, context.UserName);
var identityApp = new ClaimsIdentity(context.Options.AuthenticationType);
identityApp.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identityApp.AddClaim(new Claim("UserId", appUser.Id));
identityApp.AddClaim(new Claim("MobileNumber", appUser.PhoneNumber));
identityApp.AddClaim(new Claim("DeviceId", deviceId));
identityApp.AddClaim(new Claim("ShopIsActive", appUser.ShopIsActive.ToString()));
identityApp.AddClaim(new Claim("CustomerIsActive", appUser.CustomerIsActive.ToString()));
identityApp.AddClaim(new Claim("RegisterDate", appUser.RegisterDate.ToString()));
foreach (var role in rolesApp)
{
identityApp.AddClaim(new Claim(ClaimTypes.Role, role));
}
var appProps = new AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", context.ClientId ?? string.Empty
},
{
"userId", appUser.Id
},
{
"mobileNumber", appUser.PhoneNumber
}
});
var appTicket = new AuthenticationTicket(identityApp, appProps);
context.Validated(appTicket);
}
}
catch (Exception e)
{
context.SetError("invalid_grant", e.Message);
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//var allowedOrigin = "*";
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new { allowedOrigin });
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
User user = new User();
user = await userManager.FindAsync(context.UserName, context.Password);
var mapper = new DiObjectMapper();
ApplicationLogViewModel logViewModel = new ApplicationLogViewModel()
{
Action = "Login",
Data = user,
Entity = "User"
};
if (user == null)
{
logViewModel.Data = new { UserName = context.UserName }
}
;
var appLog = mapper.Map <ApplicationLogViewModel, ApplicationLog>(logViewModel);
appLog.IpAddress = GeneralService.ClientIpFromHeader;
appLog.LogType = General.Enums.LogType.System;
appLog.Date = GeneralService.CurrentDate;
var mbosContext = MBOSContext.Create();
if (user == null)
{
appLog.Description = "Invalid username or password";
mbosContext.ApplicationLogs.Add(appLog);
mbosContext.SaveChanges();
context.SetError("invalid_grant", "The username or password is incorrect.");
return;
}
if (!user.EmailConfirmed)
{
appLog.Description = "Account email is not confirmed.";
mbosContext.ApplicationLogs.Add(appLog);
mbosContext.SaveChanges();
context.SetError("invalid_grant", "Email is not confirmed yet.");
return;
}
if (user.AccessFailedCount >= 3)
{
appLog.Description = "Account is locked.";
mbosContext.ApplicationLogs.Add(appLog);
mbosContext.SaveChanges();
context.SetError("invalid_grant", "Your account has been locked. Please contact the administrator!");
return;
}
appLog.UserId = user.Id;
appLog.Description = "Login successful.";
mbosContext.ApplicationLogs.Add(appLog);
mbosContext.SaveChanges();
var loginInfo = new LoginInfo()
{
UserId = user.Id,
FullName = user.FullName,
DisplayPicture = string.IsNullOrEmpty(user.DisplayPicture) ? "Resources/DisplayPictures/noimage.jpg" : user.DisplayPicture,
LoginUserBranches = user.UserBranches.Select(c => new LoginUserBranch()
{
Id = (Guid)c.BranchId, Name = c.Branch.Name, ShortName = c.Branch.ShortName
}).ToList(),
RoleId = user.Roles.Select(c => c.RoleId).FirstOrDefault(),
RoleType = user.Roles.Select(c => c.Role.RoleType).FirstOrDefault(),
DepartmentId = user.DepartmentId, Role = user.Roles.Select(c => c.Role.Name).FirstOrDefault()
};
var loginInfoValue = Newtonsoft.Json.JsonConvert.SerializeObject(loginInfo);
IDictionary <string, string> authProp = new Dictionary <string, string>
{
{ "LoginInfo", loginInfoValue }
};
var claims = new List <Claim>()
{
new Claim("LoginInfo", loginInfoValue)
};
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType, claims);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType, claims);
AuthenticationProperties properties = new AuthenticationProperties(authProp);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
/*public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
* {
* context.Validated();
* }*/
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
//
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
using (AuthenticationRepository _repo = new AuthenticationRepository())
{
IdentityUser user = await _repo.FindUser(context.UserName, context.Password);
using (var db = new GatewayPCIPINContext())
{
if (db != null)
{
var users = db.AspNetUsers.ToList();
//var roles = db.AspNetRoles.ToList();
//var users_roles = db.AspNetUserRoles.ToList();
var organizations = db.Organizations.ToList();
if (users != null && organizations != null && user != null)
{
if (!string.IsNullOrEmpty(users.Where(u => u.UserName == context.UserName && u.PasswordHash == context.Password).FirstOrDefault().UserName) && !string.IsNullOrEmpty(organizations.Where(o => o.OrganizationType.Id == organizme_type_merchant).FirstOrDefault().OrganizationType.Type))
{
//
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user_merchant"));
identity.AddClaim(new Claim(ClaimTypes.Role, "user_merchant"));
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
//
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"userdisplayname", context.UserName
},
{
"role", "user_merchant"
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
}
else
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
}
/*if (user == null)
* {
* context.SetError("invalid_grant", "The user name or password is incorrect.");
* return;
* }*/
}
/*var identity = new ClaimsIdentity(context.Options.AuthenticationType);
* identity.AddClaim(new Claim("sub", context.UserName));
* identity.AddClaim(new Claim("role", "user_merchant"));*/
context.Validated(identity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var client = context.OwinContext.Get <Client>(Constant.OAuthorization_OAuth_Client);
if (client == null)
{
return;
}
var allowedOrigin = context.OwinContext.Get <string>(Constant.OAuthorization_OAuth_ClientAllowedOrigin);
if (allowedOrigin == null)
{
allowedOrigin = "*";
}
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
UserManager <ApplicationUser> userManager = context.OwinContext.GetUserManager <UserManager <ApplicationUser> >();
ApplicationUser user;
try
{
user = await userManager.FindAsync(context.UserName, context.Password);
}
catch (Exception ex)
{
// Could not retrieve the user due to error.
context.SetError(Constant.OAuthorization_Server_Error + ex);
context.Rejected();
return;
}
if (user != null)
{
//ClaimsIdentity identity = await userManager.CreateIdentityAsync(
// user,
// DefaultAuthenticationTypes.ExternalBearer);
//context.Validated(identity);
var userRoles = await userManager.GetRolesAsync(user.Id);
var claimsIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
var claims = new List <Claim>();
claims.Add(new Claim(ClaimTypes.NameIdentifier, user.UserName));
claims.Add(new Claim(ClaimTypes.Role, string.Join(",", userRoles)));
claims.Add(new Claim("Email", user.Email));
claimsIdentity.AddClaims(claims);
var props = new Dictionary <string, string>()
{
[Constant.OAuthorization_Properties_ClientId] = context.ClientId == null ? string.Empty : context.ClientId,
[Constant.OAuthorization_Properties_UserName] = context.UserName
};
var oauthProperties = new AuthenticationProperties(props);
var oauthTicket = new AuthenticationTicket(claimsIdentity, oauthProperties);
context.Validated(oauthTicket);
}
else
{
context.SetError(Constant.OAuthorization_Invalid_Grant, "Tài khoản hoặc mật khẩu không đúng.'");
context.Rejected();
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
//IAuthRepository authRepository = new AuthRepository();
//var companyCode = context.OwinContext.Environment["companyCode"].ToString();
//var culture = context.OwinContext.Environment["culture"].ToString();
var rep = ContainerManager.Resolve <IEfRepository>();
var user = await rep.FirstOrDefaultAsync <UserModel>(s => s != null && s.IsDeleted != 1 && (s.ADAccount == context.UserName || s.Code == context.UserName) && s.Password == context.Password /*&& s.CompanyCode == companyCode*/);
//var user = await ContainerManager.Resolve<IAuthRepository>().FindUser(context.UserName, context.Password, "");
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
context.SetError("res_code", "60005");
context.SetError("ErrorCode", "ERROR_LOGIN");
context.SetError("res_msg", "登录失败");
return;
}
//var rep = ContainerManager.Resolve<IEfRepository>();
var cache = ContainerManager.Resolve <ICacheManager>();
var roles = (from a in rep.Table <RoleInfo>()
join b in rep.Table <UserRole>() on a.Id equals b.RoleId
where b.SapCode == user.Code && a.IsDeleted != 1 && b.IsDeleted != 1
select a).ToList();
//cache.Clear();
var workUser = new WorkUser
{
User = user,
Roles = roles
};
cache.Set(user.Id.ToString(), workUser, 12);
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, user.Id.ToString()));
identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
//加入client字典用于刷新token
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", context.ClientId ?? string.Empty
},
{
"userName", context.UserName
},
{
"name", user.Code ?? string.Empty
},
{
"res_code", "6000"
},
{
"res_msg", "登录成功"
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public override async System.Threading.Tasks.Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
var user = await userManager.FindByNameAsync(context.UserName);
if (user == null || user.Attempts >= MaxAttempts)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
context.
if (!await userManager.CheckPasswordAsync(user, context.Password))
{
user.Attempts++;
await userManager.UpdateAsync(user);
await context.OwinContext.Get <ApplicationDbContext>().SaveChangesAsync();
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
user.Attempts = 0;
await userManager.UpdateAsync(user);
await context.OwinContext.Get <ApplicationDbContext>().SaveChangesAsync();
string[] values;
if (!context.Request.Headers.TryGetValue("Imei", out values))
{
context.SetError("no_imei", "Imei not specified");
return;
}
var imei = values.FirstOrDefault();
UserKey key;
try
{
using (var db = new ApplicationDbContext())
{
var userEntity = await db.Users.FirstOrDefaultAsync(u => u.UserName == user.UserName);
key = await db.Keys.FirstOrDefaultAsync(k => k.User.UserName == userEntity.UserName && k.Imei == imei);
if (key == null)
{
key = new UserKey
{
Imei = imei,
UserStorageKey = BouncyCastleHelper.DbProtection(BouncyCastleHelper.GenerateSerpentKey()),
User = userEntity
};
db.Keys.Add(key);
await db.SaveChangesAsync();
}
else if (key.UserStorageKey == null)
{
key.UserStorageKey = BouncyCastleHelper.DbProtection(BouncyCastleHelper.GenerateSerpentKey());
db.Entry(key).State = EntityState.Modified;
await db.SaveChangesAsync();
}
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user, key);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
}
catch (Exception ex)
{
throw ex;
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
User user = null;
string roleId = string.Empty;
StringBuilder roleName = new StringBuilder();
//List<UserRolesModel> roles = null;
//List<UserPermissionNamesModel> perms = null;
using (AuthRepository _repo = new AuthRepository())
{
IdentityUser iuser = await _repo.FindUser(context.UserName, context.Password);
if (iuser == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
Tuple <bool, string, List <RoleViewModel1> > result = await _repo.GetUserRoleByID(iuser.Id);
if (result.Item1)
{
foreach (RoleViewModel1 role in result.Item3)
{
roleId = role.RoleID;
roleName = roleName.Append(role.RoleName + ", ");
}
}
user = new User
{
Id = iuser.Id,
UserName = iuser.UserName,
RoleID = roleId,
RoleName = roleName.ToString().Substring(0, roleName.Length - 2)
};
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, roleId));
var properties = new AuthenticationProperties(new Dictionary <string, string>
{
{ "as:client_id", context.ClientId ?? string.Empty },
{ "userName", context.UserName },
{ "userId", user.Id },
{ "roleId", roleId },
{ "roleName", user.RoleName }
});
var ticket = new AuthenticationTicket(identity, properties);
context.Validated(ticket);
context.Validated(identity);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
ApplicationDbContext db = new ApplicationDbContext();
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
ApplicationUser user = await userManager.FindByNameAsync(context.UserName);
if (user == null)
{
context.SetError("invalid_grant. The user name or password is incorrect.");
return;
}
// check if account is lock or not
if (await userManager.IsLockedOutAsync(user.Id))
{
context.SetError("Your account has been locked. Please contact system admin.");
return;
}
var check = await userManager.CheckPasswordAsync(user, context.Password);
if (!check)
{
int accessFailedCount = await userManager.GetAccessFailedCountAsync(user.Id);
int attemptsLeft = userManager.MaxFailedAccessAttemptsBeforeLockout - (accessFailedCount + 1);
if (attemptsLeft == 0)
{
var result = await userManager.SetLockoutEnabledAsync(user.Id, true);
if (result.Succeeded)
{
await userManager.SetLockoutEndDateAsync(user.Id, DateTime.Now.AddYears(1));
context.SetError(string.Format("Your account has been locked as a result of too many unsuccessful attempts. Please contact system admin to unloack your account."));
}
}
else
{
await userManager.AccessFailedAsync(user.Id);
}
string message = string.Format("Invalid credentials. You have {0} more attempt(s) before your account gets locked out.", attemptsLeft);
context.SetError(message);
return;
}
if (!await userManager.IsEmailConfirmedAsync(user.Id))
{
context.SetError(string.Format("Your account has been not activated. Please contact system admin to activate your account."));
return;
}
await userManager.ResetAccessFailedCountAsync(user.Id);
//Add role in token
var roleid = user.Roles.Where(x => x.UserId == user.Id).Select(y => y.RoleId).ToList();
var roleStore = new RoleStore <IdentityRole>(db);
var roleMngr = new RoleManager <IdentityRole>(roleStore);
var role = roleMngr.Roles.Where(x => roleid.Contains(x.Id)).Select(y => y.Name).ToList();
//var role = roleMngr.Roles.Where(x => x.Id == roleid).Select(y => y.Name).ToList();
string Roles = string.Join(",", role);
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
properties.Dictionary.Add("role", Roles);
properties.Dictionary.Add("id", user.Id);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
//var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
//ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
//if (user == null)
//{
// context.SetError("invalid_grant", "The user name or password is incorrect.");
// return;
//}
//if (await userManager.IsLockedOutAsync(user.Id))
//{
// context.SetError("locked_out", "User is locked out");
// return;
//}
//var check = await userManager.CheckPasswordAsync(user, context.Password);
//if (!check)
//{
// userManager.MaxFailedAccessAttemptsBeforeLockout = 5;
// await userManager.AccessFailedAsync(user.Id);
// context.SetError("invalid_grant", "Wrong username or password."); //wrong password
// return;
//}
//await userManager.ResetAccessFailedCountAsync(user.Id);
//ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType);
//ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType);
//AuthenticationProperties properties = CreateProperties(user.UserName);
//AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
//context.Validated(ticket);
//context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
// Опис: Методот врши испраќање на валидираните кориснички податоци до сервер
// Влезни параметри: OAuthGrantResourceOwnerCredentialsContext context
// Излезни параметри: Task од извршеното валидирање на испратените кориснички податоци
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
if (allowedOrigin == null)
{
allowedOrigin = "*";
}
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
var pk = publicKey;
var cpk = pk.Replace("i2n0t1e5rop", "+");
_logger.Info("publicKey changed:" + cpk);
using (AuthRepository _repo = new AuthRepository(new UnitOfWork(new InteropContext())))
{
ApplicationUser user = await _repo.FindUser(context.UserName, context.Password);
_logger.Info("context.UserName:"******"context.Password:"******"publicKey compare:" + publicKey);
if (user == null)
{
_logger.Info("Userot e null");
}
else
{
_logger.Info("user.PublicKey compare:" + user.PublicKey);
}
if (user == null || cpk != user.PublicKey)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
roleNames = await _repo.FindRoleAsync(user.Id);
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType); // bearer token
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("sub", context.UserName));
foreach (var role in roleNames)
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
}
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId
},
{
"userName", context.UserName
},
{
"roles", Newtonsoft.Json.JsonConvert.SerializeObject(roleNames)
}
});
var ticket = new AuthenticationTicket(identity, props);
// creating ACCESS TOKEN
context.Validated(ticket);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
string Username = string.Empty, Roles = string.Empty, CorrelationId = Guid.NewGuid().ToString();
Username = context.UserName;
//using owincontext
if (string.IsNullOrEmpty(Username))
{
Username = HttpContext.Current.GetOwinContext().Request.User.Identity.Name;
}
CustomerInfo cust = new CustomerInfo();
cust.email = Username;
cust.Password = context.Password;
AccountManagementService accService = new AccountManagementService();
ReturnResult <CustomerInfo> result = new ReturnResult <CustomerInfo>();
result = accService.GetCustomer(cust);
if (result.status.Status != StatusEnum.Success)
{
return;
}
//using windowsidentity
//if (string.IsNullOrEmpty(Username))
//{
// Username = WindowsIdentity.GetCurrent().Name;
//}
////extract the username excluding domain name
//Username = Username.Contains(@"\") ? Username.Substring(Username.LastIndexOf(@"\") + 1) : Username;
//Username = Username.ToLower();
////hardcoded values for test
//List<Role> roles = new List<Role>();
//roles.Add(new Role() { Id = 2400, Name = "Viewer", Description = "Viewer" });
//roles.Add(new Role() { Id = 2401, Name = "Originator", Description = "Originator" });
//Roles = string.Join(",", from item in roles select item.Id.ToString());
//check if the user has access
//APIHelper api = new APIHelper();
////IList<int> roles = api.GetUserRoles(Username, CorrelationId);
//IList<int> roles = new List<int>();
//roles.Add(2600);
string UserID = Convert.ToString(result.result.User.UserID);
//if user has access generate token with Username and Roles in claims
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, Username));
//identity.AddClaim(new Claim(ClaimTypes.Role, Roles));
identity.AddClaim(new Claim(ClaimTypes.SerialNumber, CorrelationId));
identity.AddClaim(new Claim(ClaimTypes.UserData, UserID));
// identity.AddClaim(new Claim(ClaimTypes.GivenName, result.result.User.FirstName));
AuthenticationProperties properties = CreateProperties(Username, result.result.User.FirstName, UserID);
AuthenticationTicket ticket = new AuthenticationTicket(identity, properties);
await Task.Run(() => context.Validated(ticket));
}
/// <summary>
/// Resource Owner Password Credentials Grantのカスタム認証ロジック
/// TokenEndpointPathへの grant_type = password アクセスは、こちらに到達する。
/// ・context.Username および context.Password を検証する。
/// ・クライアントは"access_token" および "refresh_token" を取得する。
/// </summary>
/// <param name="context">OAuthGrantResourceOwnerCredentialsContext</param>
/// <returns>Task</returns>
/// <see cref="https://msdn.microsoft.com/ja-jp/library/dn343587.aspx"/>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (!ASPNETIdentityConfig.EnableResourceOwnerCredentialsGrantType)
{
throw new NotSupportedException(Resources.ApplicationOAuthBearerTokenProvider.EnableResourceOwnerCredentialsGrantType);
}
// この実装は、ValidateClientAuthenticationの続きで、ClientのOAuth権限を確認する。
// 権限がある場合、Resource Owner Password Credentialsグラント種別の処理フローを継続する。
try
{
// ApplicationUser を取得する。
ApplicationUserManager userManager
= HttpContext.Current.GetOwinContext().GetUserManager <ApplicationUserManager>();
// username=ユーザ名&password=パスワードとして送付されたクレデンシャルを検証する。
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user != null)
{
// ユーザーが見つかった場合。
try
{
// ユーザーに対応するClaimsIdentityを生成する。
ClaimsIdentity identity = await userManager.CreateIdentityAsync(
user, DefaultAuthenticationTypes.ExternalBearer);
// ClaimsIdentityに、その他、所定のClaimを追加する。
OAuth2ProviderHelper.AddClaim(identity, context.ClientId, "", "", context.Scope);
// 検証完了
context.Validated(identity);
// オペレーション・トレース・ログ出力
Logging.MyOperationTrace(string.Format("{0}({1}) passed the 'resource owner password credentials flow' by {2}({3}).",
user.Id, user.UserName, context.ClientId, OAuth2ProviderHelper.GetInstance().GetClientName(context.ClientId)));
}
catch
{
// ClaimManagerIdentityは、UserManagerで作成できませんでした。
context.SetError(
"server_error",
Resources.ApplicationOAuthBearerTokenProvider.server_error2);
// 拒否
context.Rejected();
}
}
else
{
// ユーザーが見つからなかった場合。
// Resources Ownerの資格情報が無効であるか、Resources Ownerが存在しません。
context.SetError(
"access_denied",
Resources.ApplicationOAuthBearerTokenProvider.access_denied);
// 拒否
context.Rejected();
}
}
catch
{
// ユーザーを取得できませんでした。
context.SetError(
"server_error",
Resources.ApplicationOAuthBearerTokenProvider.server_error1);
// 拒否
context.Rejected();
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
if (allowedOrigin == null)
{
allowedOrigin = "*";
}
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
using (var db = new ApplicationDbContext())
{
using (var usermanager = new UserManagerHelper())
{
ApplicationUser dbUser = null;
dbUser = await db.Users.SingleOrDefaultAsync(x => x.Email == context.UserName && x.Tenant == context.ClientId);
if (dbUser == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
if (!await usermanager.UserManager.UserManager.CheckPasswordAsync(dbUser, context.Password))
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
if (dbUser == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = await dbUser.GenerateUserIdentityAsync(context.OwinContext.GetUserManager <ApplicationUserManager>(), "JWT");
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"client_id", context.ClientId
},
{
"userId", dbUser.Id
},
{
"userName", context.UserName
},
{
"ip_address", HttpContext.Current.Request.Form["ip_address"]
},
{
"user_agent", HttpContext.Current.Request.Form["user_agent"]
},
{
"env", ConfigurationManager.AppSettings["Environment"]
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = "*";
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
if (!user.EmailConfirmed)
{
context.SetError("invalid_grant", "User did not confirm email.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, "JWT");
//third party (google)
using (AuthRepository _repo = new AuthRepository())
{
var identityUser = await _repo.FindUser(context.UserName, context.Password);
if (identityUser == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId
},
{
"userName", context.UserName
}
});
var ticket2 = new AuthenticationTicket(identity, props);
//contains the identity of the user
var ticket = new AuthenticationTicket(oAuthIdentity, null);
//passing the ticket to OAuth bearer access token.
context.Validated(ticket);
context.Validated(ticket2);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
Client client = context.OwinContext.Get <Client>("as:requested_client");
var allowedOrigin = "NONE";
List <ClientAllowedOrigin> _allowedOrigins;
if (!(client == null))
{
_allowedOrigins = client.AllowedOrigins;
}
else
{
_allowedOrigins = await UnitOfWork.ClientStore.ListAllowedOrigins(new Guid());
}
string _originPath = NullHandlers.NES(context.Request.Headers["Origin"]);
if (_originPath == "")
{
allowedOrigin = "*";
}
else
{
string _originCompare = _originPath.ToLower().Trim();
if (_originCompare.LastIndexOf("/") != (_originCompare.Length - 1))
{
_originCompare += "/";
}
foreach (ClientAllowedOrigin _origin in _allowedOrigins)
{
string _allowedCompare = _origin.AllowedURL.ToLower().Trim();
if ((_allowedCompare.LastIndexOf("/") != (_allowedCompare.Length - 1)) && (_allowedCompare != "*"))
{
_allowedCompare += "/";
}
if ((_origin.AllowedURL.ToLower().Trim() == "*") || (_origin.AllowedURL.ToLower().Trim() == _originCompare))
{
allowedOrigin = _originPath;
break;
}
}
}
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
User user = await UnitOfWork.UserManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
//if (!user.EmailConfirmed)
//{
// context.SetError("invalid_grant", "User did not confirm email.");
// return;
//}
ClaimsIdentity oAuthIdentity = await UnitOfWork.UserManager.GenerateUserIdentityAsync(user, "JWT");
oAuthIdentity.AddClaims(UnitOfWork.ClaimStore.GetClaims(user));
//oAuthIdentity.AddClaims(RolesFromClaims.CreateRolesBasedOnClaims(oAuthIdentity));
AuthenticationProperties prop = new AuthenticationProperties();
prop.Dictionary.Add("as:issuer", "http://localhost:50378");
prop.Dictionary.Add("as:user_id", NullHandlers.NES(user.Id));
prop.Dictionary.Add("as:client_id", ConfigurationManager.AppSettings["as:AudienceId"]);
prop.Dictionary.Add("as:client_secret", ConfigurationManager.AppSettings["as:AudienceSecret"]);
var ticket = new AuthenticationTicket(oAuthIdentity, prop);
context.Validated(ticket);
}
/// <summary>
/// Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password
/// credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and
/// optional "refresh_token". If the web application supports the
/// resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an
/// access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated
/// with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
/// The default behavior is to reject this grant type.
/// See also http://tools.ietf.org/html/rfc6749#section-4.3.2
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>
/// Task to enable asynchronous execution
/// </returns>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
string userName = "";
string memberEmail = "";
var logWallet = new LogWallet();
try
{
var aesPassword = ApiCommonConstant.AESPassword;
var data = await context.Request.ReadFormAsync();
memberEmail = data["memberEmail"] != null?SimpleAesUtil.DecryptAES(data["memberEmail"], aesPassword) : string.Empty;
var memberPassword = data["memberPassword"] != null?SimpleAesUtil.DecryptAES(data["memberPassword"], aesPassword) : string.Empty;
userName = data["mobileapi"] != null && data["mobileapi"] == "1" ? SimpleAesUtil.DecryptAES(context.UserName, aesPassword) : context.UserName;
var password = data["mobileapi"] != null && data["mobileapi"] == "1" ? SimpleAesUtil.DecryptAES(context.Password, aesPassword) : context.Password;
var type = "apiuser";
string errorMessage = "";
bool failedMemberLogin = false;
ClaimsIdentity oAuthIdentity = null;
//ClaimsIdentity cookiesIdentity = null;
if (data["memberEmail"] != null && data["memberPassword"] != null)
{
//var memberUserManager =
// new ApplicationUserManager(new UserStore<IdentityUser>());
//var memberUser = memberUserManager.FindByEmail(memberEmail);
//if (memberUser != null && memberUserManager.CheckPassword(memberUser, memberPassword))
//{
// oAuthIdentity = await memberUserManager.CreateIdentityAsync(memberUser, context.Options.AuthenticationType);
// cookiesIdentity = await memberUserManager.CreateIdentityAsync(memberUser, CookieAuthenticationDefaults.AuthenticationType);
// type = "memberuser";
//}
//else
//{
// errorMessage = "Invalid member email and/or password";
// failedMemberLogin = true;
//}
}
using (UserManager <User> userManager = _userManagerFactory())
{
var user = await userManager.FindAsync(userName, password);
if (user == null)
{
logWallet.Log(MethodBase.GetCurrentMethod(), "The user name or password is incorrect.", null, "");
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
if (oAuthIdentity == null)
{
oAuthIdentity = await userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
}
oAuthIdentity.AddClaim(new Claim("clientId", userName));
oAuthIdentity.AddClaim(new Claim("permission", user.Permission));
oAuthIdentity.AddClaim(new Claim("role", user.Role));
oAuthIdentity.AddClaim(new Claim("password", password));
oAuthIdentity.AddClaim(new Claim("secretkey", user.ApiSecretkey));
oAuthIdentity.AddClaim(new Claim("type", type));
oAuthIdentity.AddClaim(new Claim("environment", "staging"));
// For logging purposes. Accessed by User.Identity.Name in this project ONLY.
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, userName));
//if (cookiesIdentity == null)
//{
// cookiesIdentity = await userManager.CreateIdentityAsync(user,
// CookieAuthenticationDefaults.AuthenticationType);
//}
//cookiesIdentity.AddClaim(new Claim("clientId", userName));
//cookiesIdentity.AddClaim(new Claim("permission", user.Permission));
//cookiesIdentity.AddClaim(new Claim("role", user.Role));
//cookiesIdentity.AddClaim(new Claim("password", password));
//cookiesIdentity.AddClaim(new Claim("secretkey", user.ApiSecretkey));
//cookiesIdentity.AddClaim(new Claim("type", type));
//cookiesIdentity.AddClaim(new Claim("environment", "staging" ));
AuthenticationProperties properties = CreateProperties(user.UserName);
properties.Dictionary.Add("type", type);
properties.Dictionary.Add("error_message", errorMessage);
if (failedMemberLogin)
{
properties.Dictionary.Add("failed_member_login", "1");
}
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
//context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
}
catch (Exception ex)
{
logWallet.Log(MethodBase.GetCurrentMethod(), "userName: "******". memberEmail: " + memberEmail, ex, "");
EmailUtil.SendEmail("[Exception]-[OAUTH]", ex.StackTrace);
throw;
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
try
{
UnitOfWork unitOfWork = new UnitOfWork();
var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var roles = userManager.GetRoles(user.Id);
var scope = context.Scope.ToList();
var str = context.Scope[0];
var customerId = Convert.ToInt32(!str.Contains("*")?str:str.Split('*')[0]);
var app = !str.Contains("*")?"x": str.Split('*')[1];
if (app == "ap")
{
var ap_roles = roles.Where(q => q == "Admin" || q == "User").ToList();
if (ap_roles.Count == 0)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
var employee = await unitOfWork.PersonRepository.GetViewEmployeesByUserId(user.Id, customerId);
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "user"));
oAuthIdentity.AddClaim(new Claim("sub", context.UserName));
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, "Vahid"));
AuthenticationProperties properties = CreateProperties(user.UserName, (context.ClientId == null) ? string.Empty : context.ClientId);
if (employee != null)
{
properties.Dictionary.Add("Name", employee.Name);
properties.Dictionary.Add("UserId", employee.PersonId.ToString());
properties.Dictionary.Add("EmployeeId", employee.Id.ToString());
properties.Dictionary.Add("Roles", string.Join(",", roles));
}
//if (employees.Count > 0)
// {
// var customers =string.Join("_", employees.Select(q => q.CustomerId).Distinct().ToArray());
// var name = employees.First().Name;
// }
// properties.Dictionary.Add("Name", "Vahid Moghaddam");
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
catch (Exception ex)
{
int i = 0;
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
try
{
// ResponseDTO response = ActiveDirectroryAuthenticationHelper.GetAuthenticated(context.UserName , password);
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"userdisplayname", context.UserName
},
{
"role", "admin"
}
});
//var props = new AuthenticationProperties("sunil",)
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
/*
* using (var cnAPIEntities = new CNAPIEntities())
* {
* if (cnAPIEntities != null)
* {
* var user = cnAPIEntities.UserRegisters.ToList();
* var admin = cnAPIEntities.AdminUsers.ToList();
* if (user != null)
* {
* string password = context.Password;
* var UserDmin = admin.Find(u => u.UserADID == context.UserName);
* if (UserDmin != null)
* {
* // ResponseDTO response = ActiveDirectroryAuthenticationHelper.GetAuthenticated(context.UserName , password);
* var props = new AuthenticationProperties(new Dictionary<string, string>
* {
* {
* "userdisplayname", context.UserName
* },
* {
* "role", "admin"
* }
* });
*
* var ticket = new AuthenticationTicket(identity, props);
* context.Validated(ticket);
*
* }
* else if(!string.IsNullOrEmpty(user.Where(u => u.EmailAddress == context.UserName && u.Password == password).FirstOrDefault().FirstName))
* {
* // identity.AddClaim(new Claim("Age", "16"));
*
* var props = new AuthenticationProperties(new Dictionary<string, string>
* {
* {
* "userdisplayname", context.UserName
* },
* {
* "role", "user"
* }
* });
*
* var ticket = new AuthenticationTicket(identity, props);
* context.Validated(ticket);
* }
*
* else
* {
* context.SetError("invalid_grant", "Provided username and password is incorrect");
* context.Rejected();
* }
* }
* }
* else
* {
* context.SetError("invalid_grant", "Provided username and password is incorrect");
* context.Rejected();
* }
* return;
* }
*
*/
}
catch (Exception ex)
{
return;
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//enable cors bang tay
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (UserManager<IdentityUser> userManager = _userManagerFactory())
//using (var ctx = new LeaveAnnualContext())
{
IdentityUser user = await userManager.FindAsync(context.UserName, context.Password);
//var user = await ctx.Accounts.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
//ClaimsIdentity oAuthIdentity = await ctx.Accounts.Crea
ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
}
