private Task <IEnumerable <Claim> > ValidationFunction(string userName, string password)
{
IEnumerable <Claim> claims = null;
UserAccount user;
string tenant;
var parts = userName.Split('\\');
if (parts.Length > 1)
{
tenant = parts[0];
userName = parts[1];
}
else
{
throw new Exception("Cannot determine tenant and username.");
}
var userAccountService = UserAccountServiceFactory.Create();
if (userAccountService.Authenticate(tenant, userName, password, out user))
{
claims = user.GetAllClaims();
}
return(Task.FromResult(claims));
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthController"/> class.
/// </summary>
public AuthController(ICommonRepository commonRepository, ILogger logger)
{
//_userAccountService = userAccountService;
_userAccountService = UserAccountServiceFactory.Create();
_commonRepository = commonRepository;
_logger = logger;
}
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var _userAccountService = UserAccountServiceFactory.Create();
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
if (allowedOrigin == null)
{
allowedOrigin = "*";
}
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
UserAccount user;
if (_userAccountService.Authenticate(context.Scope.FirstOrDefault(), context.UserName, context.Password, out user))
{
var claims = user.GetAllClaims();
var id = new ClaimsIdentity(claims, "MembershipReboot");
// create metadata to pass on to refresh token provider
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{ "as:client_id", context.ClientId }
});
var ticket = new AuthenticationTicket(id, props);
context.Validated(ticket);
}
return(base.GrantResourceOwnerCredentials(context));
}
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
var _userAccountService = UserAccountServiceFactory.Create();
if (context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType)
{
if (_userAccountService.Authenticate(context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.Scope[0],
context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.UserName,
context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.Password))
{
context.Validated();
}
}
if (context.TokenRequest.IsRefreshTokenGrantType)
{
var token = context.TokenRequest.Parameters.Get("refresh_token");
if (!string.IsNullOrEmpty(token))
{
context.Validated();
}
}
return(Task.FromResult <object>(null));
}
//private readonly UserAccountService _userAccountService;
//public MembershipRebootOAuthAuthorizationServerProvider(UserAccountService userAccountService)
//{
// _userAccountService = userAccountService;
//}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
var _userAccountService = UserAccountServiceFactory.Create();
string cid, csecret;
if (context.TryGetBasicCredentials(out cid, out csecret))
{
if (_userAccountService.Authenticate("clients", cid, csecret))
{
context.OwinContext.Set <string>("as:client_id", cid);
context.Validated();
}
}
context.OwinContext.Set <string>("as:clientAllowedOrigin", "*");
return(Task.FromResult <object>(null));
}
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context and user manager to use a single instance per request
//app.CreatePerOwinContext(ApplicationDbContext.Create);
//app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
//// Enable the application to use a cookie to store information for the signed in user
//// and to use a cookie to temporarily store information about a user logging in with a third party login provider
//app.UseCookieAuthentication(new CookieAuthenticationOptions());
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
//// Configure the application for OAuth based flow
//PublicClientId = "self";
//OAuthOptions = new OAuthAuthorizationServerOptions
//{
// TokenEndpointPath = new PathString("/Token"),
// Provider = new ApplicationOAuthProvider(PublicClientId),
// AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
// AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
// AllowInsecureHttp = true
//};
//// Enable the application to use bearer tokens to authenticate users
//app.UseOAuthBearerTokens(OAuthOptions);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
// This must come first to intercept the /Token requests
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
var oauthServerConfig = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = AuthenticationConstants.AllowInsecureHttp,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = SecurityTokenConstants.TokenLifeTime,
Provider = new MembershipRebootOAuthAuthorizationServerProvider(),
RefreshTokenProvider = new MembershipRebootOAuthAuthorizationServerRefreshTokenProvider()
};
app.UseOAuthAuthorizationServer(oauthServerConfig);
var oauthConfig = new OAuthBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AuthenticationType = AuthenticationConstants.BearerAuthType
};
app.UseOAuthBearerAuthentication(oauthConfig);
app.UseBasicAuthentication(new BasicAuthenticationOptions("qssolutions.net", UserAccountServiceFactory.Create())
{
AuthenticationType = AuthenticationConstants.BasicAuthType,
AuthenticationMode = AuthenticationMode.Active
});
}
