Example #1
0
    public async Task CreateAsync(AuthenticationTokenCreateContext context) {
      var clientIdValue = context.Ticket.Properties.Dictionary["as:client_id"];
      if (string.IsNullOrWhiteSpace(clientIdValue)) {
        return;
      }

      int clientId = 0;
      if (!int.TryParse(clientIdValue, out clientId)) {
        return;
      }

      var token = Guid.NewGuid().ToString("n");

      var refreshTokenLifeTime = context.OwinContext.Get<string>("as:clientRefreshTokenLifeTime");
      var issuedUtc = DateTime.UtcNow;
      var expiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime));

      context.Ticket.Properties.IssuedUtc = issuedUtc;
      context.Ticket.Properties.ExpiresUtc = expiresUtc;

      var client = new AuthenticationClient();
      var result = await client.SaveRefreshToken(new SaveRefreshTokenRequest {
        HashedToken = PasswordHelper.HashToken(token),
        ClientId = clientId,
        Username = context.Ticket.Properties.Dictionary["userName"],
        IssuedUtc = DateTime.UtcNow,
        ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)),
        ProtectedTicket = context.SerializeTicket()
      });

      if (result.IsSuccess) {
        context.SetToken(token);
      }
    }
Example #2
0
    public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) {
      var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
      context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
      string hashedToken = PasswordHelper.HashToken(context.Token);

      var authenticationClient = new AuthenticationClient();
      var response = await authenticationClient.GetRefreshToken(new GetRefreshTokenRequest { HashedToken = hashedToken });
      if (response.RefreshToken != null) {
        context.DeserializeTicket(response.RefreshToken.ProtectedTicket);
        await authenticationClient.DeleteRefreshToken(new DeleteRefreshTokenRequest { HashedToken = hashedToken });
      }
    }
    public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) {
      string clientIdValue = string.Empty;
      string clientSecret = string.Empty;
      int clientId = 0;

      if (!context.TryGetBasicCredentials(out clientIdValue, out clientSecret)) {
        context.TryGetFormCredentials(out clientIdValue, out clientSecret);
      }

      if (string.IsNullOrWhiteSpace(clientIdValue)) {
        context.SetError("invalid_clientId", "Client id should be sent");
        return;
      }

      if (!int.TryParse(clientIdValue, out clientId)) {
        context.SetError("invalid_clientId", "Client id is invalid");
        return;
      }

      var authenticationClient = new AuthenticationClient();
      var client = await authenticationClient.GetClient(new GetClientRequest { ClientId = clientId });

      if (client == null || !client.IsSuccess || client.Client == null) {
        context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system", clientId));
        return;
      }

      if (client.Client.ApplicationType == ApplicationType.NativeConfidential) {
        if (string.IsNullOrWhiteSpace(clientSecret)) {
          context.SetError("invalid_clientId", "Client secret should be sent");
          return;
        } else if (!PasswordHelper.VerifyPassword(clientSecret, client.Client.Secret)) {
          context.SetError("invalid_clientId", "Client secret is invalid");
          return;
        }
        if (!client.Client.Active) {
          context.SetError("invalid_cliendId", "Client is inactive");
          return;
        }
      }

      context.OwinContext.Set<string>("as:clientAllowedOrigin", client.Client.AllowedOrigin);
      context.OwinContext.Set<string>("as:clientRefreshTokenLifeTime", client.Client.RefreshTokenLifeTime.ToString());

      context.Validated();
    }
    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) {
      var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");
      if (string.IsNullOrWhiteSpace(allowedOrigin)) {
        allowedOrigin = "*";
      }

      context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

      var authenticationClient = new AuthenticationClient();
      var response = await authenticationClient.Authenticate(new AuthenticateRequest { Username = context.UserName });
      var authenticated = response.IsSuccess && response.AuthenticatedUser != null && PasswordHelper.VerifyPassword(context.Password, response.AuthenticatedUser.HashedPassword);

      if (!authenticated) {
        context.SetError("invalid_grant", "The email or password is incorrect");
        return;
      }

      var claims = new[] {
        new Claim("sub", context.UserName),
        new Claim("role", response.AuthenticatedUser.RoleName),
        new Claim("user_id", response.AuthenticatedUser.Id.ToString())
      };

      var identity = new ClaimsIdentity(claims, context.Options.AuthenticationType);

      if (response.AuthenticatedUser.RoleName == "user") {
        context.SetError("invalid_grant", "The user does not have permissions for this service");
        return;
      }

      var props = new AuthenticationProperties(new Dictionary<string, string> {
        { "as:client_id", context.ClientId == null ? string.Empty : context.ClientId },
        { "userName", context.UserName },
        { "role", response.AuthenticatedUser.RoleName },
        { "photo", response.AuthenticatedUser.Photo }
      });

      var ticket = new AuthenticationTicket(identity, props);
      context.Validated(ticket);
    }