//Validate the Client Resource (Audience ) from where the request came from //In this sample application its hard coded. But in real projects this validation happens against registrerd Clients in the Database public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId = string.Empty; string clientSecret = string.Empty; string symmetricKeyAsBase64 = string.Empty; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (clientId == null) { context.SetError("invalid_clientId", "client_Id is not set"); return(Task.FromResult <object>(null)); } var audience = AudienceStore.FindAudience(clientId); if (audience == null) { context.SetError("invalid_clientId", string.Format("Invalid client_id '{0}'", context.ClientId)); return(Task.FromResult <object>(null)); } context.Validated(); return(Task.FromResult <object>(null)); }
public string Protect(AuthenticationTicket data) { if (data == null) { throw new ArgumentNullException(nameof(data)); } var audienceId = data.Properties.Dictionary.ContainsKey(AudiencePropertyKey) ? data.Properties.Dictionary[AudiencePropertyKey] : null; if (string.IsNullOrWhiteSpace(audienceId)) { throw new InvalidOperationException("AuthenticationTicket.Properties does not include audience"); } var audience = AudienceStore.FindAudience(audienceId); var symmetricKeyAsBase64 = audience.Base64Secret; var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64); var signingKey = new HmacSigningCredentials(keyByteArray); var issued = data.Properties.IssuedUtc; var expires = data.Properties.ExpiresUtc; var token = new JwtSecurityToken(issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey); var handler = new JwtSecurityTokenHandler(); var jwt = handler.WriteToken(token); return(jwt); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId = string.Empty; string clientSecret = string.Empty; string symmetricBase64Key = string.Empty; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.SetError("invalid_clientId", "Client Id is not set."); return(Task.FromResult <object>(null)); } var audience = AudienceStore.GetTestAudience(); if (context.ClientId != audience.ClientId) { context.SetError("invalid_clientId", string.Format("Client Id '{0}' is not valid.", context.ClientId)); return(Task.FromResult <object>(null)); } context.Validated(); return(Task.FromResult <object>(null)); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.SetError("invalid_audienceId", "audience_Id is not set"); return(Task.FromResult <object>(null)); } var audience = AudienceStore.FindAudience(context.ClientId); if (audience == null) { context.SetError("audience_clientId", $"Invalid audience_id '{context.ClientId}'"); return(Task.FromResult <object>(null)); } context.Validated(); return(Task.FromResult <object>(null)); }
public IHttpActionResult Post(AudienceModel audienceModel) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } Audience newAudience = AudienceStore.AddAudience(audienceModel.name); return(Ok <Audience>(newAudience)); }
public string Protect(AuthenticationTicket data) { if (data == null) { throw new ArgumentNullException("data"); } // string audienceId = data.Properties.Dictionary.ContainsKey(AudiencePropertyKey) ? data.Properties.Dictionary[AudiencePropertyKey] : null; if (string.IsNullOrWhiteSpace(_audienceId)) { throw new InvalidOperationException("AuthenticationTicket.Properties does not include audience"); } // Dummy check to see if the Audience is registered. It should actually check against Client table(which has registered audiences details ) // For this sample application I have hard coded the audience as there is only one audience. Audience audience = AudienceStore.FindAudience(_audienceId); var issued = data.Properties.IssuedUtc; var now = DateTime.UtcNow; DateTime expires = DateTime.UtcNow.AddMinutes(30); var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(_secret)); var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(securityKey, Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256Signature); // ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[] //{ // new Claim(ClaimTypes.Name, username) // }); var handler = new JwtSecurityTokenHandler(); var _token = (JwtSecurityToken) handler.CreateJwtSecurityToken(issuer: "http://localhost:57293", audience: "http://localhost:57293", subject: data.Identity, notBefore: now, expires: expires, signingCredentials: signingCredentials); var jwt = handler.WriteToken(_token); return(jwt); }