public SnakeCaseQueryValueProvider( BindingSource bindingSource, IReadableStringCollection values, CultureInfo culture) : base(bindingSource, values, culture) { }
public CookiesFeature(string key, string value) { _cookies = new ReadableStringCollection(new Dictionary<string, string[]>() { { key, new[] { value } } }); }
/// <summary> /// Initializes a new instance of the <see cref="OAuthValidateClientAuthenticationContext"/> class /// </summary> /// <param name="context"></param> /// <param name="options"></param> /// <param name="parameters"></param> public OAuthValidateClientAuthenticationContext( IOwinContext context, OAuthAuthorizationServerOptions options, IReadableStringCollection parameters) : base(context, options, null) { Parameters = parameters; }
/// <summary> /// Creates a provider for <see cref="IReadableStringCollection"/> wrapping an existing set of key value pairs. /// </summary> /// <param name="bindingSource">The <see cref="BindingSource"/> for the data.</param> /// <param name="values">The key value pairs to wrap.</param> /// <param name="culture">The culture to return with ValueProviderResult instances.</param> public ReadableStringCollectionValueProvider( [NotNull] BindingSource bindingSource, [NotNull] IReadableStringCollection values, CultureInfo culture) : base(bindingSource) { _values = values; _culture = culture; }
public RequestCookiesFeature(IReadableStringCollection cookies) { if (cookies == null) { throw new ArgumentNullException(nameof(cookies)); } _parsedValues = cookies; }
public QueryFeature(IReadableStringCollection query) { if (query == null) { throw new ArgumentNullException(nameof(query)); } _parsedValues = query; }
/// <summary> /// Creates a new instance populated with values from the form encoded body parameters. /// </summary> /// <param name="parameters">Form encoded body parameters from a request.</param> public TokenEndpointRequest(IReadableStringCollection parameters) { if (parameters == null) { throw new ArgumentNullException("parameters"); } Func<string, string> getParameter = parameters.Get; Parameters = parameters; GrantType = getParameter(Constants.Parameters.GrantType); ClientId = getParameter(Constants.Parameters.ClientId); if (String.Equals(GrantType, Constants.GrantTypes.AuthorizationCode, StringComparison.Ordinal)) { AuthorizationCodeGrant = new TokenEndpointRequestAuthorizationCode { Code = getParameter(Constants.Parameters.Code), RedirectUri = getParameter(Constants.Parameters.RedirectUri), }; } else if (String.Equals(GrantType, Constants.GrantTypes.ClientCredentials, StringComparison.Ordinal)) { ClientCredentialsGrant = new TokenEndpointRequestClientCredentials { Scope = (getParameter(Constants.Parameters.Scope) ?? string.Empty).Split(' ') }; } else if (String.Equals(GrantType, Constants.GrantTypes.RefreshToken, StringComparison.Ordinal)) { RefreshTokenGrant = new TokenEndpointRequestRefreshToken { RefreshToken = getParameter(Constants.Parameters.RefreshToken), Scope = (getParameter(Constants.Parameters.Scope) ?? string.Empty).Split(' ') }; } else if (String.Equals(GrantType, Constants.GrantTypes.Password, StringComparison.Ordinal)) { ResourceOwnerPasswordCredentialsGrant = new TokenEndpointRequestResourceOwnerPasswordCredentials { UserName = getParameter(Constants.Parameters.Username), Password = getParameter(Constants.Parameters.Password), Scope = (getParameter(Constants.Parameters.Scope) ?? string.Empty).Split(' ') }; } else if (!String.IsNullOrEmpty(GrantType)) { CustomExtensionGrant = new TokenEndpointRequestCustomExtension { Parameters = parameters, }; } }
/// <summary> /// Creates a new instance populated with values from the form encoded body parameters. /// </summary> /// <param name="parameters">Form encoded body parameters from a request.</param> public TokenEndpointRequest(IReadableStringCollection parameters) { if (parameters == null) { throw new ArgumentNullException("parameters"); } Parameters = parameters; GrantType = parameters[Constants.Parameters.GrantType]; ClientId = parameters[Constants.Parameters.ClientId]; if (string.Equals(GrantType, Constants.GrantTypes.AuthorizationCode, StringComparison.Ordinal)) { AuthorizationCodeGrant = new TokenEndpointRequestAuthorizationCode { Code = parameters[Constants.Parameters.Code], RedirectUri = parameters[Constants.Parameters.RedirectUri], }; } else if (string.Equals(GrantType, Constants.GrantTypes.ClientCredentials, StringComparison.Ordinal)) { ClientCredentialsGrant = new TokenEndpointRequestClientCredentials { Scope = ((string)parameters[Constants.Parameters.Scope] ?? string.Empty).Split(' ') }; } else if (string.Equals(GrantType, Constants.GrantTypes.RefreshToken, StringComparison.Ordinal)) { RefreshTokenGrant = new TokenEndpointRequestRefreshToken { RefreshToken = parameters[Constants.Parameters.RefreshToken], Scope = ((string)parameters[Constants.Parameters.Scope] ?? string.Empty).Split(' ') }; } else if (string.Equals(GrantType, Constants.GrantTypes.Password, StringComparison.Ordinal)) { ResourceOwnerPasswordCredentialsGrant = new TokenEndpointRequestResourceOwnerPasswordCredentials { UserName = parameters[Constants.Parameters.Username], Password = parameters[Constants.Parameters.Password], Scope = ((string)parameters[Constants.Parameters.Scope] ?? string.Empty).Split(' ') }; } else if (!string.IsNullOrEmpty(GrantType)) { CustomExtensionGrant = new TokenEndpointRequestCustomExtension { Parameters = parameters, }; } }
/// <summary> /// Creates a new instance populated with values from the query string parameters. /// </summary> /// <param name="parameters">Query string parameters from a request.</param> public AuthorizeEndpointRequest(IReadableStringCollection parameters) { if (parameters == null) { throw new ArgumentNullException("parameters"); } Scope = new List<string>(); foreach (var parameter in parameters) { AddParameter(parameter.Key, parameters.Get(parameter.Key)); } }
private QRCodeParameters ParseQRParamsFromQueryString(IReadableStringCollection query) { QRCodeParameters param = new QRCodeParameters(); var text = query["text"]; param.Text = text; var size = query["size"]; string format = query["format"]; int intSize = 0; if (int.TryParse(size, out intSize)) param.Size = intSize; if (!string.IsNullOrWhiteSpace(format) && supportedImageFormats.ContainsKey(format.ToLower())) param.ImageFormat = supportedImageFormats[format]; return param; }
public static ImageDisParameters AppendParameters(this ImageDisParameters param, IReadableStringCollection query) { foreach (var q in query) { int integer; bool boolean; if (int.TryParse(q.Value.First(), out integer)) param.Add(q.Key, integer); else if (bool.TryParse(q.Value.First(), out boolean)) param.Add(q.Key, boolean); else param.Add(q.Key, q.Value.First()); } return param; }
/// <summary> /// Creates a provider for <see cref="IReadableStringCollection"/> wrapping an existing set of key value pairs. /// </summary> /// <param name="bindingSource">The <see cref="BindingSource"/> for the data.</param> /// <param name="values">The key value pairs to wrap.</param> /// <param name="culture">The culture to return with ValueProviderResult instances.</param> public ReadableStringCollectionValueProvider( BindingSource bindingSource, IReadableStringCollection values, CultureInfo culture) : base(bindingSource) { if (bindingSource == null) { throw new ArgumentNullException(nameof(bindingSource)); } if (values == null) { throw new ArgumentNullException(nameof(values)); } _values = values; _culture = culture; }
public bool Equals(IReadableStringCollection other) { if (this.Count() != other.Count()) return false; foreach (var kv in this) { var values1 = GetValues(kv.Key); var values2 = other.GetValues(kv.Key); var missing1 = values1.Except(values2).Any(); var missing2 = values2.Except(values1).Any(); if (missing1 || missing2) return false; } return true; }
public OwinRequest(IReadableStringCollection query, IFormCollection body) { _query = query; _body = body; }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app, IComponentContext container) { // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)), OnApplyRedirect = ctx => { if (!new Func <IOwinRequest, bool>(x => { IReadableStringCollection query = x.Query; if ((query != null) && (query["X-Requested-With"] == "XMLHttpRequest")) { return(true); } IHeaderDictionary headers = x.Headers; return((headers != null) && (headers["X-Requested-With"] == "XMLHttpRequest")); })(ctx.Request)) { ctx.Response.Redirect(ctx.RedirectUri); } } } }); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); app.UseOAuthBearerTokens( new OAuthAuthorizationServerOptions() { TokenEndpointPath = new PathString("/Token"), Provider = container.Resolve <IOAuthAuthorizationServerProvider>(), AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), // Note: Remove the following line before you deploy to production: AllowInsecureHttp = true }); // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process. app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5)); // Enables the application to remember the second login verification factor such as phone or email. // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from. // This is similar to the RememberMe option when you log in. app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie); // Uncomment the following lines to enable logging in with third party login providers //app.UseMicrosoftAccountAuthentication( // clientId: "", // clientSecret: ""); //app.UseTwitterAuthentication( // consumerKey: "", // consumerSecret: ""); //app.UseFacebookAuthentication( // appId: "", // appSecret: ""); //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions() //{ // ClientId = "", // ClientSecret = "" //}); }
private async Task<IReadableStringCollection> GetValueCollectionAsync() { if (_values == null) { Debug.Assert(_valuesFactory != null); _values = await _valuesFactory(); } return _values; }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { IReadableStringCollection query = Request.Query; properties = UnpackStateParameter(query); if (properties == null) { _logger.WriteWarning("Invalid return state"); return(null); } // Anti-CSRF if (!ValidateCorrelationId(properties, _logger)) { return(new AuthenticationTicket(null, properties)); } string ticket = GetTicketParameter(query); if (String.IsNullOrEmpty(ticket)) { // No ticket return(new AuthenticationTicket(null, properties)); } // Now, we need to get the ticket validated string validateUrl = Options.CasServerUrlBase + "/serviceValidate" + "?service=" + Uri.EscapeDataString(BuildReturnTo(GetStateParameter(query))) + "&ticket=" + Uri.EscapeDataString(ticket); HttpResponseMessage response = await _httpClient.GetAsync(validateUrl, Request.CallCancelled); response.EnsureSuccessStatusCode(); var responseBody = await response.Content.ReadAsStringAsync(); string validatedUserName = null; using (TextReader stringReader = new StringReader(responseBody)) { var xmlReaderSetting = new XmlReaderSettings(); xmlReaderSetting.ConformanceLevel = ConformanceLevel.Auto; xmlReaderSetting.IgnoreWhitespace = true; using (XmlReader xmlReader = XmlReader.Create(stringReader, xmlReaderSetting)) { if (xmlReader.ReadToFollowing("cas:user")) { validatedUserName = xmlReader.ReadElementString(); } } } if (String.IsNullOrEmpty(validatedUserName)) { return(new AuthenticationTicket(null, properties)); } var identity = new ClaimsIdentity(Options.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)); identity.AddClaim(new Claim(ClaimTypes.Name, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)); var context = new CasAuthenticatedContext( Context, identity, properties); await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError("Authentication failed", ex); return(new AuthenticationTicket(null, properties)); } }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, logger)) { return(new AuthenticationTicket(null, properties)); } string requestPrefix = Request.Scheme + "://" + Request.Host; string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; // Build up the body for the token request var body = new List <KeyValuePair <string, string> >(); body.Add(new KeyValuePair <string, string>("grant_type", "authorization_code")); body.Add(new KeyValuePair <string, string>("code", code)); body.Add(new KeyValuePair <string, string>("redirect_uri", redirectUri)); body.Add(new KeyValuePair <string, string>("state", state)); body.Add(new KeyValuePair <string, string>("scope", string.Join(",", Options.Scope))); var request = new HttpRequestMessage(HttpMethod.Post, TokenEndpoint); request.Content = new FormUrlEncodedContent(body); // Request the token HttpResponseMessage tokenResponse = await httpClient.PostAsync(TokenEndpoint, new FormUrlEncodedContent(body)); tokenResponse.EnsureSuccessStatusCode(); string text = await tokenResponse.Content.ReadAsStringAsync(); // Deserializes the token response dynamic response = JsonConvert.DeserializeObject <dynamic>(text); string accessToken = (string)response.access_token; string expires = (string)response.expires_in; string refreshToken = (string)response.refresh_token; // Get the Reddit user HttpRequestMessage userRequest = new HttpRequestMessage(HttpMethod.Get, UserInfoEndpoint); userRequest.Headers.Add("User-Agent", "OWIN OAuth Provider"); userRequest.Headers.Add("Authorization", "bearer " + Uri.EscapeDataString(accessToken) + ""); HttpResponseMessage graphResponse = await httpClient.SendAsync(userRequest, Request.CallCancelled); graphResponse.EnsureSuccessStatusCode(); text = await graphResponse.Content.ReadAsStringAsync(); JObject user = JObject.Parse(text); var context = new RedditAuthenticatedContext(Context, user, accessToken, expires, refreshToken); context.Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); if (!string.IsNullOrEmpty(context.Id)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.UserName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.UserName)) { context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Link)) { context.Identity.AddClaim(new Claim("urn:reddit:url", context.Link, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.AccessToken)) { context.Identity.AddClaim(new Claim("urn:reddit:accesstoken", context.AccessToken, XmlSchemaString, Options.AuthenticationType)); } context.Identity.AddClaim(new Claim("urn:reddit:overeighteen", context.OverEighteen.ToString())); context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { logger.WriteError(ex.Message); } return(new AuthenticationTicket(null, properties)); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string access_token = null; string useruin = null; string appKey = null; string sign = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("access_token"); if (values != null && values.Count == 1) { access_token = values[0]; } values = query.GetValues("useruin"); if (values != null && values.Count == 1) { useruin = values[0]; } values = query.GetValues("app_oauth_id"); if (values != null && values.Count == 1) { appKey = values[0]; } values = query.GetValues("sign"); if (values != null && values.Count == 1) { sign = values[0]; } properties = new AuthenticationProperties() { RedirectUri = Options.DefaultCallBack }; if (appKey != Options.AppKey) { return(null); } //todo:验证sign var context = new PaipaiAccountAuthenticatedContext(Context, access_token, useruin); context.Identity = new ClaimsIdentity( new[] { new Claim(ClaimTypes.NameIdentifier, context.Id, ClaimValueTypes.String, Options.AuthenticationType), new Claim(ClaimTypes.Name, context.Name, ClaimValueTypes.String, Options.AuthenticationType), new Claim("pp:UserUin", context.Id, ClaimValueTypes.String, Options.AuthenticationType), new Claim("pp:AccessToken", context.AccessToken, ClaimValueTypes.String, Options.AuthenticationType) }, Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); await Options.Provider.Authenticated(context); context.Properties = properties; return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteWarning("Authentication failed", ex); return(new AuthenticationTicket(null, properties)); } }
//step 2.3 //making AuthenticationTicket after client return from Vk.com //here we make actually autorization work protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = ""; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } properties = Options.StateDataFormat.Unprotect(Options.StoreState); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, _logger)) { return(new AuthenticationTicket(null, properties)); } string requestPrefix = Request.Scheme + Uri.SchemeDelimiter + Request.Host; string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; //https://oauth.vk.com/access_token?client_id=APP_ID&client_secret=APP_SECRET&code=7a6fa4dff77a228eeda56603b8f53806c883f011c40b72630bb50df056f6479e52a&redirect_uri=REDIRECT_URI string tokenRequest = TokenEndpoint + "?client_id=" + Uri.EscapeDataString(Options.AppId) + "&client_secret=" + Uri.EscapeDataString(Options.AppSecret) + "&code=" + Uri.EscapeDataString(code) + "&redirect_uri=" + Uri.EscapeDataString(redirectUri); HttpResponseMessage tokenResponse = await _httpClient.GetAsync(tokenRequest, Request.CallCancelled); tokenResponse.EnsureSuccessStatusCode(); string text = await tokenResponse.Content.ReadAsStringAsync(); //IFormCollection form = WebHelpers.ParseForm(text); var JsonResponse = JsonConvert.DeserializeObject <dynamic>(text); //JObject TokenResponse = JObject.Parse(text); string accessToken = JsonResponse["access_token"]; string expires = JsonResponse["expires_in"]; string userid = JsonResponse["user_id"]; string email = JsonResponse["email"]; //public method which dont require token string userInfoLink = GraphApiEndpoint + "users.get.xml" + "?user_ids=" + Uri.EscapeDataString(userid) + "&fields=" + Uri.EscapeDataString("nickname,screen_name,photo_50"); HttpResponseMessage graphResponse = await _httpClient.GetAsync(userInfoLink, Request.CallCancelled); graphResponse.EnsureSuccessStatusCode(); text = await graphResponse.Content.ReadAsStringAsync(); XmlDocument UserInfoResponseXml = new XmlDocument(); UserInfoResponseXml.LoadXml(text); var context = new VkAuthenticatedContext(Context, UserInfoResponseXml, accessToken, expires, Options.PreferedNameClaim); context.Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); if (!string.IsNullOrEmpty(context.Id)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.DefaultName)) { context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.DefaultName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.FullName)) { context.Identity.AddClaim(new Claim("urn:vkontakte:name", context.FullName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Link)) { context.Identity.AddClaim(new Claim("urn:vkontakte:link", context.Link, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(email)) { context.Identity.AddClaim(new Claim(ClaimTypes.Email, email, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError(ex.Message); } return(new AuthenticationTicket(null, properties)); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { _logger.WriteVerbose("AuthenticateCore"); AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, _logger)) { return(new AuthenticationTicket(null, properties)); } var tokenRequestParameters = new List <KeyValuePair <string, string> >() { new KeyValuePair <string, string>("client_id", Options.AppId), new KeyValuePair <string, string>("client_secret", Options.AppSecret), new KeyValuePair <string, string>("redirect_uri", GenerateRedirectUri()), new KeyValuePair <string, string>("code", code), new KeyValuePair <string, string>("grant_type", "authorization_code"), }; FormUrlEncodedContent requestContent = new FormUrlEncodedContent(tokenRequestParameters); HttpResponseMessage response = await _httpClient.PostAsync(TokenEndpoint, requestContent, Request.CallCancelled); response.EnsureSuccessStatusCode(); string oauthTokenResponse = await response.Content.ReadAsStringAsync(); var tokenDict = QueryStringToDict(oauthTokenResponse); string accessToken = null; if (tokenDict.ContainsKey("access_token")) { accessToken = tokenDict["access_token"]; } else { _logger.WriteWarning("Access token was not found"); return(new AuthenticationTicket(null, properties)); } string openIDUri = OpenIDEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken); HttpResponseMessage openIDResponse = await _httpClient.GetAsync(openIDUri, Request.CallCancelled); openIDResponse.EnsureSuccessStatusCode(); string openIDString = await openIDResponse.Content.ReadAsStringAsync(); openIDString = ExtractOpenIDCallbackBody(openIDString); JObject openIDInfo = JObject.Parse(openIDString); var clientId = openIDInfo["client_id"].Value <string>(); var openId = openIDInfo["openid"].Value <string>(); string userInfoUri = UserInfoEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken) + "&oauth_consumer_key=" + Uri.EscapeDataString(clientId) + "&openid=" + Uri.EscapeDataString(openId); HttpResponseMessage userInfoResponse = await _httpClient.GetAsync(userInfoUri, Request.CallCancelled); userInfoResponse.EnsureSuccessStatusCode(); string userInfoString = await userInfoResponse.Content.ReadAsStringAsync(); JObject userInfo = JObject.Parse(userInfoString); var context = new QQConnectAuthenticatedContext(Context, openId, userInfo, accessToken); context.Identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType), new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, XmlSchemaString, Options.AuthenticationType), new Claim("urn:qqconnect:id", context.Id, XmlSchemaString, Options.AuthenticationType), new Claim("urn:qqconnect:name", context.Name, XmlSchemaString, Options.AuthenticationType), }); await Options.Provider.Authenticated(context); context.Properties = properties; return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError(ex.Message); } return(new AuthenticationTicket(null, properties)); }
public QueryFeature([NotNull] IReadableStringCollection query) { _query = query; }
protected override async Task<AuthenticationTicket> AuthenticateCoreAsync() { var properties = new AuthenticationProperties(); try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList<string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return null; } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, _logger)) { return new AuthenticationTicket(null, properties); } string requestPrefix = Request.Scheme + "://" + Request.Host; string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; // Build up the body for the token request var body = new List<KeyValuePair<string, string>>(); body.Add(new KeyValuePair<string, string>("code", code)); body.Add(new KeyValuePair<string, string>("redirect_uri", redirectUri)); body.Add(new KeyValuePair<string, string>("client_id", Options.ClientId)); body.Add(new KeyValuePair<string, string>("client_secret", Options.ClientSecret)); body.Add(new KeyValuePair<string, string>("grant_type", "authorization_code")); // Request the token var requestMessage = new HttpRequestMessage(HttpMethod.Post, Options.Endpoints.TokenEndpoint); requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); requestMessage.Content = new FormUrlEncodedContent(body); HttpResponseMessage tokenResponse = await _httpClient.SendAsync(requestMessage); tokenResponse.EnsureSuccessStatusCode(); string text = await tokenResponse.Content.ReadAsStringAsync(); // Deserializes the token response dynamic response = JsonConvert.DeserializeObject<dynamic>(text); string accessToken = (string)response.access_token; string refreshToken = (string)response.refresh_token; // Get the Sidekick user using the user info endpoint, which is part of the token - response.id HttpRequestMessage userRequest = new HttpRequestMessage(HttpMethod.Get, Constants.UserProfileEndpoint); userRequest.Headers.Add("Authorization", "Bearer " + Uri.EscapeDataString(accessToken)); userRequest.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); HttpResponseMessage userResponse = await _httpClient.SendAsync(userRequest, Request.CallCancelled); userResponse.EnsureSuccessStatusCode(); text = await userResponse.Content.ReadAsStringAsync(); JObject user = JObject.Parse(text); var context = new SidekickAuthenticatedContext(Context, user, accessToken, refreshToken); context.Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); if (!string.IsNullOrEmpty(context.Id)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.UserName)) { context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Email)) { context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.FirstName)) { context.Identity.AddClaim(new Claim(ClaimTypes.GivenName, context.FirstName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.LastName)) { context.Identity.AddClaim(new Claim(ClaimTypes.Surname, context.LastName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.MobileNumber)) { context.Identity.AddClaim(new Claim(ClaimTypes.MobilePhone, context.MobileNumber, XmlSchemaString, Options.AuthenticationType)); } context.Identity.AddClaim(new Claim("urn:Sidekick:isactive", context.Active.ToString(), XmlSchemaString, Options.AuthenticationType)); if (!string.IsNullOrEmpty(context.AccessToken)) { context.Identity.AddClaim(new Claim("urn:Sidekick:accesstoken", context.AccessToken, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return new AuthenticationTicket(context.Identity, context.Properties); } catch (Exception ex) { _logger.WriteError(ex.Message); } return new AuthenticationTicket(null, properties); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string token = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("token"); if (values != null && values.Count == 1) { token = values[0]; } string stateCookieKey = Constants.StatePrefix + Options.AuthenticationType; string stateCookie = Request.Cookies[stateCookieKey]; if (string.IsNullOrWhiteSpace(stateCookie)) { _logger.WriteWarning("{0} cookie not found.", stateCookie); return(null); } var cookieOptions = new CookieOptions { HttpOnly = true, Secure = Request.IsSecure }; Response.Cookies.Delete(stateCookieKey, cookieOptions); properties = Options.StateDataFormat.Unprotect(stateCookie); if (properties == null) { return(null); } // Request the token ActivityDetails activityDetails = await _yotiClient.GetActivityDetailsAsync(token); if (activityDetails.Outcome != ActivityOutcome.Success) { // TODO: Check how this is handled throw new HttpRequestException(); } var context = new YotiAuthenticatedContext(Context, activityDetails.UserProfile) { Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType) }; if (!string.IsNullOrEmpty(context.User.Id)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.User.Id, ClaimValueTypes.String, Options.AuthenticationType)); } if (context.User.Selfie != null) { context.Identity.AddClaim(new Claim("selfie", Convert.ToBase64String(context.User.Selfie.Data), context.User.Selfie.Type.ToString(), Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.User.GivenNames)) { context.Identity.AddClaim(new Claim("given_names", context.User.GivenNames, ClaimValueTypes.String, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.User.FamilyName)) { context.Identity.AddClaim(new Claim("family_name", context.User.FamilyName, ClaimValueTypes.String, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.User.FullName)) { context.Identity.AddClaim(new Claim("full_name", context.User.FullName, ClaimValueTypes.String, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.User.MobileNumber)) { context.Identity.AddClaim(new Claim("phone_number", context.User.MobileNumber, ClaimValueTypes.String, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.User.EmailAddress)) { context.Identity.AddClaim(new Claim("email_address", context.User.EmailAddress, ClaimValueTypes.String, Options.AuthenticationType)); } if (context.User.DateOfBirth != null) { context.Identity.AddClaim(new Claim("date_of_birth", context.User.DateOfBirth.Value.ToString("yyyy-MM-dd"), ClaimValueTypes.String, Options.AuthenticationType)); } if (context.User.IsAgeVerified != null) { context.Identity.AddClaim(new Claim("is_age_verified", context.User.IsAgeVerified.ToString(), ClaimValueTypes.String, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.User.Address)) { context.Identity.AddClaim(new Claim("postal_address", context.User.Address, ClaimValueTypes.String, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.User.Gender)) { context.Identity.AddClaim(new Claim("gender", context.User.Gender, ClaimValueTypes.String, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.User.Nationality)) { context.Identity.AddClaim(new Claim("nationality", context.User.Nationality, ClaimValueTypes.String, Options.AuthenticationType)); } foreach (var attributeName in context.User.OtherAttributes.Keys) { var attributeValue = context.User.OtherAttributes[attributeName]; context.Identity.AddClaim(new Claim(attributeName, attributeValue.ToString(), attributeValue.Type.ToString(), Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError("Authentication failed", ex); return(new AuthenticationTicket(null, properties)); } }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, logger)) { return(new AuthenticationTicket(null, properties)); } string requestPrefix = Request.Scheme + "://" + Request.Host; string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; // Build up the body for the token request var body = new List <KeyValuePair <string, string> >(); body.Add(new KeyValuePair <string, string>("grant_type", "authorization_code")); body.Add(new KeyValuePair <string, string>("code", code)); body.Add(new KeyValuePair <string, string>("redirect_uri", redirectUri)); body.Add(new KeyValuePair <string, string>("client_id", Options.ClientId)); body.Add(new KeyValuePair <string, string>("client_secret", Options.ClientSecret)); // Request the token HttpResponseMessage tokenResponse = await httpClient.PostAsync(TokenEndpoint, new FormUrlEncodedContent(body)); tokenResponse.EnsureSuccessStatusCode(); string text = await tokenResponse.Content.ReadAsStringAsync(); // Deserializes the token response dynamic response = JsonConvert.DeserializeObject <dynamic>(text); string accessToken = (string)response.access_token; string blogId = (string)response.blog_id; string blogUrl = (string)response.blog_url; // Get the Wordpress user HttpRequestMessage userRequest = new HttpRequestMessage(HttpMethod.Get, UserInfoEndpoint); userRequest.Headers.Add("User-Agent", "OWIN OAuth Provider"); userRequest.Headers.Add("Authorization", "BEARER " + accessToken); HttpResponseMessage graphResponse = await httpClient.SendAsync(userRequest, Request.CallCancelled); graphResponse.EnsureSuccessStatusCode(); text = await graphResponse.Content.ReadAsStringAsync(); JObject user = JObject.Parse(text); // Get the site details HttpRequestMessage siteRequest = new HttpRequestMessage(HttpMethod.Get, SiteInfoEndpoint + blogId); siteRequest.Headers.Add("User-Agent", "OWIN OAuth Provider"); siteRequest.Headers.Add("Authorization", "BEARER " + accessToken); HttpResponseMessage siteResponse = await httpClient.SendAsync(siteRequest, Request.CallCancelled); siteResponse.EnsureSuccessStatusCode(); text = await siteResponse.Content.ReadAsStringAsync(); JObject site = JObject.Parse(text); var context = new WordPressAuthenticatedContext(Context, user, site, accessToken, blogId, blogUrl); context.Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); if (!string.IsNullOrEmpty(context.Id)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Name)) { context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Email)) { context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { logger.WriteError(ex.Message); } return(new AuthenticationTicket(null, properties)); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { IReadableStringCollection query = Request.Query; string protectedRequestToken = Request.Cookies[StateCookie]; RequestToken requestToken = Options.StateDataFormat.Unprotect(protectedRequestToken); if (requestToken == null) { _logger.WriteWarning("Invalid state"); return(null); } properties = requestToken.Properties; string returnedToken = query.Get("oauth_token"); if (string.IsNullOrWhiteSpace(returnedToken)) { _logger.WriteWarning("Missing oauth_token"); return(new AuthenticationTicket(null, properties)); } if (returnedToken != requestToken.Token) { _logger.WriteWarning("Unmatched token"); return(new AuthenticationTicket(null, properties)); } string oauthVerifier = query.Get("oauth_verifier"); if (string.IsNullOrWhiteSpace(oauthVerifier)) { _logger.WriteWarning("Missing or blank oauth_verifier"); return(new AuthenticationTicket(null, properties)); } AccessToken accessToken = await ObtainAccessTokenAsync(Options.ConsumerKey, Options.ConsumerSecret, requestToken, oauthVerifier); var context = new TwitterAuthenticatedContext(Context, accessToken.UserId, accessToken.ScreenName, accessToken.Token, accessToken.TokenSecret); context.Identity = new ClaimsIdentity( new[] { new Claim(ClaimTypes.NameIdentifier, accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), new Claim(ClaimTypes.Name, accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), new Claim("urn:twitter:userid", accessToken.UserId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), new Claim("urn:twitter:screenname", accessToken.ScreenName, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType) }, Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); context.Properties = requestToken.Properties; Response.Cookies.Delete(StateCookie); await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError("Authentication failed", ex); return(new AuthenticationTicket(null, properties)); } }
private static string SerializeQuery(IReadableStringCollection query) { var dictionary = query.ToDictionary(item => item.Key, item => item.Value.Count > 1 ? (object)item.Value : item.Value[0]); var settings = new JsonSerializerSettings { StringEscapeHandling = StringEscapeHandling.EscapeHtml }; return JsonConvert.SerializeObject(dictionary, settings).Replace("\"", "'"); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, logger)) { return(new AuthenticationTicket(null, properties)); } string requestPrefix = "https://" + Request.Host; // Schema must be HTTPS string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; var param = new List <KeyValuePair <string, string> >(); param.Add(new KeyValuePair <string, string>("client_id", Options.AppId)); param.Add(new KeyValuePair <string, string>("client_secret", Options.AppSecret)); param.Add(new KeyValuePair <string, string>("grant_type", "authorization_code")); param.Add(new KeyValuePair <string, string>("code", code)); param.Add(new KeyValuePair <string, string>("redirect_uri", redirectUri)); FormUrlEncodedContent content = new FormUrlEncodedContent(param); // Request the token HttpResponseMessage tokenResponse = await httpClient.PostAsync(Options.Endpoints.TokenEndPoint, content); tokenResponse.EnsureSuccessStatusCode(); string text = await tokenResponse.Content.ReadAsStringAsync(); JObject token = JObject.Parse(text); string accessToken = NRIIAuthenticatedContext.TryGetValue(token, "access_token"); int expiresIn = Convert.ToInt32(NRIIAuthenticatedContext.TryGetValue(token, "expires_in")); // Get the NRII user string requestInfoQueryString = "?access_token=" + accessToken; HttpRequestMessage userRequest = new HttpRequestMessage(HttpMethod.Get, Options.Endpoints.UserInfoEndPoint + requestInfoQueryString); HttpResponseMessage userResponse = await httpClient.SendAsync(userRequest, Request.CallCancelled); userResponse.EnsureSuccessStatusCode(); text = await userResponse.Content.ReadAsStringAsync(); text = text.Substring(text.IndexOf('{'), text.LastIndexOf('}') - text.IndexOf('{') + 1); JObject user = JObject.Parse(text); var context = new NRIIAuthenticatedContext(Context, user, accessToken, expiresIn); context.Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); if (!string.IsNullOrEmpty(context.Id)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Name)) { context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Email)) { context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { logger.WriteError(ex.ToString()); } return(new AuthenticationTicket(null, properties)); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } if (!ValidateStateId(state, out properties)) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, _logger)) { return(new AuthenticationTicket(null, properties)); } var tokenRequestParameters = new List <KeyValuePair <string, string> >() { new KeyValuePair <string, string>("appid", Options.AppId), new KeyValuePair <string, string>("secret", Options.AppSecret), new KeyValuePair <string, string>("code", code), new KeyValuePair <string, string>("grant_type", "authorization_code"), }; var requestContent = new FormUrlEncodedContent(tokenRequestParameters); // 通过code获取access_token HttpResponseMessage response = await _httpClient.PostAsync(TokenEndpoint, requestContent, Request.CallCancelled); response.EnsureSuccessStatusCode(); string oauthTokenResponse = await response.Content.ReadAsStringAsync(); JObject oauth2Token = JObject.Parse(oauthTokenResponse); var accessToken = oauth2Token["access_token"].Value <string>(); // Refresh token is only available when wl.offline_access is request. // Otherwise, it is null. var refreshToken = oauth2Token.Value <string>("refresh_token"); var expire = oauth2Token.Value <string>("expires_in"); if (string.IsNullOrWhiteSpace(accessToken)) { _logger.WriteWarning("Access token was not found"); return(new AuthenticationTicket(null, properties)); } var openId = oauth2Token.Value <string>("openid"); var scope = oauth2Token.Value <string>("scope"); var unionId = oauth2Token.Value <string>("unionid"); // 获取用户信息 var userInfoResponse = await _httpClient.GetAsync(string.Format(UserInfoEndpoint + "?access_token={0}&openid={1}", Uri.EscapeDataString(accessToken), Uri.EscapeDataString(openId)), Request.CallCancelled); userInfoResponse.EnsureSuccessStatusCode(); string userInfoResponseString = await userInfoResponse.Content.ReadAsStringAsync(); JObject userInformation = JObject.Parse(userInfoResponseString); _logger.WriteInformation(userInfoResponseString); var context = new WeixinAuthenticatedContext(Context, userInformation, accessToken, refreshToken, expire); context.Identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, WeixinSecurityConstants.DefaultAuthenticationType, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), new Claim(ClaimTypes.Surname, context.OpenId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), new Claim(ClaimTypes.NameIdentifier, context.OpenId, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), new Claim(CommonClaimType.NickName, context.Nickame, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), new Claim(CommonClaimType.Avatar, context.HeadimgUrl, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), new Claim(WeixinSecurityConstants.WeixinClaimType, userInformation.ToString(), "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), }, Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); await Options.Provider.Authenticated(context); context.Properties = properties; return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError("Authentication failed", ex); return(new AuthenticationTicket(null, properties)); } }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, _logger)) { return(new AuthenticationTicket(null, properties)); } string requestPrefix = Request.Scheme + "://" + Request.Host; string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; var postContent = "?grant_type=authorization_code" + "&code=" + Uri.EscapeDataString(code) + "&redirect_uri=" + Uri.EscapeDataString(redirectUri) + "&client_id=" + Uri.EscapeDataString(Options.ClientId) + "&client_secret=" + Uri.EscapeDataString(Options.ClientSecret); var tokenResponse = await _httpClient.PostAsync(TokenEndpoint + postContent, null, Request.CallCancelled); tokenResponse.EnsureSuccessStatusCode(); var text = await tokenResponse.Content.ReadAsStringAsync(); dynamic form = JObject.Parse(text); string accessToken = form.access_token; var selfRespone = await _httpClient.GetAsync(string.Format(SelfEndpointTemplate, Uri.EscapeDataString(accessToken))); selfRespone.EnsureSuccessStatusCode(); text = await selfRespone.Content.ReadAsStringAsync(); dynamic self = JObject.Parse(text); JObject user = self.response["user"]; var context = new FoursquareAuthenticatedContext(Context, user, accessToken) { Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType) }; if (!string.IsNullOrEmpty(context.Id)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.FullName)) { context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.FullName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.FullName)) { context.Identity.AddClaim(new Claim("urn:Foursquare:fullName", context.FullName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Email)) { context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError(ex.Message); } return(new AuthenticationTicket(null, properties)); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, logger)) { return(new AuthenticationTicket(null, properties)); } // Check for error //if (Request.Query.Get("error") != null) // return new AuthenticationTicket(null, properties); string requestPrefix = Request.Scheme + "://" + Request.Host; string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; // Build up the body for the token request var body = new List <KeyValuePair <string, string> >(); body.Add(new KeyValuePair <string, string>("grant_type", "authorization_code")); body.Add(new KeyValuePair <string, string>("code", code)); body.Add(new KeyValuePair <string, string>("client_id", Options.AppKey)); body.Add(new KeyValuePair <string, string>("client_secret", Options.AppSecret)); body.Add(new KeyValuePair <string, string>("redirect_uri", redirectUri)); // Get token var tokenRequest = new HttpRequestMessage(HttpMethod.Post, "https://" + Options.Hostname + TokenEndpoint); tokenRequest.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); tokenRequest.Content = new FormUrlEncodedContent(body); HttpResponseMessage tokenResponse = await httpClient.SendAsync(tokenRequest, Request.CallCancelled); tokenResponse.EnsureSuccessStatusCode(); string text = await tokenResponse.Content.ReadAsStringAsync(); // Deserializes the token response dynamic response = JsonConvert.DeserializeObject <dynamic>(text); string accessToken = (string)response.access_token; string tokenType = (string)response.token_type; var userRequest = new HttpRequestMessage(HttpMethod.Get, "https://" + Options.Hostname + UserInfoEndpoint); userRequest.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); userRequest.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); //userRequest.Headers.Authorization = new AuthenticationHeaderValue(tokenType, accessToken); HttpResponseMessage graphResponse = await httpClient.SendAsync(userRequest, Request.CallCancelled); graphResponse.EnsureSuccessStatusCode(); text = await graphResponse.Content.ReadAsStringAsync(); JObject user = JObject.Parse(text); var context = new JawboneAuthenticatedContext(Context, user, accessToken); context.Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); if (!string.IsNullOrEmpty(context.Id)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Name)) { context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { logger.WriteError(ex.Message); } return(new AuthenticationTicket(null, properties)); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, logger)) { return(new AuthenticationTicket(null, properties)); } string requestPrefix = Request.Scheme + "://" + Request.Host; string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; // Build up the body for the token request var body = new List <KeyValuePair <string, string> >(); body.Add(new KeyValuePair <string, string>("grant_type", "authorization_code")); body.Add(new KeyValuePair <string, string>("client_id", Options.ClientId)); body.Add(new KeyValuePair <string, string>("client_secret", Options.ClientSecret)); body.Add(new KeyValuePair <string, string>("redirect_uri", redirectUri)); body.Add(new KeyValuePair <string, string>("code", code)); /*Your app makes a POST request to https://app.asana.com/-/oauth_token, passing the parameters as part of a standard form-encoded post body. * grant_type - required Must be authorization_code * client_id - required The Client ID uniquely identifies the application making the request. * client_secret - required The Client Secret belonging to the app, found in the details pane of the developer view * redirect_uri - required Must match the redirect_uri specified in the original request * code - required The code you are exchanging for an auth token */ // Request the token var requestMessage = new HttpRequestMessage(HttpMethod.Post, Options.Endpoints.TokenEndpoint); requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); requestMessage.Content = new FormUrlEncodedContent(body); HttpResponseMessage tokenResponse = await httpClient.SendAsync(requestMessage); tokenResponse.EnsureSuccessStatusCode(); string text = await tokenResponse.Content.ReadAsStringAsync(); // Deserializes the token response dynamic response = JsonConvert.DeserializeObject <dynamic>(text); string accessToken = (string)response.access_token; /* * In the response, you will receive a JSON payload with the following parameters: * access_token - The token to use in future requests against the API * expires_in - The number of seconds the token is valid, typically 3600 (one hour) * token_type - The type of token, in our case, bearer * refresh_token - If exchanging a code, a long-lived token that can be used to get new access tokens when old ones expire. * data - A JSON object encoding a few key fields about the logged-in user, currently id, name, and email. */ // Get the Asana user var context = new AsanaAuthenticatedContext(Context, response.data, accessToken); context.Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); if (!string.IsNullOrEmpty(context.Id)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Email)) { context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Name)) { context.Identity.AddClaim(new Claim("urn:asana:name", context.Name, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { logger.WriteError(ex.Message); } return(new AuthenticationTicket(null, properties)); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, logger)) { return(new AuthenticationTicket(null, properties)); } string requestPrefix = Request.Scheme + "://" + Request.Host; string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; // Build up the body for the token request var body = new List <KeyValuePair <string, string> >(); body.Add(new KeyValuePair <string, string>("code", code)); body.Add(new KeyValuePair <string, string>("redirect_uri", redirectUri)); body.Add(new KeyValuePair <string, string>("client_id", Options.ClientId)); body.Add(new KeyValuePair <string, string>("client_secret", Options.ClientSecret)); // Request the token HttpResponseMessage tokenResponse = await httpClient.PostAsync(TokenEndpoint, new FormUrlEncodedContent(body)); tokenResponse.EnsureSuccessStatusCode(); string text = await tokenResponse.Content.ReadAsStringAsync(); // Deserializes the token response //dynamic response = JsonConvert.DeserializeObject<dynamic>(text); var responseTokens = HttpUtility.ParseQueryString(text); string accessToken = responseTokens["access_token"]; string expires = responseTokens["expires"]; // Get the StackExchange user HttpRequestMessage userRequest = new HttpRequestMessage(HttpMethod.Get, UserInfoEndpoint + "&access_token=" + Uri.EscapeDataString(accessToken) + "&key=" + Uri.EscapeDataString(Options.Key)); HttpResponseMessage graphResponse = await httpClient.SendAsync(userRequest, Request.CallCancelled); graphResponse.EnsureSuccessStatusCode(); //According to http://api.stackexchange.com/docs/compression - //Responses would always be compressed //If Accept-Encoding request header is not set, compression would be GZIP //If Content-Encoding is not specified in response header, assume GZIP using (var stream = new GZipStream(await graphResponse.Content.ReadAsStreamAsync(), CompressionMode.Decompress)) { var sr = new StreamReader(stream); text = sr.ReadToEnd(); } JObject userResponse = JObject.Parse(text); JToken userAccounts; JObject user = userResponse.TryGetValue("items", out userAccounts) ? userAccounts.First as JObject : null; var context = new StackExchangeAuthenticatedContext(Context, user, accessToken, expires) { Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType) }; if (!string.IsNullOrEmpty(context.Id)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.UserName)) { context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Name)) { context.Identity.AddClaim(new Claim("urn:stackexchange:name", context.Name, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Link)) { context.Identity.AddClaim(new Claim("urn:stackexchange:url", context.Link, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.AccessToken)) { context.Identity.AddClaim(new Claim("urn:stackexchange:accesstoken", context.AccessToken, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.ProfileImage)) { context.Identity.AddClaim(new Claim("urn:stackexchange:profileimage", context.ProfileImage, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { logger.WriteError(ex.Message); } return(new AuthenticationTicket(null, properties)); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("error"); if (values != null && values.Count >= 1) { _logger.WriteVerbose("Remote server returned an error: " + Request.QueryString); } values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, _logger)) { return(new AuthenticationTicket(null, properties)); } if (code == null) { // Null if the remote server returns an error. return(new AuthenticationTicket(null, properties)); } string requestPrefix = Request.Scheme + "://" + Request.Host; string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; string tokenRequest = "grant_type=authorization_code" + "&code=" + Uri.EscapeDataString(code) + "&redirect_uri=" + Uri.EscapeDataString(redirectUri) + "&client_id=" + Uri.EscapeDataString(Options.AppId) + "&client_secret=" + Uri.EscapeDataString(Options.AppSecret); HttpResponseMessage tokenResponse = await _httpClient.GetAsync(TokenEndpoint + "?" + tokenRequest, Request.CallCancelled); tokenResponse.EnsureSuccessStatusCode(); string content = await tokenResponse.Content.ReadAsStringAsync(); JObject token = JObject.Parse(content); string accessToken = token["access_token"].Value <string>(); string expires = token["expires_in"].Value <string>(); // get user info string graphAddress = UserInfoEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken); if (Options.SendAppSecretProof) { graphAddress += "&appsecret_proof=" + GenerateAppSecretProof(accessToken); } HttpResponseMessage graphResponse = await _httpClient.GetAsync(graphAddress, Request.CallCancelled); graphResponse.EnsureSuccessStatusCode(); content = await graphResponse.Content.ReadAsStringAsync(); JObject user = JObject.Parse(content); // get permissions string permissionsAddress = PermissionsEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken); if (Options.SendAppSecretProof) { permissionsAddress += "&appsecret_proof=" + GenerateAppSecretProof(accessToken); } HttpResponseMessage permissionsResponse = await _httpClient.GetAsync(permissionsAddress, Request.CallCancelled); permissionsResponse.EnsureSuccessStatusCode(); content = await permissionsResponse.Content.ReadAsStringAsync(); JObject permissions = JObject.Parse(content); // parse reponses var context = new FacebookAuthenticatedContext(Context, user, permissions, accessToken, expires); context.Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); if (!string.IsNullOrEmpty(context.Id)) { context.Identity.AddClaim( new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.UserName)) { context.Identity.AddClaim( new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Email)) { context.Identity.AddClaim( new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Name)) { context.Identity.AddClaim( new Claim("urn:facebook:name", context.Name, XmlSchemaString, Options.AuthenticationType)); // Many Facebook accounts do not set the UserName field. Fall back to the Name field instead. if (string.IsNullOrEmpty(context.UserName)) { context.Identity.AddClaim( new Claim(ClaimsIdentity.DefaultNameClaimType, context.Name, XmlSchemaString, Options.AuthenticationType)); } } if (!string.IsNullOrEmpty(context.Link)) { context.Identity.AddClaim( new Claim("urn:facebook:link", context.Link, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError("Authentication failed", ex); return(new AuthenticationTicket(null, properties)); } }
/// <summary> /// Initializes a new instance of the <see cref="OAuthValidateClientAuthenticationContext"/> class /// </summary> /// <param name="context"></param> /// <param name="options"></param> /// <param name="parameters"></param> public OAuthValidateClientAuthenticationContext(HttpContext context, OAuthAuthorizationServerOptions options, IReadableStringCollection parameters) : base(context, options, null) { Parameters = parameters; }
/// <summary> /// Adds the openid parameters from querystring or form body into Namespaces and Properties collections. /// This normalizes the parameter name, by replacing the variable namespace alias with the /// actual namespace in the collection's key, and will optionally skip any parameters that are /// not signed if the strict argument is true. /// </summary> /// <param name="parameters">The keys and values of the incoming querystring or form body</param> /// <param name="strict">True if keys that are not signed should be ignored</param> private void Add(IReadableStringCollection parameters, bool strict) { IEnumerable<KeyValuePair<string, string[]>> addingParameters; // strict is true if keys that are not signed should be strict if (strict) { var signed = parameters.GetValues("openid.signed"); if (signed == null || signed.Count != 1) { // nothing is added if the signed parameter is not present return; } // determine the set of keys that are signed, or which may be used without // signing. ns, mode, signed, and sig each may be used without signing. var strictKeys = new HashSet<string>(signed[0] .Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries) .Select(value => "openid." + value) .Concat(new[] { "openid.ns", "openid.mode", "openid.signed", "openid.sig" })); // the parameters to add are only the parameters what are in this set addingParameters = parameters.Where(kv => strictKeys.Contains(kv.Key)); } else { // when strict is false all of the incoming parameters are to be added addingParameters = parameters; } // convert the incoming parameter strings into Property objects. the // Key is the raw key name. The Name starts of being equal to Key with a // trailing dot appended. The Value is the query or form value, with a comma delimiter // inserted between multiply occuring values. var addingProperties = addingParameters.Select(kv => new Property { Key = kv.Key, Name = kv.Key + ".", Value = string.Join(",", kv.Value) }).ToArray(); // first, recognize which parameters are namespace declarations var namespacePrefixes = new Dictionary<string, Property>(StringComparer.Ordinal); foreach (var item in addingProperties.Where(item => item.Name.StartsWith("openid.ns.", StringComparison.Ordinal))) { // the value of the parameter is the uri of the namespace item.Namespace = item.Value; item.Name = "openid." + item.Name.Substring("openid.ns.".Length); // the namespaces collection is keyed by the ns uri Namespaces.Add(item.Namespace, item); // and the prefixes collection is keyed by "openid.alias." namespacePrefixes.Add(item.Name, item); } // second, recognize which parameters are property values foreach (var item in addingProperties) { // anything with a namespace was already added to Namespaces if (item.Namespace != null) continue; // look for the namespace match for this property. Property match = null; // try finding where openid.alias.arg2 matches openid.ns.alies namespace if (item.Name.StartsWith("openid.", StringComparison.Ordinal)) { var dotIndex = item.Name.IndexOf('.', "openid.".Length); if (dotIndex != -1) { var namespacePrefix = item.Name.Substring(0, dotIndex + 1); namespacePrefixes.TryGetValue(namespacePrefix, out match); } } // then try finding where openid.arg1 should match openid.ns namespace if (match == null) { namespacePrefixes.TryGetValue("openid.", out match); } // when a namespace is found if (match != null) { // the property's namespace is defined, and the namespace's prefix is removed item.Namespace = match.Namespace; item.Name = item.Name.Substring(match.Name.Length); } // the resulting property key is keyed by the local name and namespace // so "openid.arg1" becomes "arg1.namespace-uri-of-openid" // and "openid.alias.arg2" becomes "arg2.namespace-uri-of-alias" Properties.Add(item.Name + item.Namespace, item); } }
public HttpRequestParams(IReadableStringCollection urlData, IFormCollection formData) { UrlData = urlData; FormData = formData; }
public RequestCookiesFeature([NotNull] IReadableStringCollection cookies) { _cookies = cookies; }
/// <summary> /// Creates a provider for <see cref="IReadableStringCollection"/> wrapping an existing set of key value pairs. /// </summary> /// <param name="values">The key value pairs to wrap.</param> /// <param name="culture">The culture to return with ValueProviderResult instances.</param> public ReadableStringCollectionValueProvider([NotNull] IReadableStringCollection values, CultureInfo culture) { _values = values; _culture = culture; }
/// <summary> /// Creates a NameValuePairsProvider wrapping an existing set of key value pairs. /// </summary> /// <param name="values">The key value pairs to wrap.</param> /// <param name="culture">The culture to return with ValueProviderResult instances.</param> public ReadableStringCollectionValueProvider([NotNull] IReadableStringCollection values, CultureInfo culture) { _values = values; _culture = culture; }
public static ImageDisParameters AppendParameters(this ImageDisParameters param, IReadableStringCollection query) { foreach (var q in query) { int integer; bool boolean; if (int.TryParse(q.Value.First(), out integer)) { param.Add(q.Key, integer); } else if (bool.TryParse(q.Value.First(), out boolean)) { param.Add(q.Key, boolean); } else { param.Add(q.Key, q.Value.First()); } } return(param); }
private Query DeserializeFromQueryString(string name, IReadableStringCollection query) { return CqrsApplication.GetService<IDeserializer>().CreateQuery(name, query.Select(kv => new KeyValuePair<string, IEnumerable<string>>(kv.Key, kv.Value))); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, _logger)) { return(new AuthenticationTicket(null, properties)); } string requestPrefix = Request.Scheme + "://" + Request.Host; string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; string tokenRequest = "client_id=" + Uri.EscapeDataString(Options.ClientId) + "&client_secret=" + Uri.EscapeDataString(Options.ClientSecret) + "&code=" + Uri.EscapeDataString(code) + "&redirect_uri=" + Uri.EscapeDataString(redirectUri); HttpRequestMessage _httpRequest = new HttpRequestMessage(); HttpResponseMessage tokenResponse = await _httpClient.PostAsync(TokenEndpoint + "?" + tokenRequest, _httpRequest.Content, Request.CallCancelled); tokenResponse.EnsureSuccessStatusCode(); string text = await tokenResponse.Content.ReadAsStringAsync(); IFormCollection form = WebHelpers.ParseForm(text); string accessToken = form["access_token"]; string expires = form["expires"]; HttpResponseMessage graphResponse = await _httpClient.GetAsync( ApiEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken) + "&site=" + Uri.EscapeDataString(Options.Site) + "&key=" + Uri.EscapeDataString(Options.Key), Request.CallCancelled); graphResponse.EnsureSuccessStatusCode(); Stream rawStream = await graphResponse.Content.ReadAsStreamAsync(); using (GZipStream gzipStream = new GZipStream(rawStream, CompressionMode.Decompress)) using (StreamReader streamReader = new StreamReader(gzipStream)) { text = await streamReader.ReadToEndAsync(); } JObject info = JObject.Parse(text); JToken items = info["items"]; JToken userToken = items.First; JObject user = userToken as JObject; var context = new StackExchangeAuthenticatedContext(Context, user, accessToken, expires); context.Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); if (!string.IsNullOrEmpty(context.UserId)) { context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.UserId, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.DisplayName)) { context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.DisplayName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Email)) { context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.AccountId)) { context.Identity.AddClaim(new Claim("urn:stackexchange:accountId", context.AccountId, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Link)) { context.Identity.AddClaim(new Claim("urn:stackexchange:link", context.Link, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError(ex.Message); } return(new AuthenticationTicket(null, properties)); }
private static void AddStringCollectionKey(StringBuilder builder, string keyName, string value, IReadableStringCollection sourceCollection) { if (!string.IsNullOrEmpty(value)) { // keyName(param1=value1|param2=value2) builder.Append(CacheKeyTokenSeparator) .Append(keyName) .Append("("); var tokenFound = false; foreach (var item in Tokenize(value)) { tokenFound = true; builder.Append(item) .Append(CacheKeyTokenSeparator) .Append(sourceCollection[item]) .Append(CacheKeyTokenSeparator); } if (tokenFound) { // Remove the trailing separator builder.Length -= CacheKeyTokenSeparator.Length; } builder.Append(")"); } }
protected override async Task ApplyResponseGrantAsync() { AuthenticationResponseGrant signin = Helper.LookupSignIn(Options.AuthenticationType); bool shouldSignin = signin != null; AuthenticationResponseRevoke signout = Helper.LookupSignOut(Options.AuthenticationType, Options.AuthenticationMode); bool shouldSignout = signout != null; if (!(shouldSignin || shouldSignout || _shouldRenew)) { return; } AuthenticationTicket model = await AuthenticateAsync(); try { var cookieOptions = new CookieOptions { Domain = Options.CookieDomain, HttpOnly = Options.CookieHttpOnly, Path = Options.CookiePath ?? "/", }; if (Options.CookieSecure == CookieSecureOption.SameAsRequest) { cookieOptions.Secure = Request.IsSecure; } else { cookieOptions.Secure = Options.CookieSecure == CookieSecureOption.Always; } #region == 登陆,登出,刷新 == // 登陆 if (shouldSignin) { var signInContext = new CookieResponseSignInContext( Context, Options, Options.AuthenticationType, signin.Identity, signin.Properties, cookieOptions); DateTimeOffset issuedUtc; if (signInContext.Properties.IssuedUtc.HasValue) { issuedUtc = signInContext.Properties.IssuedUtc.Value; } else { issuedUtc = Options.SystemClock.UtcNow; signInContext.Properties.IssuedUtc = issuedUtc; } if (!signInContext.Properties.ExpiresUtc.HasValue) { signInContext.Properties.ExpiresUtc = issuedUtc.Add(Options.ExpireTimeSpan); } Options.Provider.ResponseSignIn(signInContext); if (signInContext.Properties.IsPersistent) { DateTimeOffset expiresUtc = signInContext.Properties.ExpiresUtc ?? issuedUtc.Add(Options.ExpireTimeSpan); signInContext.CookieOptions.Expires = expiresUtc.ToUniversalTime().DateTime; } model = new AuthenticationTicket(signInContext.Identity, signInContext.Properties); if (Options.SessionStore != null) { if (_sessionKey != null) { await Options.SessionStore.RemoveAsync(_sessionKey); } _sessionKey = await Options.SessionStore.StoreAsync(model); ClaimsIdentity identity = new ClaimsIdentity( new[] { new Claim(SessionIdClaim, _sessionKey) }, Options.AuthenticationType); model = new AuthenticationTicket(identity, null); } string cookieValue = Options.TicketDataFormat.Protect(model); Options.CookieManager.AppendResponseCookie( Context, Options.CookieName, cookieValue, signInContext.CookieOptions); var signedInContext = new CookieResponseSignedInContext( Context, Options, Options.AuthenticationType, signInContext.Identity, signInContext.Properties); Options.Provider.ResponseSignedIn(signedInContext); } // 登出 else if (shouldSignout) { if (Options.SessionStore != null && _sessionKey != null) { await Options.SessionStore.RemoveAsync(_sessionKey); } var context = new CookieResponseSignOutContext( Context, Options, cookieOptions); Options.Provider.ResponseSignOut(context); Options.CookieManager.DeleteCookie( Context, Options.CookieName, context.CookieOptions); } // 刷新 else if (_shouldRenew) { model.Properties.IssuedUtc = _renewIssuedUtc; model.Properties.ExpiresUtc = _renewExpiresUtc; if (Options.SessionStore != null && _sessionKey != null) { await Options.SessionStore.RenewAsync(_sessionKey, model); ClaimsIdentity identity = new ClaimsIdentity( new[] { new Claim(SessionIdClaim, _sessionKey) }, Options.AuthenticationType); model = new AuthenticationTicket(identity, null); } string cookieValue = Options.TicketDataFormat.Protect(model); if (model.Properties.IsPersistent) { cookieOptions.Expires = _renewExpiresUtc.ToUniversalTime().DateTime; } Options.CookieManager.AppendResponseCookie( Context, Options.CookieName, cookieValue, cookieOptions); } #endregion Response.Headers.Set( HeaderNameCacheControl, HeaderValueNoCache); Response.Headers.Set( HeaderNamePragma, HeaderValueNoCache); Response.Headers.Set( HeaderNameExpires, HeaderValueMinusOne); // 跳转 bool shouldLoginRedirect = shouldSignin && Options.LoginPath.HasValue && Request.Path == Options.LoginPath; bool shouldLogoutRedirect = shouldSignout && Options.LogoutPath.HasValue && Request.Path == Options.LogoutPath; if ((shouldLoginRedirect || shouldLogoutRedirect) && Response.StatusCode == 200) { IReadableStringCollection query = Request.Query; string redirectUri = query.Get(Options.ReturnUrlParameter); // 根据url参数读取 跳转url if (!string.IsNullOrWhiteSpace(redirectUri) && IsHostRelative(redirectUri)) { var redirectContext = new CookieApplyRedirectContext(Context, Options, redirectUri); Options.Provider.ApplyRedirect(redirectContext); } } } catch (Exception exception) { CookieExceptionContext exceptionContext = new CookieExceptionContext(Context, Options, CookieExceptionContext.ExceptionLocation.ApplyResponseGrant, exception, model); Options.Provider.Exception(exceptionContext); if (exceptionContext.Rethrow) { throw; } } }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("error"); if (values != null && values.Count >= 1) { _logger.WriteVerbose("Remote server returned an error: " + Request.QueryString); } values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } if (code == null) { // Null if the remote server returns an error. return(new AuthenticationTicket(null, properties)); } string requestPrefix = Request.Scheme + "://" + Request.Host; string redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath; var formContent = new FormUrlEncodedContent(new[] { new KeyValuePair <string, string>("code", Uri.EscapeDataString(code)) }); HttpResponseMessage tokenResponse = await _httpClient.PostAsync(Options.UserInformationEndpoint, formContent, Request.CallCancelled); tokenResponse.EnsureSuccessStatusCode(); string user = await tokenResponse.Content.ReadAsStringAsync(); JObject response = JObject.Parse(user); string accessToken = response.Value <string>("access_token"); if (string.IsNullOrWhiteSpace(accessToken)) { _logger.WriteWarning("Access token was not found"); return(new AuthenticationTicket(null, properties)); } var email = response.Value <string>("Email"); var defaultUserName = response.Value <string>("DefaultUserName"); var context = new VanLangAuthenticatedContext(Context); context.Identity = new ClaimsIdentity( Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, accessToken, XmlSchemaString, Options.AuthenticationType)); if (!string.IsNullOrEmpty(defaultUserName)) { context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, defaultUserName, XmlSchemaString, Options.AuthenticationType)); } if (!string.IsNullOrEmpty(email)) { context.Identity.AddClaim(new Claim(ClaimTypes.Email, email, XmlSchemaString, Options.AuthenticationType)); } context.Properties = properties; await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError("Authentication failed", ex); return(new AuthenticationTicket(null, properties)); } }
private static NameValueCollection BuildParams(IFormCollection form, IReadableStringCollection query) { var nvc = new NameValueCollection(); if (form != null) foreach (var item in form) nvc[item.Key] = item.Value[0]; foreach (var item in query) nvc[item.Key] = item.Value[0]; return nvc; }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; string code = null; string state = null; try { IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (code == null) { // Null if the remote server returns an error. return(new AuthenticationTicket(null, properties)); } var tokenRequestParameters = string.Format( CultureInfo.InvariantCulture, "client_id={0}&redirect_uri={1}&client_secret={2}&code={3}&grant_type=authorization_code", Uri.EscapeDataString(Options.ClientId), Uri.EscapeDataString(GenerateRedirectUri(properties)), Uri.EscapeDataString(Options.ClientSecret), code); var body = new Dictionary <string, string> { { "client_id", Options.ClientId }, { "redirect_uri", GenerateRedirectUri(properties) }, { "client_secret", Options.ClientSecret }, { "code", Uri.EscapeDataString(code) }, { "grant_type", "authorization_code" } }; HttpResponseMessage tokenResponse = await _httpClient.PostAsync(string.Format(TokenEndpoint, Options.Domain), new FormUrlEncodedContent(body), Request.CallCancelled); await EnsureTokenExchangeSuccessful(tokenResponse); string text = await tokenResponse.Content.ReadAsStringAsync(); JObject tokens = JObject.Parse(text); string accessToken = tokens["access_token"].Value <string>(); string idToken = tokens["id_token"] != null ? tokens["id_token"].Value <string>() : null; string refreshToken = tokens["refresh_token"] != null ? tokens["refresh_token"].Value <string>() : null; HttpResponseMessage graphResponse = await _httpClient.GetAsync( string.Format(UserInfoEndpoint, Options.Domain) + "?access_token=" + Uri.EscapeDataString(accessToken), Request.CallCancelled); graphResponse.EnsureSuccessStatusCode(); text = await graphResponse.Content.ReadAsStringAsync(); JObject user = JObject.Parse(text); var context = new Auth0AuthenticatedContext(Context, user, accessToken, idToken, refreshToken); context.Identity = new ClaimsIdentity( new[] { new Claim(ClaimTypes.NameIdentifier, context.Id, "http://www.w3.org/2001/XMLSchema#string", context.Connection), new Claim(ClaimTypes.Name, context.Name, "http://www.w3.org/2001/XMLSchema#string", context.Connection), new Claim("user_id", context.Id, "http://www.w3.org/2001/XMLSchema#string", Constants.Auth0Issuer), }, Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); if (!string.IsNullOrWhiteSpace(context.Email)) { context.Identity.AddClaim(new Claim("email", context.Email, "http://www.w3.org/2001/XMLSchema#string", context.Connection)); context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, "http://www.w3.org/2001/XMLSchema#string", context.Connection)); } if (!string.IsNullOrWhiteSpace(context.FirstName)) { context.Identity.AddClaim(new Claim("given_name", context.FirstName, "http://www.w3.org/2001/XMLSchema#string", context.Connection)); } if (!string.IsNullOrWhiteSpace(context.LastName)) { context.Identity.AddClaim(new Claim("family_name", context.LastName, "http://www.w3.org/2001/XMLSchema#string", context.Connection)); } if (!string.IsNullOrWhiteSpace(context.Connection)) { context.Identity.AddClaim(new Claim("connection", context.Connection, "http://www.w3.org/2001/XMLSchema#string", context.Connection)); } if (!string.IsNullOrWhiteSpace(context.Picture)) { context.Identity.AddClaim(new Claim("picture", context.Picture, "http://www.w3.org/2001/XMLSchema#string", context.Connection)); } if (!string.IsNullOrWhiteSpace(context.Provider)) { context.Identity.AddClaim(new Claim("provider", context.Provider, "http://www.w3.org/2001/XMLSchema#string", context.Connection)); } if (!string.IsNullOrWhiteSpace(context.ProviderAccessToken)) { context.Identity.AddClaim(new Claim("provider_access_token", context.ProviderAccessToken, "http://www.w3.org/2001/XMLSchema#string", context.Connection)); } if (Options.SaveIdToken && !string.IsNullOrWhiteSpace(context.IdToken)) { context.Identity.AddClaim(new Claim("id_token", context.IdToken, "http://www.w3.org/2001/XMLSchema#string", Constants.Auth0Issuer)); } if (Options.SaveRefreshToken && !string.IsNullOrWhiteSpace(context.RefreshToken)) { context.Identity.AddClaim(new Claim("refresh_token", context.RefreshToken, "http://www.w3.org/2001/XMLSchema#string", Constants.Auth0Issuer)); } context.Identity.AddClaim(new Claim("access_token", context.AccessToken, "http://www.w3.org/2001/XMLSchema#string", Constants.Auth0Issuer)); context.Properties = properties ?? new AuthenticationProperties(); await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { var tokenExchangeFailedContext = new Auth0TokenExchangeFailedContext( Context, Options, ex, code, state); Options.Provider.TokenExchangeFailed(tokenExchangeFailedContext); _logger.WriteError(ex.Message); } return(new AuthenticationTicket(null, properties)); }
private Dictionary<string, string> ToDictionary(IReadableStringCollection nameValueCollection) { var result = new Dictionary<string, string>(); foreach (var kvp in nameValueCollection) { result[kvp.Key] = nameValueCollection.Get(kvp.Key); } return result; }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { string code = null; string state = null; IReadableStringCollection query = Request.Query; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } values = query.GetValues("state"); if (values != null && values.Count == 1) { state = values[0]; } properties = Options.StateDataFormat.Unprotect(state); if (properties == null) { return(null); } // OAuth2 10.12 CSRF if (!ValidateCorrelationId(properties, _logger)) { return(new AuthenticationTicket(null, properties)); } var tokenRequestParameters = new List <KeyValuePair <string, string> >() { new KeyValuePair <string, string>("client_id", Options.ClientId), new KeyValuePair <string, string>("redirect_uri", GenerateRedirectUri()), new KeyValuePair <string, string>("client_secret", Options.ClientSecret), new KeyValuePair <string, string>("code", code), new KeyValuePair <string, string>("grant_type", "authorization_code"), }; var requestContent = new FormUrlEncodedContent(tokenRequestParameters); HttpResponseMessage response = await _httpClient.PostAsync(TokenEndpoint, requestContent, Request.CallCancelled); response.EnsureSuccessStatusCode(); string oauthTokenResponse = await response.Content.ReadAsStringAsync(); JObject oauth2Token = JObject.Parse(oauthTokenResponse); var accessToken = oauth2Token["access_token"].Value <string>(); // Refresh token is only available when wl.offline_access is request. // Otherwise, it is null. var refreshToken = oauth2Token.Value <string>("refresh_token"); var expire = oauth2Token.Value <string>("expires_in"); if (string.IsNullOrWhiteSpace(accessToken)) { _logger.WriteWarning("Access token was not found"); return(new AuthenticationTicket(null, properties)); } HttpResponseMessage graphResponse = await _httpClient.GetAsync( GraphApiEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken), Request.CallCancelled); graphResponse.EnsureSuccessStatusCode(); string accountString = await graphResponse.Content.ReadAsStringAsync(); JObject accountInformation = JObject.Parse(accountString); var context = new MicrosoftAccountAuthenticatedContext(Context, accountInformation, accessToken, refreshToken, expire); context.Identity = new ClaimsIdentity( new[] { new Claim(ClaimTypes.NameIdentifier, context.Id, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), new Claim(ClaimTypes.Name, context.Name, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), new Claim("urn:microsoftaccount:id", context.Id, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType), new Claim("urn:microsoftaccount:name", context.Name, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType) }, Options.AuthenticationType, ClaimsIdentity.DefaultNameClaimType, ClaimsIdentity.DefaultRoleClaimType); if (!string.IsNullOrWhiteSpace(context.Email)) { context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)); } await Options.Provider.Authenticated(context); context.Properties = properties; return(new AuthenticationTicket(context.Identity, context.Properties)); } catch (Exception ex) { _logger.WriteError("Authentication failed", ex); return(new AuthenticationTicket(null, properties)); } }
protected async override Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; AuthenticationTicket authenticationTicket; IReadableStringCollection query = this.Request.Query; properties = this.UnpackStateParameter(query); string code = string.Empty; IList <string> values = query.GetValues("code"); if (values != null && values.Count == 1) { code = values[0]; } if (string.IsNullOrEmpty(code)) { authenticationTicket = new AuthenticationTicket(null, properties); return(authenticationTicket); } if (properties == null) { authenticationTicket = null; } else if (!this.ValidateCorrelationId(properties, this._logger)) { authenticationTicket = new AuthenticationTicket(null, properties); } else { string tokenEndpoint = "https://api.weibo.com/oauth2/access_token?client_id={0}&client_secret={1}&grant_type=authorization_code&redirect_uri={3}&code={2}"; var url = string.Format( tokenEndpoint, Uri.EscapeDataString(this.Options.AppID), Uri.EscapeDataString(this.Options.AppKey), Uri.EscapeDataString(code), Uri.EscapeDataString("http://" + this.Request.Host)); HttpResponseMessage tokenResponse = await this._httpClient.PostAsync(url, new StringContent(""), this.Request.CallCancelled); tokenResponse.EnsureSuccessStatusCode(); string access_tokenReturnValue = await tokenResponse.Content.ReadAsStringAsync(); var accesstokenpa = "\"access_token\":\"(.+?)\""; var accesstoken = Regex.Match(access_tokenReturnValue, accesstokenpa).Groups[1].Value; var uidpa = "\"uid\":\"(.+?)\""; var openid = Regex.Match(access_tokenReturnValue, uidpa).Groups[1].Value; var nameurlFormate = "https://api.weibo.com/2/users/show.json?access_token={0}&uid={1}"; var nameurl = string.Format( nameurlFormate, Uri.EscapeDataString(accesstoken), Uri.EscapeDataString(openid)); var nameResponse = await this._httpClient.GetAsync(nameurl, this.Request.CallCancelled); nameResponse.EnsureSuccessStatusCode(); string nametxt = await nameResponse.Content.ReadAsStringAsync(); var namepa = "\"name\":\"(.+?)\""; var name = Regex.Match(nametxt, namepa).Groups[1].Value; //todo var context = new SinaAuthenticatedContext(this.Context, accesstoken, openid, name); var identity = new ClaimsIdentity(this.Options.AuthenticationType); if (!string.IsNullOrEmpty(context.OpenId)) { identity.AddClaim( new Claim( "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", context.OpenId, "http://www.w3.org/2001/XMLSchema#string", this.Options.AuthenticationType)); } if (!string.IsNullOrEmpty(context.Name)) { identity.AddClaim( new Claim( "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", context.Name, "http://www.w3.org/2001/XMLSchema#string", this.Options.AuthenticationType)); } await this.Options.Provider.Authenticated(context); authenticationTicket = new AuthenticationTicket(identity, properties); } return(authenticationTicket); }
public Message(IReadableStringCollection parameters, bool strict) { Namespaces = new Dictionary<string, Property>(StringComparer.Ordinal); Properties = new Dictionary<string, Property>(parameters.Count(), StringComparer.Ordinal); Add(parameters, strict); }
public static ScimQueryOptions GetScimQueryOptions(this IReadableStringCollection collection, ScimServerConfiguration configuration) { var queryOptions = new ScimQueryOptions(); queryOptions.Attributes = collection.GetValues("attributes") .ToMaybe() .Bind(attributes => new HashSet <string>(attributes.Distinct(StringComparer.OrdinalIgnoreCase), StringComparer.OrdinalIgnoreCase).ToMaybe()) .FromMaybe(new HashSet <string>()); queryOptions.ExcludedAttributes = collection.GetValues("excludedAttributes") .ToMaybe() .Bind(attributes => new HashSet <string>(attributes.Distinct(StringComparer.OrdinalIgnoreCase), StringComparer.OrdinalIgnoreCase).ToMaybe()) .FromMaybe(new HashSet <string>()); queryOptions.Filter = collection.Get("filter") .ToMaybe() .Bind(filter => new ScimFilter(configuration.ResourceExtensionSchemas.Keys, filter).Paths.MaybeSingle()) .FromMaybe(null); queryOptions.SortBy = collection.Get("sortBy"); queryOptions.SortOrder = collection.Get("sortOrder") .ToMaybe() .Bind( sortOrder => (sortOrder.Equals("descending", StringComparison.OrdinalIgnoreCase) ? SortOrder.Descending : SortOrder.Ascending).ToMaybe()) .FromMaybe(SortOrder.Ascending); // default queryOptions.StartIndex = collection.Get("startIndex") .ToMaybe() .Bind(index => { // The 1-based index of the first query result. A value less than 1 SHALL be interpreted as 1. int indexInt = 1; try { indexInt = Convert.ToInt32(index); } catch {} return((indexInt < 1 ? 1 : indexInt).ToMaybe()); }) .FromMaybe(1); // default queryOptions.Count = collection.Get("count") .ToMaybe() .Bind(count => { // Non-negative integer. Specifies the desired maximum number of query // results per page, e.g., 10. A negative value SHALL be interpreted as // "0". A value of "0" indicates that no resource indicates that no resource // except for "totalResults". int countInt = 0; try { countInt = Convert.ToInt32(count); } catch { } return((countInt < 0 ? 0 : countInt).ToMaybe()); }) .FromMaybe(configuration.GetFeature <ScimFeatureFilter>(ScimFeatureType.Filter).MaxResults); // default return(queryOptions); }
public ReadableStringCollectionWrapper(IReadableStringCollection readableStringCollection) { _readableStringCollection = readableStringCollection; }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { AuthenticationProperties properties = null; try { IReadableStringCollection query = Request.Query; properties = UnpackStateParameter(query); if (properties == null) { _logger.WriteWarning("Invalid return state"); return(null); } // Anti-CSRF if (!ValidateCorrelationId(properties, _logger)) { return(new AuthenticationTicket(null, properties)); } Message message = await ParseRequestMessageAsync(query); bool messageValidated = false; Property mode; if (!message.Properties.TryGetValue("mode.http://specs.openid.net/auth/2.0", out mode)) { _logger.WriteWarning("Missing mode parameter"); return(new AuthenticationTicket(null, properties)); } if (string.Equals("cancel", mode.Value, StringComparison.Ordinal)) { _logger.WriteWarning("User cancelled signin request"); return(new AuthenticationTicket(null, properties)); } if (string.Equals("id_res", mode.Value, StringComparison.Ordinal)) { mode.Value = "check_authentication"; var requestBody = new FormUrlEncodedContent(message.ToFormValues()); HttpResponseMessage response = await _httpClient.PostAsync("https://www.google.com/accounts/o8/ud", requestBody, Request.CallCancelled); response.EnsureSuccessStatusCode(); string responseBody = await response.Content.ReadAsStringAsync(); var verifyBody = new Dictionary <string, string[]>(); foreach (var line in responseBody.Split(new[] { '\n' }, StringSplitOptions.RemoveEmptyEntries)) { int delimiter = line.IndexOf(':'); if (delimiter != -1) { verifyBody.Add("openid." + line.Substring(0, delimiter), new[] { line.Substring(delimiter + 1) }); } } var verifyMessage = new Message(new ReadableStringCollection(verifyBody), strict: false); Property isValid; if (verifyMessage.Properties.TryGetValue("is_valid.http://specs.openid.net/auth/2.0", out isValid)) { if (string.Equals("true", isValid.Value, StringComparison.Ordinal)) { messageValidated = true; } else { messageValidated = false; } } } // http://openid.net/specs/openid-authentication-2_0.html#verify_return_to // To verify that the "openid.return_to" URL matches the URL that is processing this assertion: // * The URL scheme, authority, and path MUST be the same between the two URLs. // * Any query parameters that are present in the "openid.return_to" URL MUST also // be present with the same values in the URL of the HTTP request the RP received. if (messageValidated) { // locate the required return_to parameter string actualReturnTo; if (!message.TryGetValue("return_to.http://specs.openid.net/auth/2.0", out actualReturnTo)) { _logger.WriteWarning("openid.return_to parameter missing at return address"); messageValidated = false; } else { // create the expected return_to parameter based on the URL that is processing // the assertion, plus exactly and only the the query string parameter (state) // that this RP must have received string expectedReturnTo = BuildReturnTo(GetStateParameter(query)); if (!string.Equals(actualReturnTo, expectedReturnTo, StringComparison.Ordinal)) { _logger.WriteWarning("openid.return_to parameter not equal to expected value based on return address"); messageValidated = false; } } } if (messageValidated) { IDictionary <string, string> attributeExchangeProperties = new Dictionary <string, string>(); foreach (var typeProperty in message.Properties.Values) { if (typeProperty.Namespace == "http://openid.net/srv/ax/1.0" && typeProperty.Name.StartsWith("type.")) { string qname = "value." + typeProperty.Name.Substring("type.".Length) + "http://openid.net/srv/ax/1.0"; Property valueProperty; if (message.Properties.TryGetValue(qname, out valueProperty)) { attributeExchangeProperties.Add(typeProperty.Value, valueProperty.Value); } } } var responseNamespaces = new object[] { new XAttribute(XNamespace.Xmlns + "openid", "http://specs.openid.net/auth/2.0"), new XAttribute(XNamespace.Xmlns + "openid.ax", "http://openid.net/srv/ax/1.0") }; IEnumerable <object> responseProperties = message.Properties .Where(p => p.Value.Namespace != null) .Select(p => (object)new XElement(XName.Get(p.Value.Name.Substring(0, p.Value.Name.Length - 1), p.Value.Namespace), p.Value.Value)); var responseMessage = new XElement("response", responseNamespaces.Concat(responseProperties).ToArray()); var identity = new ClaimsIdentity(Options.AuthenticationType); XElement claimedId = responseMessage.Element(XName.Get("claimed_id", "http://specs.openid.net/auth/2.0")); if (claimedId != null) { identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, claimedId.Value, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)); } string firstValue; if (attributeExchangeProperties.TryGetValue("http://axschema.org/namePerson/first", out firstValue)) { identity.AddClaim(new Claim(ClaimTypes.GivenName, firstValue, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)); } string lastValue; if (attributeExchangeProperties.TryGetValue("http://axschema.org/namePerson/last", out lastValue)) { identity.AddClaim(new Claim(ClaimTypes.Surname, lastValue, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)); } string nameValue; if (attributeExchangeProperties.TryGetValue("http://axschema.org/namePerson", out nameValue)) { identity.AddClaim(new Claim(ClaimTypes.Name, nameValue, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)); } else if (!string.IsNullOrEmpty(firstValue) && !string.IsNullOrEmpty(lastValue)) { identity.AddClaim(new Claim(ClaimTypes.Name, firstValue + " " + lastValue, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)); } else if (!string.IsNullOrEmpty(firstValue)) { identity.AddClaim(new Claim(ClaimTypes.Name, firstValue, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)); } else if (!string.IsNullOrEmpty(lastValue)) { identity.AddClaim(new Claim(ClaimTypes.Name, lastValue, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)); } string emailValue; if (attributeExchangeProperties.TryGetValue("http://axschema.org/contact/email", out emailValue)) { identity.AddClaim(new Claim(ClaimTypes.Email, emailValue, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType)); } var context = new GoogleAuthenticatedContext( Context, identity, properties, responseMessage, attributeExchangeProperties); await Options.Provider.Authenticated(context); return(new AuthenticationTicket(context.Identity, context.Properties)); } return(new AuthenticationTicket(null, properties)); } catch (Exception ex) { _logger.WriteError("Authentication failed", ex); return(new AuthenticationTicket(null, properties)); } }