public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId, clientSecret; context.TryGetBasicCredentials(out clientId, out clientSecret); OwinTokenHelper helper = new OwinTokenHelper(); if (helper.Exist(clientId, clientSecret)) { context.Validated(); } return(Task.FromResult <object>(null)); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { Uri spHostUrl; Uri spAppWebUrl; AccessToken accessToken = null; ClaimsIdentity identity = new ClaimsIdentity(Options.SignInAsAuthenticationType); identity.AddClaim(new Claim(SPAddinClaimTypes.SPAddinAuthentication, "1")); identity.AddClaim(new Claim(SPAddinClaimTypes.ClientId, Options.ClientId.ToString())); //if (Context.Authentication.User.Identity.IsAuthenticated && // Context.Authentication.User.Identity.AuthenticationType == Options.SignInAsAuthenticationType) //{ // identity = (ClaimsIdentity)Context.Authentication.User.Identity; //} string spHostUrlString = TokenHelper.EnsureTrailingSlash(Request.Query.Get(SharePointContext.SPHostUrlKey)); if (string.IsNullOrEmpty(spHostUrlString)) { spHostUrlString = this.Options.SPHostUrl; } if (!Uri.TryCreate(spHostUrlString, UriKind.Absolute, out spHostUrl)) { //throw new Exception($"Unable to determine {SharePointContext.SPHostUrlKey}."); } else { identity.AddClaim(new Claim(SPAddinClaimTypes.SPHostUrl, spHostUrl.GetLeftPart(UriPartial.Path))); } string spAppWebUrlString = TokenHelper.EnsureTrailingSlash(Request.Query.Get(SharePointContext.SPAppWebUrlKey)); if (!Uri.TryCreate(spAppWebUrlString, UriKind.Absolute, out spAppWebUrl)) { //throw new Exception(string.Format("Unable to determine {0}.", SharePointContext.SPAppWebUrlKey)); } else { identity.AddClaim(new Claim(SPAddinClaimTypes.SPAppWebUrl, spAppWebUrl.GetLeftPart(UriPartial.Path))); } bool isWebPart = Request.Query.Get("IsWebPart") == "1"; //} //string accessTokenString = null; if (TokenHelper.IsHighTrustApp()) { string userSid = OwinTokenHelper.GetWindowsUserSid(Context); //accessTokenString = OwinTokenHelper.GetS2SAccessToken(spHostUrl, userSid); identity.AddClaim(new Claim(SPAddinClaimTypes.ADUserId, userSid)); identity.AddClaim(new Claim(SPAddinClaimTypes.CacheKey, userSid)); identity.AddClaim(new Claim(SPAddinClaimTypes.Realm, TokenHelper.GetRealmFromTargetUrl(spHostUrl))); var spContext = new HighTrustContext(identity, isWebPart); try { accessToken = spContext.CreateUserAccessTokenForSPHost(); } catch (Microsoft.IdentityModel.SecurityTokenService.RequestFailedException) { accessToken = null; } } else { var contextTokenString = OwinTokenHelper.GetContextTokenFromRequest(Request); if (!string.IsNullOrEmpty(contextTokenString)) { var contextToken = TokenHelper.ReadAndValidateContextToken(contextTokenString, Request.Uri.Authority); if (contextToken != null) { identity.AddClaim(new Claim(SPAddinClaimTypes.RefreshToken, contextToken.RefreshToken)); identity.AddClaim(new Claim(SPAddinClaimTypes.Realm, contextToken.Realm)); identity.AddClaim(new Claim(SPAddinClaimTypes.TargetPrincipalName, contextToken.TargetPrincipalName)); identity.AddClaim(new Claim(SPAddinClaimTypes.CacheKey, contextToken.CacheKey)); //OAuth2AccessTokenResponse accessToken = TokenHelper.GetAccessToken(contextToken.RefreshToken, contextToken.TargetPrincipalName, spHostUrl.Authority, contextToken.Realm); //accessTokenString = accessToken.AccessToken; var spContext = new AcsContext(identity, isWebPart); try { accessToken = spContext.CreateUserAccessTokenForSPHost(); } catch (Microsoft.IdentityModel.SecurityTokenService.RequestFailedException) { accessToken = null; } } } } return(await CreateTicket(accessToken, identity, spHostUrl)); }
public override async Task <bool> InvokeAsync() { if (Response.StatusCode == 401) { return(false); } //if (Options.CallbackPath.HasValue && Options.CallbackPath == Request.Path) //{ _logger.WriteInformation("Receiving contextual information"); if (TokenHelper.IsHighTrustApp()) { var logonUserIdentity = OwinTokenHelper.GetHttpRequestIdentity(Context); // If not authenticated and we are using integrated windows auth, then force user to login if (!logonUserIdentity.IsAuthenticated && logonUserIdentity is WindowsIdentity) { Response.StatusCode = 418; // Prevent further processing by the owin pipeline. return(true); } } var state = Request.Query["state"]; var properties = Options.StateDataFormat.Unprotect(state); if (properties != null && !ValidateCorrelationId(properties, _logger)) { throw new Exception("Correlation failed."); } var ticket = await AuthenticateAsync(); if (ticket != null) { if (Request.User.Identity.IsAuthenticated) { //var identity = Request.User.Identity as ClaimsIdentity; //if (identity != null) //{ // var spContext = SPContextProvider.Get(identity); //} } if (Response.StatusCode != 401) { Context.Authentication.SignIn(ticket.Properties, ticket.Identity); if (string.IsNullOrEmpty(ticket.Properties.RedirectUri)) { ticket.Properties.RedirectUri = "/"; } var urlParsed = ticket.Properties.RedirectUri.Split('?'); string url = urlParsed.FirstOrDefault(); string queryString = urlParsed.Skip(1).LastOrDefault(); var query = HttpUtility.ParseQueryString(queryString ?? ""); if (ticket.Properties.Dictionary.ContainsKey(SharePointContext.SPHostUrlKey)) { query[SharePointContext.SPHostUrlKey] = ticket.Properties.Dictionary[SharePointContext.SPHostUrlKey]; } if (ticket.Properties.Dictionary.ContainsKey(SharePointContext.SPAppWebUrlKey)) { query[SharePointContext.SPAppWebUrlKey] = ticket.Properties.Dictionary[SharePointContext.SPAppWebUrlKey]; } Response.Redirect($"{url}?{query}"); } // Prevent further processing by the owin pipeline. return(true); } //} // Let the rest of the pipeline run. return(false); }