private async Task <AuthResponse> GetRefreshToken(string token, string clientId) { var errorId = "invalid_refresh_token"; if (string.IsNullOrEmpty(token)) { await ThrowAuthError("Refresh token is required", errorId); } var hashedTokenId = _crypto.Hash(token); var refreshToken = await _authService.FindRefreshToken(hashedTokenId); if (refreshToken == null) { await ThrowAuthError("Refresh token not found", errorId); } var ticketBytes = Convert.FromBase64String(refreshToken.ProtectedTicket); var ticket = new TicketSerializer().Deserialize(ticketBytes); var originalClient = ticket.Properties.Items["as:client_id"]; if (originalClient != clientId) { await ThrowAuthError("Refresh token is issued to a different clientId.", errorId); } // Change auth ticket for refresh token requests var newIdentity = new ClaimsIdentity(ticket.Principal.Identity); var newTicket = new AuthenticationTicket(new ClaimsPrincipal(newIdentity), ticket.Properties, JwtBearerDefaults.AuthenticationScheme); return(await GetToken(newIdentity, token, clientId)); }
private async Task <string> StoreRefreshToken(IIdentity identity) { var refreshTokenId = Guid.NewGuid().ToString("n"); var refreshToken = new RefreshToken { Id = _crypto.Hash(refreshTokenId), ClientId = _audience.ClientId, Subject = identity.Name, IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(_audience.RefreshTokenLifeTime)), ObjectState = ObjectState.Added }; // create metadata to pass on to refresh token provider var props = new AuthenticationProperties(new Dictionary <string, string> { { "as:client_id", _audience.ClientId }, { "userName", identity.Name } }) { IssuedUtc = refreshToken.IssuedUtc, ExpiresUtc = refreshToken.ExpiresUtc }; var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), props, JwtBearerDefaults.AuthenticationScheme); var ticketBytes = new TicketSerializer().Serialize(ticket); refreshToken.ProtectedTicket = Convert.ToBase64String(ticketBytes); await _authService.AddRefreshToken(refreshToken); return(refreshTokenId); }
public void Test_ReturnsFailureIf_InValidCookieEsistsOrIfCookieIsDamaged() { var serializer = new TicketSerializer(); var ticket = new AuthenticationTicket( new ClaimsPrincipal( new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "Foo User"), }, AuthConstants.SPNEGO_DEFAULT_SCHEME)), AuthConstants.SPNEGO_DEFAULT_SCHEME); var serializedTicket = serializer.Serialize(ticket); var protectedTicket = dataProtector.Protect(serializedTicket); var encodedTicket = Convert.ToBase64String(protectedTicket); var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM) { Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES), Value = encodedTicket + "Corrupt" }; cookies.Set(cookie); browser.SetupGet(b => b.Cookies).Returns(true); var authenticator = new CookieAuthenticator(dataProtector, logger.Object); var result = authenticator.Authenticate(context.Object); Assert.False(result.Succeeded); Assert.Equal($"Unable to extract cookie '{AuthConstants.AUTH_COOKIE_NM}', cookie might be damaged/modified", result.Failure.Message); }
private static JwtAuthTicketFormat createAuthTicketFormat(IHostEnvironment hostEnv, IDataProtectionProvider?dataProtectionProvider, IConfiguration config) { var xtiAuthOptions = config.GetSection(XtiAuthenticationOptions.XtiAuthentication).Get <XtiAuthenticationOptions>(); var key = Encoding.ASCII.GetBytes(xtiAuthOptions.JwtSecret); var dataSerializer = new TicketSerializer(); if (dataProtectionProvider == null) { var xtiFolder = new XtiFolder(hostEnv); var keyDirPath = xtiFolder.SharedAppDataFolder() .WithSubFolder("Keys") .Path(); dataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(keyDirPath)); } var dataProtector = dataProtectionProvider.CreateProtector(new[] { "XTI_Apps_Auth1" }); var authTicketFormat = new JwtAuthTicketFormat ( new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(key), ValidateIssuer = false, ValidateAudience = false }, dataSerializer, dataProtector ); return(authTicketFormat); }
public void Test_SignIn_AddsCookie_IfAuthResultIsSuccess() { var serializer = new TicketSerializer(); var ticket = new AuthenticationTicket( new ClaimsPrincipal( new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "Foo User"), }, AuthConstants.SPNEGO_DEFAULT_SCHEME)), AuthConstants.SPNEGO_DEFAULT_SCHEME); var serializedTicket = serializer.Serialize(ticket); var protectedTicket = dataProtector.Protect(serializedTicket); var encodedTicket = Convert.ToBase64String(protectedTicket); var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM) { Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES), Value = encodedTicket }; var authenticator = new CookieAuthenticator(dataProtector, logger.Object); authenticator.SignIn(AuthenticateResult.Success(ticket), context.Object); response.Verify(r => r.AppendCookie(It.Is <HttpCookie>(c => Convert.ToBase64String(dataProtector.UnProtect(Convert.FromBase64String(c.Value))) == Convert.ToBase64String(dataProtector.UnProtect(Convert.FromBase64String(encodedTicket))) && c.Expires.Date.Minute == DateTime.Now.AddMinutes(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES).Date.Minute)), Times.Once); }
public void Test_ReturnsSuccessIfValidCookieEsists() { var serializer = new TicketSerializer(); var ticket = new AuthenticationTicket( new ClaimsPrincipal( new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, "Foo User"), }, AuthConstants.SPNEGO_DEFAULT_SCHEME)), AuthConstants.SPNEGO_DEFAULT_SCHEME); var serializedTicket = serializer.Serialize(ticket); var protectedTicket = dataProtector.Protect(serializedTicket); var encodedTicket = Convert.ToBase64String(protectedTicket); var cookie = new HttpCookie(AuthConstants.AUTH_COOKIE_NM) { Expires = DateTime.Now.AddDays(CookieAuthenticator.COOKIE_TIMEOUT_IN_MINUTES), Value = encodedTicket }; cookies.Set(cookie); browser.SetupGet(b => b.Cookies).Returns(true); var authenticator = new CookieAuthenticator(dataProtector, logger.Object); var result = authenticator.Authenticate(context.Object); Assert.True(result.Succeeded); Assert.Equal("Foo User", result.Principal.Identity.Name); }
public void CanRoundTripActorIdentity() { var serializer = new TicketSerializer(); var properties = new AuthenticationProperties(); var actor = new ClaimsIdentity("actor"); var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello"); ticket.Principal.AddIdentity(new ClaimsIdentity("misc") { Actor = actor }); using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) using (var reader = new BinaryReader(stream)) { serializer.Write(writer, ticket); stream.Position = 0; var readTicket = serializer.Read(reader); Assert.Single(readTicket.Principal.Identities); Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType); var identity = (ClaimsIdentity)readTicket.Principal.Identity; Assert.NotNull(identity.Actor); Assert.Equal("actor", identity.Actor.AuthenticationType); } }
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var db = context.OwinContext.Get <ApplicationDbContext>(); string hash = GetStringSha256Hash(context.Token); RefreshToken foundToken = db.RefreshTokens.Where(t => t.TokenHash == hash && t.ExpiresAtUtc > DateTime.UtcNow && !t.Revoked ).FirstOrDefault(); //RefreshToken foundToken = tokens.Where(t => // t.TokenHash == hash && // t.ExpiresAtUtc > DateTime.UtcNow && // !t.Revoked //).FirstOrDefault(); if (foundToken != null) { byte[] serializedTicket = Convert.FromBase64String( ServerUtils.StringCipher.Decrypt( foundToken.EncryptedTicket, context.Token)); TicketSerializer serializer = new TicketSerializer(); AuthenticationTicket ticket = serializer.Deserialize(serializedTicket); context.SetTicket(ticket); } }
public T Unprotect(string protectedText, string purpose) { TicketSerializer _serializer = new TicketSerializer(); byte[] bytes = Convert.FromBase64String(protectedText); return(_serializer.Deserialize(bytes) as T); }
public string Protect(T data, string purpose) { TicketSerializer _serializer = new TicketSerializer(); byte[] userData = _serializer.Serialize(data); return(Convert.ToBase64String(userData)); }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { var refreshToken = Guid.NewGuid().ToString("n"); var entities = new ApplicationDbContext(); var repo = new ApplicationRepository(entities); var rToken = new RefreshToken() { DateCreatedUtc = DateTime.UtcNow, IssuedUtc = DateTime.UtcNow, ExpirationDateUtc = DateTime.UtcNow.AddYears(1), IsActive = true, Id = GetHash(refreshToken), ApplicationUserId = context.Ticket.Identity.GetUserId(), }; context.Ticket.Properties.IssuedUtc = rToken.DateCreatedUtc; context.Ticket.Properties.ExpiresUtc = rToken.ExpirationDateUtc; //rToken.ProtectedTicket = context.SerializeTicket(); TicketSerializer serializer = new TicketSerializer(); rToken.ProtectedTicket = System.Text.Encoding.Default.GetString(serializer.Serialize(context.Ticket)); await repo.RefreshTokens.AddOrUpdateAndSaveAsync(rToken); context.SetToken(refreshToken); }
public void NewSerializerCanReadInteropTicket() { var identity = new ClaimsIdentity("scheme"); identity.AddClaim(new Claim("Test", "Value")); var expires = DateTime.Today; var issued = new DateTime(1979, 11, 11); var properties = new Owin.Security.AuthenticationProperties(); properties.IsPersistent = true; properties.RedirectUri = "/redirect"; properties.Dictionary["key"] = "value"; properties.ExpiresUtc = expires; properties.IssuedUtc = issued; var interopTicket = new Owin.Security.AuthenticationTicket(identity, properties); var interopSerializer = new AspNetTicketSerializer(); var bytes = interopSerializer.Serialize(interopTicket); var newSerializer = new TicketSerializer(); var newTicket = newSerializer.Deserialize(bytes); Assert.NotNull(newTicket); Assert.Equal(1, newTicket.Principal.Identities.Count()); var newIdentity = newTicket.Principal.Identity as ClaimsIdentity; Assert.NotNull(newIdentity); Assert.Equal("scheme", newIdentity.AuthenticationType); Assert.True(newIdentity.HasClaim(c => c.Type == "Test" && c.Value == "Value")); Assert.NotNull(newTicket.Properties); Assert.True(newTicket.Properties.IsPersistent); Assert.Equal("/redirect", newTicket.Properties.RedirectUri); Assert.Equal("value", newTicket.Properties.Items["key"]); Assert.Equal(expires, newTicket.Properties.ExpiresUtc); Assert.Equal(issued, newTicket.Properties.IssuedUtc); }
string ISecureDataFormat <T> .Protect(T data) { TicketSerializer _serializer = new TicketSerializer(); byte[] userData = _serializer.Serialize(data); return(Convert.ToBase64String(userData)); }
private async Task <TicketResult> RemoveAsync(AuthenticationTokenReceiveContext context) { TicketResult result = new TicketResult(); StoreKeyFunc = StoreKeyFunc ?? ((ctx, token) => token); string key = StoreKeyFunc(context.Ticket, context.Token); IDatabase database = _redis.GetDatabase(_configuration.Db); byte[] ticket = await database.StringGetAsync(key); if (ticket != null) { TicketSerializer serializer = new TicketSerializer(); result.Ticket = serializer.Deserialize(ticket); result.Deleted = await database.KeyDeleteAsync(key); } else { await database.KeyDeleteAsync(context.Token); } return(result); }
T ISecureDataFormat <T> .Unprotect(string protectedText) { TicketSerializer _serializer = new TicketSerializer(); byte[] bytes = Convert.FromBase64String(protectedText); return(_serializer.Deserialize(bytes) as T); }
static DataSerializers() { Extra = new ExtraSerializer(); #if NET45 Ticket = new TicketSerializer(); #endif }
public static AuthenticationTicket Decrypt(string token) { byte[] sBt = TextEncodings.Base64Url.Decode(token); byte[] bt = MachineKey.Unprotect(sBt);//将二进制数据加密 AuthenticationTicket ticket = new TicketSerializer().Deserialize(bt); return(ticket); }
public RefreshTokenProvider(IRefreshTokenService refreshTokenService, ICommandBus commandBus, int refreshTokenExpiredTimeInMinutes, int ttlChange) { this.refreshTokenService = refreshTokenService; this.commandBus = commandBus; this.expriredTime = refreshTokenExpiredTimeInMinutes; this.ttlChange = ttlChange; this.serializer = new TicketSerializer(); }
public static string Encryption(AuthenticationTicket ticket) { byte[] bt = new TicketSerializer().Serialize(ticket); //票证序列化器,即将AuthenticationTicket对象序列化成二进制数据 byte[] sBt = MachineKey.Protect(bt); //将二进制数据加密,基于MachineKey算法 string token = TextEncodings.Base64Url.Encode(sBt); //转化成base64url字符串(为什么不是base64) return(token); }
private async Task StoreAsync(string guid, AuthenticationTicket ticket) { TicketSerializer serializer = new TicketSerializer(); byte[] serialize = serializer.Serialize(ticket); await Db.StringSetAsync(guid, serialize, _configuration.ExpiresUtc - DateTimeOffset.UtcNow); }
private void Store(string guid, AuthenticationTicket ticket) { TicketSerializer serializer = new TicketSerializer(); byte[] serialize = serializer.Serialize(ticket); Db.StringSet(guid, serialize, _configuration.ExpiresUtc - DateTimeOffset.UtcNow); }
public static string Encode(IEnumerable <Claim> claims) { var ticket = new AuthenticationTicket(new ClaimsPrincipal(new ClaimsIdentity(claims)), Constants.Scheme); var serializer = new TicketSerializer(); var bytes = serializer.Serialize(ticket); return(Convert.ToBase64String(bytes)); }
private async Task StoreAsync(string guid, AuthenticationTicket ticket) { TicketSerializer serializer = new TicketSerializer(); byte[] serialize = serializer.Serialize(ticket); IDatabase database = _redis.GetDatabase(_configuration.Db); await database.StringSetAsync(guid, serialize, _configuration.ExpiresUtc.TimeOfDay); }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { try { var clientid = context.Ticket.Properties.Dictionary["as:client_id"]; if (string.IsNullOrEmpty(clientid)) return; // Gera um ID unico para o RefreshToken var refreshTokenId = Guid.NewGuid().ToString("n"); // Pega o tempo de expiração (em minuto) do token do contexto do Owin var refreshTokenLifeTime = context.OwinContext.Get<string>("as:clientRefreshTokenLifeTime"); // Identifica o Browser var userAgent = HttpContext.Current.Request.UserAgent; var userBrowser = new HttpBrowserCapabilities { Capabilities = new Hashtable { { string.Empty, userAgent } } }; var factory = new BrowserCapabilitiesFactory(); factory.ConfigureBrowserCapabilities(new NameValueCollection(), userBrowser); var browser = userBrowser.Browser; var issuedUtc = DateTime.UtcNow; var expiresUtc = issuedUtc.AddMinutes(3); //issuedUtc.AddMonths(Convert.ToInt32(refreshTokenLifeTime)); // Define os dados do RefreshToken var token = new RefreshToken { Id = HashHelper.GetHash(refreshTokenId), ClientId = clientid, Browser = browser, Subject = context.Ticket.Identity.Name, IssuedUtc = issuedUtc, ExpiresUtc = expiresUtc }; // Define o IssuedUtc e o ExpiresUtc do ticket para determinar o quanto tempo o token vai ser válido context.Ticket.Properties.IssuedUtc = token.IssuedUtc; context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc; // Serializa o ticket para ser gravado na base de dados var ticketSerializer = new TicketSerializer(); token.ProtectedTicket = ticketSerializer.Serialize(context.Ticket); // Grava o ticket na base de dados var refreshTokenDomain = DependecyConfig.Container.GetInstance<IRefreshTokenDomain>(); var result = await refreshTokenDomain.CreateAsync(token); if (result) context.SetToken(refreshTokenId); } catch (Exception ex) { throw ex; } }
internal Ticket addTicket(TicketSerializer ticket) { Customer c = GetCustomer(ticket.CId); Reservation r = null; // Just for now Ticket t = new Ticket(ticket, c, r); Tickets.Add(t); this.SaveChanges(); return(t); }
public async Task <AuthenticateResult> AuthenticateAsync() { var cookie = Context.Request.Cookies["myAuthenticateCookie"]; if (string.IsNullOrEmpty(cookie)) { return(AuthenticateResult.NoResult()); } byte[] ticketBytes = Convert.FromBase64String(cookie); AuthenticationTicket authenticationTicket = new TicketSerializer().Deserialize(ticketBytes); return(AuthenticateResult.Success(authenticationTicket)); }
public void NullPrincipalThrows() { var properties = new AuthenticationProperties(); properties.RedirectUri = "bye"; var ticket = new AuthenticationTicket(properties, "Hello"); using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) using (var reader = new BinaryReader(stream)) { Assert.Throws <ArgumentNullException>(() => TicketSerializer.Write(writer, ticket)); } }
// for debugging in memory //List<RefreshToken> tokens = new List<RefreshToken>(); public async Task CreateAsync(AuthenticationTokenCreateContext context) { // apple send a different form format back var form = context.Request.Path == new PathString("/api/Account/handleresponsefromapple") ? null : await context.Request.ReadFormAsync(); var grantType = form?.GetValues("grant_type"); // don't create a new refresh token if the user is only after a new access token if (grantType == null || grantType[0] != "refresh_token") { var db = context.OwinContext.Get <ApplicationDbContext>(); var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); Random rand = new Random(); string tokenString = Membership.GeneratePassword(30, 0); tokenString = Regex.Replace(tokenString, @"[^a-zA-Z0-9]", m => rand.Next(0, 10).ToString()); DateTimeOffset issuedUtc = DateTimeOffset.UtcNow; DateTimeOffset expiresUtc = DateTimeOffset.UtcNow.AddYears(1); AuthenticationTicket refreshTokenTicket = new AuthenticationTicket( context.Ticket.Identity, new AuthenticationProperties(context.Ticket.Properties.Dictionary)); refreshTokenTicket.Properties.IssuedUtc = issuedUtc; refreshTokenTicket.Properties.ExpiresUtc = expiresUtc; TicketSerializer serializer = new TicketSerializer(); string serializedTicket = Convert.ToBase64String(serializer.Serialize(refreshTokenTicket)); // Store in the database, with the hashed token and the ticket as encrypted // json using the token as the decrypt password RefreshToken newToken = new RefreshToken { CreatedAtUtc = issuedUtc, ExpiresAtUtc = expiresUtc, Revoked = false, User = await userManager.FindByNameAsync(context.Ticket.Identity.Name), TokenHash = GetStringSha256Hash(tokenString), EncryptedTicket = ServerUtils.StringCipher.Encrypt(serializedTicket, tokenString) }; db.RefreshTokens.Add(newToken); await db.SaveChangesAsync(); //tokens.Add(newToken); context.SetToken(tokenString); } }
public Task <string> StoreAsync(AuthenticationTicket ticket) { string key = Guid.NewGuid().ToString(); HttpContext httpContext = HttpContext.Current; CheckSessionAvailable(httpContext); //httpContext.Session[key + ".Ticket"] = ticket; // Serialization fix from https://stackoverflow.com/a/33614059 var ticketSerializer = new TicketSerializer(); var ticketBytes = ticketSerializer.Serialize(ticket); httpContext.Session[key + ".Ticket"] = ticketBytes; return(Task.FromResult(key)); }
public CookiePrincipalStorageProvider( IDataProtectionProvider dataProtectionProvider, IHttpContextAccessor httpContextAccessor, IJSRuntime jsRuntime, CookiePrincipalStorageOptions options) { _dataProtectionProvider = dataProtectionProvider ?? throw new ArgumentNullException(nameof(dataProtectionProvider), "A data protection provider must be available."); _httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor), "A IHttpContextAccessor must be available."); _jsRuntime = jsRuntime; _options = options; _dataProtector = _dataProtectionProvider.CreateProtector("Blazor.Authentication.Cookie"); _ticketSerializer = new TicketSerializer(); }
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var entities = new ApplicationDbContext(); var repo = new ApplicationRepository(entities); var hashedToken = GetHash(context.Token); var refreshToken = await repo.RefreshTokens.GetByIdAsync(hashedToken); if (refreshToken != null) { //Get protectedTicket from refreshToken class //context.DeserializeTicket(refreshToken.ProtectedTicket); TicketSerializer serializer = new TicketSerializer(); context.SetTicket(serializer.Deserialize(System.Text.Encoding.Default.GetBytes(refreshToken.ProtectedTicket))); //await repo.RefreshTokens.DeleteAndSaveAsync(hashedToken); } }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { var clientid = context.Ticket.Properties.Dictionary[AuthenticationPropertyKeys.CLIENT_ID]; if (string.IsNullOrEmpty(clientid)) { return; } var refreshTokenId = Guid.NewGuid().ToString("n"); ApplicationDbContext appDbContext = context.OwinContext.Get <ApplicationDbContext>(); ApplicationUserManager applicationUserManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); AuthRepository _repo = new AuthRepository(appDbContext, applicationUserManager); Client client = _repo.FindClient(clientid); if (client == null) { return; } var token = new RefreshToken() { Id = HashGenerator.GetHash(refreshTokenId), ClientId = clientid, Subject = context.Ticket.Identity.Name, IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(client.RefreshTokenLifeTime)) }; context.Ticket.Properties.IssuedUtc = token.IssuedUtc; context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc; //token.ProtectedTicket = context.SerializeTicket(); TicketSerializer serializer = new TicketSerializer(); token.ProtectedTicket = Encoding.Default.GetString(serializer.Serialize(context.Ticket)); var result = await _repo.AddRefreshToken(token); if (result) { context.SetToken(refreshTokenId); } }
public void CanRoundTripEmptyPrincipal() { var serializer = new TicketSerializer(); var properties = new AuthenticationProperties(); properties.RedirectUri = "bye"; var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello"); using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) using (var reader = new BinaryReader(stream)) { serializer.Write(writer, ticket); stream.Position = 0; var readTicket = serializer.Read(reader); Assert.Equal(0, readTicket.Principal.Identities.Count()); Assert.Equal("bye", readTicket.Properties.RedirectUri); Assert.Equal("Hello", readTicket.AuthenticationScheme); } }
public void CanRoundTripBootstrapContext() { var serializer = new TicketSerializer(); var properties = new AuthenticationProperties(); var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello"); ticket.Principal.AddIdentity(new ClaimsIdentity("misc") { BootstrapContext = "bootstrap" }); using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) using (var reader = new BinaryReader(stream)) { serializer.Write(writer, ticket); stream.Position = 0; var readTicket = serializer.Read(reader); Assert.Equal(1, readTicket.Principal.Identities.Count()); Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType); Assert.Equal("bootstrap", readTicket.Principal.Identities.First().BootstrapContext); } }
public void CanRoundTripActorIdentity() { var serializer = new TicketSerializer(); var properties = new AuthenticationProperties(); var actor = new ClaimsIdentity("actor"); var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello"); ticket.Principal.AddIdentity(new ClaimsIdentity("misc") { Actor = actor }); using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) using (var reader = new BinaryReader(stream)) { serializer.Write(writer, ticket); stream.Position = 0; var readTicket = serializer.Read(reader); Assert.Equal(1, readTicket.Principal.Identities.Count()); Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType); var identity = (ClaimsIdentity) readTicket.Principal.Identity; Assert.NotNull(identity.Actor); Assert.Equal(identity.Actor.AuthenticationType, "actor"); } }
private TicketResult Remove(AuthenticationTokenReceiveContext context) { TicketResult result = new TicketResult(); StoreKeyFunc = StoreKeyFunc ?? ((ctx, token) => token); string key = StoreKeyFunc(context.Ticket, context.Token); IDatabase database = _redis.GetDatabase(_configuration.Db); byte[] ticket = database.StringGet(key); if (ticket.Length > default(int)) { TicketSerializer serializer = new TicketSerializer(); result.Ticket = serializer.Deserialize(ticket); result.Deleted = database.KeyDelete(key); } return result; }
private void Store(string guid, AuthenticationTicket ticket) { TicketSerializer serializer = new TicketSerializer(); byte[] serialize = serializer.Serialize(ticket); IDatabase database = _redis.GetDatabase(_configuration.Db); database.StringSet(guid, serialize, _configuration.ExpiresUtc.TimeOfDay); }
static DataSerializers() { Properties = new PropertiesSerializer(); Ticket = new TicketSerializer(); }
private async Task<TicketResult> RemoveAsync(AuthenticationTokenReceiveContext context) { TicketResult result = new TicketResult(); StoreKeyFunc = StoreKeyFunc ?? ((ctx, token) => token); string key = StoreKeyFunc(context.Ticket, context.Token); IDatabase database = _redis.GetDatabase(_configuration.Db); byte[] ticket = await database.StringGetAsync(key); if (ticket != null) { TicketSerializer serializer = new TicketSerializer(); result.Ticket = serializer.Deserialize(ticket); result.Deleted = await database.KeyDeleteAsync(key); } else { await database.KeyDeleteAsync(context.Token); } return result; }
public void CanRoundTripClaimProperties() { var serializer = new TicketSerializer(); var properties = new AuthenticationProperties(); var claim = new Claim("type", "value", "valueType", "issuer", "original-issuer"); claim.Properties.Add("property-1", "property-value"); // Note: a null value MUST NOT result in a crash // and MUST instead be treated like an empty string. claim.Properties.Add("property-2", null); var ticket = new AuthenticationTicket(new ClaimsPrincipal(), properties, "Hello"); ticket.Principal.AddIdentity(new ClaimsIdentity(new[] { claim }, "misc")); using (var stream = new MemoryStream()) using (var writer = new BinaryWriter(stream)) using (var reader = new BinaryReader(stream)) { serializer.Write(writer, ticket); stream.Position = 0; var readTicket = serializer.Read(reader); Assert.Equal(1, readTicket.Principal.Identities.Count()); Assert.Equal("misc", readTicket.Principal.Identity.AuthenticationType); var readClaim = readTicket.Principal.FindFirst("type"); Assert.NotNull(claim); Assert.Equal(claim.Type, "type"); Assert.Equal(claim.Value, "value"); Assert.Equal(claim.ValueType, "valueType"); Assert.Equal(claim.Issuer, "issuer"); Assert.Equal(claim.OriginalIssuer, "original-issuer"); var property1 = readClaim.Properties["property-1"]; Assert.Equal(property1, "property-value"); var property2 = readClaim.Properties["property-2"]; Assert.Equal(property2, string.Empty); } }
static DataSerializers() { Extra = new ExtraSerializer(); Ticket = new TicketSerializer(); }
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { // define o cabecalho da resposta do contexto do Owin com a permição de origem var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin"); context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] {allowedOrigin}); // pega o Id do token pelo na requisição var hashedTokenId = HashHelper.GetHash(context.Token); // Identifica o Browser var userAgent = HttpContext.Current.Request.UserAgent; var userBrowser = new HttpBrowserCapabilities {Capabilities = new Hashtable {{string.Empty, userAgent}}}; var factory = new BrowserCapabilitiesFactory(); factory.ConfigureBrowserCapabilities(new NameValueCollection(), userBrowser); var browser = userBrowser.Browser; var refreshTokenDomain = new RefreshTokenDomain(); // busca o token na base de dados pelo id var refreshToken = await refreshTokenDomain.ReadAsync(hashedTokenId, browser); // se o token for encontrado if (refreshToken != null) { // pega os dados do ticket para deserializar e gerar um novo ticket com // as informações mapeadas do usuário que utiliza este token var ticketSerializer = new TicketSerializer(); var ticket = ticketSerializer.Deserialize(refreshToken.ProtectedTicket); context.SetTicket(ticket); // remove o token da base de dados pois em nossa lógica, permitimos apenas // um RefreshToken por usuário e aplicação cliente await refreshTokenDomain.DeleteAsync(hashedTokenId, browser); } }