private string ValidateClientAndRedirectUri(HttpRequestMessage request, ref string redirectUriOutput)
{
Uri redirectUri;
var redirectUriString = GetQueryString(Request, "redirect_uri");
if (string.IsNullOrWhiteSpace(redirectUriString))
{
return("redirect_uri is required");
}
bool validUri = Uri.TryCreate(redirectUriString, UriKind.Absolute, out redirectUri);
if (!validUri)
{
return("redirect_uri is invalid");
}
var clientId = GetQueryString(Request, "client_id");
if (string.IsNullOrWhiteSpace(clientId))
{
return("client_Id is required");
}
DtoAplicacion aplicacion = null;
using (UserStore _repo = new UserStore())
{
aplicacion = _repo.FindClient(clientId);
}
if (aplicacion == null)
{
return(string.Format("Client_id '{0}' is not registered in the system.", clientId));
}
//if (!string.Equals(aplicacion.UrlPermitida, redirectUri.GetLeftPart(UriPartial.Authority), StringComparison.OrdinalIgnoreCase))
//{
// return string.Format("The given URL is not allowed by Client_id '{0}' configuration.", clientId);
//}
redirectUriOutput = redirectUri.AbsoluteUri;
return(string.Empty);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId = string.Empty;
string clientSecret = string.Empty;
DtoAplicacion client = null;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
//Remove the comments from the below line context.SetError, and invalidate context
//if you want to force sending clientId/secrects once obtain access tokens.
context.Validated();
context.SetError("invalid_clientId", "Debe enviar el nombre de la aplicación");
return(Task.FromResult <object>(null));
}
using (UserStore _repo = new UserStore())
{
client = _repo.FindClient(context.ClientId);
}
if (client?.Id == null)
{
context.SetError("invalid_clientId", $"Aplicación '{context.ClientId}' no esta registrada en el sistema.");
return(Task.FromResult <object>(null));
}
if (client.TipoAplicacion == 0)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
else
{
if (client.Secreto != Util.GetHash(clientSecret))
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
}
if (!client.Activo)
{
context.SetError("invalid_clientId", "Aplicación no activa.");
return(Task.FromResult <object>(null));
}
context.OwinContext.Set <string>("as:clientAllowedOrigin", client.UrlPermitida);
context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}
