private string ValidateClientAndRedirectUri(HttpRequestMessage request, ref string redirectUriOutput) { Uri redirectUri; var redirectUriString = GetQueryString(Request, "redirect_uri"); if (string.IsNullOrWhiteSpace(redirectUriString)) { return("redirect_uri is required"); } bool validUri = Uri.TryCreate(redirectUriString, UriKind.Absolute, out redirectUri); if (!validUri) { return("redirect_uri is invalid"); } var clientId = GetQueryString(Request, "client_id"); if (string.IsNullOrWhiteSpace(clientId)) { return("client_Id is required"); } DtoAplicacion aplicacion = null; using (UserStore _repo = new UserStore()) { aplicacion = _repo.FindClient(clientId); } if (aplicacion == null) { return(string.Format("Client_id '{0}' is not registered in the system.", clientId)); } //if (!string.Equals(aplicacion.UrlPermitida, redirectUri.GetLeftPart(UriPartial.Authority), StringComparison.OrdinalIgnoreCase)) //{ // return string.Format("The given URL is not allowed by Client_id '{0}' configuration.", clientId); //} redirectUriOutput = redirectUri.AbsoluteUri; return(string.Empty); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId = string.Empty; string clientSecret = string.Empty; DtoAplicacion client = null; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { //Remove the comments from the below line context.SetError, and invalidate context //if you want to force sending clientId/secrects once obtain access tokens. context.Validated(); context.SetError("invalid_clientId", "Debe enviar el nombre de la aplicación"); return(Task.FromResult <object>(null)); } using (UserStore _repo = new UserStore()) { client = _repo.FindClient(context.ClientId); } if (client?.Id == null) { context.SetError("invalid_clientId", $"Aplicación '{context.ClientId}' no esta registrada en el sistema."); return(Task.FromResult <object>(null)); } if (client.TipoAplicacion == 0) { if (string.IsNullOrWhiteSpace(clientSecret)) { context.SetError("invalid_clientId", "Client secret should be sent."); return(Task.FromResult <object>(null)); } else { if (client.Secreto != Util.GetHash(clientSecret)) { context.SetError("invalid_clientId", "Client secret is invalid."); return(Task.FromResult <object>(null)); } } } if (!client.Activo) { context.SetError("invalid_clientId", "Aplicación no activa."); return(Task.FromResult <object>(null)); } context.OwinContext.Set <string>("as:clientAllowedOrigin", client.UrlPermitida); context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString()); context.Validated(); return(Task.FromResult <object>(null)); }