public static bool IsValidClient(this HttpRequestMessage request)
{
var headerValue = request.GetHeader("Authorization");
if (headerValue == null)
{
return(false);
}
if (headerValue.Contains(":"))
{
var arr = headerValue.Split(':');
if (arr.Length > 1)
{
var clientId = arr[0];
var clientSecret = arr[1];
var objModel = new OauthUserModel();
if (!(clientId == $"Basic {objModel.OauthClient}" && clientSecret == objModel.OauthClientSecret))
{
return(false);
}
}
else
{
return(false);
}
}
else
{
return(false);
}
return(true);
}
//public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
//public static string PublicClientId { get; private set; }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext <ApplicationRoleManager>(ApplicationRoleManager.Create);
app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create);
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
var objModel = new OauthUserModel();
// token generation
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
// for demo purposes true
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(objModel.OauthAccessTokenExpireSeconds),
Provider = new SimpleAuthorizationServerProvider()
});
// token consumption
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
var objModel = new OauthUserModel();
context.Validated();
string clientId;
string clientSecret;
context.TryGetFormCredentials(out clientId, out clientSecret);
if (clientId == objModel.OauthClient && clientSecret == objModel.OauthClientSecret)
{
context.Validated(clientId);
}
else
{
context.Rejected();
}
return(base.ValidateClientAuthentication(context));
}
