public HttpResponseMessage Get() { var identity = this.User.Identity as ClaimsIdentity; if (identity == null) { return(ServiceResponseMessage.BadRequest("Could not parse identity as claims identity")); } var model = ParseClaims(identity.Claims); return(ServiceResponseMessage.Ok(model)); }
/// <summary> /// POST to STS to get an OAuth Token /// </summary> /// <returns>An OAuth2 Token</returns> public async Task <HttpResponseMessage> Post() { try { var requestContext = this.Request.Properties[STSConstants.STSRequestContext] as ITokenServiceRequestContext; if (requestContext == null) { throw new HttpResponseException(ServiceResponseMessage.BadRequest("STS Context is null")); } // Create Identity and Set Claims var authType = OwinStartUp.OAuthBearerOptions.AuthenticationType; var identity = new ClaimsIdentity(authType); if (requestContext.Version == 1.0) { var body = requestContext.TokenRequestBody as TokenRequestV1; if (body == null) { return(new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent("Could not parse request body") }); } //identity.AddClaim(new Claim(ClaimTypes.Name, body.UserName)); //identity.AddClaim(new Claim(ClaimTypes.Email, body.Email)); //identity.AddClaim(new Claim(ClaimTypes.MobilePhone, body.MobilePhone)); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString())); var auth = ServiceLocator.Instance.GetAuthenticationProvider(body.AuthenticationProvider); if (auth == null) { return(ServiceResponseMessage.BadRequest("Invalid Authentication Provider passed")); } // Call the auth provider here if (!body.AuthenticationProvider.Equals("none", StringComparison.InvariantCultureIgnoreCase)) { if (!await auth.IsAuthenticatedAsync(body.Email, body.Password)) { return(ServiceResponseMessage.Unauthorized()); } else { identity.AddClaim(new Claim(ClaimTypes.Authentication, "Full")); } } } var ticket = new AuthenticationTicket(identity, new AuthenticationProperties { IsPersistent = false }); var currentUtc = new SystemClock().UtcNow; ticket.Properties.IssuedUtc = currentUtc; ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30)); var token = OwinStartUp.OAuthBearerOptions.AccessTokenFormat.Protect(ticket); var bytes = Encoding.UTF8.GetBytes(token); var encoded = "NORD " + Convert.ToBase64String(bytes); return(ServiceResponseMessage.Ok(encoded)); } catch (Exception ex) { // Test all of these exceptions return(ServiceResponseMessage.InternalServerError(ex.Message)); } finally { // Log event } }
/// <summary> /// POST to STS to get a Bearer Token /// </summary> /// <returns>An OAuth2 Bearer Token</returns> public async Task <HttpResponseMessage> Post() { try { var requestContext = this.Request.Properties[STSConstants.STSRequestContext] as ITokenServiceRequestContext; if (requestContext == null) { throw new HttpResponseException(ServiceResponseMessage.BadRequest("STS Context is null")); } // Create Identity and Set Claims var authType = OwinStartUp.OAuthBearerOptions.AuthenticationType; var identity = new ClaimsIdentity(authType); /// LEFTOFF - make this code cleaner, create type by version (type converter). Also take authprovider, /// start building simple factory and inject providers if (requestContext.Version == 1.0) { // push auth rules to plug ins and take a provider/default provider and pass provider in request var body = requestContext.TokenRequestBody as TokenRequestV1; // TODO: validate the parts identity.AddClaim(new Claim(ClaimTypes.Name, body.UserName)); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString())); identity.AddClaim(new Claim(ClaimTypes.Email, body.Email)); identity.AddClaim(new Claim(ClaimTypes.MobilePhone, body.MobilePhone)); identity.AddClaim(new Claim(ClaimTypes.Authentication, "Partial")); } var properties = new AuthenticationProperties { IsPersistent = false }; var ticket = new AuthenticationTicket(identity, properties); var currentUtc = new SystemClock().UtcNow; ticket.Properties.IssuedUtc = currentUtc; // Set expiration ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30)); // TODO: ticket needs to be signed with a certificate. Create new signing cert and use that same cert of other services. return(new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(OwinStartUp.OAuthBearerOptions.AccessTokenFormat.Protect(ticket)) }); } catch (Exception ex) { // Test all of these exceptions return(new HttpResponseMessage(HttpStatusCode.InternalServerError) { Content = new StringContent(ex.Message) }); } finally { // Log event } }