public async Task <ActionResult> OAuthTokenCallback()
{
var ctx = GetOAuthContextCookie();
var ip = GetVisibleIdentityProviders().Single(x => x.ID == ctx.IdP);
var oauth2 = new OAuth2Client(GetProviderTypeFromOAuthProfileTypes(ip.ProviderType.Value), ip.ClientID, ip.ClientSecret);
var result = await oauth2.ProcessCallbackAsync();
if (result.Error != null)
{
return(View("Error"));
}
var claims = result.Claims.ToList();
string[] claimsToRemove = new string[]
{
"http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider",
ClaimTypes.AuthenticationInstant
};
foreach (var toRemove in claimsToRemove)
{
var tmp = claims.Find(x => x.Type == toRemove);
if (tmp != null)
{
claims.Remove(tmp);
}
}
claims.Add(new Claim(Constants.Claims.IdentityProvider, ip.Name, ClaimValueTypes.String, Constants.InternalIssuer));
var id = new ClaimsIdentity(claims, "OAuth");
var cp = new ClaimsPrincipal(id);
return(ProcessOAuthResponse(cp, ctx));
}
public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
{
var authentication = context.OwinContext.Authentication;
if (authentication == null)
{
return(base.GrantClientCredentials(context));
}
var user = authentication.User;
if (user == null)
{
return(base.GrantClientCredentials(context));
}
var userAccountService = context.OwinContext.Environment.GetUserAccountService <UserAccount>();
var account = userAccountService.GetByUsername("users", user.Identity.Name);
if (account == null)
{
return(base.GrantClientCredentials(context));
}
var claims = account.GetAllClaims();
var id = new System.Security.Claims.ClaimsIdentity(claims, "MembershipReboot");
context.Validated(id);
return(base.GrantClientCredentials(context));
}
// auxiliary functions
private void addClaim(System.Security.Claims.ClaimsIdentity identity, string claimName, string claimValue)
{
if (string.IsNullOrEmpty(claimValue) == false)
{
identity.AddClaim(new System.Security.Claims.Claim(claimName, claimValue));
}
}
public async Task <ActionResult> Login(LoginModel details, string returnUrl)
{
if (ModelState.IsValid)
{
AppUser user = await UserManager.FindAsync(details.Name,
details.Password);
if (user == null)
{
ModelState.AddModelError("", "Invalid name or password.");
}
else
{
//创建一个标识该用户的ClaimsIdentity对象。ClaimsIdentity类是IIdentity接口的ASP.NET Identity实现
//创建Cookie,浏览器会在后继的请求中发送这个Cookie
System.Security.Claims.ClaimsIdentity ident = await UserManager.CreateIdentityAsync(user,
DefaultAuthenticationTypes.ApplicationCookie);
//签出用户,这通常意味着使标识已认证用户的Cookie失效
AuthManager.SignOut();
//签入用户,这通常意味着要创建用来标识已认证请求的Cookie
AuthManager.SignIn(new AuthenticationProperties
{//配置认证过程
//IsPersistent属性设置为true,以使认证Cookie在浏览器中是持久化的,意即用户在开始新会话时,不必再次进行认证
IsPersistent = false
}, ident);
return(Redirect(returnUrl));
}
}
ViewBag.returnUrl = returnUrl;
return(View(details));
}
/// <summary>
/// Permet de définir un claim et le remplacer si exsite déja
/// </summary>
public static void SetClaim(this System.Security.Claims.ClaimsIdentity claimsIdentity, string claimType, string claimValue, string issuer = null)
{
if (claimsIdentity == null || string.IsNullOrWhiteSpace(claimType))
{
return;
}
System.Security.Claims.Claim findClaim = claimsIdentity.Claims.Where(c => c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase)).FirstOrDefault();
if (findClaim != null)
{
claimsIdentity.RemoveClaim(findClaim);
}
if (claimValue == null)
{
return; // mode delete
}
System.Security.Claims.Claim newClaim = null;
if (findClaim != null)
{
newClaim = new System.Security.Claims.Claim(findClaim.Type, claimValue, findClaim.ValueType, issuer);
}
else
{
newClaim = new System.Security.Claims.Claim(claimType, claimValue, System.Security.Claims.ClaimValueTypes.String, issuer);
}
claimsIdentity.AddClaim(newClaim);
}
public async Task <IActionResult> OnPost()
{
if (Authentification.Instance.IsAuthentificated(HttpContext))
{
Authentification.Instance.SetLoginStatus(HttpContext, false);
return(Page());
}
var user = _configuration.GetSection("SiteUser").Get <SiteUser>();
Authentification.Instance.SetLoginStatus(HttpContext, false);
if (UserName == user.UserName)
{
var passwordHasher = new Microsoft.AspNetCore.Identity.PasswordHasher <string>();
if (passwordHasher.VerifyHashedPassword(null, user.Password, Password) == Microsoft.AspNetCore.Identity.PasswordVerificationResult.Success)
{
var claims = new List <System.Security.Claims.Claim>
{
new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, UserName)
};
var claimsIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme);
await HttpContext.SignInAsync(Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme, new System.Security.Claims.ClaimsPrincipal(claimsIdentity));
Authentification.Instance.SetLoginStatus(HttpContext, true);
return(RedirectToPage("Index"));
}
}
Message = "Invalid attempt";
return(Page());
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool authorize = false;
System.Security.Claims.ClaimsIdentity claimsIdentity = httpContext.User.Identity as System.Security.Claims.ClaimsIdentity;
//get all roles of user from claims token
IEnumerable <System.Security.Claims.Claim> userGroupClaims = claimsIdentity.Claims.Where(x => x.Type.ToLower().Contains("group"));
// String userRoles = claimsIdentity.Claims.First(x => x.Type.ToLower().Contains("group")).Value;
String upn = claimsIdentity.Claims.First(x => x.Type.ToLower().Contains("upn")).Value;
//compare the available roles to roles of the user
foreach (var role in allowedroles)
{
string[] rolegroups = ConfigurationManager.AppSettings[role].Split(',').Select(s => s.Trim()).ToArray();
foreach (String rolegroup in rolegroups)
{
if ((userGroupClaims.Count(x => x.Value.Contains(rolegroup)) > 0) ||
(upn.Contains(rolegroup)))
{
System.Web.HttpContext.Current.Session["Role"] = role;
if ((role.ToLower() == "apadmin") || (role.ToLower() == "aradmin"))
{
return(true);
}
else
{
authorize = true;
}
}
}
}
return(authorize);
}
public ActionResult Index(ChangeUsernameInputModel model)
{
if (ModelState.IsValid)
{
try
{
//this.userAccountService.ChangeUsername(User.GetUserID(), model.NewUsername);
var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity);
if (!_claimsID.HasClaim("sub"))
{
return new HttpUnauthorizedResult();
}
this.userAccountService.ChangeUsername(System.Guid.Parse(_claimsID.Claims.GetValue("sub")), model.NewUsername);
this.authSvc.SignIn(User.GetUserID());
return RedirectToAction("Success");
}
catch (ValidationException ex)
{
ModelState.AddModelError("", ex.Message);
}
}
return View("Index", model);
}
/// <summary>
///
/// </summary>
/// <param name="actionContext"></param>
/// <returns></returns>
protected override bool IsAuthorized(HttpActionContext actionContext)
{
bool isAuthorized = false;
var autorizacion = HttpContext.Current.Request.Headers["Authorization"];
if (autorizacion != null && autorizacion.StartsWith("Bearer") && autorizacion.Length > 7)
{
var jwtManager = new JwtManager();
var token = autorizacion.Substring(7, autorizacion.Length - 7);
var validateTokenOut = jwtManager.ValidateToken(new MethodParameters.Authentication.JwtManager.ValidateTokenIn()
{
token = token
});
if (validateTokenOut.tokenInformation != null)
{
var claims = new List <System.Security.Claims.Claim>
{
new System.Security.Claims.Claim("sessionId", validateTokenOut.tokenInformation.sessionId),
new System.Security.Claims.Claim("usrID", validateTokenOut.tokenInformation.usrID)
};
var identity = new System.Security.Claims.ClaimsIdentity(claims, "Jwt");
HttpContext.Current.User = new System.Security.Claims.ClaimsPrincipal(identity);
isAuthorized = true;
}
}
return(isAuthorized);
}
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
base.OnAuthorization(actionContext);
if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.GetType() != typeof(PublicationsPrincipal))
{
System.Security.Claims.ClaimsIdentity claimsIdentity = ((System.Security.Claims.ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity);
string name = claimsIdentity.FindFirst("name").Value;
string email = claimsIdentity.FindFirst("email").Value;
int userID = Convert.ToInt32(claimsIdentity.FindFirst("userid").Value);
bool isAdministrator = Convert.ToBoolean(claimsIdentity.FindFirst("isadmin").Value);
if (!isAdministrator)
{
HandleUnauthorizedRequest(actionContext);
}
else
{
HttpContext.Current.User =
System.Threading.Thread.CurrentPrincipal = new PublicationsPrincipal(new PublicationsIdentity(name, userID, email, isAdministrator));
}
}
else
{
if (!((PublicationsIdentity)HttpContext.Current.User.Identity).IsAdministrator)
{
HandleUnauthorizedRequest(actionContext);
}
}
}
}
public static int GrabUserId(System.Security.Claims.ClaimsIdentity claim)
{
int id;
var o = claim.GetUserId();
return(int.TryParse(o, out id) ? id : 0);
}
public async Task <ActionResult> Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid)
{
ApplicationUser user = await UserManager.FindAsync(model.Email, model.Password);
if (user == null)
{
ModelState.AddModelError("", "Неверный логин или пароль.");
}
else
{
System.Security.Claims.ClaimsIdentity claim = await UserManager.CreateIdentityAsync(user,
DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignOut();
AuthenticationManager.SignIn(new Microsoft.Owin.Security.AuthenticationProperties
{
IsPersistent = true
}, claim);
if (String.IsNullOrEmpty(returnUrl))
{
return(RedirectToAction("Index", "Home"));
}
return(Redirect(returnUrl));
}
}
ViewBag.returnUrl = returnUrl;
return(View(model));
}
private void SetUsername()
{
System.Security.Claims.ClaimsIdentity cp = HttpContext.User.Identity as System.Security.Claims.ClaimsIdentity;
var name = cp.Claims.First <System.Security.Claims.Claim>(c => c.Type == System.Security.Claims.ClaimTypes.NameIdentifier);
ViewBag.UserName = name.Value;
}
// GET: Admin/Posts/Create
public IActionResult Create()
{
System.Security.Claims.ClaimsIdentity ci = new System.Security.Claims.ClaimsIdentity();
if (User.Identity.Name != null)
{
ci = (System.Security.Claims.ClaimsIdentity)User.Identity;
}
else
{
return(Challenge());
}
Post p = new Post()
{
CreatedDate = DateTime.Now,
BlogPostRecs = new List <BlogPostRec>(),
IsDraft = true,
IsActive = true,
PostedBy = $"{ci.FindFirst(System.Security.Claims.ClaimTypes.GivenName).Value} {ci.FindFirst(System.Security.Claims.ClaimTypes.Surname).Value}"
};
foreach (Blog b in _context.Blogs)
{
BlogPostRec bpr = new BlogPostRec()
{
BlogId = b.Id, Blog = b
};
p.BlogPostRecs.Add(bpr);
}
p.BlogPostRecs.OrderBy(x => x.Blog.BlogName);
return(View(p));
}
//validate user credentials, then generate token
//token is used to grant access
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var identity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType);
//validate client credentials here
if (context.UserName == "admin" && context.Password == "admin")
{
identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, "admin"));
identity.AddClaim(new System.Security.Claims.Claim("username", "admin"));
identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Shashank Shinde"));
context.Validated(identity);
}
else if (context.UserName == "user" && context.Password == "user")
{
identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Role, "user"));
identity.AddClaim(new System.Security.Claims.Claim("username", "user"));
identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Shinde Shashank"));
context.Validated(identity);
}
else
{
context.SetError("invalid_grant", "Given username and password is invalid");
return;
}
}
public ActionResult Index(ChangePasswordInputModel model)
{
//if (!User.HasUserID())
//{
// return new HttpUnauthorizedResult();
//}
var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity);
if (!_claimsID.HasClaim("sub"))
{
return new HttpUnauthorizedResult();
}
var acctID = System.Guid.Parse(_claimsID.Claims.GetValue("sub"));
if (ModelState.IsValid)
{
try
{
//this.userAccountService.ChangePassword(User.GetUserID(), model.OldPassword, model.NewPassword);
this.userAccountService.ChangePassword(acctID, model.OldPassword, model.NewPassword);
return View("Success");
}
catch (ValidationException ex)
{
ModelState.AddModelError("", ex.Message);
}
}
return View(model);
}
ClaimsPrincipal ISecurityTokenValidator.ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
// validatedToken = new JwtSecurityToken(securityToken);
try
{
tokenHandler.ValidateToken(securityToken, validationParameters, out validatedToken);
validatedToken = new JwtSecurityToken("jwtEncodedString");
}
catch (Exception ex)
{
System.Console.WriteLine(ex.Message);
throw;
}
ClaimsPrincipal principal = null;
// SecurityToken validToken = null;
validatedToken = null;
System.Collections.Generic.List <System.Security.Claims.Claim> ls =
new System.Collections.Generic.List <System.Security.Claims.Claim>();
ls.Add(
new System.Security.Claims.Claim(
System.Security.Claims.ClaimTypes.Name, "IcanHazUsr_éèêëïàáâäåãæóòôöõõúùûüñçø_ÉÈÊËÏÀÁÂÄÅÃÆÓÒÔÖÕÕÚÙÛÜÑÇØ 你好,世界 Привет\tмир"
, System.Security.Claims.ClaimValueTypes.String
)
);
//
System.Security.Claims.ClaimsIdentity id = new System.Security.Claims.ClaimsIdentity("authenticationType");
id.AddClaims(ls);
principal = new System.Security.Claims.ClaimsPrincipal(id);
return(principal);
throw new NotImplementedException();
}
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
base.OnAuthorization(actionContext);
if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated &&
HttpContext.Current.User.GetType() != typeof(Principal))
{
System.Security.Claims.ClaimsIdentity claimsIdentity = ((System.Security.Claims.ClaimsIdentity)System.Threading.Thread.CurrentPrincipal.Identity);
string name = claimsIdentity.FindFirst("name").Value;
string email = claimsIdentity.FindFirst("email").Value;
string companyName = claimsIdentity.FindFirst("companyname").Value;
int userID = Convert.ToInt32(claimsIdentity.FindFirst("userid").Value);
int userType = Convert.ToInt32(claimsIdentity.FindFirst("usertype").Value);
int companyId = Convert.ToInt32(claimsIdentity.FindFirst("companyid").Value);
string ipaddress = claimsIdentity.FindFirst("ipaddress").Value;
if (userType == (int)UserType.Admin || userType == (int)UserType.User)
{
HttpContext.Current.User =
System.Threading.Thread.CurrentPrincipal = new Principal(new Identity(name, userID, email, userType, companyId, companyName, ipaddress));
}
else
{
HandleUnauthorizedRequest(actionContext);
}
}
}
public static string AuthorizeUser(string user_name = "", string password = "")
{
string result = "Unknown user name or password.";
try
{
IParameterCollection Params = new ParameterCollection();
Params.Add("@login", user_name);
Params.Add("@password", password);
SqlManager M = new DersaAnonimousSqlManager();
int checkresult = M.ExecuteSPWithResult("DERSA_USER$CanAuthorize", false, Params);
if (checkresult == (int)DersaUserStatus.active)
{
IAuthenticationManager authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
authenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var User = new UserProvider(user_name);
System.Security.Claims.ClaimsIdentity identity = new System.Security.Claims.ClaimsIdentity(User.Identity, null, "ApplicationCookie", null, null);
authenticationManager.SignIn(new AuthenticationProperties()
{
IsPersistent = false
}, identity);
return("");
}
switch (checkresult)
{
case (int)DersaUserStatus.registered:
result = "Your registration is not completed.";
break;
}
}
catch { throw; }
return(result);
}
public async Task <ActionResult> EditClaims(UserClaim userClaim)
{
var _user = UserManager.FindByName(userClaim.UserName);
if (_user == null)
{
return(HttpNotFound("Invalid user"));
}
if (ModelState.IsValid)
{
// trigger generating identity - usermanager will persist generic types to database
_user.Claims.Remove(_user.Claims.Where(
c => c.ClaimType == userClaim.ClaimType).First());
_user.Claims.Add(new UserClaimIntPk
{
UserId = _user.Id,
ClaimType = userClaim.ClaimType,
ClaimValue = userClaim.ClaimValue
});
System.Security.Claims.ClaimsIdentity identity = await _user.GenerateUserIdentityAsync(UserManager);
log.Info("Edited claim for user (" + userClaim.ClaimType + ":" + userClaim.ClaimValue + " for " + userClaim.UserName);
}
return(RedirectToAction("EditClaims", new { UserName = userClaim.UserName }));
}
public ActionResult Index()
{
//if (!User.HasUserID())
//{
// return new HttpUnauthorizedResult();
//}
//var acct = this.userAccountService.GetByID(User.GetUserID());
var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity);
if (!_claimsID.HasClaim("sub"))
{
return new HttpUnauthorizedResult();
}
//var acct = this.userAccountService.GetByID(System.Guid.Parse(Thinktecture.IdentityServer.Core.Extensions.PrincipalExtensions.GetSubjectId(this.User)));
var acct = this.userAccountService.GetByID(System.Guid.Parse(_claimsID.Claims.GetValue("sub")));
if (acct.HasPassword())
{
return View(new ChangePasswordInputModel());
}
else
{
return View("SendPasswordReset");
}
}
//
// Summary:
// Called when a request to the Token endpoint arrives with a "grant_type" of "password".
// This occurs when the user has provided name and password credentials directly
// into the client application's user interface, and the client application is using
// those to acquire an "access_token" and optional "refresh_token". If the web application
// supports the resource owner credentials grant type it must validate the context.Username
// and context.Password as appropriate. To issue an access token the context.Validated
// must be called with a new ticket containing the claims about the resource owner
// which should be associated with the access token. The application should take
// appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
// The default behavior is to reject this grant type. See also http://tools.ietf.org/html/rfc6749#section-4.3.2
//
// Parameters:
// context:
// The context of the event carries information in and results out.
//
// Returns:
// Task to enable asynchronous execution
public override async Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context)
{
var userName = context.UserName;
var password = context.Password;
var user = databaseManager.LoginByUsernamePassword(userName, password).ToList();
if (user == null || user.Count() <= 0)
{
context.SetError("invalid_grant", "The user name and password is incorrect");
return;
}
var claims = new List <System.Security.Claims.Claim>();
var userInfo = user.FirstOrDefault();
claims.Add(new System.Security.Claims.Claim(
System.Security.Claims.ClaimTypes.Name, userInfo.username));
// Setting claim identities for OAuth2
var oAuthClaimIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.Owin.Security.OAuth.OAuthDefaults.AuthenticationType);
var cookiesClaimIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.Owin.Security.Cookies.CookieAuthenticationDefaults.AuthenticationType);
// Setting user authentication
var properties = CreateProperties(userInfo.username);
var ticket = new Microsoft.Owin.Security.AuthenticationTicket(oAuthClaimIdentity, properties);
// Grant access to user
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesClaimIdentity);
}
private async Task <TagTransactionEntity> StartAsync(System.Security.Claims.ClaimsIdentity user, string channel, string alias)
{
var tx = new TagTransactionEntity(TagTransactionOperation.Create, channel, alias, user.Name);
await this.TagTransactionTable.Create(tx);
return(tx);
}
private static void SignIn(System.Security.Claims.ClaimsIdentity userIdentity)
{
var authenticationManager = GetAuthenticationManager();
authenticationManager.SignIn(new AuthenticationProperties()
{
}, userIdentity);
}
public static bool verifyUser(System.Security.Claims.ClaimsIdentity user)
{
var userExists = db.Users.AsEnumerable().Contains
(db.Users.FirstOrDefault
(f => f.ID == user.Name));
return(userExists);
}
public override Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context)
{
// The authentication types should be set to "Bearer" while setting up the ClaimsIdentity
// I have set up basic mandatory ClaimsIdentity. You can add the necessary claims if required.
System.Security.Claims.ClaimsIdentity ci = new System.Security.Claims.ClaimsIdentity("Bearer");
context.OwinContext.Authentication.SignIn(ci);
context.RequestCompleted();
return Task.FromResult<object>(null);
}
/// <summary>
/// Gets an internal identity that represents an Aika test user account.
/// </summary>
/// <returns>
/// A <see cref="System.Security.Claims.ClaimsPrincipal"/> that represents an Aika test
/// user account.
/// </returns>
internal static System.Security.Claims.ClaimsPrincipal GetTestIdentity()
{
var identity = new System.Security.Claims.ClaimsIdentity("AikaTestUser");
identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, Guid.Empty.ToString()));
identity.AddClaim(new System.Security.Claims.Claim(identity.NameClaimType, "AikaTestUser"));
return(new System.Security.Claims.ClaimsPrincipal(identity));
}
public static string GetClaimValue(this System.Security.Claims.ClaimsIdentity claimIdentity, string claimName)
{
if (claimIdentity?.HasClaim(c => c.Type == claimName) == true)
{
return(claimIdentity.Claims.FirstOrDefault(claim => claim.Type == claimName).Value);
}
return(string.Empty);
}
private async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
this.AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
System.Security.Claims.ClaimsIdentity identity = await this.UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
this.AuthenticationManager.SignIn(new AuthenticationProperties()
{
IsPersistent = isPersistent
}, identity);
}
static public ClaimsIdentity Convert( v1ClaimsIdentity v1ClaimsIdentity )
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
foreach ( v1Claim v1claim in v1ClaimsIdentity.Claims )
{
claimsIdentity.AddClaim( new Claim( v1claim.ClaimType, v1claim.Value, v1claim.ValueType, v1claim.Issuer, v1claim.OriginalIssuer ) );
}
return claimsIdentity;
}
static public v1ClaimsIdentity Convert( ClaimsIdentity claimsIdentity )
{
v1ClaimsIdentity v1ClaimsIdentity = new v1ClaimsIdentity();
foreach ( Claim claim in claimsIdentity.Claims )
{
v1ClaimsIdentity.Claims.Add( new v1Claim( claim.Type, claim.Value, claim.ValueType, claim.Issuer, claim.OriginalIssuer ) );
}
return v1ClaimsIdentity;
}
public ActionResult Remove(Guid id)
{
//this.userAccountService.RemovePasswordResetSecret(User.GetUserID(), id);
var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity);
if (!_claimsID.HasClaim("sub"))
{
return new HttpUnauthorizedResult();
}
this.userAccountService.RemovePasswordResetSecret(System.Guid.Parse(_claimsID.Claims.GetValue("sub")), id);
return RedirectToAction("Index");
}
public static int GrabUserId(System.Security.Claims.ClaimsIdentity claim)
{
if (!int.TryParse(claim.GetUserId(), out int id))
{
return(0);
}
else
{
return(id);
}
}
static public v1ClaimsIdentity Convert(ClaimsIdentity claimsIdentity)
{
v1ClaimsIdentity v1ClaimsIdentity = new v1ClaimsIdentity();
foreach (Claim claim in claimsIdentity.Claims)
{
v1ClaimsIdentity.Claims.Add(new v1Claim(claim.Type, claim.Value, claim.ValueType, claim.Issuer, claim.OriginalIssuer));
}
return(v1ClaimsIdentity);
}
static public ClaimsIdentity Convert(v1ClaimsIdentity v1ClaimsIdentity)
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
foreach (v1Claim v1claim in v1ClaimsIdentity.Claims)
{
claimsIdentity.AddClaim(new Claim(v1claim.ClaimType, v1claim.Value, v1claim.ValueType, v1claim.Issuer, v1claim.OriginalIssuer));
}
return(claimsIdentity);
}
/// <summary>
/// 发放。授权资源访问凭证
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async System.Threading.Tasks.Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context)
{
//return base.GrantResourceOwnerCredentials(context);
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
//鉴定ClientID之后。授权来源
if (allowedOrigin == null)
{
allowedOrigin = this.userClientAuth? "*" : this.AnoymouseAllowedOrigins;
}
/////ngauthenticationweb Access-Control-Allow-Origin //来源鉴定
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", allowedOrigin.Split(','));
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "GET", "POST", "PUT", "DELETE" });
Microsoft.AspNet.Identity.EntityFramework.IdentityUser user =
await authRepository.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "用户名,密码不正确");
return;
}
//claim based 认证
var identity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, context.UserName));
identity.AddClaim(new System.Security.Claims.Claim("sub", context.UserName));
identity.AddClaim(new System.Security.Claims.Claim("role", "user"));
//identity.AddClaim(new System.Security.Claims.Claim("test", "test"));
var claims = MallAuth.ServerCache.GlobalCache.getInstance().getUserClaims(context.UserName);
foreach (var item in claims)
{
identity.AddClaim(new System.Security.Claims.Claim(item.Type, item.Value));
}
///额外的响应参数.注意这个和Claim不同
var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId
},
{
"userName", context.UserName
}
});
var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props);
context.Validated(ticket);
//context.Validated(identity);
}
public void MarkUserAsLoggedOut()
{
_sessionStorageService.RemoveItemAsync("emailAddress");
_sessionStorageService.RemoveItemAsync("token");
var identity = new System.Security.Claims.ClaimsIdentity();
var user = new System.Security.Claims.ClaimsPrincipal(identity);
NotifyAuthenticationStateChanged(System.Threading.Tasks.Task
.FromResult(new Microsoft.AspNetCore.Components.Authorization.AuthenticationState(user)));
}
public ActionResult Index()
{
//var account = this.userAccountService.GetByID(User.GetUserID());
var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity);
if (!_claimsID.HasClaim("sub"))
{
return new HttpUnauthorizedResult();
}
var account = this.userAccountService.GetByID(System.Guid.Parse(_claimsID.Claims.GetValue("sub")));
var vm = new PasswordResetSecretsViewModel
{
Secrets = account.PasswordResetSecrets.ToArray()
};
return View("Index", vm);
}
public void Configuration(IAppBuilder app)
{
var oauthProvider = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider
{
OnGrantResourceOwnerCredentials = async context =>
{
if (context.UserName == "rboyina" && context.Password == "welcome@123")
{
var claimsIdentity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType);
claimsIdentity.AddClaim(new System.Security.Claims.Claim("user", context.UserName));
context.Validated(claimsIdentity);
return;
}
context.Rejected();
},
OnValidateClientAuthentication = async context =>
{
string clientId;
string clientSecret;
if (context.TryGetBasicCredentials(out clientId, out clientSecret))
{
if (clientId == "ravi" && clientSecret == "secretKey")
{
context.Validated();
}
}
}
};
var oauthOptions = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new Microsoft.Owin.PathString("/accesstoken"),
Provider = oauthProvider,
AuthorizationCodeExpireTimeSpan = TimeSpan.FromMinutes(1),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(3),
SystemClock = new Microsoft.Owin.Infrastructure.SystemClock()
};
app.UseOAuthAuthorizationServer(oauthOptions);
app.UseOAuthBearerAuthentication(new Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions());
var config = new System.Web.Http.HttpConfiguration();
config.MapHttpAttributeRoutes();
app.UseWebApi(config);
}
public ActionResult Add(AddSecretQuestionInputModel model)
{
if (ModelState.IsValid)
{
try
{
//this.userAccountService.AddPasswordResetSecret(User.GetUserID(), model.Question, model.Answer);
var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity);
if (!_claimsID.HasClaim("sub"))
{
return new HttpUnauthorizedResult();
}
this.userAccountService.AddPasswordResetSecret(System.Guid.Parse(_claimsID.Claims.GetValue("sub")), model.Question, model.Answer);
return RedirectToAction("Index");
}
catch (ValidationException ex)
{
ModelState.AddModelError("", ex.Message);
}
}
return View("Add", model);
}
public ActionResult Index(ChangeEmailRequestInputModel model)
{
if (ModelState.IsValid)
{
try
{
//this.userAccountService.ChangeEmailRequest(User.GetUserID(), model.NewEmail);
var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity);
if (!_claimsID.HasClaim("sub"))
{
return new HttpUnauthorizedResult();
}
this.userAccountService.ChangeEmailRequest(System.Guid.Parse(_claimsID.Claims.GetValue("sub")), model.NewEmail);
if (userAccountService.Configuration.RequireAccountVerification)
{
return View("ChangeRequestSuccess", (object)model.NewEmail);
}
else
{
return View("Success");
}
}
catch (ValidationException ex)
{
ModelState.AddModelError("", ex.Message);
}
}
return View("Index", model);
}
private static System.Security.Claims.ClaimsPrincipal CreateClaimsPrincipal(string userKey)
{
System.Security.Claims.ClaimsIdentity claimIdentity;
if (userKey == null)
{
claimIdentity = new System.Security.Claims.ClaimsIdentity();
}
else
{
var claim = new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, userKey);
var claims = new List<System.Security.Claims.Claim> { claim };
claimIdentity = new System.Security.Claims.ClaimsIdentity(claims, "Test");
}
var identity = new System.Security.Claims.ClaimsIdentity[] { claimIdentity };
return new System.Security.Claims.ClaimsPrincipal(identity);
}
public async Task<ActionResult> OAuthTokenCallback()
{
var ctx = GetOAuthContextCookie();
var ip = GetVisibleIdentityProviders().Single(x => x.ID == ctx.IdP);
var oauth2 = new OAuth2Client(GetProviderTypeFromOAuthProfileTypes(ip.ProviderType.Value), ip.ClientID, ip.ClientSecret);
var result = await oauth2.ProcessCallbackAsync();
if (result.Error != null) return View("Error");
var claims = result.Claims.ToList();
string[] claimsToRemove = new string[]
{
"http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider",
ClaimTypes.AuthenticationInstant
};
foreach (var toRemove in claimsToRemove)
{
var tmp = claims.Find(x => x.Type == toRemove);
if (tmp != null) claims.Remove(tmp);
}
claims.Add(new Claim(Constants.Claims.IdentityProvider, ip.Name, ClaimValueTypes.String, Constants.InternalIssuer));
var id = new ClaimsIdentity(claims, "OAuth");
var cp = new ClaimsPrincipal(id);
return ProcessOAuthResponse(cp, ctx);
}
public UserHttpContext(string userKey)
{
var claim = new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, userKey);
var claimIdentity = new System.Security.Claims.ClaimsIdentity(new List<System.Security.Claims.Claim> { claim }, "Test");
var identity = new System.Security.Claims.ClaimsIdentity[] { claimIdentity };
var principal = new System.Security.Claims.ClaimsPrincipal(identity);
User = principal;
_Request = MockHttpContextFactory.CreateRequest();
_Response = MockHttpContextFactory.CreateResponse();
}
public ActionResult SendPasswordReset()
{
//if (!User.HasUserID())
//{
// return new HttpUnauthorizedResult();
//}
var _claimsID = new System.Security.Claims.ClaimsIdentity(User.Identity);
if (!_claimsID.HasClaim("sub"))
{
return new HttpUnauthorizedResult();
}
try
{
//var acct = this.userAccountService.GetByID(User.GetUserID());
var acct = this.userAccountService.GetByID(System.Guid.Parse(_claimsID.Claims.GetValue("sub")));
this.userAccountService.ResetPassword(acct.Tenant, acct.Email);
return View("Sent");
}
catch (ValidationException ex)
{
ModelState.AddModelError("", ex.Message);
}
return View("SendPasswordReset");
}
