public async Task CreateAsync(AuthenticationTokenCreateContext context) { //try //{ var clientid = context.Ticket.Properties.Dictionary["as:client_id"]; if (string.IsNullOrEmpty(clientid)) { return; } //TODO: I removed hashed tokens to reduce database size //var refreshTokenId = Guid.NewGuid().ToString("n"); var service = WebApiTokenEN.GetService(""); var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime"); WebApiToken token = WebApiTokenEN.GetEntityObjectT(); token.WebApiTokenID = Guid.NewGuid(); token.WebApiClientID = WebApiClientEN.GetService().GetByClientCode(clientid).WebApiClientID; token.UserID = Convert.ToInt64(context.Ticket.Identity.Name); token.IssuedUtc = DateTime.UtcNow; token.ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)); token.ProtectedTicket = context.SerializeTicket(); context.Ticket.Properties.IssuedUtc = token.IssuedUtc; context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc; service.AddToken(token); context.SetToken(token.WebApiTokenID.ToString("n")); //} //catch (Exception ex) //{ // var result = UIUtils.GetExceptionActionResult(ex); // context.Response. //} }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { try { string clientId = string.Empty; string clientSecret = string.Empty; vWebApiClient client = null; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { //Remove the comments from the below line context.SetError, and invalidate context //if you want to force sending clientId/secrects once obtain access tokens. context.Validated(); context.SetError("invalid_clientId", "ClientId should be sent."); return(Task.FromResult <object>(null)); } client = WebApiClientEN.GetService("").GetByClientCode(clientId); if (client == null) { context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId)); return(Task.FromResult <object>(null)); } if (client.CheckSecret) { if (string.IsNullOrWhiteSpace(clientSecret)) { context.SetError("invalid_clientId", "Client secret should be sent."); return(Task.FromResult <object>(null)); } else { if (client.SecretKey != clientSecret) { context.SetError("invalid_clientId", "Client secret is invalid."); return(Task.FromResult <object>(null)); } } } if (!client.IsActive) { context.SetError("invalid_clientId", "Client is inactive."); return(Task.FromResult <object>(null)); } if (client.UserApprovalStatusID != (byte)EntityEnums.UserApprovalStatusEnum.Approved) { context.SetError("invalid_clientId", "Client is locked or cancelled."); return(Task.FromResult <object>(null)); } if (client.SiteID != 0) // if the access was not to the top root of all xecare sites { if (FWUtils.SecurityUtils.GetCurrentSiteID() != client.SiteID) { context.SetError("invalid_clientId", "Client doesn't access to API of this current site."); return(Task.FromResult <object>(null)); } } context.OwinContext.Set <string>("as:clientAllowedOrigin", client.AllowedOrigin); context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshLifeTimeMinutes.ToString()); context.Validated(); return(Task.FromResult <object>(null)); } catch (Exception ex) { var msg = FWUtils.ExpLogUtils.ExceptionTranslator.TryToTranslate(ex).Message; context.SetError("error", msg); return(Task.FromResult <object>(null)); } }