public async Task CreateAsync(AuthenticationTokenCreateContext context)
        {
            //try
            //{
            var clientid = context.Ticket.Properties.Dictionary["as:client_id"];

            if (string.IsNullOrEmpty(clientid))
            {
                return;
            }

            //TODO: I removed hashed tokens to reduce database size

            //var refreshTokenId = Guid.NewGuid().ToString("n");

            var service = WebApiTokenEN.GetService("");


            var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime");

            WebApiToken token = WebApiTokenEN.GetEntityObjectT();

            token.WebApiTokenID   = Guid.NewGuid();
            token.WebApiClientID  = WebApiClientEN.GetService().GetByClientCode(clientid).WebApiClientID;
            token.UserID          = Convert.ToInt64(context.Ticket.Identity.Name);
            token.IssuedUtc       = DateTime.UtcNow;
            token.ExpiresUtc      = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime));
            token.ProtectedTicket = context.SerializeTicket();

            context.Ticket.Properties.IssuedUtc  = token.IssuedUtc;
            context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;

            service.AddToken(token);

            context.SetToken(token.WebApiTokenID.ToString("n"));
            //}
            //catch (Exception ex)
            //{
            //    var result = UIUtils.GetExceptionActionResult(ex);
            //    context.Response.
            //}
        }
Esempio n. 2
0
        public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {
            try
            {
                string        clientId     = string.Empty;
                string        clientSecret = string.Empty;
                vWebApiClient client       = null;

                if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
                {
                    context.TryGetFormCredentials(out clientId, out clientSecret);
                }

                if (context.ClientId == null)
                {
                    //Remove the comments from the below line context.SetError, and invalidate context
                    //if you want to force sending clientId/secrects once obtain access tokens.
                    context.Validated();
                    context.SetError("invalid_clientId", "ClientId should be sent.");
                    return(Task.FromResult <object>(null));
                }

                client = WebApiClientEN.GetService("").GetByClientCode(clientId);

                if (client == null)
                {
                    context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId));
                    return(Task.FromResult <object>(null));
                }

                if (client.CheckSecret)
                {
                    if (string.IsNullOrWhiteSpace(clientSecret))
                    {
                        context.SetError("invalid_clientId", "Client secret should be sent.");
                        return(Task.FromResult <object>(null));
                    }
                    else
                    {
                        if (client.SecretKey != clientSecret)
                        {
                            context.SetError("invalid_clientId", "Client secret is invalid.");
                            return(Task.FromResult <object>(null));
                        }
                    }
                }

                if (!client.IsActive)
                {
                    context.SetError("invalid_clientId", "Client is inactive.");
                    return(Task.FromResult <object>(null));
                }

                if (client.UserApprovalStatusID != (byte)EntityEnums.UserApprovalStatusEnum.Approved)
                {
                    context.SetError("invalid_clientId", "Client is locked or cancelled.");
                    return(Task.FromResult <object>(null));
                }

                if (client.SiteID != 0) // if the access was not to the top root of all xecare sites
                {
                    if (FWUtils.SecurityUtils.GetCurrentSiteID() != client.SiteID)
                    {
                        context.SetError("invalid_clientId", "Client doesn't access to API of this current site.");
                        return(Task.FromResult <object>(null));
                    }
                }

                context.OwinContext.Set <string>("as:clientAllowedOrigin", client.AllowedOrigin);
                context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshLifeTimeMinutes.ToString());

                context.Validated();
                return(Task.FromResult <object>(null));
            }
            catch (Exception ex)
            {
                var msg = FWUtils.ExpLogUtils.ExceptionTranslator.TryToTranslate(ex).Message;
                context.SetError("error", msg);
                return(Task.FromResult <object>(null));
            }
        }