public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId)
context.Validated();
return Task.FromResult<object>(null);
}
/// <summary>
/// Called to validate that the context.ClientId is a registered "client_id", and that the context.RedirectUri a "redirect_uri"
/// registered for that client. This only occurs when processing the Authorize endpoint. The application MUST implement this
/// call, and it MUST validate both of those factors before calling context.Validated. If the context.Validated method is called
/// with a given redirectUri parameter, then IsValidated will only become true if the incoming redirect URI matches the given redirect URI.
/// If context.Validated is not called the request will not proceed further.
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public override async Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
this.options.Logger.DebugFormat("Validating client id and redirect uri");
// Only proceed if client id and redirect uri is provided
if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.RedirectUri))
{
this.options.Logger.WarnFormat("Client id ({0}) or client secret ({1}) is invalid", context.ClientId, context.RedirectUri);
return;
}
this.options.Logger.DebugFormat("Authenticating client '{0}' and redirect uri '{1}'", context.ClientId, context.RedirectUri);
var client = await this.options.ClientManager.AuthenticateClientAsync(context.ClientId, context.RedirectUri);
if (!client.Identity.IsAuthenticated)
{
context.Rejected();
this.options.Logger.WarnFormat("Client '{0}' and redirect uri '{1}' was not authenticated", context.ClientId, context.RedirectUri);
return;
}
this.options.Logger.DebugFormat("Client '{0}' and redirect uri '{1}' was successfully authenticated", context.ClientId, context.RedirectUri);
context.OwinContext.GetOAuthContext().ClientId = context.ClientId;
context.OwinContext.GetOAuthContext().RedirectUri = context.RedirectUri;
context.Validated(context.RedirectUri);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId != _publicClientId) return Task.FromResult<object>(null);
var expectedRootUri = new Uri(context.Request.Uri, "/");
if (expectedRootUri.AbsoluteUri == context.RedirectUri) context.Validated();
return Task.FromResult<object>(null);
}
private Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == ClientId)
{
context.Validated();
}
return Task.FromResult(0);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
Uri uri;
if (Uri.TryCreate(context.RedirectUri, UriKind.Absolute, out uri))
{
context.Validated();
return Task.FromResult(0);
}
return base.ValidateClientRedirectUri(context);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId) {
Uri expectedRootUri = new Uri(context.Request.Uri, "/externalLogin"); // modified by Stephen
if (expectedRootUri.AbsoluteUri == context.RedirectUri) {
context.Validated();
}
}
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId != _publicClientId) return null;
var expectedRootUri = new Uri(context.Request.Uri, "/");
if (expectedRootUri.AbsoluteUri == context.RedirectUri)
{
context.Validated();
}
return null;
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId)
{
Uri expectedRootUri = new Uri(context.Request.Uri, "/");
if (true /*expectedRootUri.AbsoluteUri == context.RedirectUri*/)
{
context.Validated();
}
}
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId)
{
Uri expectedRootUri = FullRootUri(HttpContext.Current);
if (expectedRootUri.AbsoluteUri == context.RedirectUri)
{
context.Validated();
}
}
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == "self")
{
var expectedRootUri = new Uri(context.Request.Uri, "/");
if (expectedRootUri.AbsoluteUri == context.RedirectUri)
{
context.Validated();
}
}
return Task.FromResult(0);
}
public override System.Threading.Tasks.Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId)
{
Uri expectedRootUri = new Uri(context.Request.Uri, "/");
if (expectedRootUri.AbsoluteUri == context.RedirectUri)
{
context.Validated();
}
}
return System.Threading.Tasks.Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == publicClientId)
{
Uri expectedRootUri = new Uri(context.Request.Uri, "/" + this.externalAuthPageUrl);
if (expectedRootUri.AbsoluteUri == context.RedirectUri)
{
context.Validated();
}
}
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId)
{
Uri expectedRootUri = new Uri(context.Request.Uri, "/");
Uri redirectUri = new Uri(context.RedirectUri);
if (expectedRootUri.Authority == redirectUri.Authority)
{
context.Validated();
}
}
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
//if (context.ClientId == _publicClientId)
//{
// Uri expectedRootUri = new Uri(context.Request.Uri, "/");
// if (expectedRootUri.AbsoluteUri == context.RedirectUri)
// {
// context.Validated();
// }
//}
if (context.ClientId == _publicClientId)
{
context.Validated();
}
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == this.publicClientId)
{
var expectedRootUri = new Uri(context.Request.Uri, "/");
if (expectedRootUri.AbsoluteUri == context.RedirectUri)
{
context.Validated();
}
else if (context.ClientId == "web")
{
var expectedUri = new Uri(context.Request.Uri, "/");
context.Validated(expectedUri.AbsoluteUri);
}
}
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
var authCookie = context.Request.Cookies[FormsAuthentication.FormsCookieName];
var authTicket = FormsAuthentication.Decrypt(authCookie);
if (authTicket.Expired)
context.Rejected();
else
context.Validated();
//We validated that Client Id and Reditect Uri are indeed what we expect
//if (context.ClientId == "123456" && context.RedirectUri.Contains("localhost"))
// context.Validated();
//else
// context.Rejected();
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId != _publicClientId)
{
return Task.FromResult(0);
}
Uri expectedRootUri = new Uri(context.Request.Uri, "/");
string windowsStoreRedirectUri = ConfigurationManager.AppSettings["windowsStoreRedirectUri"];
if (expectedRootUri.AbsoluteUri == context.RedirectUri ||
(windowsStoreRedirectUri != null && new Uri(windowsStoreRedirectUri).AbsoluteUri == context.RedirectUri))
{
context.Validated();
}
return Task.FromResult(0);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context) {
if (!String.IsNullOrEmpty(context.ClientId) && context.ClientId != PublicClientId) {
var app = _applicationRepository.GetById(context.ClientId, true);
if (app == null)
return Task.FromResult(0);
if (!context.Request.Uri.AbsoluteUri.StartsWith(app.Url))
return Task.FromResult(0);
context.Validated(context.Request.Uri.AbsoluteUri);
} else {
if (!context.Request.Uri.AbsoluteUri.StartsWith(context.Request.Uri.Authority))
return Task.FromResult(0);
context.Validated(context.Request.Uri.AbsoluteUri);
}
return Task.FromResult(0);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
// TODO: REFACTOR > code identical to CORS, same clients
if (_registeredClients == null)
{
_registeredClients = new Collection<Uri>();
string[] domains = ConfigurationManager.AppSettings["CORS"].Split(';');
foreach (var domain in domains)
{
_registeredClients.Add(new Uri(domain));
}
}
var client = new Uri(context.RedirectUri);
if (context.ClientId == _publicClientId && _registeredClients.Any(o => o.IsBaseOf(client)))
{
context.Validated();
}
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId)
{
//BEGIN MODIFIED BY JLC
/*
Uri expectedRootUri = new Uri(context.Request.Uri, "/");
if (expectedRootUri.AbsoluteUri == context.RedirectUri)
{
context.Validated();
}
**/
context.Validated();
//TODO: Is this still compliant with oAuth 2.0?????????????????
//END MODIFIED BY JLC
}
return Task.FromResult<object>(null);
}
private Task <bool> SendErrorRedirectAsync(
OAuthValidateClientRedirectUriContext clientContext,
BaseValidatingContext <OAuthAuthorizationServerOptions> validatingContext)
{
if (clientContext == null)
{
throw new ArgumentNullException("clientContext");
}
string error = validatingContext.HasError ? validatingContext.Error : Constants.Errors.InvalidRequest;
string errorDescription = validatingContext.HasError ? validatingContext.ErrorDescription : null;
string errorUri = validatingContext.HasError ? validatingContext.ErrorUri : null;
if (!clientContext.IsValidated)
{
// write error in response body if client_id or redirect_uri have not been validated
return(SendErrorPageAsync(error, errorDescription, errorUri));
}
// redirect with error if client_id and redirect_uri have been validated
string location = WebUtilities.AddQueryString(clientContext.RedirectUri, Constants.Parameters.Error, error);
if (!string.IsNullOrEmpty(errorDescription))
{
location = WebUtilities.AddQueryString(location, Constants.Parameters.ErrorDescription, errorDescription);
}
if (!string.IsNullOrEmpty(errorUri))
{
location = WebUtilities.AddQueryString(location, Constants.Parameters.ErrorUri, errorUri);
}
// if a state parameter was provided, include it in the redirect location
IList <string> stateValues = clientContext.Request.Query.GetValues(Constants.Parameters.State);
if (stateValues != null && stateValues.Count == 1)
{
location = WebUtilities.AddQueryString(location, Constants.Parameters.State, stateValues[0]);
}
Response.Redirect(location);
// request is handled, does not pass on to application
return(Task.FromResult(true));
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId)
{
var referer = context.Request.Headers["Referer"];
var returnUrl = context.Request.Query != null
? context.Request.Query.Get("redirect_uri") ?? null
: null;
var expectedUri = referer != null ? new Uri(referer) : returnUrl != null ? new Uri(returnUrl) : context.Request.Uri;
Uri expectedRootUri = new Uri(expectedUri, "/access_token.html");
if (expectedRootUri.AbsoluteUri == context.RedirectUri)
{
context.Validated();
}
}
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId)
{
var httpRequest = ((System.Web.HttpContextBase)context.OwinContext.Environment["System.Web.HttpContextBase"]).Request;
var path = string.Format("{0}/", httpRequest.ApplicationPath.TrimEnd('/'));
Uri expectedRootUri = new Uri(context.Request.Uri, path);
if (expectedRootUri.AbsoluteUri == context.RedirectUri)
{
context.Validated();
}
else if (context.ClientId == "web")
{
var expectedUri = new Uri(context.Request.Uri, path);
context.Validated(expectedUri.AbsoluteUri);
}
}
return Task.FromResult<object>(null);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId)
{
Uri requestUri = context.Request.Uri;
Uri redirectUri = new Uri(context.RedirectUri);
if (redirectUri.Host == requestUri.Host && "/".Equals(redirectUri.AbsolutePath, StringComparison.OrdinalIgnoreCase))
{
if (!string.IsNullOrEmpty(redirectUri.Query))
{
NameValueCollection queryString = HttpUtility.ParseQueryString(redirectUri.Query);
string returnData = queryString["rd"];
if (!string.IsNullOrEmpty(returnData))
{
//TODO: check if json is valid
context.Validated();
}
}
}
}
return Task.FromResult<object>(null);
}
/// <summary>
/// Called to validate that the context.ClientId is a registered "client_id", and that the context.RedirectUri a "redirect_uri"
/// registered for that client. This only occurs when processing the Authorize endpoint. The application MUST implement this
/// call, and it MUST validate both of those factors before calling context.Validated. If the context.Validated method is called
/// with a given redirectUri parameter, then IsValidated will only become true if the incoming redirect URI matches the given redirect URI.
/// If context.Validated is not called the request will not proceed further.
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public virtual Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
return OnValidateClientRedirectUri.Invoke(context);
}
/// <summary>
/// Called to validate that the context.ClientId is a registered "client_id", and that the context.RedirectUri a "redirect_uri"
/// registered for that client. This only occurs when processing the Authorize endpoint. The application MUST implement this
/// call, and it MUST validate both of those factors before calling context.Validated. If the context.Validated method is called
/// with a given redirectUri parameter, then IsValidated will only become true if the incoming redirect URI matches the given redirect URI.
/// If context.Validated is not called the request will not proceed further.
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public virtual Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
return(OnValidateClientRedirectUri.Invoke(context));
}
/// <summary>
/// 验证重定向域名是否符合当前客户端Id创建时填写的主域名
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public async override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
string redirectUri = await _clientValidator.GetRedirectUrl(context.ClientId);
if (redirectUri != null)
{
context.Validated(redirectUri);
}
await Task.FromResult(0);
}
private async Task <bool> InvokeAuthorizeEndpointAsync()
{
var authorizeRequest = new AuthorizeEndpointRequest(Request.Query);
var clientContext = new OAuthValidateClientRedirectUriContext(
Context,
Options,
authorizeRequest.ClientId,
authorizeRequest.RedirectUri);
if (!String.IsNullOrEmpty(authorizeRequest.RedirectUri))
{
bool acceptableUri = true;
Uri validatingUri;
if (!Uri.TryCreate(authorizeRequest.RedirectUri, UriKind.Absolute, out validatingUri))
{
// The redirection endpoint URI MUST be an absolute URI
// http://tools.ietf.org/html/rfc6749#section-3.1.2
acceptableUri = false;
}
else if (!String.IsNullOrEmpty(validatingUri.Fragment))
{
// The endpoint URI MUST NOT include a fragment component.
// http://tools.ietf.org/html/rfc6749#section-3.1.2
acceptableUri = false;
}
else if (!Options.AllowInsecureHttp &&
String.Equals(validatingUri.Scheme, Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase))
{
// The redirection endpoint SHOULD require the use of TLS
// http://tools.ietf.org/html/rfc6749#section-3.1.2.1
acceptableUri = false;
}
if (!acceptableUri)
{
clientContext.SetError(Constants.Errors.InvalidRequest);
return(await SendErrorRedirectAsync(clientContext, clientContext));
}
}
await Options.Provider.ValidateClientRedirectUri(clientContext);
if (!clientContext.IsValidated)
{
_logger.WriteVerbose("Unable to validate client information");
return(await SendErrorRedirectAsync(clientContext, clientContext));
}
var validatingContext = new OAuthValidateAuthorizeRequestContext(
Context,
Options,
authorizeRequest,
clientContext);
if (string.IsNullOrEmpty(authorizeRequest.ResponseType))
{
_logger.WriteVerbose("Authorize endpoint request missing required response_type parameter");
validatingContext.SetError(Constants.Errors.InvalidRequest);
}
else if (!authorizeRequest.IsAuthorizationCodeGrantType &&
!authorizeRequest.IsImplicitGrantType)
{
_logger.WriteVerbose("Authorize endpoint request contains unsupported response_type parameter");
validatingContext.SetError(Constants.Errors.UnsupportedResponseType);
}
else
{
await Options.Provider.ValidateAuthorizeRequest(validatingContext);
}
if (!validatingContext.IsValidated)
{
// an invalid request is not processed further
return(await SendErrorRedirectAsync(clientContext, validatingContext));
}
_clientContext = clientContext;
_authorizeEndpointRequest = authorizeRequest;
var authorizeEndpointContext = new OAuthAuthorizeEndpointContext(Context, Options);
await Options.Provider.AuthorizeEndpoint(authorizeEndpointContext);
return(authorizeEndpointContext.IsRequestCompleted);
}
private Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
// TODO: Validar a client id e retornar a url de redirect
//if (context.ClientId == Clients.Client1.Id)
//{
// context.Validated(Clients.Client1.RedirectUrl);
//}
//else if (context.ClientId == Clients.Client2.Id)
//{
// context.Validated(Clients.Client2.RedirectUrl);
//}
context.Validated();
return Task.FromResult(0);
}
public override async Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
// appelé pour valider la redirect_uri.
// dans la vraie vie, on valide vraiment :)
context.Validated(context.RedirectUri);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == this._publicClientId && new Uri(context.Request.Uri, "/").AbsoluteUri == context.RedirectUri)
context.Validated();
return (Task)Task.FromResult<object>((object)null);
}
private Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == "123456")
{
context.Validated("http://localhost:18002/Katana.Sandbox.WebClient/ClientApp.aspx");
}
else if (context.ClientId == "7890ab")
{
context.Validated("http://localhost:18002/Katana.Sandbox.WebClient/ClientPageSignIn.html");
}
return Task.FromResult(0);
}
public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
return base.ValidateClientRedirectUri(context);
}