/// <summary>
/// Password
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Set(_asGrantType, GrantTypes.Password);
var userService = EngineContext.Current.Resolve <UserService>();
var result = userService.Login(context.UserName, context.Password);
if (result.Success)
{
var user = result.Data;
ClaimsIdentity oAuthIdentity = ClaimsIdentityCreate.GenerateUserIdentity(user, OAuthDefaults.AuthenticationType);
_sendMessageService.SendToAdmin(_adminMessageHub, $"AppID为{context.ClientId}客户端,给用户{context.UserName}申请Password授权成功.");
//设置角色
oAuthIdentity.AddRole(RoleConfig.AppUserAllRole);
AuthenticationProperties properties = CreateProperties(user.Name);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
//设置上下文
context.OwinContext.Set(_asClientID, context.ClientId);
context.OwinContext.Set(_asUserID, user.UserID.ToString());
context.OwinContext.Set(_asUserName, context.UserName);
}
else
{
context.SetError(result.Message);
}
return(base.GrantResourceOwnerCredentials(context));
}
/// <summary>
/// ClientCredentials
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
{
var oAuthIdentity = ClaimsIdentityCreate.GenerateAppIdentity(context.ClientId, "", OAuthDefaults.AuthenticationType);
//设置角色
oAuthIdentity.AddClaim(new Claim(oAuthIdentity.RoleClaimType, RoleConfig.AppRole));
var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties());
context.Validated(ticket);
//设置上下文
context.OwinContext.Set(_asGrantType, GrantTypes.ClientCredentials);
context.OwinContext.Set(_asClientID, context.ClientId);
return(base.GrantClientCredentials(context));
}
/// <summary>
/// AuthorizationCode and ImplicitGrantType
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context)
{
var owinContext = context.OwinContext;
context.OwinContext.Set(_asResponseType, context.AuthorizeRequest.ResponseType);
if (context.Request.User?.Identity != null && context.Request.User.Identity.IsAuthenticated)
{
var userService = EngineContext.Current.Resolve <UserService>();
var user = userService.GetUserByName((context.Request.User.Identity.Name));
if (user == null)
{
return;
}
var clientID = context.AuthorizeRequest.ClientId;
var isTemporaryAuthorization = TicketStore.Remove("TemporaryAuthorization" +
clientID
+ "$" + user.UserID.ToString());
//可信应用不需要用户授权
if (!isTemporaryAuthorization && !context.OwinContext.Get <App>(_asClientData).IsCredible)
{
return;
}
ClaimsIdentity oAuthIdentity = ClaimsIdentityCreate.GenerateUserIdentity(user, OAuthDefaults.AuthenticationType);
if (context.AuthorizeRequest.Scope.Any(t => t.Equals(_scopeAll, StringComparison.OrdinalIgnoreCase)))
{
oAuthIdentity.AddRole(RoleConfig.AppUserAllRole);
}
else
{
oAuthIdentity.AddRole(RoleConfig.AppUserBaseRole);
}
context.OwinContext.Set(_asClientID, clientID);
context.OwinContext.Set(_asUserID, user.UserID.ToString());
context.OwinContext.Set(_asUserName, user.Name);
AuthenticationProperties properties = CreateProperties(user.Name);
properties.RedirectUri = context.AuthorizeRequest.RedirectUri;
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
owinContext.Authentication.SignIn(oAuthIdentity);
context.RequestCompleted();
}
await base.AuthorizeEndpoint(context);
}
public ActionResult Index(UserDTO userParam)
{
if (!ModelState.IsValid)
{
return(View());
}
var isRemenber = Request.Form["isRemenber"].Contains("true");
var roleName = Request.Form["ddl_Role"];
var result = _userService.Login(userParam.Name, userParam.Password);
if (result.Success)
{
var user = result.Data;
var cookiesIdentity = ClaimsIdentityCreate.GenerateUserIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
var role = user.Roles.Select(s => s.Name).FirstOrDefault(t => t == roleName);
if (string.IsNullOrEmpty(role))
{
ModelState.AddModelError("", "角色选择不正确.");
return(View());
}
cookiesIdentity.AddRole(role);
Request.GetOwinContext().Request.Context.Authentication.SignIn(new
AuthenticationProperties
{
IsPersistent = isRemenber
}, cookiesIdentity);
var queryStr = Request.QueryString["Query"];
if (!string.IsNullOrEmpty(queryStr))
{
FormStringControl queryControl = new FormStringControl(queryStr);
if (queryControl.ContainParamName("ReturnUrl"))
{
return(Redirect(queryControl.GetParamValue("ReturnUrl")));
}
}
return(Redirect("~/Admin/Home"));
}
ModelState.AddModelError("", result.Message);
return(View());
}
