/// <summary> /// Password /// </summary> /// <param name="context"></param> /// <returns></returns> public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Set(_asGrantType, GrantTypes.Password); var userService = EngineContext.Current.Resolve <UserService>(); var result = userService.Login(context.UserName, context.Password); if (result.Success) { var user = result.Data; ClaimsIdentity oAuthIdentity = ClaimsIdentityCreate.GenerateUserIdentity(user, OAuthDefaults.AuthenticationType); _sendMessageService.SendToAdmin(_adminMessageHub, $"AppID为{context.ClientId}客户端,给用户{context.UserName}申请Password授权成功."); //设置角色 oAuthIdentity.AddRole(RoleConfig.AppUserAllRole); AuthenticationProperties properties = CreateProperties(user.Name); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); //设置上下文 context.OwinContext.Set(_asClientID, context.ClientId); context.OwinContext.Set(_asUserID, user.UserID.ToString()); context.OwinContext.Set(_asUserName, context.UserName); } else { context.SetError(result.Message); } return(base.GrantResourceOwnerCredentials(context)); }
/// <summary> /// ClientCredentials /// </summary> /// <param name="context"></param> /// <returns></returns> public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context) { var oAuthIdentity = ClaimsIdentityCreate.GenerateAppIdentity(context.ClientId, "", OAuthDefaults.AuthenticationType); //设置角色 oAuthIdentity.AddClaim(new Claim(oAuthIdentity.RoleClaimType, RoleConfig.AppRole)); var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties()); context.Validated(ticket); //设置上下文 context.OwinContext.Set(_asGrantType, GrantTypes.ClientCredentials); context.OwinContext.Set(_asClientID, context.ClientId); return(base.GrantClientCredentials(context)); }
/// <summary> /// AuthorizationCode and ImplicitGrantType /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { var owinContext = context.OwinContext; context.OwinContext.Set(_asResponseType, context.AuthorizeRequest.ResponseType); if (context.Request.User?.Identity != null && context.Request.User.Identity.IsAuthenticated) { var userService = EngineContext.Current.Resolve <UserService>(); var user = userService.GetUserByName((context.Request.User.Identity.Name)); if (user == null) { return; } var clientID = context.AuthorizeRequest.ClientId; var isTemporaryAuthorization = TicketStore.Remove("TemporaryAuthorization" + clientID + "$" + user.UserID.ToString()); //可信应用不需要用户授权 if (!isTemporaryAuthorization && !context.OwinContext.Get <App>(_asClientData).IsCredible) { return; } ClaimsIdentity oAuthIdentity = ClaimsIdentityCreate.GenerateUserIdentity(user, OAuthDefaults.AuthenticationType); if (context.AuthorizeRequest.Scope.Any(t => t.Equals(_scopeAll, StringComparison.OrdinalIgnoreCase))) { oAuthIdentity.AddRole(RoleConfig.AppUserAllRole); } else { oAuthIdentity.AddRole(RoleConfig.AppUserBaseRole); } context.OwinContext.Set(_asClientID, clientID); context.OwinContext.Set(_asUserID, user.UserID.ToString()); context.OwinContext.Set(_asUserName, user.Name); AuthenticationProperties properties = CreateProperties(user.Name); properties.RedirectUri = context.AuthorizeRequest.RedirectUri; AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); owinContext.Authentication.SignIn(oAuthIdentity); context.RequestCompleted(); } await base.AuthorizeEndpoint(context); }
public ActionResult Index(UserDTO userParam) { if (!ModelState.IsValid) { return(View()); } var isRemenber = Request.Form["isRemenber"].Contains("true"); var roleName = Request.Form["ddl_Role"]; var result = _userService.Login(userParam.Name, userParam.Password); if (result.Success) { var user = result.Data; var cookiesIdentity = ClaimsIdentityCreate.GenerateUserIdentity(user, DefaultAuthenticationTypes.ApplicationCookie); var role = user.Roles.Select(s => s.Name).FirstOrDefault(t => t == roleName); if (string.IsNullOrEmpty(role)) { ModelState.AddModelError("", "角色选择不正确."); return(View()); } cookiesIdentity.AddRole(role); Request.GetOwinContext().Request.Context.Authentication.SignIn(new AuthenticationProperties { IsPersistent = isRemenber }, cookiesIdentity); var queryStr = Request.QueryString["Query"]; if (!string.IsNullOrEmpty(queryStr)) { FormStringControl queryControl = new FormStringControl(queryStr); if (queryControl.ContainParamName("ReturnUrl")) { return(Redirect(queryControl.GetParamValue("ReturnUrl"))); } } return(Redirect("~/Admin/Home")); } ModelState.AddModelError("", result.Message); return(View()); }