public async override Task GrantResourceOwnerCredentials( GrantResourceOwnerCredentialsContext context) { _authService = (IAuthService)context.HttpContext.RequestServices.GetService(typeof(IAuthService)); Client client = _authService.FindClient(context.ClientId); string allowedOrigin = string.Empty; allowedOrigin = client.AllowedOrigin == null ? "*" : client.AllowedOrigin; //comentado pois está dando conflito com cors adicionado anteriormente //context.HttpContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); var user = await _authService.GetUsuarioEmail(context.UserName); var valid = await _authService.CheckPasswordAsync(user, context.Password); if (valid) { int casaId = await _authService.GetCasaSelecionada(user); //verifica se usuario esta bloqueado para aquela casa if (_authService.AcessoUsuarioBloqueado(user.Id, casaId)) { //tenta obter acesso em outra casa int novaCasaSelec = _authService.TentaSelecOutraCasa(user.Id, casaId); if (novaCasaSelec == 0) { context.Reject("O seu acesso foi bloqueado"); return; } casaId = novaCasaSelec; } var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); foreach (var claim in _authService.GetClaims(user, casaId)) { identity.AddClaim(claim.Type, claim.Value, "access_token", "id_token"); } identity.AddClaim("casa", casaId.ToString(), "access_token", "id_token"); identity.AddClaim(ClaimTypes.NameIdentifier, user.Id, "access_token", "id_token"); identity.AddClaim(ClaimTypes.Name, user.UserName, "access_token", "id_token"); var principal = new ClaimsPrincipal(identity); var props = new AuthenticationProperties(new Dictionary <string, string> { { "client_id", (context.ClientId == null) ? string.Empty : context.ClientId }, { "userName", context.UserName } }); var ticket = new AuthenticationTicket(principal, props, OpenIdConnectServerDefaults.AuthenticationScheme); List <string> scopes = new List <string>(); if (context.Request.HasScope("offline_access")) { scopes.Add("offline_access"); } ticket.SetScopes(scopes); context.Validate(ticket); } }
public override async Task GrantRefreshToken(GrantRefreshTokenContext context) { //_authService = (IAuthService)context.HttpContext.ApplicationServices.GetService(typeof(IAuthService)); _authService = (IAuthService)context.HttpContext.RequestServices.GetService(typeof(IAuthService)); string originalClient = string.Empty; context.Ticket.Properties.Items.TryGetValue("client_id", out originalClient); var currentClient = context.ClientId; if (originalClient != currentClient) { context.Reject("O Refresh token foi criado para outro client_id"); } string username = string.Empty; context.Ticket.Properties.Items.TryGetValue("userName", out username); var user = await _authService.GetUsuarioEmail(username); var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); int casaId = await _authService.GetCasaSelecionada(user); //verifica se usuario esta bloqueado para aquela casa if (_authService.AcessoUsuarioBloqueado(user.Id, casaId)) { //tenta obter acesso em outra casa int novaCasaSelec = _authService.TentaSelecOutraCasa(user.Id, casaId); if (novaCasaSelec == 0) { context.Reject("O seu acesso foi bloqueado"); return; } casaId = novaCasaSelec; } foreach (var claim in _authService.GetClaims(user, casaId)) { identity.AddClaim(claim.Type, claim.Value, "access_token", "id_token"); } identity.AddClaim("casa", casaId.ToString(), "access_token", "id_token"); identity.AddClaim(ClaimTypes.NameIdentifier, user.Id, "access_token", "id_token"); identity.AddClaim(ClaimTypes.Name, user.UserName, "access_token", "id_token"); var principal = new ClaimsPrincipal(identity); var newTicket = new AuthenticationTicket(principal, context.Ticket.Properties, OpenIdConnectServerDefaults.AuthenticationScheme); context.Validate(newTicket); }