//
// Summary:
// Called when a request to the Token endpoint arrives with a "grant_type" of "password".
// This occurs when the user has provided name and password credentials directly
// into the client application's user interface, and the client application is using
// those to acquire an "access_token" and optional "refresh_token". If the web application
// supports the resource owner credentials grant type it must validate the context.Username
// and context.Password as appropriate. To issue an access token the context.Validated
// must be called with a new ticket containing the claims about the resource owner
// which should be associated with the access token. The application should take
// appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
// The default behavior is to reject this grant type. See also http://tools.ietf.org/html/rfc6749#section-4.3.2
//
// Parameters:
// context:
// The context of the event carries information in and results out.
//
// Returns:
// Task to enable asynchronous execution
public override async Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context)
{
var userName = context.UserName;
var password = context.Password;
var user = databaseManager.LoginByUsernamePassword(userName, password).ToList();
if (user == null || user.Count() <= 0)
{
context.SetError("invalid_grant", "The user name and password is incorrect");
return;
}
var claims = new List <System.Security.Claims.Claim>();
var userInfo = user.FirstOrDefault();
claims.Add(new System.Security.Claims.Claim(
System.Security.Claims.ClaimTypes.Name, userInfo.username));
// Setting claim identities for OAuth2
var oAuthClaimIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.Owin.Security.OAuth.OAuthDefaults.AuthenticationType);
var cookiesClaimIdentity = new System.Security.Claims.ClaimsIdentity(claims, Microsoft.Owin.Security.Cookies.CookieAuthenticationDefaults.AuthenticationType);
// Setting user authentication
var properties = CreateProperties(userInfo.username);
var ticket = new Microsoft.Owin.Security.AuthenticationTicket(oAuthClaimIdentity, properties);
// Grant access to user
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesClaimIdentity);
}
public override async Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context)
{
try
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (hlaplusEntities con = new hlaplusEntities())
{
var user = con.UserAccounts.Where(u => u.Email == context.UserName).FirstOrDefault();
// var userAccount = con.UserAccounts.ToList();
// var user=userAccount.Find(u => u.Email.Trim() == context.UserName);
if (user == null)
{
context.SetError("invalid_grant", "The user name is incorrect.");
return;
}
else
{
if (!BCrypt.Net.BCrypt.Verify(context.Password, user.Password))
{
context.SetError("invalid_grant", "The Password is incorrect.");
return;
}
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
identity.AddClaim(new Claim("sub", context.UserName));
var props = new AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", (context.ClientId == null) ? context.UserName : context.ClientId
},
{
"userName", context.UserName
}
});
var db = new hlaplusEntities();
var activeuser = db.UserAccounts.Where(u => u.Email == context.UserName).FirstOrDefault();
//activeuser.LastActivityDate = DateTimeOffset.Now;
//activeuser.LastLoginDate = DateTimeOffset.Now;
//activeuser.IsOnline = true;
db.SaveChanges();
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
catch (Exception ex)
{
throw new Exception(ex.ToString());
}
}
/// <summary>
/// 发放。授权资源访问凭证
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async System.Threading.Tasks.Task GrantResourceOwnerCredentials(Microsoft.Owin.Security.OAuth.OAuthGrantResourceOwnerCredentialsContext context)
{
//return base.GrantResourceOwnerCredentials(context);
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
//鉴定ClientID之后。授权来源
if (allowedOrigin == null)
{
allowedOrigin = this.userClientAuth? "*" : this.AnoymouseAllowedOrigins;
}
/////ngauthenticationweb Access-Control-Allow-Origin //来源鉴定
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", allowedOrigin.Split(','));
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "GET", "POST", "PUT", "DELETE" });
Microsoft.AspNet.Identity.EntityFramework.IdentityUser user =
await authRepository.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "用户名,密码不正确");
return;
}
//claim based 认证
var identity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, context.UserName));
identity.AddClaim(new System.Security.Claims.Claim("sub", context.UserName));
identity.AddClaim(new System.Security.Claims.Claim("role", "user"));
//identity.AddClaim(new System.Security.Claims.Claim("test", "test"));
var claims = MallAuth.ServerCache.GlobalCache.getInstance().getUserClaims(context.UserName);
foreach (var item in claims)
{
identity.AddClaim(new System.Security.Claims.Claim(item.Type, item.Value));
}
///额外的响应参数.注意这个和Claim不同
var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary <string, string>
{
{
"as:client_id", (context.ClientId == null) ? string.Empty : context.ClientId
},
{
"userName", context.UserName
}
});
var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props);
context.Validated(ticket);
//context.Validated(identity);
}
