public async Task <IQueryable <WapSubscription> > subscriptions(string userId) { //supress certificate error.needs to removed when trusted certs installed in the environment ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(delegate { return(true); }); AdminManagementClient adminClient; var token = TokenIssuer.GetWindowsAuthToken(windowsAuthSiteEndpoint, null, null, null, false); adminClient = new AdminManagementClient(new Uri(adminserviceEndpoint), token); Query query = new Query(); var result = await adminClient.ListUserSubscriptionsAsync(userId, query); var subscriptionlist = result.items.Select(x => new WapSubscription { AdminEmailId = x.AccountAdminLiveEmailId, CoAdminNames = x.CoAdminNames, OfferFriendlyName = x.OfferFriendlyName, PlanId = x.PlanId, SubscriptionID = x.SubscriptionID, SubscriptionName = x.SubscriptionName }).AsQueryable(); return(subscriptionlist); }
/// <summary> /// Factory method for creating SWT tokens. /// </summary> /// <param name="issuer">The entity issuing the token.</param> /// <param name="audience">The entity receiving the token.</param> /// <param name="expiresOnUtc">The expiry time for the token in UTC.</param> /// <param name="signingKey">The token signing key.</param> /// <returns> /// An instance of SimpleWebToken class. /// </returns> public static SimpleWebToken CreateToken( TokenIssuer issuer, TokenAudience audience, DateTime expiresOnUtc, byte[] signingKey) { return(CreateToken(issuer, audience, expiresOnUtc, null, signingKey)); }
public override async Task Service(HttpContext context) { // get all needed variables string clientId = context.Request.Form["clientId"]; string clientSecret = context.Request.Form["clientSecret"]; string token = context.Request.Form["token"]; string scope = context.Request.Form["scope"]; // optionally the call can include a service name which we will assert in the claims string serviceName = context.Request.Form["serviceName"]; // get an access token and verify it Tokens tokens = null; if (!string.IsNullOrEmpty(token)) { tokens = await GetAccessTokenFromClientCertificate(clientId, token, scope + "/.default"); } else if (!string.IsNullOrEmpty(clientSecret)) { tokens = await GetAccessTokenFromClientSecret(clientId, clientSecret, scope + "/.default"); } else { throw new Exception("clientSecret or token must be supplied"); } var accessToken = await VerifyTokenFromAAD(tokens.access_token, scope); // populate the claims from the id_token List <Claim> claims = new List <Claim>(); var oid = accessToken.Payload.Claims.FirstOrDefault(c => c.Type == "oid"); if (oid != null) { claims.Add(new Claim("oid", oid.Value)); } // add the service details if (!string.IsNullOrEmpty(serviceName)) { claims.Add(new Claim("name", serviceName)); } claims.Add(new Claim("role", CasConfig.RoleForService)); // attempt to propogate roles var roles = accessToken.Payload.Claims.Where(c => c.Type == "roles"); foreach (var role in roles) { claims.Add(new Claim("role", role.Value)); } // return the newly issued token string jwt = await TokenIssuer.IssueToken(claims); await context.Response.WriteAsync(jwt); }
/// <summary> /// Checks whether the token signature is valid using the specified token issuer's keys. /// </summary> /// <param name="token">the token whose signature should be validated.</param> /// <param name="tokenIssuer">The token issuer who keys are to be used for validation.</param> /// <returns> /// True if the signature could be validated with the specified issuer's keys. /// </returns> private bool IsSignatureValidForIssuer(SimpleWebToken token, TokenIssuer tokenIssuer) { if (!this.tokenSigningKeysForIssuer.ContainsKey(tokenIssuer)) { return(false); } var keys = this.tokenSigningKeysForIssuer[tokenIssuer]; return(this.ValidateTokenSignature(token, keys.Item1, keys.Item2)); }
public HttpResponseMessage Login(string username, string password) { var ipaddress = HttpContext.Current.Request.UserHostAddress; if (CheckCredentails(username, password)) { TokenIssuer token = new TokenIssuer(); string jwt_token = token.GenerateJWT(username, ipaddress); Request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", jwt_token); return(Request.CreateResponse(HttpStatusCode.OK, jwt_token)); } return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, new HttpError("Invalid Credentails"))); }
/// <summary> /// Gets the role claims for the current principal. /// </summary> /// <param name="issuer"></param> /// <param name="audience"></param> private IEnumerable <Claim> GetRoleClaims(TokenIssuer issuer, TokenAudience audience) { IDictionary <TokenIssuer, IList <string> > issuerToRolesMapping; if (this.audienceIssuerRolesMapping.TryGetValue(audience, out issuerToRolesMapping)) { IList <string> roles; if (issuerToRolesMapping.TryGetValue(issuer, out roles)) { IList <Claim> roleClaims = roles.Select(role => new Claim(HolMonClaimTypes.Role, role)).ToList(); return(roleClaims); } } return(new[] { new Claim(HolMonClaimTypes.Role, HolMonRoles.AnonymousAccessRole) }); }
public void GivenUsername_TokenIssuerCreatesToken_WhenIssueTokenIsCalled() { //Arrange var username = "******"; var sut = new TokenIssuer(); //Act var token = sut.IssueToken(username); var reader = new JwtSecurityTokenHandler(); var securitytoken = reader.ReadJwtToken(token); //Assert Assert.AreEqual(securitytoken.Claims.Where(c => c.Type == "aud").FirstOrDefault().Value, TokenIssuer.audience); Assert.AreEqual(securitytoken.Claims.Where(c => c.Type == "iss").FirstOrDefault().Value, TokenIssuer.issuer); Assert.AreEqual(securitytoken.Claims.Where(c => c.Type == "unique_name").FirstOrDefault().Value, username); }
protected async Task WriteTokenCookies(HttpContext context, List <Claim> claims) { var domain = CasConfig.BaseDomain(context.Request); // write the XSRF-TOKEN cookie (if it will be verified) if (CasConfig.VerifyXsrfInHeader || CasConfig.VerifyXsrfInCookie) { string xsrf = this.GenerateSafeRandomString(16); string signed = xsrf; if (!CasConfig.RequireHttpOnlyOnUserCookie) { // if the source claim is going to be in a cookie that is readable by JavaScript the XSRF must be signed signed = await TokenIssuer.IssueXsrfToken(xsrf); } context.Response.Cookies.Append("XSRF-TOKEN", signed, new CookieOptions() { HttpOnly = CasConfig.RequireHttpOnlyOnXsrfCookie, Secure = CasConfig.RequireSecureForCookies, Domain = domain, SameSite = CasConfig.SameSite, Path = "/" }); Logger.LogInformation($"wrote XSRF-TOKEN cookie on domain \"{domain}\"."); claims.Add(new Claim("xsrf", xsrf)); } // write the user cookie string jwt = await TokenIssuer.IssueToken(claims); Console.WriteLine("jwt....................................jwt"); Console.WriteLine(jwt); Console.WriteLine("jwt....................................jwt"); var userCookie = CasConfig.UserCookieName; context.Response.Cookies.Append(userCookie, jwt, new CookieOptions() { HttpOnly = CasConfig.RequireHttpOnlyOnUserCookie, Secure = CasConfig.RequireSecureForCookies, Domain = domain, SameSite = CasConfig.SameSite, Path = "/" }); Logger.LogInformation($"wrote session cookie as \"{userCookie}\" on domain \"{domain}\"."); // revoke the authflow cookie context.Response.Cookies.Delete("authflow"); }
//********************************************************************* /// /// <summary> /// This method is used to retrieve WAPadmin based on subscriptionId /// From WAPUI it is possible to pass WAPAdmin but from external UIs(who consumes this API) its not possible,so added this method /// </summary> /// <param name="vMId"></param> /// //********************************************************************* private async Task <string> GetWapAdmin(string wapSubscriptionId) { //*** TODO * Markw * Getting accessdenied on this call return(wapSubscriptionId); ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(delegate { return(true); }); AdminManagementClient adminClient; var token = TokenIssuer.GetWindowsAuthToken(windowsAuthSiteEndpoint, null, null, null, false); adminClient = new AdminManagementClient(new Uri(adminserviceEndpoint), token); Query query = new Query(); var result = await adminClient.GetSubscriptionAsync(wapSubscriptionId); return(result.AccountAdminLiveEmailId); }
private async Task <string> __getJwtTokenForUser(ApplicationUser user) { using var scope = _provider.CreateScope(); _logger.LogDebug($"Finding user"); var userManager = scope.ServiceProvider.GetRequiredService <UserManager <ApplicationUser> >(); var jwtFactory = scope.ServiceProvider.GetRequiredService <IJwtFactory>(); var roles = await userManager.GetRolesAsync(user); var jwt = await TokenIssuer.GenerateRawJwt( jwtFactory.GenerateClaimsIdentity(user.UserName, user.Id), jwtFactory, user.UserName, roles.ToArray <string>(), _jwtOptions, new JsonSerializerSettings { Formatting = Formatting.Indented }); return(jwt); }
public override async Task <string> Reissue(string token) { // make sure the token is eligible var jwt = await TokenIssuer.IsTokenExpiredButEligibleForRenewal(token); // strip inappropriate claims var filter = new string[] { "iss", "aud", "exp" }; var claims = jwt.Claims.Where(c => !filter.Contains(c.Type)).ToList(); // make sure the user is eligible var oid = claims.FirstOrDefault(claim => claim.Type == "oid"); if (oid.Value == null) { throw new CasHttpException(403, "oid is not specified in the token"); } if (CasConfig.RequireUserEnabledOnReissue) { bool enabled = await IsUserEnabled((string)oid.Value); if (!enabled) { throw new CasHttpException(403, "user is not enabled"); } } // strip any existing -role claims claims.RemoveAll(c => c.Type.EndsWith("-role")); // populate all application roles from the graph var assignments = await GetRoleAssignments(oid.Value); foreach (var assignment in assignments) { foreach (var role in assignment.Roles) { claims.Add(new Claim(assignment.AppId + "-role", role)); } } // reissue the token return(await TokenIssuer.IssueToken(claims)); }
public async Task <ActionResult> CheckCredentialsAsync([FromBody] UserModel user) { if (user == null || user.UserName == null || user.Password == null) { return(BadRequest("Empty User")); } if (!ModelState.IsValid) { return(BadRequest("Invalid model object")); } var _user = await _repository.User.GetUserByNameAsync(user.UserName); if (_user == null) { return(Unauthorized("User not found")); } using (var deriveBytes = new Rfc2898DeriveBytes(user.Password, _user.Salt)) { byte[] newKey = deriveBytes.GetBytes(32); if (!newKey.SequenceEqual(_user.PasswordSalted)) { return(Unauthorized("Invalid credentials!")); } } var SecurityToken = new TokenIssuer(_configuration).SecurityToken(_user); return(Ok((new { token = new JwtSecurityTokenHandler().WriteToken(SecurityToken), userid = _user.Id.ToString(), username = _user.UserName, expiration = SecurityToken.ValidTo }))); }
public override async Task <Guid> ExecuteAsync(CreateNewTokenCommand command) { Logger.InitiateCreateNewToken(command.PartnerId, command.TokenType); TokenIssuer tokenIssuer = await UnitOfWork.GetByIdOrThrowAsync <TokenIssuer>(command.PartnerId); Token tokenPrototype = tokenIssuer.PrototypeTokens.SingleOrDefault(p => p.TokenType == command.TokenType.ToLowerInvariant()); if (tokenPrototype == null) { throw new EntityNotFoundException(typeof(Token), nameof(ExecuteAsync), "Issuer: " + tokenIssuer.Id + "TokenType: " + command.TokenType); } Token newToken = tokenPrototype.CreateFromPrototype(); newToken.PartnerId = tokenIssuer.Id; await UnitOfWork.InsertAsync(newToken); Logger.CreateNewTokenSuccessful(command.PartnerId, command.TokenType, newToken.Id); return(newToken.Id); }
private async Task <(string, JwtRefreshTokenModel)> _getTokenAndRefresh(ClaimsIdentity identity, string userName, string[] roles, ApplicationUser user) { var jwt = await TokenIssuer.GenerateJwt( identity, _jwtFactory, userName, roles, _jwtOptions, new JsonSerializerSettings { Formatting = Formatting.Indented } ); var refresh = TokenIssuer.GenerateRefreshToken(128); user.AddRefreshToken( refresh, _contextAccessor.HttpContext.Connection.RemoteIpAddress.ToString()); await _unitOfWork.CompleteAsync(); return(jwt.Token, new JwtRefreshTokenModel(refresh, jwt)); }
public ActionResult <TokenIssuer> GetToken([FromBody] LogInViewModel model) { Console.WriteLine($"LogIn\n\temail: {model.Email}\n\tpass:{model.Password}"); UInt64 exp = 1735689600; var aud = "https://lacmus.io"; var iss = "https://lacmus"; var sub = "1234567890qwertyuio"; var jti = "mnb23vcsrt756yuiomnbvcx98ertyuiop"; var roles = new List <string>(new [] { "user", "admin" }); var tokenIssuer = new TokenIssuer(); tokenIssuer.AccessToken = new AccessToken(); tokenIssuer.Exp = exp; tokenIssuer.Id = sub; tokenIssuer.AccessToken.Aud = aud; tokenIssuer.AccessToken.Iss = iss; tokenIssuer.AccessToken.Sub = sub; tokenIssuer.AccessToken.Jti = jti; tokenIssuer.AccessToken.Roles = roles; tokenIssuer.AccessToken.Exp = exp; return(tokenIssuer); }
public async Task <IActionResult> AuthorizeDevice(string deviceSerial, bool isDesktop, int counterNo) { //const string tokenIssuerUri = // "http://localhost:62710/"; //const string tokenIssuerUri = // "http://192.168.2.6/queue/"; const string tokenIssuerUri = "http://192.168.1.110/queue/"; var tokenIssuer = new TokenIssuer(); var token = tokenIssuer.GenerateToken( deviceSerial, tokenIssuerUri); // Create a new Device if the serial is unique await _devService.CreateDevice( deviceSerial, isDesktop, counterNo); return(Ok(token)); }
public ActionResult <TokenIssuer> RefreshToken([FromBody] RefreshToken model) { string sub; string jti; List <string> roles; try { var token = Jose.JWT.Decode <AccessToken>(model.Token, Convert.FromBase64String("a2V5")); sub = token.Sub; jti = token.Jti; roles = token.Roles; Console.WriteLine("Token is valid!"); } catch (Exception e) { Console.WriteLine($"Invalid token: {e}"); return(Unauthorized()); } UInt64 exp = 1735689600; var aud = "https://lacmus.io"; var iss = "https://lacmus"; var tokenIssuer = new TokenIssuer(); tokenIssuer.AccessToken = new AccessToken(); tokenIssuer.Exp = exp; tokenIssuer.Id = sub; tokenIssuer.AccessToken.Aud = aud; tokenIssuer.AccessToken.Iss = iss; tokenIssuer.AccessToken.Sub = sub; tokenIssuer.AccessToken.Jti = jti; tokenIssuer.AccessToken.Roles = roles; tokenIssuer.AccessToken.Exp = exp; return(tokenIssuer); }
/// <summary> /// Factory method for creating SWT tokens. Use this overload when there is a requirement /// to encode additional claims into the token. /// </summary> /// <param name="issuer">The entity issuing the token.</param> /// <param name="audience">The entity receiving the token.</param> /// <param name="expiresOnUtc">The expiry time for the token in UTC.</param> /// <param name="additionalClaims"> /// Any additional claims to be included as part of the token. /// </param> /// <param name="signingKey">The token signing key.</param> /// <returns> /// An instance of SimpleWebToken class. /// </returns> public static SimpleWebToken CreateToken( TokenIssuer issuer, TokenAudience audience, DateTime expiresOnUtc, IEnumerable <Claim> additionalClaims, byte[] signingKey) { if (issuer == TokenIssuer.Unknown) { throw new ArgumentException( "{0} is not not allowed as token issuer.".FormatInvariant(issuer.ToString())); } if (audience == TokenAudience.Unknown) { throw new ArgumentException( "{0} is not allowed as token audience.".FormatInvariant(audience.ToString())); } if (signingKey == null || signingKey.Length == 0) { throw new ArgumentException("The signing key is not valid."); } var claims = new List <Claim>(); if (additionalClaims != null) { claims.AddRange(additionalClaims); } var token = SimpleWebToken.Create(issuer.ToString(), audience.ToString(), expiresOnUtc, claims); token.SignToken(signingKey); return(token); }
public Tuple <ClsReturnValues, string, List <ClsUserDisplay> > authenticateUser(string UserName, string Password, string DeviceType, string DeviceName, string Browser) { string encryptedPassword = Security.Encrypt(Password); string token = ""; List <ClsUserDisplay> ud = new List <ClsUserDisplay>(); ClsReturnValues result = new ClsReturnValues(); ClsUsers userGroup = new ClsUsers(); using (tdoEntities db = new tdoEntities()) { result = db.uspUserAuthentication(UserName, encryptedPassword, DeviceType, DeviceName, Browser).FirstOrDefault(); userGroup = db.uspGetUsers().Where(p => p.userID == result.ID).FirstOrDefault(); if (result.IsSuccess == true) { ud = db.uspGetUserDisplay(result.ID).ToList <ClsUserDisplay>(); // Token issuer TokenIssuer issuer = new TokenIssuer(); // A client of the relying party app gets the token token = issuer.GetToken(result, ud.First().userGroupID); } } return(new Tuple <ClsReturnValues, string, List <ClsUserDisplay> >(result, token, ud)); }
private async Task <JwtRefreshTokenModel> _processUserDetails(FacebookUserData userInfo) { // 4. ready to create the local user account (if necessary) and jwt var user = await _userManager.FindByEmailAsync(userInfo.Email); if (user is null) { var appUser = new ApplicationUser { FirstName = userInfo.FirstName, LastName = userInfo.LastName, FacebookId = userInfo.Id, Email = userInfo.Email, UserName = userInfo.Email, PictureUrl = userInfo.Picture.Data.Url }; var result = await _userManager.CreateAsync(appUser, Convert.ToBase64String(Guid.NewGuid().ToByteArray()).Substring(0, 8)); if (!result.Succeeded) { throw new InvalidOperationException( ModelState.ToString() ); } } else { user.PictureUrl = userInfo.Picture.Data.Url; var result = await _userManager.UpdateAsync(user); if (!result.Succeeded) { throw new InvalidOperationException( ModelState.ToString() ); } } // generate the jwt for the local user... var localUser = await _userManager.FindByNameAsync(userInfo.Email); if (localUser is null) { throw new InvalidOperationException( ModelState.ToString() ); } var roles = await _userManager.GetRolesAsync(localUser); var jwt = await TokenIssuer.GenerateJwt( _jwtFactory.GenerateClaimsIdentity(localUser.UserName, localUser.Id), _jwtFactory, localUser.UserName, roles.ToArray <string>(), _jwtOptions, new JsonSerializerSettings { Formatting = Formatting.Indented }); var refresh = TokenIssuer.GenerateRefreshToken(128); user.AddRefreshToken( refresh, _contextAccessor.HttpContext.Connection.RemoteIpAddress.ToString()); await _unitOfWork.CompleteAsync(); return(new JwtRefreshTokenModel(refresh, jwt)); }
//private async Task<AuthenticationHeaderValue> GetAuthenticationHeaderValue(Uri baseUri, System.Threading.CancellationToken cancellationToken) //{ // SignInResponseMessage rm = await GetSignInResponseMessage(baseUri, cancellationToken); // string xml = FederatedAuthentication.WSFederationAuthenticationModule.GetXmlTokenFromMessage(rm); // var toEncode = Encoding.UTF8.GetBytes(xml); // var encoded = Convert.ToBase64String(toEncode); // return new AuthenticationHeaderValue("SAML", encoded); //} //private static string GetIdentityToken() //{ // var factory = new WSTrustChannelFactory( // new WindowsWSTrustBinding(SecurityMode.Transport),new EndpointAddress() // _idpEndpoint); // factory.TrustVersion = TrustVersion.WSTrust13; // var rst = new RequestSecurityToken // { // RequestType = RequestTypes.Issue, // KeyType = KeyTypes.Bearer, // AppliesTo = new EndpointAddress(Constants.Realm) // }; // var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken; // return token.TokenXml.OuterXml; //} protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) { TokenIssuer ti = new TokenIssuer(); var token = ti.Issue("cs", "https://training01.inner.relational.gr:444/", "testUser", "test Id"); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); return(await base.SendAsync(request, cancellationToken)); /* * * SignInRequestMessage signInRequestMessage = GetSignInRequestMessage(); * * using (var handler = new HttpClientHandler { Credentials = credentials }) * { * using (var client = new HttpClient(handler)) * { * * var response = await client.PostAsync(signInRequestMessage.RequestUrl, new StringContent("", Encoding.UTF8), cancellationToken); * * if (response.IsSuccessStatusCode) * { * NameValueCollection data = await response.Content.ReadAsFormDataAsync(); * * SignInResponseMessage signInResponseMessage = (SignInResponseMessage) WSFederationMessage.CreateFromNameValueCollection(request.RequestUri, data); * * var xml = FederatedAuthentication.WSFederationAuthenticationModule.GetXmlTokenFromMessage(signInResponseMessage); * //XmlDocument doc = new XmlDocument(); * //doc.LoadXml(xml); * //var token = Encoding.UTF8.GetString(Convert.FromBase64String(doc.InnerText)); * //var token = Encoding.UTF8.GetString(Convert.FromBase64String(xml)); * * var token = Convert.ToBase64String(Encoding.UTF8.GetBytes(xml)); * * request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); * * * } * else * { * if (response.StatusCode == HttpStatusCode.Unauthorized) * return response; * * throw new Exception(await response.Content.ReadAsStringAsync()); * } * } * * } * * * var resp = await base.SendAsync(request, cancellationToken); * * * return resp; * */ //SecurityToken securityToken = FederatedAuthentication.WSFederationAuthenticationModule.GetSecurityToken(signInResponseMessage); //string xml = securityToken.ToTokenXmlString(); ////string xml = FederatedAuthentication.WSFederationAuthenticationModule.GetXmlTokenFromMessage(signInResponseMessage); //var toEncode = Encoding.UTF8.GetBytes(xml); //var encoded = Convert.ToBase64String(toEncode); //SessionSecurityToken sst = FederatedAuthentication.SessionAuthenticationModule.CreateSessionSecurityToken( GetPrincipal(userName,password),"",DateTime.UtcNow,DateTime.UtcNow.AddDays(1),true); //FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sst); //var cs = System.Web.HttpContext.Current.Request.Cookies.Get(1); //cookies.Add(request.RequestUri, new Cookie(cs.Name, cs.Value, cs.Path, cs.Domain) { Secure= cs.Secure, HttpOnly = cs.HttpOnly, Expires = cs.Expires }); //NameValueCollection nvc = WSFederationMessage.ParseQueryString(new Uri(signInResponseMessage.WriteQueryString())); // using (var client = new HttpClient()) // { // var authResp = await client.PostAsync(request.RequestUri, new FormUrlEncodedContent(nvc.AllKeys.Select(f => new KeyValuePair<string, string>(f, nvc[f])))); // IEnumerable<Cookie> responseCookies = cookies.GetCookies(request.RequestUri).Cast<Cookie>(); // } //request.RequestUri = new Uri( signInResponseMessage.WriteQueryString()); //NameValueCollection nvc = WSFederationMessage.ParseQueryString(new Uri(signInResponseMessage.WriteQueryString())); //foreach (var k in nvc.AllKeys) { // request.Headers.Add(k, Convert.ToBase64String(Encoding.UTF8.GetBytes(nvc[k]))); //} //var xml = FederatedAuthentication.WSFederationAuthenticationModule.GetXmlTokenFromMessage(signInResponseMessage); //var toEncode = Encoding.UTF8.GetBytes(xml); //var encoded = Convert.ToBase64String(toEncode); //request.Headers.Authorization = new AuthenticationHeaderValue("SAML", encoded); //XmlDocument doc = new XmlDocument(); //doc.LoadXml(xml); //request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", doc.InnerText); //request.RequestUri = new Uri(signInResponseMessage.WriteQueryString()); //SecurityToken securityToken = FederatedAuthentication.WSFederationAuthenticationModule.GetSecurityToken(signInResponseMessage); //string xml = securityToken.ToTokenXmlString(); ////string xml = FederatedAuthentication.WSFederationAuthenticationModule.GetXmlTokenFromMessage(signInResponseMessage); //var toEncode = Encoding.UTF8.GetBytes(xml); //var encoded = Convert.ToBase64String(toEncode); //request.Headers.Authorization = new AuthenticationHeaderValue("SAML", encoded); //SessionSecurityToken sessionSecurityToken = FederatedAuthentication.SessionAuthenticationModule.CreateSessionSecurityToken(GetPrincipal(userName,password),"",DateTime.UtcNow,DateTime.UtcNow.AddDays(1),false); //FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionSecurityToken); //request.RequestUri = new Uri( signInResponseMessage.WriteQueryString()); //using (var handler = new HttpClientHandler() { CookieContainer = cookieContainer }) //using (var client = new HttpClient(handler)) //{ // string xml = FederatedAuthentication.WSFederationAuthenticationModule.GetXmlTokenFromMessage(signInResponseMessage); // var toEncode = Encoding.UTF8.GetBytes(xml); // var encoded = Convert.ToBase64String(toEncode); // cookieContainer.Add(request.RequestUri, new Cookie("CookieName", encoded)); // return await client.SendAsync(request, cancellationToken); //} //request.Headers.Authorization = await GetAuthenticationHeaderValue(request.RequestUri, cancellationToken); //FederatedAuthentication.WSFederationAuthenticationModule.GetSecurityToken() //SecurityToken securityToken = FederatedAuthentication.WSFederationAuthenticationModule.GetSecurityToken(signInResponseMessage); //ClaimsPrincipal principal = GetPrincipal(userName, password); //SessionSecurityToken st = FederatedAuthentication.SessionAuthenticationModule.CreateSessionSecurityToken(principal, "", DateTime.UtcNow, DateTime.UtcNow.AddDays(1), false); //FederatedAuthentication.SessionAuthenticationModule.AuthenticateSessionSecurityToken(st,false); //FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(st); //FederatedAuthentication.WSFederationAuthenticationModule. // //var c = request.Headers.GetCookies(cookieName).FirstOrDefault(); //var c = new CookieHeaderValue(cookieName, actualToken); //c.Expires = DateTime.Now.AddDays(1); //c.Domain = request.RequestUri.Host; //c.Path = "/"; //c.Secure = true; //c.HttpOnly = true; //request.Headers.AddCookies(); //response.Headers.Location = uri.Uri; }
public Tuple<ClsReturnValues, string, List<ClsUserDisplay>> authenticateUser(string UserName, string Password, string DeviceType, string DeviceName, string Browser) { string encryptedPassword = Security.Encrypt(Password); string token = ""; List<ClsUserDisplay> ud = new List<ClsUserDisplay>(); ClsReturnValues result = new ClsReturnValues(); ClsUsers userGroup = new ClsUsers(); using (tdoEntities db = new tdoEntities()) { result = db.uspUserAuthentication(UserName, encryptedPassword, DeviceType, DeviceName, Browser).FirstOrDefault(); userGroup = db.uspGetUsers().Where(p => p.userID == result.ID).FirstOrDefault(); if (result.IsSuccess == true) { ud = db.uspGetUserDisplay(result.ID).ToList<ClsUserDisplay>(); // Token issuer TokenIssuer issuer = new TokenIssuer(); // A client of the relying party app gets the token token = issuer.GetToken(result, ud.First().userGroupID); } } return new Tuple<ClsReturnValues, string, List<ClsUserDisplay>>(result, token, ud); }
public Auth(TokenIssuer tokenIssuer, IPasswordProvider passwordProvider, IMapper mapper) { _tokenIssuer = tokenIssuer; _passwordProvider = passwordProvider; _mapper = mapper; }