public IActionResult AuthCodeV2_Ask([FromQuery] AuthCodeAskV2 input) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } //clean out cruft from encoding... input.issuer = HttpUtility.UrlDecode(input.issuer); input.client = HttpUtility.UrlDecode(input.client); input.user = HttpUtility.UrlDecode(input.user); input.redirect_uri = HttpUtility.UrlDecode(input.redirect_uri); input.scope = HttpUtility.UrlDecode(input.scope); Guid issuerID; tbl_Issuer issuer; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.issuer, out issuerID)) { issuer = uow.Issuers.Get(x => x.Id == issuerID).SingleOrDefault(); } else { issuer = uow.Issuers.Get(x => x.Name == input.issuer).SingleOrDefault(); } if (issuer == null) { ModelState.AddModelError(MessageType.IssuerNotFound.ToString(), $"Issuer:{input.issuer}"); return(NotFound(ModelState)); } Guid audienceID; tbl_Audience audience; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.client, out audienceID)) { audience = uow.Audiences.Get(x => x.Id == audienceID, x => x.Include(u => u.tbl_Urls)).SingleOrDefault(); } else { audience = uow.Audiences.Get(x => x.Name == input.client, x => x.Include(u => u.tbl_Urls)).SingleOrDefault(); } if (audience == null) { ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:{input.client}"); return(NotFound(ModelState)); } Guid userID; tbl_User user; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.user, out userID)) { user = uow.Users.Get(x => x.Id == userID).SingleOrDefault(); } else { user = uow.Users.Get(x => x.UserName == input.user).SingleOrDefault(); } if (user == null) { ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{input.user}"); return(NotFound(ModelState)); } //check that user is confirmed... //check that user is not locked... else if (uow.Users.IsLockedOut(user) || !user.EmailConfirmed || !user.PasswordConfirmed) { ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}"); return(BadRequest(ModelState)); } var authorize = new Uri(string.Format("{0}/{1}/{2}", conf["IdentityMeUrls:BaseUiUrl"], conf["IdentityMeUrls:BaseUiPath"], "authorize")); var redirect = new Uri(input.redirect_uri); //check if there is redirect url defined for client. if not then use base url for identity ui. if (audience.tbl_Urls.Any(x => x.UrlHost == null && x.UrlPath == redirect.AbsolutePath)) { redirect = new Uri(string.Format("{0}/{1}/{2}", conf["IdentityMeUrls:BaseUiUrl"], conf["IdentityMeUrls:BaseUiPath"], "authorize-callback")); } else if (audience.tbl_Urls.Any(x => new Uri(x.UrlHost + x.UrlPath).AbsoluteUri == redirect.AbsoluteUri)) { } else { ModelState.AddModelError(MessageType.UriInvalid.ToString(), $"Uri:{input.redirect_uri}"); return(BadRequest(ModelState)); } var expire = uow.Settings.Get(x => x.IssuerId == issuer.Id && x.AudienceId == null && x.UserId == null && x.ConfigKey == SettingsConstants.TotpExpire).Single(); var state = uow.States.Create( map.Map <tbl_State>(new StateV1() { IssuerId = issuer.Id, AudienceId = audience.Id, UserId = user.Id, StateValue = AlphaNumeric.CreateString(32), StateType = ConsumerType.User.ToString(), StateConsume = false, ValidFromUtc = DateTime.UtcNow, ValidToUtc = DateTime.UtcNow.AddSeconds(uint.Parse(expire.ConfigValue)), })); uow.Commit(); return(RedirectPermanent( UrlFactory.GenerateAuthCodeV2(authorize, redirect, issuer.Id.ToString(), audience.Id.ToString(), user.Id.ToString(), state.StateValue).AbsoluteUri)); }