/// <summary> /// Validates the client id /// </summary> /// <param name="context"></param> /// <returns></returns> public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; // Gets the clientid and client secret from authenticate header if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { // try to get form values context.TryGetFormCredentials(out clientId, out clientSecret); } // Validate clientid and clientsecret. You can omit validating client secret if none is provided in your request (as in sample client request above) var validClient = true;//!string.IsNullOrWhiteSpace(clientId); if (validClient) { // Need to make the client_id available for later security checks context.OwinContext.Set<string>("as:client_id", clientId); context.Validated(); } else { context.Rejected(); } return Task.FromResult(0); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { try { var username = context.Parameters["username"]; var password = context.Parameters["password"]; if (identityService.AuthenticateUser(username, password)) { context.OwinContext.Set("securityApi:username", username); context.Validated(); } else { context.SetError("Invalid credentials"); context.Rejected(); } } catch(Exception exception) { context.SetError(exception.Message); context.Rejected(); } return Task.FromResult(0); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { try { var username = context.Parameters["username"]; var password = context.Parameters["password"]; if (username == password) { context.OwinContext.Set("otf:username", username); context.Validated(); } else { context.SetError("Invalid credentials"); context.Rejected(); } } catch { context.SetError("Server error"); context.Rejected(); } return Task.FromResult(0); }
/// <summary> /// 第一步:客户端认证 /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string grant_type = context.Parameters[Constant.GrantTypes.GrantType]; if (grant_type == Constant.GrantTypes.Password) { string username = context.Parameters[Constant.GrantTypes.UserName]; string password = context.Parameters[Constant.GrantTypes.Password]; //TODO 调用登录逻辑 bool loginFlag = true; if (loginFlag) { //把当前用户存入上下文 context.OwinContext.Set<string>("loginuser", username); bool flag = context.Validated(); } else { context.Rejected(); return; } } else if (grant_type == Constant.GrantTypes.RefreshToken) { bool flag = context.Validated(); } else { context.Rejected(); return; } }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { try { string clientId, clientSecret; if (context.TryGetBasicCredentials(out clientId, out clientSecret) || context.TryGetFormCredentials(out clientId, out clientSecret)) { if (Validator.ValidateClient(clientId, clientSecret)) { context.Validated(); } } else { context.SetError("Invalid credentials"); context.Rejected(); } } catch (Exception e) { context.SetError("Server error"); context.Rejected(); } }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { //context.Validated(); //return; string clientId = string.Empty; string clientSecret = string.Empty; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.SetError("invalid_client", "Client credentials could not be retrieved through the Authorization header."); context.Rejected(); return; } try { if (clientId == "MyApp" && clientSecret == "MySecret") { ApplicationClient client = new ApplicationClient(); client.Id = "MyApp"; client.AllowedGrant = OAuthGrant.ResourceOwner; client.ClientSecretHash = new PasswordHasher().HashPassword("MySecret"); client.Name = "My App"; client.CreatedOn = DateTimeOffset.UtcNow; context.OwinContext.Set<ApplicationClient>("oauth:client", client); context.Validated(clientId); } else { // Client could not be validated. context.SetError("invalid_client", "Client credentials are invalid."); context.Rejected(); } } catch (Exception ex) { string errorMessage = ex.Message; context.SetError("server_error"); context.Rejected(); } return; }
public override async Task ValidateClientAuthentication( OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; if (context.TryGetBasicCredentials(out clientId, out clientSecret)) { UserManager<IdentityUser> userManager = context.OwinContext.GetUserManager<UserManager<IdentityUser>>(); OAuthDbContext dbContext = context.OwinContext.Get<OAuthDbContext>(); try { Client client = await dbContext .Clients .FirstOrDefaultAsync(clientEntity => clientEntity.Id == clientId); if (client != null && userManager.PasswordHasher.VerifyHashedPassword( client.ClientSecretHash, clientSecret) == PasswordVerificationResult.Success) { // Client has been verified. context.OwinContext.Set<Client>("oauth:client", client); context.Validated(clientId); } else { // Client could not be validated. context.SetError("invalid_client", "Client credentials are invalid."); context.Rejected(); } } catch { // Could not get the client through the IClientManager implementation. context.SetError("server_error"); context.Rejected(); } } else { // The client credentials could not be retrieved. context.SetError( "invalid_client", "Client credentials could not be retrieved through the Authorization header."); context.Rejected(); } }
public override async Task ValidateClientAuthentication( OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; context.OwinContext.Response.Headers["Access-Control-Allow-Origin"] = "*"; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (clientId != null) { UserManager dbContext = context.OwinContext.Get<UserManager>(); try { var client = await dbContext.FindAsync(clientId, clientSecret); if (client != null) { // Client has been verified. client.AuthGrant = OAuthGrant.ResourceOwner; context.OwinContext.Set<User>("oauth:client", client); context.Validated(clientId); } else { // Client could not be validated. context.Rejected(); context.SetError("invalid_client Client credentials are invalid."); } } catch { // Could not get the client through the IClientManager implementation. context.Rejected(); context.SetError("server_error"); } } else { //for my implementation if no client id is provided use only the user/pass context.Validated(clientId); } }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { var clientId = context.Parameters["client_id"]; if (!string.IsNullOrWhiteSpace(clientId)) { var grantType = context.Parameters["grant_type"]; var clientSecret = context.Parameters["client_secret"]; switch (grantType) { case GrantType.Password: case GrantType.ClientCredentials: { /* web application */ if (clientSecret == Application.WebApplication.ConsumerSecret) { context.Validated(clientId); return; } /* mobile application */ if (clientSecret == Application.MobileApplication.ConsumerSecret) { context.Validated(clientId); return; } } break; case GrantType.RefreshToken: default: context.Validated(clientId); return; } } context.Rejected(); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { // validate client credentials // should be stored securely (salted, hashed, iterated) string id, secret; if (context.TryGetBasicCredentials(out id, out secret)) { var client = _dbContext .ApiClients .AsEnumerable() .SingleOrDefault(c => c.Id.ToString() == id && c.IsBlacklisted == false); if (client != null) { // need to make the client_id available for later security checks context.OwinContext.Set("as:client_id", client.Id.ToString()); //context.OwinContext.Set("as:client_name", client.Name); context.Validated(); return Task.FromResult<object>(null); } } context.Rejected(); return Task.FromResult<object>(null); }
/*We may have additional clients we want to validate again, however, at the moment, we expect to serve only 1 client, otherwise we'll need to validate a client api key here.*/ public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; //The client secret is ignored as we can't share secrets on web clients if (!context.TryGetFormCredentials(out clientId, out clientSecret)) { context.Rejected(); context.SetError("invalid_client", "The client is not available."); return; } var client = await GetClient(clientId); if (client == null || !client.IsActive) { context.Rejected(); context.SetError("invalid_client", "The client is not available."); return; } context.Validated(client.ClientId); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { // appelé pour valider que le client id et client secret sont valides string clientId; string clientSecret; if (context.TryGetFormCredentials(out clientId, out clientSecret)) { if (clientId == "win8client" && clientSecret == "oauthcadeboite") { context.Validated(clientId); return; } } context.Rejected(); }
//Validate the client id and client secret public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { bool validated = false; string clientId; string clientSecret; //Try to get the client id and secret from Basic Auth Header if(context.TryGetBasicCredentials(out clientId, out clientSecret)) { ApplicationUserManager userManager = context.OwinContext.GetUserManager<ApplicationUserManager>(); ApplicationDbContext dbContext = context.OwinContext.Get<ApplicationDbContext>(); if(!String.IsNullOrEmpty(clientId)){ OAuthClient oauthClient = await dbContext.OAuthClients.FirstOrDefaultAsync(oac => oac.ClientId.ToString() == clientId); if (oauthClient != null && oauthClient.Enabled && userManager.PasswordHasher.VerifyHashedPassword(oauthClient.ClientSecretHash, clientSecret)==PasswordVerificationResult.Success) { context.OwinContext.Set<OAuthClient>(OwinClientKey, oauthClient); context.Validated(clientId); validated = true; } } } if (!validated) { context.SetError("Authentication Failed"); context.Rejected(); } //return Task.FromResult<object>(null); }
private void Refuse(OAuthValidateClientAuthenticationContext context) { context.SetError("Invalid credentials"); context.Rejected(); }
/// <summary> /// Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that client are /// present on the request. If the web application accepts Basic authentication credentials, /// context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header. If the web /// application accepts "client_id" and "client_secret" as form encoded POST parameters, /// context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body. /// If context.Validated is not called the request will not proceed further. /// </summary> /// <param name="context">The context of the event carries information in and results out.</param> /// <returns>Task to enable asynchronous execution</returns> public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { this.options.Logger.DebugFormat("Validating client id and secret"); string clientId; string clientSecret; // Validate that redirect uri is specified // 'redirect_uri' must be specified for all calls that are not 'client_credentials' grants. if (context.Parameters["redirect_uri"] == null && context.Parameters["grant_type"] != "client_credentials") { context.SetError("invalid_request"); this.options.Logger.ErrorFormat("Redirect URI was not specified, the token request is not valid"); return; } if (context.TryGetBasicCredentials(out clientId, out clientSecret) || context.TryGetFormCredentials(out clientId, out clientSecret)) { // Only proceed if client id and client secret is provided if (string.IsNullOrEmpty(clientId) || string.IsNullOrEmpty(clientSecret)) { this.options.Logger.WarnFormat("Client id ({0}) or client secret ({1}) is invalid", clientId, clientSecret); return; } this.options.Logger.DebugFormat("Authenticating client '{0}'", clientId); var client = await this.options.ClientManager.AuthenticateClientCredentialsAsync(clientId, clientSecret); if (!client.Identity.IsAuthenticated) { context.Rejected(); this.options.Logger.WarnFormat("Client '{0}' was not authenticated because the supplied secret did not match", clientId); return; } } else { context.Rejected(); this.options.Logger.WarnFormat("Client '{0}' was not authenticated because the provider could not retrieve the client id and client secret from the Authorization header or Form parameters", clientId); return; } context.OwinContext.GetOAuthContext().ClientId = context.ClientId; context.OwinContext.GetOAuthContext().RedirectUri = context.Parameters["redirect_uri"]; context.OwinContext.GetOAuthContext().Scope = context.Parameters["scope"] != null ? context.Parameters["scope"].Split(' ') : null; this.options.Logger.DebugFormat("Client '{0}' was successfully authenticated", clientId); context.Validated(clientId); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { try { string clientId, clientSecret; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } App app = null; bool exceptionThrown = false; try { app = await _dbContext.Apps.FirstOrDefaultAsync(c => c.ClientId == clientId && c.ClientSecret == clientSecret); } catch (Exception exception) { exceptionThrown = true; } if (exceptionThrown) { context.Rejected(); } else if (app == null) { context.Rejected(); } else if (!app.IsOAuth) { context.Rejected(); } else if (!app.IsActive) { context.Rejected(); } else { // var scopes = context.Parameters["scope"]; //todo: skip if SSO context.OwinContext.Set("sidekick.client.name", app.Username); context.OwinContext.Set("sidekick.client.appId", app.Id); context.OwinContext.Set("sidekick.client.appName", app.Name); context.OwinContext.Set("sidekick.client.meta", app.Meta); context.OwinContext.Set("sidekick.client.istrusted", app.IsTrusted); context.OwinContext.Set("sidekick.client.tokenexpiry", app.AccessTokenExpiry); var scopeList = new List<string>(); foreach (var scope in app.AppScopes) { scopeList.Add(scope.OAuthScope.Name); } context.OwinContext.Set("sidekick.client.scopes", scopeList); context.Validated(); } } catch (Exception) { context.Rejected(); } }