public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.SetError("invalid_clientId", "client_Id is not set"); return Task.FromResult<object>(null); } var resource = ResourceStore.FindResource(context.ClientId); if (resource == null) { context.SetError("invalid_clientId", string.Format("Invalid client_id '{0}'", context.ClientId)); return Task.FromResult<object>(null); } context.Validated(); return Task.FromResult<object>(null); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId = string.Empty; string clientSecret = string.Empty; Client client = null; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { //Remove the comments from the below line context.SetError, and invalidate context //if you want to force sending clientId/secrects once obtain access tokens. context.Validated(); //context.SetError("invalid_clientId", "ClientId should be sent."); return Task.FromResult<object>(null); } using (AuthRepository _repo = new AuthRepository()) { client = _repo.FindClient(context.ClientId); } if (client == null) { context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId)); return Task.FromResult<object>(null); } if (client.ApplicationType == ApplicationTypes.NativeConfidential) { if (string.IsNullOrWhiteSpace(clientSecret)) { context.SetError("invalid_clientId", "Client secret should be sent."); return Task.FromResult<object>(null); } else { if (client.Secret != HashHelper.GetHash(clientSecret)) { context.SetError("invalid_clientId", "Client secret is invalid."); return Task.FromResult<object>(null); } } } if (!client.Active) { context.SetError("invalid_clientId", "Client is inactive."); return Task.FromResult<object>(null); } context.OwinContext.Set<string>("as:clientAllowedOrigin", client.AllowedOrigin); context.OwinContext.Set<string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString()); context.Validated(); return Task.FromResult<object>(null); }
/// <summary> /// Validates the client id /// </summary> /// <param name="context"></param> /// <returns></returns> public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; // Gets the clientid and client secret from authenticate header if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { // try to get form values context.TryGetFormCredentials(out clientId, out clientSecret); } // Validate clientid and clientsecret. You can omit validating client secret if none is provided in your request (as in sample client request above) var validClient = true;//!string.IsNullOrWhiteSpace(clientId); if (validClient) { // Need to make the client_id available for later security checks context.OwinContext.Set<string>("as:client_id", clientId); context.Validated(); } else { context.Rejected(); } return Task.FromResult(0); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { var clientId = context.Parameters["client_id"]; if (!string.IsNullOrWhiteSpace(clientId)) { var grantType = context.Parameters["grant_type"]; var clientSecret = context.Parameters["client_secret"]; switch (grantType) { case GrantType.Password: case GrantType.ClientCredentials: { /* web application */ if (clientSecret == Application.WebApplication.ConsumerSecret) { context.Validated(clientId); return; } /* mobile application */ if (clientSecret == Application.MobileApplication.ConsumerSecret) { context.Validated(clientId); return; } } break; case GrantType.RefreshToken: default: context.Validated(clientId); return; } } context.Rejected(); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { //TODO Validate null property string id, secret; context.TryGetFormCredentials(out id, out secret); var type = context.Parameters.Get("type"); switch (type) { case "admin": if (id == null) id = context.Parameters.Get("Username") + "_SysAdmin"; context.Validated(); break; case "app": if (secret != null) context.Validated(); break; default: if (id != null) context.Validated(); type = string.Empty; break; } context.OwinContext.Set<string>("as:client_id", id); context.OwinContext.Set<string>("as:client_secret", secret); context.OwinContext.Set<string>("as:type", type); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string AuthorizeSecretKey = context.Parameters["authorizeSecretKey"]; if (AuthorizeSecretKey != AValues.AuthorizeSecretKey) { context.SetError("invalid_clientId", string.Format("SecretKey '{0}' is not true.", AuthorizeSecretKey)); return Task.FromResult<object>(null); } string clientId = string.Empty; string clientSecret = string.Empty; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.Validated(); return Task.FromResult<object>(null); } UserViewModel user = RedisHelp.GetLoginUserCache(int.Parse(context.ClientId)); if (user == null) { context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId)); return Task.FromResult<object>(null); } context.Validated(); return Task.FromResult<object>(null); }
/// <summary> /// 第一步:客户端认证 /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string grant_type = context.Parameters[Constant.GrantTypes.GrantType]; if (grant_type == Constant.GrantTypes.Password) { string username = context.Parameters[Constant.GrantTypes.UserName]; string password = context.Parameters[Constant.GrantTypes.Password]; //TODO 调用登录逻辑 bool loginFlag = true; if (loginFlag) { //把当前用户存入上下文 context.OwinContext.Set<string>("loginuser", username); bool flag = context.Validated(); } else { context.Rejected(); return; } } else if (grant_type == Constant.GrantTypes.RefreshToken) { bool flag = context.Validated(); } else { context.Rejected(); return; } }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { var clientId = string.Empty; var clientSecret = string.Empty; Client client = null; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.Validated(); return Task.FromResult<object>(null); } using (var _repo = new AuthRepository()) { client = _repo.FindClient(context.ClientId); } if (client == null) { context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId)); return Task.FromResult<object>(null); } if (client.ApplicationType == ApplicationTypes.NativeConfidential) { if (string.IsNullOrWhiteSpace(clientSecret)) { context.SetError("invalid_clientId", "Client secret should be sent."); return Task.FromResult<object>(null); } if (client.Secret != TokenHelper.GetHash(clientSecret)) { context.SetError("invalid_clientId", "Client secret is invalid."); return Task.FromResult<object>(null); } } if (!client.Active) { context.SetError("invalid_clientId", "Client is inactive."); return Task.FromResult<object>(null); } context.OwinContext.Set("as:clientAllowedOrigin", client.AllowedOrigin); context.OwinContext.Set("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString()); context.Validated(); return Task.FromResult<object>(null); }
/// <summary> /// 第一步:客户端认证 /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string grant_type = context.Parameters[Paths.GrantType]; if (grant_type == Paths.GrantTypes.Password) { string username = context.Parameters[Paths.UserName]; string password = context.Parameters[Paths.Password]; //调用登录逻辑 UserViewModel user = this.Login(username, password); if (user != null) { //把当前用户存入上下文 context.OwinContext.Set<UserViewModel>("loginuser", user); bool flag = context.Validated(); } else { //context.Rejected(); //context.Rejected(); //return; throw new BusinessException("请确认用户名和密码输入正确"); } } else if (grant_type == Paths.GrantTypes.RefreshToken) { bool flag = context.Validated(); } else { throw new BusinessException("refresh token error"); //context.Rejected(); //return; } #region 其他两种认证方式 暂时不做 //else if (grant_type == Paths.GrantTypes.ClientCredentials || grant_type == Paths.GrantTypes.AuthorizationCode) //{ // string clientId; // string clientSecret; // //TryGetBasicCredentials 指Client可以按照Basic身份验证的规则提交ClientId和ClientSecret // //TryGetFormCredentials 指Client可以把ClientId和ClientSecret放在Post请求的form表单中提交 // if (context.TryGetBasicCredentials(out clientId, out clientSecret) || context.TryGetFormCredentials(out clientId, out clientSecret)) // { // //grant_type:client_credentials // //暂时不支持 // context.Rejected(); // return; // } //} #endregion }
public override async Task ValidateClientAuthentication( OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; context.OwinContext.Response.Headers["Access-Control-Allow-Origin"] = "*"; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (clientId != null) { UserManager dbContext = context.OwinContext.Get<UserManager>(); try { var client = await dbContext.FindAsync(clientId, clientSecret); if (client != null) { // Client has been verified. client.AuthGrant = OAuthGrant.ResourceOwner; context.OwinContext.Set<User>("oauth:client", client); context.Validated(clientId); } else { // Client could not be validated. context.Rejected(); context.SetError("invalid_client Client credentials are invalid."); } } catch { // Could not get the client through the IClientManager implementation. context.Rejected(); context.SetError("server_error"); } } else { //for my implementation if no client id is provided use only the user/pass context.Validated(clientId); } }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { context.Validated(); await Task.FromResult<object>(null); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { // OAuth2 supports the notion of client authentication // this is not used here await TaskEx.Run(() => { context.Validated(); }); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; //first try to get the client details from the Authorization Basic header if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { //no details in the Authorization Header so try to find matching post values context.TryGetFormCredentials(out clientId, out clientSecret); } if (string.IsNullOrWhiteSpace(clientId) || string.IsNullOrWhiteSpace(clientSecret)) { context.SetError("client_not_authorized", "invalid client details"); return Task.FromResult<object>(null); } var dataLayer = new RepoManager(new DataLayerDapper()).DataLayer; var audienceDto = dataLayer.GetAudience(clientId); if (audienceDto == null || !clientSecret.Equals(audienceDto.Secret)) { context.SetError("unauthorized_client", "unauthorized client"); return Task.FromResult<object>(null); } context.Validated(); return Task.FromResult<object>(null); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { // validate client credentials // should be stored securely (salted, hashed, iterated) string id, secret; if (context.TryGetBasicCredentials(out id, out secret)) { var client = _dbContext .ApiClients .AsEnumerable() .SingleOrDefault(c => c.Id.ToString() == id && c.IsBlacklisted == false); if (client != null) { // need to make the client_id available for later security checks context.OwinContext.Set("as:client_id", client.Id.ToString()); //context.OwinContext.Set("as:client_name", client.Name); context.Validated(); return Task.FromResult<object>(null); } } context.Rejected(); return Task.FromResult<object>(null); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { try { string clientId, clientSecret; if (context.TryGetBasicCredentials(out clientId, out clientSecret) || context.TryGetFormCredentials(out clientId, out clientSecret)) { if (Validator.ValidateClient(clientId, clientSecret)) { context.Validated(); } } else { context.SetError("Invalid credentials"); context.Rejected(); } } catch (Exception e) { context.SetError("Server error"); context.Rejected(); } }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { // Note: We only support resource owner password grants, in which case there is no client_id involved if (context.ClientId == null) context.Validated(); return Task.FromResult<object>(null); }
public override async Task ValidateClientAuthentication( OAuthValidateClientAuthenticationContext context) { // This call is required... // but we're not using client authentication, so validate and move on... await Task.FromResult(context.Validated()); }
/// <summary> /// 验证Client Credentials[client_id与client_secret] /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { //http://localhost:48339/token //grant_type=client_credentials&client_id=irving&client_secret=123456&scope=user order /* grant_type 授与方式(固定为 “client_credentials”) client_id 分配的调用oauth的应用端ID client_secret 分配的调用oaut的应用端Secret scope 授权权限。以空格分隔的权限列表,若不传递此参数,代表请求用户的默认权限 */ //validate client credentials should be stored securely (salted, hashed, iterated) string clientId; string clientSecret; //context.TryGetBasicCredentials(out clientId, out clientSecret); context.TryGetFormCredentials(out clientId, out clientSecret); //验证用户名密码 var clientValid = await _clientAuthorizationService.ValidateClientAuthorizationSecretAsync(clientId, clientSecret); if (!clientValid) { //Flurl 404 问题 //context.Response.StatusCode = Convert.ToInt32(HttpStatusCode.OK); //context.Rejected(); context.SetError(AbpConstants.InvalidClient, AbpConstants.InvalidClientErrorDescription); return; } //need to make the client_id available for later security checks context.OwinContext.Set<string>("as:client_id", clientId); context.Validated(clientId); }
/// <summary> /// responsible for validating if the Resource server (audience) is already registered in our Authorization server by reading the client_id value from the request /// </summary> /// <param name="context"></param> /// <returns></returns> public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null && String.IsNullOrWhiteSpace(clientId)) { context.SetError("invalid_clientId", "client_Id is not set"); } else if (!context.HasError) { var audience = AudiencesStore.Instance.FindAudience(context.ClientId); if (audience == null) { context.SetError("invalid_clientId", String.Format("Client '{0}' is not registered in the system.", context.ClientId)); } else { context.OwinContext.Set("as:clientId", clientId); context.OwinContext.Set("as:clientAllowedOrigin", audience.AllowedOrigin); context.Validated(); } } return Task.FromResult<object>(null); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { context.Validated(); string id, secret; if (context.TryGetFormCredentials(out id, out secret)) { context.OwinContext.Set<string>("as:client_id", id); context.Validated(); //if (secret == "secret") //{ // // need to make the client_id available for later security checks // context.OwinContext.Set<string>("as:client_id", id); // context.Validated(); //} } }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { // Resource owner password credentials does not provide a client ID. if (context.ClientId == null) context.Validated(); return Task.FromResult<object>(null); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { context.Validated(); return Task.FromResult<object>(null); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { try { var username = context.Parameters["username"]; var password = context.Parameters["password"]; if (identityService.AuthenticateUser(username, password)) { context.OwinContext.Set("securityApi:username", username); context.Validated(); } else { context.SetError("Invalid credentials"); context.Rejected(); } } catch(Exception exception) { context.SetError(exception.Message); context.Rejected(); } return Task.FromResult(0); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { await Task.Run(() => { context.Validated(); }); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId = string.Empty; string clientSecret = string.Empty; string symmetricKeyAsBase64 = string.Empty; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.SetError("invalid_clientId", "client_Id is not set"); return Task.FromResult<object>(null); } var audience = AudiencesStore.FindAudience(context.ClientId); if (audience == null) { context.SetError("invalid_clientId", string.Format("Invalid client_id '{0}'", context.ClientId)); return Task.FromResult<object>(null); } context.Validated(); return Task.FromResult<object>(null); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { try { var username = context.Parameters["username"]; var password = context.Parameters["password"]; if (username == password) { context.OwinContext.Set("otf:username", username); context.Validated(); } else { context.SetError("Invalid credentials"); context.Rejected(); } } catch { context.SetError("Server error"); context.Rejected(); } return Task.FromResult(0); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { await Task.Factory.StartNew(() => { context.Validated(); }); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext ctx) { string clientId = string.Empty; string clientSecret = string.Empty; Client client = null; if(!ctx.TryGetBasicCredentials(out clientId,out clientSecret)) { ctx.TryGetFormCredentials(out clientId, out clientSecret); } if(ctx.ClientId == null) { ctx.SetError("No clientId specified ! "); return Task.FromResult<object>(null); } using(AuthRepository _repo = new AuthRepository()) { client = _repo.FindClient(clientId); } if(client == null) { ctx.SetError("clientId not found !"); return Task.FromResult<object>(null); } if (client.ApplicationType == ApplicationTypes.Native) { if (string.IsNullOrWhiteSpace(clientSecret)) { ctx.SetError("invalid_clientId", "Client secret should be sent."); return Task.FromResult<object>(null); } else { if (client.Secret != GetHash(clientSecret)) { ctx.SetError("invalid_clientId", "Client secret is invalid."); return Task.FromResult<object>(null); } } } if (!client.Active) { ctx.SetError("invalid_clientId", "Client is inactive."); return Task.FromResult<object>(null); } ctx.OwinContext.Set<string>("as:clientAllowedOrigin", client.AllowedOrigin); ctx.OwinContext.Set<string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString()); ctx.Validated(); return Task.FromResult<object>(null); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId = "jeremy"; string clientSecret = string.Empty; context.TryGetFormCredentials(out clientId, out clientSecret); context.OwinContext.Set<string>("as:client_id", clientId); context.Validated(clientId); return base.ValidateClientAuthentication(context); }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { // Die Kennwortanmeldeinformationen des Ressourcenbesitzers stellen keine Client-ID bereit. if (context.ClientId == null) { context.Validated(); } return Task.FromResult<object>(null); }
public override async Task ValidateClientAuthentication(Microsoft.Owin.Security.OAuth.OAuthValidateClientAuthenticationContext context) { context.Validated(); }