public ActionResult Token(ResourceOwnerCredentialRequest request) { Tracing.Verbose("OAuth2 endpoint called."); if (!ConfigurationRepository.Endpoints.OAuth2) { Tracing.Error("OAuth2 endpoint called, but disabled in configuration"); return new HttpNotFoundResult(); } if (!ModelState.IsValid) { Tracing.Error("OAuth2 called with malformed request"); return new HttpStatusCodeResult(400); } var auth = new AuthenticationHelper(); Uri uri; if (!Uri.TryCreate(request.Scope, UriKind.Absolute, out uri)) { Tracing.Error("OAuth2 endpoint called with malformed realm: " + request.Scope); return new HttpStatusCodeResult(400); } ClaimsPrincipal principal = null; if (auth.TryGetPrincipalFromOAuth2Request(Request, request, out principal)) { if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2)) { Tracing.Error("User not authorized"); return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401); } SecurityToken token; if (auth.TryIssueToken(new EndpointAddress(uri), principal, ConfigurationRepository.Configuration.HttpTokenType, out token)) { var handler = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers[ConfigurationRepository.Configuration.HttpTokenType]; var response = new AccessTokenResponse { AccessToken = handler.WriteToken(token), TokenType = TokenTypes.JsonWebToken, ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60, }; Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401); }
public ActionResult Issue(string realm, string tokenType) { Tracing.Verbose("JSNotify endpoint called."); if (!ConfigurationRepository.Endpoints.JSNotify) { Tracing.Warning("JSNotify endpoint called, but disabled in configuration"); return new HttpNotFoundResult(); } Tracing.Information("JSNotify endpoint called for realm: " + realm); if (tokenType == null) { tokenType = ConfigurationRepository.Configuration.HttpTokenType; } Tracing.Information("Token type: " + tokenType); Uri uri; if (!Uri.TryCreate(realm, UriKind.Absolute, out uri)) { Tracing.Error("Realm parameter is malformed."); return new HttpStatusCodeResult(400); } var endpoint = new EndpointAddress(uri); var auth = new AuthenticationHelper(); TokenResponse response; if (auth.TryIssueToken(endpoint, Thread.CurrentPrincipal as ClaimsPrincipal, tokenType, out response)) { var jsresponse = new AccessTokenResponse { AccessToken = response.TokenString, TokenType = response.TokenType, ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60 }; Tracing.Information("JSNotify issue successful for user: " + User.Identity.Name); return new JSNotifyResult(jsresponse); } else { return new HttpStatusCodeResult(400); } }
public OAuth2AccessTokenResult(AccessTokenResponse response) { _response = response; }
public JSNotifyResult(AccessTokenResponse response) { _response = response; }
public ActionResult Token(ResourceOwnerCredentialRequest request) { Tracing.Verbose("OAuth2 endpoint called."); if (!ConfigurationRepository.Endpoints.OAuth2) { Tracing.Error("OAuth2 endpoint called, but disabled in configuration"); return new HttpNotFoundResult(); } if (!ModelState.IsValid) { Tracing.Error("OAuth2 called with malformed request"); return new HttpStatusCodeResult(400); } var auth = new AuthenticationHelper(); Uri uri; if (!Uri.TryCreate(request.Scope, UriKind.Absolute, out uri)) { Tracing.Error("OAuth2 endpoint called with malformed realm: " + request.Scope); return new HttpStatusCodeResult(400); } IClaimsPrincipal principal = null; if (auth.TryGetPrincipalFromOAuth2Request(Request, request, out principal)) { if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2)) { Tracing.Error("User not authorized"); return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401); } SecurityToken token; if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token)) { var swt = token as SimpleWebToken; var response = new AccessTokenResponse { AccessToken = swt.RawToken, TokenType = SimpleWebToken.OasisTokenProfile, ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60, }; Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401); //if (UserRepository.ValidateUser(request.UserName ?? "", request.Password ?? "")) //{ // var principal = auth.CreatePrincipal(request.UserName, AuthenticationMethods.Password); // if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2)) // { // Tracing.Error("User not authorized"); // return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401); // } // SecurityToken token; // if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token)) // { // var swt = token as SimpleWebToken; // var response = new AccessTokenResponse // { // AccessToken = swt.RawToken, // TokenType = SimpleWebToken.OasisTokenProfile, // ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60, // }; // Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401); }