private void SetAPIClients()
{
string alloweOrign;
alloweOrign = Environment.EnvironmentTpe == Environment.Type.DesenvolvimentoLocal ? "http://*****:*****@123"),
Name = "AngularJs Front-End Application",
Type = APIClientTypes.JavaScriptNonconfidencial,
Active = true,
RefreshTokenLifeTimeInMinutes = 7200,
AllowedOrigin = alloweOrign
};
var apiClientAppConsole = new APIClients
{
Id = "ConsoleAppAuth",
Secret = SecurityHelper.GetHash("123@abc"),
Name = "Application Console Test",
Type = APIClientTypes.NativeConfidencial,
Active = true,
RefreshTokenLifeTimeInMinutes = 7200,
AllowedOrigin = "*"
};
_context.APIClients.Add(apiClientAppAngular);
_context.APIClients.Add(apiClientAppConsole);
_context.SaveChanges();
}
public async Task CreateAsync(AuthenticationTokenCreateContext context)
{
var clientId = context.Ticket.Properties.Dictionary["as:client_id"];
var username = context.Ticket.Properties.Dictionary["userName"];
if (string.IsNullOrEmpty(clientId))
{
return;
}
var refreshTokenId = Guid.NewGuid().ToString("n");
using (var dbContext = new AppDbContext().WithUsername(username))
{
var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime");
var refreshToken = new APIClientRefreshToken
{
Id = Core.Security.SecurityHelper.GetHash(refreshTokenId),
Subject = context.Ticket.Identity.Name,
IssuedUTC = DateTime.UtcNow,
ExpiresUTC = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime))
};
context.Ticket.Properties.IssuedUtc = refreshToken.IssuedUTC;
context.Ticket.Properties.ExpiresUtc = refreshToken.ExpiresUTC;
refreshToken.ProtectedTicket = context.SerializeTicket();
var apiClient = new APIClients {
Id = clientId
};
dbContext.APIClients.Attach(apiClient);
apiClient.AddRefreshToken(refreshToken);
await dbContext.SaveChangesAsync();
context.SetToken(refreshTokenId);
}
}
public JsonResult Post(APIClientCreateViewModel createApiClient)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
createApiClient.Id = createApiClient.Id.Trim().Replace(" ", "");
using (var context = new AppDbContext())
{
var apiClientExists = context.APIClients.Any(p => p.Id == createApiClient.Id);
if (apiClientExists)
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.Conflict;
return(Json(new { message = ResponseMessages.other_apiclient_already_exists }, JsonRequestBehavior.AllowGet));
}
var apiClient = new APIClients
{
Id = createApiClient.Id,
Name = createApiClient.Name.Trim(),
Secret = SecurityHelper.GetHash(createApiClient.Secret.Trim()),
Type = createApiClient.Type,
AllowedOrigin = createApiClient.AllowedOrigin.Trim(),
RefreshTokenLifeTimeInMinutes = createApiClient.RefreshTokenLifeTimeInMinutes,
Active = true,
};
context.APIClients.Add(apiClient);
context.SaveChanges();
apiClient.Secret = null;
return(Json(apiClient, JsonRequestBehavior.AllowGet));
}
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
var apiClientId = string.Empty;
var apiClientSecret = string.Empty;
APIClients apiClient = null;
if (!context.TryGetBasicCredentials(out apiClientId, out apiClientSecret))
{
context.TryGetFormCredentials(out apiClientId, out apiClientSecret);
}
if (context.ClientId == null)
{
//Remove the comments from the below line context.SetError, and invalidate context
//if you want to force sending clientId/secrects once obtain access tokens.
context.Validated();
context.SetError("alerts:error.invalid_clientId", "ClientId should be sent.");
return(Task.FromResult <object>(null));
}
using (var dbContext = new AppDbContext())
{
apiClient = dbContext.APIClients.Find(apiClientId);
}
if (apiClient == null)
{
context.SetError("alerts:error.invalid_clientId", $"Client '{context.ClientId}' is not registered in the system.");
return(Task.FromResult <object>(null));
}
if (apiClient.Type == APIClientTypes.NativeConfidencial)
{
if (string.IsNullOrWhiteSpace(apiClientSecret))
{
context.SetError("alerts:error.invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
else
{
if (apiClient.Secret != SecurityHelper.GetHash(apiClientSecret))
{
context.SetError("alerts:error.invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
}
if (!apiClient.Active)
{
context.SetError("alerts:error.invalid_clientId", "Client is inactive.");
return(Task.FromResult <object>(null));
}
if (apiClient.AllowedOrigin == "*")
{
context.OwinContext.Set <string>("as:clientAllowedOrigin", "*");
}
else
{
context.OwinContext.Set <string>("as:clientAllowedOrigin", new Uri(apiClient.AllowedOrigin).GetLeftPart(UriPartial.Authority));
}
context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", apiClient.RefreshTokenLifeTimeInMinutes.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}
