private void SetAPIClients() { string alloweOrign; alloweOrign = Environment.EnvironmentTpe == Environment.Type.DesenvolvimentoLocal ? "http://*****:*****@123"), Name = "AngularJs Front-End Application", Type = APIClientTypes.JavaScriptNonconfidencial, Active = true, RefreshTokenLifeTimeInMinutes = 7200, AllowedOrigin = alloweOrign }; var apiClientAppConsole = new APIClients { Id = "ConsoleAppAuth", Secret = SecurityHelper.GetHash("123@abc"), Name = "Application Console Test", Type = APIClientTypes.NativeConfidencial, Active = true, RefreshTokenLifeTimeInMinutes = 7200, AllowedOrigin = "*" }; _context.APIClients.Add(apiClientAppAngular); _context.APIClients.Add(apiClientAppConsole); _context.SaveChanges(); }
public async Task CreateAsync(AuthenticationTokenCreateContext context) { var clientId = context.Ticket.Properties.Dictionary["as:client_id"]; var username = context.Ticket.Properties.Dictionary["userName"]; if (string.IsNullOrEmpty(clientId)) { return; } var refreshTokenId = Guid.NewGuid().ToString("n"); using (var dbContext = new AppDbContext().WithUsername(username)) { var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime"); var refreshToken = new APIClientRefreshToken { Id = Core.Security.SecurityHelper.GetHash(refreshTokenId), Subject = context.Ticket.Identity.Name, IssuedUTC = DateTime.UtcNow, ExpiresUTC = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)) }; context.Ticket.Properties.IssuedUtc = refreshToken.IssuedUTC; context.Ticket.Properties.ExpiresUtc = refreshToken.ExpiresUTC; refreshToken.ProtectedTicket = context.SerializeTicket(); var apiClient = new APIClients { Id = clientId }; dbContext.APIClients.Attach(apiClient); apiClient.AddRefreshToken(refreshToken); await dbContext.SaveChangesAsync(); context.SetToken(refreshTokenId); } }
public JsonResult Post(APIClientCreateViewModel createApiClient) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } createApiClient.Id = createApiClient.Id.Trim().Replace(" ", ""); using (var context = new AppDbContext()) { var apiClientExists = context.APIClients.Any(p => p.Id == createApiClient.Id); if (apiClientExists) { HttpContext.Response.StatusCode = (int)HttpStatusCode.Conflict; return(Json(new { message = ResponseMessages.other_apiclient_already_exists }, JsonRequestBehavior.AllowGet)); } var apiClient = new APIClients { Id = createApiClient.Id, Name = createApiClient.Name.Trim(), Secret = SecurityHelper.GetHash(createApiClient.Secret.Trim()), Type = createApiClient.Type, AllowedOrigin = createApiClient.AllowedOrigin.Trim(), RefreshTokenLifeTimeInMinutes = createApiClient.RefreshTokenLifeTimeInMinutes, Active = true, }; context.APIClients.Add(apiClient); context.SaveChanges(); apiClient.Secret = null; return(Json(apiClient, JsonRequestBehavior.AllowGet)); } }
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { var apiClientId = string.Empty; var apiClientSecret = string.Empty; APIClients apiClient = null; if (!context.TryGetBasicCredentials(out apiClientId, out apiClientSecret)) { context.TryGetFormCredentials(out apiClientId, out apiClientSecret); } if (context.ClientId == null) { //Remove the comments from the below line context.SetError, and invalidate context //if you want to force sending clientId/secrects once obtain access tokens. context.Validated(); context.SetError("alerts:error.invalid_clientId", "ClientId should be sent."); return(Task.FromResult <object>(null)); } using (var dbContext = new AppDbContext()) { apiClient = dbContext.APIClients.Find(apiClientId); } if (apiClient == null) { context.SetError("alerts:error.invalid_clientId", $"Client '{context.ClientId}' is not registered in the system."); return(Task.FromResult <object>(null)); } if (apiClient.Type == APIClientTypes.NativeConfidencial) { if (string.IsNullOrWhiteSpace(apiClientSecret)) { context.SetError("alerts:error.invalid_clientId", "Client secret should be sent."); return(Task.FromResult <object>(null)); } else { if (apiClient.Secret != SecurityHelper.GetHash(apiClientSecret)) { context.SetError("alerts:error.invalid_clientId", "Client secret is invalid."); return(Task.FromResult <object>(null)); } } } if (!apiClient.Active) { context.SetError("alerts:error.invalid_clientId", "Client is inactive."); return(Task.FromResult <object>(null)); } if (apiClient.AllowedOrigin == "*") { context.OwinContext.Set <string>("as:clientAllowedOrigin", "*"); } else { context.OwinContext.Set <string>("as:clientAllowedOrigin", new Uri(apiClient.AllowedOrigin).GetLeftPart(UriPartial.Authority)); } context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", apiClient.RefreshTokenLifeTimeInMinutes.ToString()); context.Validated(); return(Task.FromResult <object>(null)); }