public ActionResult Issue() { Tracing.Verbose("OAuth WRAP endpoint called."); if (!ConfigurationRepository.Endpoints.OAuthWRAP) { Tracing.Error("OAuth WRAP endpoint is disabled in configuration"); return(new HttpNotFoundResult()); } var scope = Request.Form["wrap_scope"]; if (string.IsNullOrWhiteSpace(scope)) { Tracing.Error("OAuth WRAP endpoint called with empty realm."); return(new HttpStatusCodeResult(400)); } Uri uri; if (!Uri.TryCreate(scope, UriKind.Absolute, out uri)) { Tracing.Error("OAuth WRAP endpoint called with malformed realm: " + scope); return(new HttpStatusCodeResult(400)); } Tracing.Information("OAuth WRAP endpoint called with realm: " + scope); var endpoint = new EndpointAddress(uri); var auth = new AuthenticationHelper(); IClaimsPrincipal principal; if (!auth.TryGetPrincipalFromWrapRequest(Request, out principal)) { Tracing.Error("Authentication failed"); return(new UnauthorizedResult("WRAP", UnauthorizedResult.ResponseAction.Send401)); } if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.WRAP)) { Tracing.Error("User not authorized"); return(new UnauthorizedResult("WRAP", UnauthorizedResult.ResponseAction.Send401)); } TokenResponse response; if (auth.TryIssueToken(endpoint, principal, SimpleWebToken.OasisTokenProfile, out response)) { return(new WrapResult(response)); } else { return(new HttpStatusCodeResult(400)); } }
public override void OnActionExecuting(ActionExecutingContext filterContext) { Container.Current.SatisfyImportsOnce(this); filterContext.Controller.ViewBag.SiteName = ConfigurationRepository.Configuration.SiteName; filterContext.Controller.ViewBag.IsAdministrator = ClaimsAuthorize.CheckAccess(Constants.Actions.Administration, Constants.Resources.UI); filterContext.Controller.ViewBag.IsSignedIn = filterContext.HttpContext.User.Identity.IsAuthenticated; base.OnActionExecuting(filterContext); }
public ActionResult Issue(string realm, string tokenType) { Tracing.Verbose("Simple HTTP endpoint called."); if (!ConfigurationRepository.Endpoints.SimpleHttp) { Tracing.Warning("Simple HTTP endpoint is disabled in configuration"); return(new HttpNotFoundResult()); } if (tokenType == null) { tokenType = ConfigurationRepository.Configuration.DefaultTokenType; } Tracing.Information("Token type: " + tokenType); Uri uri; if (!Uri.TryCreate(realm, UriKind.Absolute, out uri)) { Tracing.Error("Realm parameter is malformed."); return(new HttpStatusCodeResult(400)); } Tracing.Information("Simple HTTP endpoint called for realm: " + uri.AbsoluteUri); var endpoint = new EndpointAddress(uri); var auth = new AuthenticationHelper(); IClaimsPrincipal principal; if (!auth.TryGetPrincipalFromHttpRequest(Request, out principal)) { Tracing.Error("no or invalid credentials found."); return(new UnauthorizedResult("Basic", UnauthorizedResult.ResponseAction.Send401)); } if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.SimpleHttp)) { Tracing.Error("User not authorized"); return(new UnauthorizedResult("Basic", UnauthorizedResult.ResponseAction.Send401)); } TokenResponse tokenResponse; if (auth.TryIssueToken(endpoint, principal, tokenType, out tokenResponse)) { return(new SimpleHttpResult(tokenResponse.TokenString, tokenType)); } else { return(new HttpStatusCodeResult(400)); } }
public ActionResult Token(ResourceOwnerCredentialRequest request) { Tracing.Verbose("OAuth2 endpoint called."); if (!ConfigurationRepository.Endpoints.OAuth2) { Tracing.Error("OAuth2 endpoint called, but disabled in configuration"); return(new HttpNotFoundResult()); } if (!ModelState.IsValid) { Tracing.Error("OAuth2 called with malformed request"); return(new HttpStatusCodeResult(400)); } var auth = new AuthenticationHelper(); Uri uri; if (!Uri.TryCreate(request.Scope, UriKind.Absolute, out uri)) { Tracing.Error("OAuth2 endpoint called with malformed realm: " + request.Scope); return(new HttpStatusCodeResult(400)); } IClaimsPrincipal principal = null; if (auth.TryGetPrincipalFromOAuth2Request(Request, request, out principal)) { if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2)) { Tracing.Error("User not authorized"); return(new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401)); } SecurityToken token; if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token)) { var swt = token as SimpleWebToken; var response = new AccessTokenResponse { AccessToken = swt.RawToken, TokenType = SimpleWebToken.OasisTokenProfile, ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60, }; Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401)); //if (UserRepository.ValidateUser(request.UserName ?? "", request.Password ?? "")) //{ // var principal = auth.CreatePrincipal(request.UserName, AuthenticationMethods.Password); // if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2)) // { // Tracing.Error("User not authorized"); // return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401); // } // SecurityToken token; // if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token)) // { // var swt = token as SimpleWebToken; // var response = new AccessTokenResponse // { // AccessToken = swt.RawToken, // TokenType = SimpleWebToken.OasisTokenProfile, // ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60, // }; // Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401); }