public ActionResult Issue()
{
Tracing.Verbose("OAuth WRAP endpoint called.");
if (!ConfigurationRepository.Endpoints.OAuthWRAP)
{
Tracing.Error("OAuth WRAP endpoint is disabled in configuration");
return(new HttpNotFoundResult());
}
var scope = Request.Form["wrap_scope"];
if (string.IsNullOrWhiteSpace(scope))
{
Tracing.Error("OAuth WRAP endpoint called with empty realm.");
return(new HttpStatusCodeResult(400));
}
Uri uri;
if (!Uri.TryCreate(scope, UriKind.Absolute, out uri))
{
Tracing.Error("OAuth WRAP endpoint called with malformed realm: " + scope);
return(new HttpStatusCodeResult(400));
}
Tracing.Information("OAuth WRAP endpoint called with realm: " + scope);
var endpoint = new EndpointAddress(uri);
var auth = new AuthenticationHelper();
IClaimsPrincipal principal;
if (!auth.TryGetPrincipalFromWrapRequest(Request, out principal))
{
Tracing.Error("Authentication failed");
return(new UnauthorizedResult("WRAP", UnauthorizedResult.ResponseAction.Send401));
}
if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.WRAP))
{
Tracing.Error("User not authorized");
return(new UnauthorizedResult("WRAP", UnauthorizedResult.ResponseAction.Send401));
}
TokenResponse response;
if (auth.TryIssueToken(endpoint, principal, SimpleWebToken.OasisTokenProfile, out response))
{
return(new WrapResult(response));
}
else
{
return(new HttpStatusCodeResult(400));
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
Container.Current.SatisfyImportsOnce(this);
filterContext.Controller.ViewBag.SiteName = ConfigurationRepository.Configuration.SiteName;
filterContext.Controller.ViewBag.IsAdministrator = ClaimsAuthorize.CheckAccess(Constants.Actions.Administration, Constants.Resources.UI);
filterContext.Controller.ViewBag.IsSignedIn = filterContext.HttpContext.User.Identity.IsAuthenticated;
base.OnActionExecuting(filterContext);
}
public ActionResult Issue(string realm, string tokenType)
{
Tracing.Verbose("Simple HTTP endpoint called.");
if (!ConfigurationRepository.Endpoints.SimpleHttp)
{
Tracing.Warning("Simple HTTP endpoint is disabled in configuration");
return(new HttpNotFoundResult());
}
if (tokenType == null)
{
tokenType = ConfigurationRepository.Configuration.DefaultTokenType;
}
Tracing.Information("Token type: " + tokenType);
Uri uri;
if (!Uri.TryCreate(realm, UriKind.Absolute, out uri))
{
Tracing.Error("Realm parameter is malformed.");
return(new HttpStatusCodeResult(400));
}
Tracing.Information("Simple HTTP endpoint called for realm: " + uri.AbsoluteUri);
var endpoint = new EndpointAddress(uri);
var auth = new AuthenticationHelper();
IClaimsPrincipal principal;
if (!auth.TryGetPrincipalFromHttpRequest(Request, out principal))
{
Tracing.Error("no or invalid credentials found.");
return(new UnauthorizedResult("Basic", UnauthorizedResult.ResponseAction.Send401));
}
if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.SimpleHttp))
{
Tracing.Error("User not authorized");
return(new UnauthorizedResult("Basic", UnauthorizedResult.ResponseAction.Send401));
}
TokenResponse tokenResponse;
if (auth.TryIssueToken(endpoint, principal, tokenType, out tokenResponse))
{
return(new SimpleHttpResult(tokenResponse.TokenString, tokenType));
}
else
{
return(new HttpStatusCodeResult(400));
}
}
public ActionResult Token(ResourceOwnerCredentialRequest request)
{
Tracing.Verbose("OAuth2 endpoint called.");
if (!ConfigurationRepository.Endpoints.OAuth2)
{
Tracing.Error("OAuth2 endpoint called, but disabled in configuration");
return(new HttpNotFoundResult());
}
if (!ModelState.IsValid)
{
Tracing.Error("OAuth2 called with malformed request");
return(new HttpStatusCodeResult(400));
}
var auth = new AuthenticationHelper();
Uri uri;
if (!Uri.TryCreate(request.Scope, UriKind.Absolute, out uri))
{
Tracing.Error("OAuth2 endpoint called with malformed realm: " + request.Scope);
return(new HttpStatusCodeResult(400));
}
IClaimsPrincipal principal = null;
if (auth.TryGetPrincipalFromOAuth2Request(Request, request, out principal))
{
if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
{
Tracing.Error("User not authorized");
return(new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401));
}
SecurityToken token;
if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token))
{
var swt = token as SimpleWebToken;
var response = new AccessTokenResponse
{
AccessToken = swt.RawToken,
TokenType = SimpleWebToken.OasisTokenProfile,
ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60,
};
Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401));
//if (UserRepository.ValidateUser(request.UserName ?? "", request.Password ?? ""))
//{
// var principal = auth.CreatePrincipal(request.UserName, AuthenticationMethods.Password);
// if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
// {
// Tracing.Error("User not authorized");
// return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401);
// }
// SecurityToken token;
// if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token))
// {
// var swt = token as SimpleWebToken;
// var response = new AccessTokenResponse
// {
// AccessToken = swt.RawToken,
// TokenType = SimpleWebToken.OasisTokenProfile,
// ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60,
// };
// Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401);
}
