예제 #1
0
        public ActionResult <Model.Korisnik> Auth()
        {
            if (!Request.Headers.ContainsKey("Authorization"))
            {
                return(BadRequest(new { message = "Missing Authorization Header" }));
            }
            Model.Korisnik user = null;
            try
            {
                var authHeader      = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
                var credentialBytes = Convert.FromBase64String(authHeader.Parameter);
                var credentials     = Encoding.UTF8.GetString(credentialBytes).Split(':');

                var username = credentials[0];
                var password = credentials[1];
                user = _userService.Authenticate(username, password);
            }
            catch
            {
                return(BadRequest(new { message = "Invalid Authorization Header" }));
            }



            if (user == null)
            {
                return(BadRequest(new { message = "Username or password is incorrect" }));
            }

            return(Ok(user));
        }
        public async Task <IActionResult> LoginWithFaceID([FromBody] TokenEndpointRequestBody model)
        {
            if (model == null)
            {
                return(BadRequest());
            }
            byte[] img = null;

            try
            {
                img = Convert.FromBase64String(model.Image);
            }
            catch (Exception ex)
            {
                return(BadRequest(ex.Message));
            }

            var korisnickiNalog = await _korisnikService.Authenticate(img);

            if (korisnickiNalog == null)
            {
                return(BadRequest(SharedResources.UnsuccessfulFaceIdAuthentication));
            }

            //Secret GUID for resource owner password validator (if GUID is not valid, auth will be rejected)
            var secretGuid = new Guid();

            FaceIDSecretsManager.Add(secretGuid);

            var postBody = @"client_id=" + model.ClientId
                           + "&client_secret=" + model.ClientSecret
                           + "&grant_type=password&username="******"{korisnickiNalog.Username}*{korisnickiNalog.Id}" + $"&password={secretGuid}"
                           + "&scope=openid offline_access face-recognition";
            var client = new HttpClient();
            HttpResponseMessage response;
            var uri = Environment.IsDevelopment() ? $"{Request.Scheme}://{Request.Host.Value}" : Resources.ProductionUri;

            using (var stringContent = new StringContent(postBody, Encoding.UTF8, "application/x-www-form-urlencoded"))
            {
                response = await client.PostAsync($@"{uri}/connect/token", stringContent);
            }

            if (response.StatusCode == HttpStatusCode.OK)
            {
                var responseJson = await response.Content.ReadAsStringAsync();

                return(Ok(responseJson));
            }

            return(BadRequest(response.Content.ReadAsStringAsync()));
        }
예제 #3
0
        protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
        {
            if (!Request.Headers.ContainsKey("Authorization"))
            {
                return(AuthenticateResult.Fail("Missing Authorization Header"));
            }

            Model.Korisnik CurrentUser = null;

            try
            {
                var authHeader      = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
                var credentialBytes = Convert.FromBase64String(authHeader.Parameter);
                var credentials     = Encoding.UTF8.GetString(credentialBytes).Split(':');
                var username        = credentials[0];
                var password        = credentials[1];
                CurrentUser = _korisnikService.Authenticate(username, password);
            }
            catch
            {
                return(AuthenticateResult.Fail("Invalid Authorization Header"));
            }

            if (CurrentUser == null)
            {
                return(AuthenticateResult.Fail("Invalid Username or Password"));
            }

            _korisnikService.SetCurrentUser(CurrentUser);

            var claims = new List <Claim> {
                new Claim(ClaimTypes.NameIdentifier, CurrentUser.KorisnickoIme),
                new Claim(ClaimTypes.Name, CurrentUser.Ime + " " + CurrentUser.Prezime),
            };

            claims.Add(new Claim(ClaimTypes.Role, CurrentUser.Uloga));

            var identity  = new ClaimsIdentity(claims, Scheme.Name);
            var principal = new ClaimsPrincipal(identity);
            var ticket    = new AuthenticationTicket(principal, Scheme.Name);

            return(AuthenticateResult.Success(ticket));
        }
        public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
        {
            //Only for patients (mobile client)
            if (context.Request.ClientId == OAuthConstants.MobileClientId && context.Request.Scopes.Any(x => x.StartsWith(InMemoryConfig.FaceRecognitionScope)))
            {
                if (FaceIDSecretsManager.IsValidSecret(Guid.Parse(context.Password)))
                {
                    var usernameAndId = context.UserName.Split('*');
                    if (usernameAndId.Length <= 1)
                    {
                        context.Result = new GrantValidationResult(TokenRequestErrors.InvalidTarget, "Invalid Face ID");
                    }
                    var username = usernameAndId[0];
                    var userId   = usernameAndId[1];

                    await BuildSuccessResultAsync(username, userId, context);
                }
                else
                {
                    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidTarget, "Invalid Face ID");
                }
            }
            else
            {
                var user = await _korisnikService.Authenticate(context.UserName, context.Password);

                if (user == null)
                {
                    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidTarget, "Invalid credentials");
                    return;
                }

                if (string.IsNullOrWhiteSpace(context.UserName) || string.IsNullOrWhiteSpace(context.Password))
                {
                    return;
                }


                if (!user.Roles.Any())
                {
                    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidTarget, "Invalid credentials");
                    return;
                }

                //E.g. role with Id = 1 is Administrator, Id = 2 is Doktor, etc.. Here is role with the lowest value of ID (highest permissions)
                var leadRole = user.Roles.Min();

                //1. condition -> If mobile client request access token and user doesn't have Pacijent role
                //2. condition -> If desktop client request access token and user doesn't have one of these roles => Administrator, Doktor or RadnikPrijem
                if ((context.Request.ClientId == OAuthConstants.MobileClientId && !RoleType.Pacijent.EqualInt(leadRole)) ||
                    (context.Request.ClientId == OAuthConstants.DesktopClientId && !RoleType.Administrator.EqualInt(leadRole) &&
                     !RoleType.Doktor.EqualInt(leadRole) &&
                     !RoleType.MedicinskiTehnicar.EqualInt(leadRole) &&
                     !RoleType.RadnikPrijem.EqualInt(leadRole)))
                {
                    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidTarget, "Invalid credentials");
                    return;
                }

                await BuildSuccessResultAsync(user.Username, user.Id.ToString(), context);
            }
        }