public async System.Threading.Tasks.Task CreateAsync(Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext context)
        {
            var clientId = context.Ticket.Properties.Dictionary["as:client_id"];

            if (string.IsNullOrEmpty(clientId))
            {
                return;
            }
            var refreshTokenId = Guid.NewGuid().ToString("n");

            using (var _repo = new AuthRepository())
            {
                var refreshTokenLifeTime = context.OwinContext.Get <string>("as:clientRefreshTokenLifeTime");
                var token = new RefreshToken
                {
                    Id         = Helper.GetHash(refreshTokenId),
                    ClientId   = clientId,
                    ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)),
                    IssuedUtc  = DateTime.UtcNow,
                    Subject    = context.Ticket.Identity.Name
                };
                context.Ticket.Properties.IssuedUtc  = token.IssuedUtc;
                context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc;
                token.ProtectedTicket = context.SerializeTicket();
                var result = await _repo.AddRefreshToken(token);

                if (result)
                {
                    context.SetToken(refreshTokenId);
                }
            }
        }
예제 #2
0
        public async Task <IHttpActionResult> Logon(WindowsLogonModel model)
        {
            if (!ModelState.IsValid)
            {
                return(BadRequest(ModelState));
            }

            string authenticatedUserName = System.Web.HttpContext.Current.User.Identity.Name;

            // Generate the bearer token
            var identity = new ClaimsIdentity(model.AuthenticationType);

            identity.AddClaim(new Claim(ClaimTypes.Name, authenticatedUserName));
            identity.AddClaim(new Claim("sub", authenticatedUserName));
            identity.AddClaim(new Claim("role", "user"));

            var props = new AuthenticationProperties(new Dictionary <string, string>()
            {
                { "as:client_id", model.ClientId ?? String.Empty },
                { "userName", authenticatedUserName }
            });

            var ticket = new AuthenticationTicket(identity, props);

            var context = new Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext(
                Request.GetOwinContext(),
                Startup.OAuthServerOptions.AccessTokenFormat, ticket);

            string strToken = context.SerializeTicket();

            using (AuthRepository _repo = new AuthRepository())
            {
                // retrieve client from database
                var client = _repo.FindClient(model.ClientId);
                // only generate refresh token if client is registered
                if (client != null)
                {
                    var contextRefresh = new Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext(
                        Request.GetOwinContext(),
                        Startup.OAuthServerOptions.RefreshTokenFormat, ticket);

                    // Set this two context parameters or it won't work!!
                    contextRefresh.OwinContext.Set("as:clientAllowedOrigin", client.AllowedOrigin);
                    contextRefresh.OwinContext.Set("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());

                    // Generate the refresh toke
                    await Startup.OAuthServerOptions.RefreshTokenProvider.CreateAsync(contextRefresh);

                    return(Json(new { access_token = strToken, userName = authenticatedUserName, refresh_token = contextRefresh.Token, useRefreshTokens = true }));
                }
            }

            return(Json(new { access_token = strToken, userName = authenticatedUserName, refresh_token = "", useRefreshTokens = false }));
        }