public async Task CreateAsync(AuthenticationTokenCreateContext context) { Guid userid = NullHandlers.NGUID(context.Ticket.Properties.Dictionary["as:user_id"]); if (userid == Guid.Empty) { return; } var refreshTokenId = Guid.NewGuid().ToString("n"); var refreshTokenLifeTime = 30; var token = new RefreshToken() { Id = Infrastructure.Encryption.GetHash(refreshTokenId), UserId = userid, IssuedUtc = DateTime.UtcNow, ExpiresUtc = DateTime.UtcNow.AddMinutes(Convert.ToDouble(refreshTokenLifeTime)) }; context.Ticket.Properties.IssuedUtc = token.IssuedUtc; context.Ticket.Properties.ExpiresUtc = token.ExpiresUtc; token.ProtectedTicket = context.SerializeTicket(); var result = await UnitOfWork.RefreshTokenStore.CreateAsync(token); if (result) { context.SetToken(refreshTokenId); } }
public async Task <IHttpActionResult> Post([FromBody] Models.RoleViewModel value) { Role _role = null; if (NullHandlers.NGUID(value.Id) != Guid.Empty) { _role = await UnitOfWork.RoleStore.FindByIdAsync(value.Id); } if (_role == null) { _role = new Role(); } _role.Name = value.RoleName; _role.Description = value.RoleDescription; UnitOfWork.BeginWork(); if (_role.Id == Guid.Empty) { await UnitOfWork.RoleStore.CreateAsync(_role); } else { await UnitOfWork.RoleStore.UpdateAsync(_role); } foreach (Models.ApiViewModel _assignedApi in value.AssignedApis) { if (_assignedApi.Id == Guid.Empty) { RoleApiPath _newPath = new RoleApiPath() { RoleId = _role.Id, ActionPath = _assignedApi.Path, ActionMethod = _assignedApi.HttpMethod }; await UnitOfWork.RoleStore.CreateRoleApiPathAsync(_newPath); } } foreach (Models.ApiViewModel _availableApi in value.AvailableApis) { if (_availableApi.Id != Guid.Empty) { await UnitOfWork.RoleStore.DeleteRoleApiPathAsync(_availableApi.Id);; } } foreach (Models.ClientPathViewModel _assignedClientPath in value.AssignedClientPaths) { if (_assignedClientPath.Id == Guid.Empty) { } } foreach (Models.ClientPathViewModel _availableClientPath in value.AvailableClientPaths) { if (_availableClientPath.Id != Guid.Empty) { } } UnitOfWork.CommitWork(); return(Ok()); }
public async Task <IHttpActionResult> GetUser(string Id) { try { User _user = await _userFactory.Build(NullHandlers.NGUID(Id)); return(Ok(_user)); } catch (Exception ex) { return(InternalServerError(ex)); } }
public async Task <IHttpActionResult> Get(string id) { Guid _roleId = NullHandlers.NGUID(id); Role _role = null; if (_roleId != Guid.Empty) { _role = await UnitOfWork.RoleStore.FindByIdAsync(_roleId); } if (_role == null) { _role = new Role(); } List <Models.ApiViewModel> _assignedApis = new List <Models.ApiViewModel>(); List <Models.ApiViewModel> _availableApis = new List <Models.ApiViewModel>(); List <Models.ClientPathViewModel> _availableClientPaths = new List <Models.ClientPathViewModel>(); List <Models.ClientPathViewModel> _assignedClientPaths = new List <Models.ClientPathViewModel>(); foreach (RoleApiPath _apiPath in await UnitOfWork.RoleStore.ListRoleApiPathsAsync(_role.Id)) { _assignedApis.Add(new Models.ApiViewModel() { Id = _apiPath.Id, Path = _apiPath.ActionPath, HttpMethod = _apiPath.ActionMethod }); } System.Collections.ObjectModel.Collection <System.Web.Http.Description.ApiDescription> _apis = GlobalConfiguration.Configuration.Services.GetApiExplorer().ApiDescriptions; foreach (System.Web.Http.Description.ApiDescription _api in _apis) { if (_api.ActionDescriptor.GetFilterPipeline().Where(f => f.Instance is Attributes.AuthorizeUserAttribute).Any()) { if (!(_assignedApis.Where(f => f.Path == _api.RelativePath && f.HttpMethod == _api.HttpMethod.ToString()).Any())) { _availableApis.Add(new Models.ApiViewModel() { Path = _api.RelativePath, HttpMethod = _api.HttpMethod.ToString() }); } } } return(Ok(new Models.RoleViewModel() { Id = _role.Id, RoleName = _role.Name, RoleDescription = _role.Description, AssignedApis = _assignedApis, AvailableApis = _availableApis, AvailableClientPaths = _availableClientPaths, AssignedClientPaths = _assignedClientPaths })); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { Client client = context.OwinContext.Get <Client>("as:requested_client"); string _authToken = String.Empty; if (client != null) { foreach (var _header in context.OwinContext.Request.Headers) { if (_header.Key.ToLower() == "authorization") { if (_header.Value.Length > 0) { _authToken = _header.Value[0]; break; } } } } if (_authToken.IndexOf("Bearer ", StringComparison.CurrentCultureIgnoreCase) == 0) { _authToken = _authToken.Substring(7, _authToken.Length - 7); } var allowedOrigin = "NONE"; List <ClientAllowedOrigin> _allowedOrigins; if (!(client == null)) { _allowedOrigins = client.AllowedOrigins; } else { _allowedOrigins = await UnitOfWork.ClientStore.ListAllowedOrigins(new Guid()); } string _originPath = NullHandlers.NES(context.Request.Headers["Origin"]); if (_originPath == "") { allowedOrigin = "*"; } else { string _originCompare = _originPath.ToLower().Trim(); if (_originCompare.LastIndexOf("/") != (_originCompare.Length - 1)) { _originCompare += "/"; } foreach (ClientAllowedOrigin _origin in _allowedOrigins) { string _allowedCompare = _origin.AllowedURL.ToLower().Trim(); if ((_allowedCompare.LastIndexOf("/") != (_allowedCompare.Length - 1)) && (_allowedCompare != "*")) { _allowedCompare += "/"; } if ((_origin.AllowedURL.ToLower().Trim() == "*") || (_origin.AllowedURL.ToLower().Trim() == _originCompare)) { allowedOrigin = _originPath; Client _sourceClient = await UnitOfWork.ClientStore.FindByURL(_allowedCompare); if (_sourceClient != null) { context.OwinContext.Set <Client>("as:source_client", _sourceClient); } break; } } } context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin }); AuthenticationProperties prop = new AuthenticationProperties(); ClaimsIdentity oAuthIdentity = null; User user = null; //If the passed authentication token is empty then attempt to load the user from the username and password and then insert it into the AuthenticationTicket. //If the authentication token is not empty the ndecode the token and take the user identity from the token and place it in the new token for the remote resource. if (_authToken == "") { user = await UserManager.FindAsync(context.UserName, context.Password); if ((user == null) || ((user.Locked == true) && (user.LockedUntil.HasValue == true) && (user.LockedUntil.Value > DateTime.Now))) { if (user == null) { user = await UnitOfWork.UserStore.FindByEmailAsync(context.UserName); if (user != null) { if ((user.Locked == true) && (user.LockedUntil.HasValue == true) && (user.LockedUntil.Value > DateTime.Now)) { user.FailedLoginCount = 0; context.SetError("invalid_grant", "This user account is temporarily locked. Please try again later."); } else { user.FailedLoginCount += 1; context.SetError("invalid_grant", "The user name or password is incorrect."); } } else { context.SetError("invalid_grant", "The user name or password is incorrect."); } } if (user != null) { if (user.FailedLoginCount >= 3) { user.Locked = true; user.LockedUntil = DateTime.Now.AddMinutes(10); } await UnitOfWork.UserStore.UpdateAsync(user); } return; } else { //Clear all currently stored expired refresh tokens. await UnitOfWork.RefreshTokenStore.ClearExpiredAsync(); } if (user.Locked == true) { user.FailedLoginCount = 0; user.Locked = false; user.LockedUntil = null; await UnitOfWork.UserStore.UpdateAsync(user); } oAuthIdentity = await UserManager.GenerateUserIdentityAsync(user, "JWT"); oAuthIdentity.AddClaims(UnitOfWork.ClaimStore.GetClaims(user)); prop.Dictionary.Add("as:user_id", NullHandlers.NES(user.Id)); } else { Guid _userId = new Guid(); AuthenticationTicket _authTicket = context.Options.AccessTokenFormat.Unprotect(_authToken); ClaimsIdentity _ident = _authTicket.Identity; foreach (Claim _claim in _ident.Claims) { foreach (var _prop in _claim.Properties) { if (_prop.Value == "nameid") { _userId = NullHandlers.NGUID(_claim.Value); break; } } if (_userId != Guid.Empty) { break; } } if ((_userId == Guid.Empty) || (_ident == null)) { throw new Exception("Invalid Authentication Token"); } oAuthIdentity = _ident; prop.Dictionary.Add("as:user_id", NullHandlers.NES(_userId)); } prop.Dictionary.Add("as:issuer", ConfigurationManager.AppSettings["as:IssuerId"]); if (client == null) { prop.Dictionary.Add("as:client_id", ConfigurationManager.AppSettings["as:AudienceId"]); prop.Dictionary.Add("as:client_secret", ConfigurationManager.AppSettings["as:AudienceSecret"]); } else { prop.Dictionary.Add("as:client_id", client.ClientId); prop.Dictionary.Add("as:client_secret", client.Secret); } var ticket = new AuthenticationTicket(oAuthIdentity, prop); context.Validated(ticket); }