#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
#pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously
{
context.Validated();
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
return(Task.FromResult(context.Validated()));
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
return(Task.FromResult <object>(null));
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
//Here we only doing something before validating when we using userId and userSecret approach.
context.Validated();
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
await Task.Run(() => context.Validated());
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// This call is required...
// but we're not using client authentication, so validate and move on...
await Task.FromResult(context.Validated());
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
await Task.FromResult <object>(null);
}
/// <summary>
/// Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that client are
/// present on the request. If the web application accepts Basic authentication credentials,
/// context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header. If the web
/// application accepts "client_id" and "client_secret" as form encoded POST parameters,
/// context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body.
/// If context.Validated is not called the request will not proceed further.
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>
/// Task to enable asynchronous execution
/// </returns>
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId = string.Empty;
string clientSecret = string.Empty;
Client client = null;
// 웹 응용 프로그램이 기본 인증 자격 증명을 수락하면 클라이언트 자격 증명 요청 헤더의 값을 검색합니다.
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
//웹 응용 프로그램이 양식 인코딩 된 POST 매개 변수로 클라이언트 ID와 암호를 허용하면 TryGetFormCredentials"를 사용하여 값을 검색
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
//Remove the comments from the below line context.SetError, and invalidate context
//if you want to force sending clientId/secrects once obtain access tokens.
context.Validated();
//context.SetError("invalid_clientId", "ClientId should be sent.");
return(Task.FromResult <object>(null));
}
//Client 테이블 조회하기
using (AuthRepository _repo = new AuthRepository())
{
client = _repo.FindClient(context.ClientId);
}
if (client == null)
{
context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId));
return(Task.FromResult <object>(null));
}
//client 에서 native 이면 secret 존재 여부 확인
if (client.ApplicationType == Models.ApplicationTypes.NativeConfidential)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
else
{
if (client.Secret != Helper.GetHash(clientSecret))
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
}
//client 에서 비활성화 이면 차단
if (!client.Active)
{
context.SetError("invalid_clientId", "Client is inactive.");
return(Task.FromResult <object>(null));
}
context.OwinContext.Set <string>("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
var code = context.Parameters.Get("code");
ApiSettings settings = EngineContext.Current.Resolve <ApiSettings>();
if (!settings.EnableApi)
{
context.SetError("invalid_call", "Could not access private resources on this server!");
context.Rejected();
}
else
{
if (!context.TryGetFormCredentials(out clientId, out clientSecret))
{
context.TryGetBasicCredentials(out clientId, out clientSecret);
}
string grantType = context.Parameters.Get("grant_type");
if ((!string.IsNullOrEmpty(clientId) || !string.IsNullOrEmpty(clientSecret) ||
!string.IsNullOrEmpty(code)) && !string.IsNullOrEmpty(grantType))
{
IClientService clientService = EngineContext.Current.Resolve <IClientService>();
bool valid = false;
if (grantType == "refresh_token")
{
valid = clientService.ValidateClientById(clientId);
}
else
{
valid = clientService.ValidateClient(clientId, clientSecret, code);
}
if (valid)
{
Client client = clientService.GetClient(clientId);
// _clientId = clientId;
if (client.IsActive)
{
context.OwinContext.Set("oauth:client", client);
context.Validated(clientId);
}
}
else
{
context.SetError("invalid_user", "User not active or invalid!");
context.Rejected();
}
}
else
{
context.SetError("invalid_user", "User not active or invalid!");
context.Rejected();
}
}
}
/// <summary>
/// This method validates the client device
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// For now we are not checking any client device validtion.
context.Validated();
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId = string.Empty;
string clientSecret = string.Empty;
Client client = null;
// Try to get the Client id and secret from the authorization header using a basic scheme
// So one way to send the client_id/client_secret is to base64 encode the (client_id:client_secret)
// and send it in the Authorization header
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
// The other way is to sent the client_id/client_secret as “x-www-form-urlencoded”.
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
context.SetError("invalid_clientId", "ClientId must be sent.");
return(Task.FromResult <object>(null));
}
client = GetClientFromDb(context.ClientId);
// Client is not registered to consume our back end api
if (client == null)
{
context.SetError("invalid_clientId", string.Format($"Client '{context.ClientId}' is not registered in the system."));
return(Task.FromResult <object>(null));
}
// Reject disabled clients
if (!client.IsActive)
{
context.SetError("invalid_clientId", "Client is disabled.");
return(Task.FromResult <object>(null));
}
// Sending client secret is mandatory for native clients
if (client.ClientType == ClientType.NativeConfidential)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
else
{
if (client.Secret != Encryptor.GetHash(clientSecret))
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
}
context.OwinContext.Set(Client_AllowedOriginKey, client.AllowedOrigin);
context.OwinContext.Set(Client_RefreshTokenLifeTimeKey, client.RefreshTokenLifeTime.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// Resource owner password credentials does not provide a client ID.
/*
* var q = from r in db.Users
* where r.UserName == context.
* select new Users
* {
* UserName = r.UserName,
* troll = r.troll,
* UserId = r.UserId
* };
* int value = 0;
* foreach (Users item in q.ToList())
* {
* value = item.troll;
* }
* if (value == 1)
* {
*
* }
* else
* {
*
* }
*/
context.Parameters.ToList();
string values = "";
foreach (var item in context.Parameters.ToList())
{
if (item.Key.Equals("username"))
{
values = item.Value[0];
}
}
var q = from r in db.Users
where r.UserName == values
select new Areas.api.Models.User
{
UserName = r.UserName,
troll = r.troll,
UserId = r.UserId
};
int value = 0;
foreach (Areas.api.Models.User item in q.ToList())
{
value = item.troll;
}
if (value == 1)
{
if (context.ClientId == null)
{
context.Validated();
}
}
return(Task.FromResult <object>(null));
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
context.Validated();
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated(); // for validating devices
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated(); // This method is used to validate the client application
}
/// <summary>
/// Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that client are
/// present on the request. If the web application accepts Basic authentication credentials,
/// context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header. If the web
/// application accepts "client_id" and "client_secret" as form encoded POST parameters,
/// context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body.
/// If context.Validated is not called the request will not proceed further.
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>
/// Task to enable asynchronous execution
/// </returns>
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// We have only one client, therefore always return that its validated successfully.
context.Validated();
return(Task.FromResult(0));
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
var clientId = default(string);
var clientSecret = default(string);
var client = default(Client);
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
// Remove the comments from the below line context.SetError, and invalidate context
// if you want to force sending clientId/secrects once obtain access tokens.
context.Validated();
// context.SetError("invalid_clientId", "ClientId should be sent.");
return(Task.FromResult <object>(null));
}
client = authRepository.FindClient(context.ClientId);
if (client == null)
{
context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId));
return(Task.FromResult <object>(null));
}
if (client.ApplicationType == Models.ApplicationTypes.NativeConfidential)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
else
{
if (client.Secret != Helper.GetHash(clientSecret))
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
}
if (!client.Active)
{
context.SetError("invalid_clientId", "Client is inactive.");
return(Task.FromResult <object>(null));
}
context.OwinContext.Set <string>("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}
///http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app-using-asp-net-web-api-2-owin/
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId = string.Empty;
string clientSecret = string.Empty;
Client client = null;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
//Remove the comments from the below line context.SetError, and invalidate context
//if you want to force sending clientId/secrects once obtain access tokens.
context.Validated();
//context.SetError("invalid_clientId", "ClientId should be sent.");
return(Task.FromResult <object>(null));
}
//using (AuthRepository _repo = new AuthRepository())
using (var dbcontext = new ApplicationDbContext())
{
var _repo = new UserRepository(dbcontext);
client = _repo.FindClient(context.ClientId);
}
if (client == null)
{
context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId));
return(Task.FromResult <object>(null));
}
if (client.ApplicationType == ApplicationTypes.NativeConfidential)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
else
{
if (client.Secret != Helper.HelperSecurity.GetHash(clientSecret))
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
}
if (!client.Active)
{
context.SetError("invalid_clientId", "Client is inactive.");
return(Task.FromResult <object>(null));
}
//http://leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization-server/
context.OwinContext.Set <string>("as:client_id", context.ClientId);
context.OwinContext.Set <string>("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
return(Task.CompletedTask);
}
// checking if client has valid auth parameters
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
publicKey = context.Parameters["publicKey"];
string clientId = string.Empty;
string clientSecret = string.Empty;
Client client = null;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
//Remove the comments from the below line context.SetError, and invalidate context
//if you want to force sending clientId/secrects once obtain access tokens.
context.Validated();
context.SetError("invalid_clientId", "ClientId should be sent.");
return(Task.FromResult <object>(null));
}
using (var _repo = new AuthRepository(new UnitOfWork(new InteropContext())))
{
client = _repo.FindClient(context.ClientId);
//var splitedClientId = context.ClientId.Split('-');
//client = _repo.FindClient(splitedClientId[0]);
}
if (client == null)
{
context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId));
return(Task.FromResult <object>(null));
}
if (client.ApplicationType == ApplicationTypes.NativeConfidential)
{
if (string.IsNullOrWhiteSpace(clientSecret))
{
context.SetError("invalid_clientId", "Client secret should be sent.");
return(Task.FromResult <object>(null));
}
else
{
if (client.Secret != Helper.GetHash(clientSecret))
{
context.SetError("invalid_clientId", "Client secret is invalid.");
return(Task.FromResult <object>(null));
}
}
}
if (!client.Active)
{
context.SetError("invalid_clientId", "Client is inactive.");
return(Task.FromResult <object>(null));
}
context.OwinContext.Set <string>("as:clientAllowedOrigin", client.AllowedOrigin);
context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
context.Validated();
return(Task.FromResult <object>(null));
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
return(base.ValidateClientAuthentication(context));
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
await Task.Factory.StartNew(() => context.Validated());
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// Resource owner password credentials does not provide a client ID.
context.Validated();
}
public override async System.Threading.Tasks.Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
await Task.FromResult(context.Validated());
}
/// <summary>
/// Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that client are
/// present on the request. If the web application accepts Basic authentication credentials,
/// context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header. If the web
/// application accepts "client_id" and "client_secret" as form encoded POST parameters,
/// context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body.
/// If context.Validated is not called the request will not proceed further.
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
this.options.Logger.Debug("Validating client id and secret");
string clientId;
string clientSecret;
// Validate that redirect uri is specified
// 'redirect_uri' must be specified for all calls that are not 'client_credentials' grants.
if (context.Parameters[Constants.Parameters.RedirectUri] == null && context.Parameters[Constants.Parameters.GrantType] != Constants.GrantTypes.ClientCredentials)
{
context.SetError("invalid_request");
this.options.Logger.Error("Redirect URI was not specified, the token request is not valid");
return;
}
if (context.TryGetBasicCredentials(out clientId, out clientSecret) ||
context.TryGetFormCredentials(out clientId, out clientSecret))
{
// Only proceed if client id and client secret is provided
if (string.IsNullOrEmpty(clientId) || string.IsNullOrEmpty(clientSecret))
{
context.SetError("invalid_client");
this.options.Logger.WarnFormat("Client id ({0}) or client secret ({1}) is invalid", clientId, clientSecret);
return;
}
this.options.Logger.DebugFormat("Authenticating client '{0}'", clientId);
var client = await this.options.ClientManager.AuthenticateClientCredentialsAsync(clientId, clientSecret);
if (!client.IsAuthenticated)
{
context.SetError("invalid_grant");
this.options.Logger.WarnFormat("Client '{0}' was not authenticated because the supplied secret did not match", clientId);
return;
}
}
else
{
context.SetError("invalid_client");
this.options.Logger.WarnFormat("Client '{0}' was not authenticated because the provider could not retrieve the client id and client secret from the Authorization header or Form parameters", clientId);
return;
}
context.OwinContext.GetOAuthContext().ClientId = context.ClientId;
context.OwinContext.GetOAuthContext().RedirectUri = context.Parameters[Constants.Parameters.RedirectUri];
context.OwinContext.GetOAuthContext().Scope = context.Parameters[Constants.Parameters.Scope] != null && context.Parameters[Constants.Parameters.Scope].Length > 0 ?
context.Parameters[Constants.Parameters.Scope].Split(' ') : null;
this.options.Logger.DebugFormat("Client '{0}' was successfully authenticated", clientId);
context.Validated(clientId);
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.OwinContext.Set("as:clientAllowedOrigin", "*");
context.OwinContext.Set("as:clientRefreshTokenLifeTime", "7200");
context.Validated();
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) => Task.Run(() => context.Validated());
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
/*
* string clientId = string.Empty;
* string clientSecret = string.Empty;
* Client client = null;
*
* if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
* {
* context.TryGetFormCredentials(out clientId, out clientSecret);
* }
*
* if (context.ClientId == null)
* {
* //Remove the comments from the below line context.SetError, and invalidate context
* //if you want to force sending clientId/secrects once obtain access tokens.
* context.Validated();
* //context.SetError("invalid_clientId", "ClientId should be sent.");
* return Task.FromResult<object>(null);
* }
*
* using (AuthRepository _repo = new AuthRepository())
* {
* client = _repo.FindClient(context.ClientId);
* }
*
* if (client == null)
* {
* context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId));
* return Task.FromResult<object>(null);
* }
*
* if (client.ApplicationType == Models.ApplicationTypes.NativeConfidential)
* {
* if (string.IsNullOrWhiteSpace(clientSecret))
* {
* context.SetError("invalid_clientId", "Client secret should be sent.");
* return Task.FromResult<object>(null);
* }
* else
* {
* if (client.Secret != Helper.GetHash(clientSecret))
* {
* context.SetError("invalid_clientId", "Client secret is invalid.");
* return Task.FromResult<object>(null);
* }
* }
* }
*
* if (!client.Active)
* {
* context.SetError("invalid_clientId", "Client is inactive.");
* return Task.FromResult<object>(null);
* }
*
* context.OwinContext.Set<string>("as:clientAllowedOrigin", client.AllowedOrigin);
* context.OwinContext.Set<string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString());
*
* context.Validated();
* return Task.FromResult<object>(null);
*/
//
context.Validated();
}