public bool IsValid(string appName, string username, string password, out UserValidationError userValidationError, out string customError, out bool hasCustomValidation, out bool customValid) { return(new DuradosAuthorizationHelper().IsValid(appName, username, password, out userValidationError, out customError, out hasCustomValidation, out customValid)); }
// public override async Task GrantRefreshToken( //OAuthGrantRefreshTokenContext context) // { // var originalClient = context.Ticket.Properties.Dictionary["as:client_id"]; // var currentClient = context.OwinContext.Get<string>("as:client_id"); // // enforce client binding of refresh token // if (originalClient != currentClient) // { // context.Rejected(); // return; // } // // chance to change authentication ticket for refresh token requests // var newId = new ClaimsIdentity(context.Ticket.Identity); // newId.AddClaim(new Claim("newClaim", "refreshToken")); // var newTicket = new Microsoft.Owin.Security.AuthenticationTicket(newId, context.Ticket.Properties); // context.Validated(newTicket); // } public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); if (System.Web.HttpContext.Current.Request.Form["username"] == null && System.Web.HttpContext.Current.Request.Form["userid"] != null) { ValidateById(context); return; } else if (System.Web.HttpContext.Current.Request.Form["username"] == null && System.Web.HttpContext.Current.Request.Form["accessToken"] != null) { ValidateByOneTimeAccessToken(context); return; } else if (System.Web.HttpContext.Current.Request.Form["refreshToken"] != null) { if (System.Web.HttpContext.Current.Request.Form["username"] == null) { throw new DuradosException("username is missing."); } if (System.Web.HttpContext.Current.Request.Form[Database.AppName] == null) { throw new DuradosException(Database.AppName + " is missing."); } if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName)) { System.Web.HttpContext.Current.Items.Add(Database.AppName, System.Web.HttpContext.Current.Request.Form[Database.AppName]); } if (!System.Web.HttpContext.Current.Items.Contains(Database.Username)) { System.Web.HttpContext.Current.Items.Add(Database.Username, System.Web.HttpContext.Current.Request.Form["username"]); } ValidateByRefreshToken(context, System.Web.HttpContext.Current.Request.Form["username"], System.Web.HttpContext.Current.Request.Form[Database.AppName], System.Web.HttpContext.Current.Request.Form["refreshToken"]); return; } string appname = null; appname = System.Web.HttpContext.Current.Request.Form[Database.AppName]; if (SharedMemorySingeltone.Instance.Contains(appname, Durados.Data.SharedMemoryKey.DebugMode)) { System.Web.HttpContext.Current.Items[Durados.Workflow.JavaScript.Debug] = true; } if (string.IsNullOrEmpty(appname)) { context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.AppNameNotSupplied); return; } if (!IsAppExists(appname)) { context.SetError(UserValidationErrorMessages.InvalidGrant, string.Format(UserValidationErrorMessages.AppNameNotExists, appname)); return; } System.Collections.Specialized.NameValueCollection form = GetFixedForm(); string username = context.UserName; try { username = form["username"]; } catch { } string password = context.Password; try { password = form["password"]; } catch { } if (!Durados.Web.Mvc.Maps.IsDevUser(username) && IsAppLocked(appname)) { context.SetError(UserValidationErrorMessages.InvalidGrant, string.Format(UserValidationErrorMessages.AppLocked, appname)); return; } if (!System.Web.HttpContext.Current.Items.Contains(Database.AppName)) { System.Web.HttpContext.Current.Items.Add(Database.AppName, appname); } if (!System.Web.HttpContext.Current.Items.Contains(Database.Username)) { System.Web.HttpContext.Current.Items.Add(Database.Username, username); } Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-start", appname, username, null, 3, string.Empty); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-start", appname, username, null, 3, string.Empty); } UserValidationError userValidationError = UserValidationError.Valid; string customError = null; bool hasCustomValidation = false; bool customValid = false; try { if (!IsValid(appname, username, password, out userValidationError, out customError, out hasCustomValidation, out customValid)) { Durados.Web.Mvc.Controllers.AccountMembershipService accountMembershipService = new Durados.Web.Mvc.Controllers.AccountMembershipService(); string message = UserValidationErrorMessages.Unknown; switch (userValidationError) { case UserValidationError.IncorrectUsernameOrPassword: message = UserValidationErrorMessages.IncorrectUsernameOrPassword; break; case UserValidationError.LockedOut: message = UserValidationErrorMessages.LockedOut; break; case UserValidationError.NotApproved: message = UserValidationErrorMessages.NotApproved; break; case UserValidationError.NotRegistered: message = UserValidationErrorMessages.NotRegistered; break; case UserValidationError.UserDoesNotBelongToApp: message = UserValidationErrorMessages.UserDoesNotBelongToApp; break; case UserValidationError.Custom: if (customError != null) { message = customError; } else { message = UserValidationErrorMessages.Unknown; } break; default: message = UserValidationErrorMessages.Unknown; break; } context.SetError(UserValidationErrorMessages.InvalidGrant, message); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, message); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-start", appname, username, null, 3, message); } return; } } catch (System.Exception exception) { context.SetError(UserValidationErrorMessages.InvalidGrant, exception.Message); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 1, exception.Message); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 1, exception.Message); } return; } Durados.Web.Mvc.Map map = Durados.Web.Mvc.Maps.Instance.GetMap(appname); Durados.Web.Mvc.Controllers.AccountMembershipService account = new Durados.Web.Mvc.Controllers.AccountMembershipService(); if (!hasCustomValidation || !customValid) { if (map.Database.SecureLevel == SecureLevel.AllUsers) { try { if (!(account.AuthenticateUser(map, username, password))) { context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.IncorrectUsernameOrPassword); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.IncorrectUsernameOrPassword); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.IncorrectUsernameOrPassword); } return; } else if (!(account.IsApproved(username))) { if (map.HasAuthApp && account.IsApproved(username, map.AuthAppName)) { userController uc = new userController(); var userRow = map.GetAuthAppMap().Database.GetUserRow(username); var signUpResults = uc.SignUp(appname, null, null, true, GetFirstName(userRow), username, GetLastName(userRow), password, password, new Dictionary <string, object>()); } else { context.SetError(UserValidationErrorMessages.InvalidGrant, UserValidationErrorMessages.NotApproved); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.NotApproved); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, UserValidationErrorMessages.NotApproved); } return; } } } catch (System.Exception exception) { context.SetError(UserValidationErrorMessages.Unknown, exception.Message); return; } } } if (!string.IsNullOrEmpty(map.Database.LogOnUrlAuth) && !new DuradosAuthorizationHelper().ValidateLogOnAuthUrl(map, System.Web.HttpContext.Current.Request.Form)) { string message = "External authentication failer"; context.SetError(UserValidationErrorMessages.InvalidGrant, message); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end-failure", appname, username, null, 3, message); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end-failure", appname, username, null, 3, message); } return; } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim(Database.Username, username)); identity.AddClaim(new Claim(Database.AppName, appname)); // create metadata to pass on to refresh token provider //var props = new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary<string, string> //{ // { "as:client_id", context.ClientId } //}); //var ticket = new Microsoft.Owin.Security.AuthenticationTicket(identity, props); //context.Validated(ticket); context.Validated(identity); Durados.Web.Mvc.Maps.Instance.DuradosMap.Logger.Log("auth-end", appname, username, null, 3, string.Empty); if (Durados.Web.Mvc.Maps.Instance.AppInCach(appname)) { Durados.Web.Mvc.Maps.Instance.GetMap(appname).Logger.Log("auth-end", appname, username, null, 3, string.Empty); } }