public override Task ValidateIdentity(OAuthValidateIdentityContext context) { var claims = context.Ticket.Identity.Claims; if (claims.Count() == 0 || claims.Any(claim => claim.Issuer != "Facebook" && claim.Issuer != "LOCAL_AUTHORITY")) context.Rejected(); return Task.FromResult<object>(null); }
protected override async Task <AuthenticationTicket> AuthenticateCore() { _logger.WriteVerbose("AuthenticateCore"); try { string authorization = Request.GetHeader("Authorization"); if (authorization == null || !authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) { _logger.WriteWarning("null or non-bearer token in authorization header"); return(null); } string protectedText = authorization.Substring("Bearer ".Length).Trim(); AuthenticationTicket ticket = Options.AccessTokenHandler.Unprotect(protectedText); var context = new OAuthValidateIdentityContext(ticket.Identity, ticket.Extra.Properties); if (Options.Provider != null) { await Options.Provider.ValidateIdentity(context); } return(new AuthenticationTicket(context.Identity, context.Extra)); } catch (Exception ex) { _logger.WriteError(ex.Message); // TODO: trace return(null); } }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { var requestSite = context.Request.Uri.Host.Split('.')[0]; var tokenSite = context.Ticket.Identity.Claims.FirstOrDefault(x => x.Type == OAuthDefaults.ClaimKeySite); if (tokenSite == null || requestSite != tokenSite.Value) return null; return base.ValidateIdentity(context); }
/// <summary> /// Called each time a request identity has been validated by the middleware. By implementing this method the /// application may alter or reject the identity which has arrived with the request. /// </summary> /// <param name="context">Contains information about the login session as well as the user <see cref="T:System.Security.Claims.ClaimsIdentity" />.</param> /// <returns> /// A <see cref="T:System.Threading.Tasks.Task" /> representing the completed operation. /// </returns> public Task ValidateIdentity(OAuthValidateIdentityContext context) { if (_inner != null) { return _inner.ValidateIdentity(context); } return Task.FromResult(0); }
public override System.Threading.Tasks.Task ValidateIdentity(OAuthValidateIdentityContext context) { if (context == null) { throw new ArgumentNullException("context"); } if (context.Ticket.Identity.Claims.Any(c => c.Issuer != "LOCAL AUTHORITY")) { context.Rejected(); } return Task.FromResult<object>((object)null); }
// method copied from Owin.AppBuilderExtensions.ApplicationOAuthBearerProvider (private class) private Task ValidateIdentity(OAuthValidateIdentityContext context) { /** if (context == null) { throw new ArgumentNullException("context"); } if (context.Ticket.Identity.Claims .Any(c => c.Issuer != ClaimsIdentity.DefaultIssuer)) { context.Rejected(); }**/ return Task.FromResult<object>(null); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { bool validated = false; base.ValidateIdentity(context); ApplicationDbContext dbContext = context.OwinContext.Get<ApplicationDbContext>(); ApplicationUserManager userManager = context.OwinContext.GetUserManager<ApplicationUserManager>(); if(context.Ticket!= null && context.Ticket.Identity != null) { if(context.Ticket.Identity.Claims.SingleOrDefault(c => c.Type == OAuthClientCredentialsGrantKey) != null) { Guid clientId = new Guid(context.Ticket.Identity.Name); if (dbContext.OAuthClients.SingleOrDefault(oac => oac.ClientId == clientId && oac.Enabled==true) != null) { validated = true; context.Validated(); } } else { Claim oauthSessionId = context.Ticket.Identity.Claims.SingleOrDefault(c => c.Type == OAuthSessionClaimKey); if (oauthSessionId != null) { OAuthSession oauthSession = dbContext.OAuthSessions.SingleOrDefault(oas => oas.Id.ToString() == oauthSessionId.Value); if (oauthSession != null) { validated = true; context.Validated(); } } } } if (!validated) { context.SetError("Invalid Token", "The Access Token is invalid."); context.Rejected(); } return Task.FromResult<object>(null); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { if (context.Ticket.Properties.ExpiresUtc < DateTime.UtcNow) { context.SetError("invalid_grant", "Access Token has expired."); context.Rejected(); return ThreadingExtensions.NoResult; } var userId = context.Ticket.Identity.GetUserGuid(); var issuedGuid = context.Ticket.Properties .GetIssuedGuid(); if (!_authKeyRepository.ValidateAuthKey(userId, issuedGuid)) { context.SetError("invalid_token", "Access Token has not been properly set or has been invalidated."); context.Rejected(); return ThreadingExtensions.NoResult; } context.Validated(); return ThreadingExtensions.NoResult; }
/// <summary> /// Handles validating the identity produced from an OAuth bearer token. /// </summary> /// <param name="context"></param> /// <returns></returns> public virtual Task ValidateIdentity(OAuthValidateIdentityContext context) { return OnValidateIdentity.Invoke(context); }
protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { try { // Find token in default location string requestToken = null; string authorization = Request.Headers.Get("Authorization"); if (!string.IsNullOrEmpty(authorization)) { if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) { requestToken = authorization.Substring("Bearer ".Length).Trim(); } } // Give application opportunity to find from a different location, adjust, or reject token var requestTokenContext = new OAuthRequestTokenContext(Context, requestToken); await Options.Provider.RequestToken(requestTokenContext); // If no token found, no further work possible if (string.IsNullOrEmpty(requestTokenContext.Token)) { return(null); } // Call provider to process the token into data var tokenReceiveContext = new AuthenticationTokenReceiveContext( Context, Options.AccessTokenFormat, requestTokenContext.Token); await Options.AccessTokenProvider.ReceiveAsync(tokenReceiveContext); if (tokenReceiveContext.Ticket == null) { tokenReceiveContext.DeserializeTicket(tokenReceiveContext.Token); } AuthenticationTicket ticket = tokenReceiveContext.Ticket; if (ticket == null) { _logger.WriteWarning("invalid bearer token received"); return(null); } // Validate expiration time if present DateTimeOffset currentUtc = Options.SystemClock.UtcNow; if (ticket.Properties.ExpiresUtc.HasValue && ticket.Properties.ExpiresUtc.Value < currentUtc) { _logger.WriteWarning("expired bearer token received"); return(null); } // Give application final opportunity to override results var context = new OAuthValidateIdentityContext(Context, Options, ticket); if (ticket != null && ticket.Identity != null && ticket.Identity.IsAuthenticated) { // bearer token with identity starts validated context.Validated(); } if (Options.Provider != null) { await Options.Provider.ValidateIdentity(context); } if (!context.IsValidated) { return(null); } // resulting identity values go back to caller return(context.Ticket); } catch (Exception ex) { _logger.WriteError("Authentication failed", ex); return(null); } }
public virtual Task ValidateIdentity(OAuthValidateIdentityContext context) { return(OnValidateIdentity.Invoke(context)); }
/// <summary> /// Called each time a request identity has been validated by the middleware. By implementing this method the /// application may alter or reject the identity which has arrived with the request. /// </summary> /// <param name="context">Contains information about the login session as well as the user <see cref="T:System.Security.Claims.ClaimsIdentity" />.</param> /// <returns> /// A <see cref="T:System.Threading.Tasks.Task" /> representing the completed operation. /// </returns> public virtual Task ValidateIdentity(OAuthValidateIdentityContext context) { return Task.FromResult(0); }
public Task ValidateIdentity(OAuthValidateIdentityContext context) { return Task.FromResult<object>(null); }
public override async Task ValidateIdentity(OAuthValidateIdentityContext context) { // TODO: validate claims identity context.Validated(context.Ticket.Identity); }