public HttpResponseMessage Post(int id, ScopeModel model) { if (!ModelState.IsValid) { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } var app = config.Applications.All.SingleOrDefault(x => x.ID == id); if (app == null) { return Request.CreateResponse(HttpStatusCode.NotFound); } var scope = new Scope(); scope.Name = model.Name; scope.Description = model.Description; scope.Emphasize = model.Emphasize; app.Scopes.Add(scope); config.SaveChanges(); return Request.CreateResponse(HttpStatusCode.OK, new { scope.ID, scope.Name, scope.Description, scope.Emphasize }); }
public HttpResponseMessage Post(int id, ScopeModel model) { if (!ModelState.IsValid) { return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.GetErrors()); } var app = _config.Applications.All.SingleOrDefault(x => x.ID == id); if (app == null) { return Request.CreateResponse(HttpStatusCode.NotFound); } if (app.Scopes.Any(x => x.Name == model.Name)) { ModelState.AddModelError("", "That Scope name is already in use."); return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.GetErrors()); } var scope = new Scope { Name = model.Name, DisplayName = model.DisplayName, Description = model.Description, Emphasize = model.Emphasize }; app.Scopes.Add(scope); _config.SaveChanges(); return Request.CreateResponse(HttpStatusCode.OK, new { scope.ID, scope.Name, scope.DisplayName, scope.Description, scope.Emphasize }); }
private void PopulateData() { var resourceOwnerClient = new Client { Name = "Resource Owner Flow Client", ClientId = "roclient", ClientSecret = "secret", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, Flow = OAuthFlow.ResourceOwner, AllowRefreshToken = true }; var codeClient = new Client { Name = "Code Flow Client", ClientId = "codeclient", ClientSecret = "secret", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, AllowRefreshToken = true, Flow = OAuthFlow.Code, RedirectUris = new List<ClientRedirectUri> { new ClientRedirectUri { Uri = "https://prod.local", Description = "Production" }, new ClientRedirectUri { Uri = "https://test.local", Description = "Test" } } }; var implicitClient = new Client { Name = "Implicit Flow Client", ClientId = "implicitclient", ClientSecret = "secret", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, AllowRefreshToken = false, Flow = OAuthFlow.Implicit, RedirectUris = new List<ClientRedirectUri> { new ClientRedirectUri { Uri = "https://test2.local", Description = "Test" } } }; var trustedClient = new Client { Name = "Trusted Client", ClientId = "trustedclient", ClientSecret = "secret", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, AllowRefreshToken = false, Flow = OAuthFlow.ResourceOwner, }; var readScope = new Scope { AllowedClients = new List<Client> { codeClient, implicitClient, resourceOwnerClient }, Name = "read", Description = "Read data", Emphasize = false }; var browseScope = new Scope { AllowedClients = new List<Client> { codeClient, implicitClient, resourceOwnerClient }, Name = "browse", Description = "Browse data", Emphasize = false }; var searchScope = new Scope { AllowedClients = new List<Client> { codeClient, resourceOwnerClient }, Name = "search", Description = "Search data", Emphasize = false }; var writeScope = new Scope { AllowedClients = new List<Client> { resourceOwnerClient }, Name = "write", Description = "write data", Emphasize = true }; var deleteScope = new Scope { AllowedClients = new List<Client> { trustedClient }, Name = "delete", Description = "delete data", Emphasize = true }; var application = new Application { Name = "Test Application", Namespace = "test", Scopes = new List<Scope> { readScope, browseScope, searchScope, writeScope, deleteScope }, RequireConsent = true, TokenLifetime = 60 }; _applications.Add(application); }
public static void Populate() { Database.SetInitializer(new DropCreateDatabaseIfModelChanges<AuthorizationServerContext>()); try { var db = DependencyResolver.Current.GetService<AuthorizationServerContext>(); var resourceOwnerClient = db.Clients.Find("roclient"); var CodeClient = db.Clients.Find("codeclient"); var ImplicitClient = db.Clients.Find("implicitclient"); var client = db.Clients.Find("client"); var assertionClient = db.Clients.Find("assertionclient"); if (client == null) { client = new Client { Enabled = true, Name = "Client", ClientId = "client", Flow = OAuthFlow.Client }; client.SetSharedSecret("secret"); db.Clients.Add(client); db.SaveChanges(); } if (assertionClient == null) { assertionClient = new Client { Enabled = true, Name = "Assertion Client", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, ClientId = "assertionclient", Flow = OAuthFlow.Assertion }; assertionClient.SetSharedSecret("secret"); db.Clients.Add(assertionClient); db.SaveChanges(); } if (resourceOwnerClient == null) { resourceOwnerClient = new Client { Enabled = true, Name = "Resource Owner Flow Client", ClientId = "roclient", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, Flow = OAuthFlow.ResourceOwner, AllowRefreshToken = true }; resourceOwnerClient.SetSharedSecret("secret"); db.Clients.Add(resourceOwnerClient); db.SaveChanges(); } if (CodeClient == null) { CodeClient = new Client { Enabled = true, Name = "Code Flow Client", ClientId = "codeclient", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, AllowRefreshToken = true, Flow = OAuthFlow.Code, RedirectUris = new List<ClientRedirectUri> { new ClientRedirectUri { Uri = "https://prod.local", Description = "Production" }, new ClientRedirectUri { Uri = "https://test.local", Description = "Test" }, new ClientRedirectUri { Uri = "https://localhost:44303/callback", Description = "Local Test" } } }; CodeClient.SetSharedSecret("secret"); db.Clients.Add(CodeClient); db.SaveChanges(); } if (ImplicitClient == null) { ImplicitClient = new Client { Enabled = true, Name = "Implicit Flow Client", ClientId = "implicitclient", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, AllowRefreshToken = false, Flow = OAuthFlow.Implicit, RedirectUris = new List<ClientRedirectUri> { new ClientRedirectUri { Uri = "https://test2.local", Description = "Test" }, new ClientRedirectUri { Uri = "https://localhost:44300/callback.cshtml", Description = "JavaScript Callback Page" }, new ClientRedirectUri { Uri = "ms-app://s-1-15-2-4224567138-2162094511-1976135278-3909242924-69295690-1380993013-1329561029/", Description = "Win Store App" } } }; ImplicitClient.SetSharedSecret("secret"); db.Clients.Add(ImplicitClient); db.SaveChanges(); } //if (!db.SigningKeys.Any()) //{ // db.SigningKeys.Add(new X509CertificateReference // { // Name = "Default X509 Cert", // Location = System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, // FindValue = "CN=idsrv.local", // FindType = System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectDistinguishedName, // StoreName = System.Security.Cryptography.X509Certificates.StoreName.My // }); // db.SaveChanges(); //} if (!db.Applications.Any()) { var readScope = new Scope { AllowedClients = new List<Client> { CodeClient, ImplicitClient, resourceOwnerClient, client, assertionClient }, Name = "read", DisplayName = "Read data", Description = "Allows to read data", Emphasize = false }; var searchScope = new Scope { AllowedClients = new List<Client> { CodeClient, resourceOwnerClient }, Name = "search", DisplayName = "Search data", Description = "Allows to search for data", Emphasize = false }; var writeScope = new Scope { AllowedClients = new List<Client> { resourceOwnerClient }, Name = "write", DisplayName = "Write data", Description = "Allows to write data", Emphasize = true }; var key = new SymmetricKey { Name = "Demo signing key" }; key.SetValue(Convert.FromBase64String("1fTiS2clmPTUlNcpwYzd5i4AEFJ2DEsd8TcUsllmaKQ=")); var application = new Application { Enabled = true, Name = "User management", Namespace = "users", Audience = "users", Description = "This app manages your users", LogoUrl = "http://en.opensuse.org/images/0/0b/Icon-user.png", Scopes = new List<Scope> { readScope, searchScope, writeScope }, RequireConsent = true, TokenLifetime = 60, AllowRefreshToken = true, AllowRememberConsentDecision = true, SigningKey = key }; db.Applications.Add(application); db.SaveChanges(); } } catch (Exception) { throw; } }
private void PopulateData() { var resourceOwnerClient = new Client { Name = "Resource Owner Flow Client", ClientId = "roclient", ClientSecret = "secret", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, Flow = OAuthFlow.ResourceOwner, AllowRefreshToken = true }; var CodeClient = new Client { Name = "Code Flow Client", ClientId = "codeclient", ClientSecret = "secret", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, AllowRefreshToken = true, Flow = OAuthFlow.Code, RedirectUris = new RedirectUris { new RedirectUri { Uri = "https://prod.local", Description = "Production" }, new RedirectUri { Uri = "https://test.local", Description = "Test" } } }; var ImplicitClient = new Client { Name = "Implicit Flow Client", ClientId = "implicitclient", ClientSecret = "secret", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, AllowRefreshToken = false, Flow = OAuthFlow.Implicit, RedirectUris = new RedirectUris { new RedirectUri { Uri = "https://test2.local", Description = "Test" } } }; var readScope = new Scope { AllowedClients = new Clients { CodeClient, ImplicitClient, resourceOwnerClient }, Name = "read", Description = "Read data", Emphasize = false }; var searchScope = new Scope { AllowedClients = new Clients { CodeClient, resourceOwnerClient }, Name = "search", Description = "Search data", Emphasize = false }; var writeScope = new Scope { AllowedClients = new Clients { resourceOwnerClient }, Name = "write", Description = "write data", Emphasize = true }; var application = new Application { Name = "User management", Namespace = "users", Scopes = new Scopes { readScope, searchScope, writeScope }, Clients = new Clients { CodeClient, ImplicitClient, resourceOwnerClient }, ShowConsent = true, TokenLifetime = 60 }; _applications.Add(application); }
public void Init() { DataProtectection.Instance = new NoProtection(); globalConfiguration = new GlobalConfiguration() { Issuer = "Test Issuer" }; rocv = new Mock<IResourceOwnerCredentialValidation>(); config = new Mock<IAuthorizationServerConfiguration>(); handleManager = new Mock<IStoredGrantManager>(); assertionGrantValidator = new Mock<IAssertionGrantValidation>(); clientManager = new Mock<IClientManager>(); tokenService = new TokenService(globalConfiguration); #region Setup Test Client string secret = "12345678"; byte[] encodedByte = System.Text.ASCIIEncoding.ASCII.GetBytes(secret); string base64EncodedSecret = Convert.ToBase64String(encodedByte); _Client = new Client() { ClientId = "MobileAppShop", ClientSecret = base64EncodedSecret, Flow = OAuthFlow.ResourceOwner, AllowRefreshToken = true }; #endregion #region Setup Test Application var scope = new Scope(); scope.Name = "read"; scope.AllowedClients = new List<Client>(); scope.AllowedClients.Add(_Client); _Scopes = new List<Scope>(); _Scopes.Add(scope); string symmetricKey = "C33333333333333333333333335="; byte[] keybytes = Convert.FromBase64String(symmetricKey); SecurityKey securityKey = new InMemorySymmetricSecurityKey(keybytes); _Application = new Application() { Name = "Test Application 1", Scopes = _Scopes, Audience = "Test Audience", TokenLifetime = 1, AllowRefreshToken = true, }; #endregion #region Setup Example StoredGrant Claim[] resourceOwnerClaims = { new Claim("Username", "JohnSmith"), new Claim("sub", "JohnSmith") }; _StoredGrant = new StoredGrant() { GrantId = "MyFavouriteRefrehToken1234", CreateRefreshToken = true, Client = _Client, ResourceOwner = resourceOwnerClaims.ToStoredGrantClaims().ToList(), Expiration = DateTime.Now.AddDays(1), RefreshTokenExpiration = DateTime.Now.AddMonths(1), Type = StoredGrantType.RefreshTokenIdentifier, Scopes = _Scopes, Application = _Application }; #endregion #region Setup Mocking Objects // IAuthorizationServerConfiguration config.Setup(x => x.FindApplication(It.IsNotNull<string>())) .Returns((string name) => { return _Application; }); config.Setup(x => x.GlobalConfiguration).Returns(() => globalConfiguration); // IClientManager clientManager.Setup(x => x.Get(It.IsNotNull<string>())) .Returns((string clientId) => { return _Client; }); // IResourceOwnerCredentialValidation rocv.Setup(x => x.Validate(It.IsNotNull<string>(), It.IsNotNull<string>())) .Returns((string username, string password) => { return Principal.Create("Test", resourceOwnerClaims); }); // IStoredGrantManager handleManager.Setup(x => x.Get(It.IsNotNull<string>())) .Returns((string grantIdentifier) => { return _StoredGrant; }); #endregion _TokenController = new TokenController( rocv.Object, config.Object, handleManager.Object, assertionGrantValidator.Object, tokenService, clientManager.Object); _TokenController.Request = new HttpRequestMessage(); _TokenController.Request.SetConfiguration(new HttpConfiguration()); }
public static void Populate() { Database.SetInitializer(new DropCreateDatabaseIfModelChanges<AuthorizationServerContext>()); try { var db = DependencyResolver.Current.GetService<Thinktecture.AuthorizationServer.EF.AuthorizationServerContext>(); if (!db.GlobalConfiguration.Any()) { var config = new GlobalConfiguration { AuthorizationServerName = "Thinktecture AuthorizationServer", Issuer = "ThinktectureAuthorizationServer", Administrators = new List<AuthorizationServerAdministrator> { new AuthorizationServerAdministrator{NameID="dominick"}, new AuthorizationServerAdministrator{NameID="brock"}, } }; db.GlobalConfiguration.Add(config); db.SaveChanges(); } var resourceOwnerClient = db.Clients.Find("roclient"); var CodeClient = db.Clients.Find("codeclient"); var ImplicitClient = db.Clients.Find("implicitclient"); var client = db.Clients.Find("client"); if (client == null) { client = new Client { Enabled = true, Name = "Client", ClientId = "client", ClientSecret = "secret", Flow = OAuthFlow.Client }; db.Clients.Add(client); db.SaveChanges(); } if (resourceOwnerClient == null) { resourceOwnerClient = new Client { Enabled = true, Name = "Resource Owner Flow Client", ClientId = "roclient", ClientSecret = "secret", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, Flow = OAuthFlow.ResourceOwner, AllowRefreshToken = true }; db.Clients.Add(resourceOwnerClient); db.SaveChanges(); } if (CodeClient == null) { CodeClient = new Client { Enabled = true, Name = "Code Flow Client", ClientId = "codeclient", ClientSecret = "secret", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, AllowRefreshToken = true, Flow = OAuthFlow.Code, RedirectUris = new List<ClientRedirectUri> { new ClientRedirectUri { Uri = "https://prod.local", Description = "Production" }, new ClientRedirectUri { Uri = "https://test.local", Description = "Test" }, new ClientRedirectUri { Uri = "https://localhost:44303/callback", Description = "Local Test" } } }; db.Clients.Add(CodeClient); db.SaveChanges(); } if (ImplicitClient == null) { ImplicitClient = new Client { Enabled = true, Name = "Implicit Flow Client", ClientId = "implicitclient", ClientSecret = "secret", AuthenticationMethod = ClientAuthenticationMethod.SharedSecret, AllowRefreshToken = false, Flow = OAuthFlow.Implicit, RedirectUris = new List<ClientRedirectUri> { new ClientRedirectUri { Uri = "https://test2.local", Description = "Test" }, new ClientRedirectUri { Uri = "ms-app://s-1-15-2-4224567138-2162094511-1976135278-3909242924-69295690-1380993013-1329561029/", Description = "Win Store App" } } }; db.Clients.Add(ImplicitClient); db.SaveChanges(); } if (!db.SigningKeys.Any()) { db.SigningKeys.Add(new X509CertificateReference { Name = "Default X509 Cert", Location = System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, FindValue = "CN=idsrv.local", FindType = System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectDistinguishedName, StoreName = System.Security.Cryptography.X509Certificates.StoreName.My }); db.SaveChanges(); } if (!db.Applications.Any()) { var readScope = new Scope { AllowedClients = new List<Client> { CodeClient, ImplicitClient, resourceOwnerClient, client }, Name = "read", Description = "Read data", Emphasize = false }; var searchScope = new Scope { AllowedClients = new List<Client> { CodeClient, resourceOwnerClient }, Name = "search", Description = "Search data", Emphasize = false }; var writeScope = new Scope { AllowedClients = new List<Client> { resourceOwnerClient }, Name = "write", Description = "write data", Emphasize = true }; var application = new Application { Enabled = true, Name = "User management", Namespace = "users", Audience = "users", Description = "This app manages your users", LogoUrl = "http://en.opensuse.org/images/0/0b/Icon-user.png", Scopes = new List<Scope> { readScope, searchScope, writeScope }, RequireConsent = true, TokenLifetime = 60, AllowRefreshToken = true, SigningKey = new SymmetricKey { Name="main signing key", Value = Convert.FromBase64String("1fTiS2clmPTUlNcpwYzd5i4AEFJ2DEsd8TcUsllmaKQ=") } }; db.Applications.Add(application); db.SaveChanges(); } } catch (Exception ex) { throw; } }