public ActionResult Token(ResourceOwnerCredentialRequest request)
        {
            Tracing.Verbose("OAuth2 endpoint called.");

            if (!ConfigurationRepository.Endpoints.OAuth2)
            {
                Tracing.Error("OAuth2 endpoint called, but disabled in configuration");
                return new HttpNotFoundResult();
            }

            if (!ModelState.IsValid)
            {
                Tracing.Error("OAuth2 called with malformed request");
                return new HttpStatusCodeResult(400);
            }

            var auth = new AuthenticationHelper();

            Uri uri;
            if (!Uri.TryCreate(request.Scope, UriKind.Absolute, out uri))
            {
                Tracing.Error("OAuth2 endpoint called with malformed realm: " + request.Scope);
                return new HttpStatusCodeResult(400);
            }

            ClaimsPrincipal principal = null;
            if (auth.TryGetPrincipalFromOAuth2Request(Request, request, out principal))
            {
                if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
                {
                    Tracing.Error("User not authorized");
                    return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401);
                }

                SecurityToken token;
                if (auth.TryIssueToken(new EndpointAddress(uri), principal, ConfigurationRepository.Configuration.HttpTokenType, out token))
                {
                    var handler = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers[ConfigurationRepository.Configuration.HttpTokenType];
                    var response = new AccessTokenResponse
                    {
                        AccessToken = handler.WriteToken(token),
                        TokenType = TokenTypes.JsonWebToken,
                        ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60,
                    };

                    Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401);
        }
        public ActionResult Issue()
        {
            Tracing.Verbose("OAuth WRAP endpoint called.");

            if (!ConfigurationRepository.Endpoints.OAuthWRAP)
            {
                Tracing.Error("OAuth WRAP endpoint is disabled in configuration");
                return new HttpNotFoundResult();
            }

            var scope = Request.Form["wrap_scope"];

            if (string.IsNullOrWhiteSpace(scope))
            {
                Tracing.Error("OAuth WRAP endpoint called with empty realm.");
                return new HttpStatusCodeResult(400);
            }

            Uri uri;
            if (!Uri.TryCreate(scope, UriKind.Absolute, out uri))
            {
                Tracing.Error("OAuth WRAP endpoint called with malformed realm: " + scope);
                return new HttpStatusCodeResult(400);
            }

            Tracing.Information("OAuth WRAP endpoint called with realm: " + scope);

            var endpoint = new EndpointAddress(uri);
            var auth = new AuthenticationHelper();

            ClaimsPrincipal principal;
            if (!auth.TryGetPrincipalFromWrapRequest(Request, out principal))
            {
                Tracing.Error("Authentication failed");
                return new UnauthorizedResult("WRAP", UnauthorizedResult.ResponseAction.Send401);
            }

            if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.WRAP))
            {
                Tracing.Error("User not authorized");
                return new UnauthorizedResult("WRAP", UnauthorizedResult.ResponseAction.Send401);
            }

            TokenResponse response;
            if (auth.TryIssueToken(endpoint, principal, TokenTypes.SimpleWebToken, out response))
            {
                return new WrapResult(response);
            }
            else
            {
                return new HttpStatusCodeResult(400);
            }
        }
        public ActionResult Issue(string realm, string tokenType)
        {
            Tracing.Verbose("Simple HTTP endpoint called.");

            if (!ConfigurationRepository.Endpoints.SimpleHttp)
            {
                Tracing.Warning("Simple HTTP endpoint is disabled in configuration");
                return new HttpNotFoundResult();
            }

            if (tokenType == null)
            {
                tokenType = ConfigurationRepository.Configuration.DefaultTokenType;
            }

            Tracing.Information("Token type: " + tokenType);

            Uri uri;
            if (!Uri.TryCreate(realm, UriKind.Absolute, out uri))
            {
                Tracing.Error("Realm parameter is malformed.");
                return new HttpStatusCodeResult(400);
            }

            Tracing.Information("Simple HTTP endpoint called for realm: " + uri.AbsoluteUri);

            var endpoint = new EndpointAddress(uri);
            var auth = new AuthenticationHelper();
            
            IClaimsPrincipal principal;
            if (!auth.TryGetPrincipalFromHttpRequest(Request, out principal))
            {
                Tracing.Error("no or invalid credentials found.");
                return new UnauthorizedResult("Basic",  UnauthorizedResult.ResponseAction.Send401);
            }

            if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.SimpleHttp))
            {
                Tracing.Error("User not authorized");
                return new UnauthorizedResult("Basic", UnauthorizedResult.ResponseAction.Send401);
            }

            TokenResponse tokenResponse;
            if (auth.TryIssueToken(endpoint, principal, tokenType, out tokenResponse))
            {
                return new SimpleHttpResult(tokenResponse.TokenString, tokenType);
            }
            else
            {
                return new HttpStatusCodeResult(400);
            }
        }        
        public ActionResult Issue(string realm, string tokenType)
        {
            Tracing.Verbose("JSNotify endpoint called.");

            if (!ConfigurationRepository.Endpoints.JSNotify)
            {
                Tracing.Warning("JSNotify endpoint called, but disabled in configuration");
                return new HttpNotFoundResult();
            }

            Tracing.Information("JSNotify endpoint called for realm: " + realm);

            if (tokenType == null)
            {
                tokenType = ConfigurationRepository.Configuration.HttpTokenType;
            }

            Tracing.Information("Token type: " + tokenType);

            Uri uri;
            if (!Uri.TryCreate(realm, UriKind.Absolute, out uri))
            {
                Tracing.Error("Realm parameter is malformed.");
                return new HttpStatusCodeResult(400);
            }

            var endpoint = new EndpointAddress(uri);
            var auth = new AuthenticationHelper();

            TokenResponse response;
            if (auth.TryIssueToken(endpoint, Thread.CurrentPrincipal as ClaimsPrincipal, tokenType, out response))
            {
                var jsresponse = new AccessTokenResponse
                {
                    AccessToken = response.TokenString,
                    TokenType = response.TokenType,
                    ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60
                };

                Tracing.Information("JSNotify issue successful for user: " + User.Identity.Name);
                return new JSNotifyResult(jsresponse);
            }
            else
            {
                return new HttpStatusCodeResult(400);
            }
        }
        public ActionResult Token(ResourceOwnerCredentialRequest request)
        {
            Tracing.Verbose("OAuth2 endpoint called.");

            if (!ConfigurationRepository.Endpoints.OAuth2)
            {
                Tracing.Error("OAuth2 endpoint called, but disabled in configuration");
                return new HttpNotFoundResult();
            }

            if (!ModelState.IsValid)
            {
                Tracing.Error("OAuth2 called with malformed request");
                return new HttpStatusCodeResult(400);
            }

            var auth = new AuthenticationHelper();

            Uri uri;
            if (!Uri.TryCreate(request.Scope, UriKind.Absolute, out uri))
            {
                Tracing.Error("OAuth2 endpoint called with malformed realm: " + request.Scope);
                return new HttpStatusCodeResult(400);
            }

            IClaimsPrincipal principal = null;
            if (auth.TryGetPrincipalFromOAuth2Request(Request, request, out principal))
            {
                if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
                {
                    Tracing.Error("User not authorized");
                    return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401);
                }

                SecurityToken token;
                if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token))
                {
                    var swt = token as SimpleWebToken;
                    var response = new AccessTokenResponse
                    {
                        AccessToken = swt.RawToken,
                        TokenType = SimpleWebToken.OasisTokenProfile,
                        ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60,
                    };

                    Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401);

            //if (UserRepository.ValidateUser(request.UserName ?? "", request.Password ?? ""))
            //{
            //    var principal = auth.CreatePrincipal(request.UserName, AuthenticationMethods.Password);

            //    if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
            //    {
            //        Tracing.Error("User not authorized");
            //        return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401);
            //    }

            //    SecurityToken token;
            //    if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token))
            //    {
            //        var swt = token as SimpleWebToken;
            //        var response = new AccessTokenResponse
            //        {
            //            AccessToken = swt.RawToken,
            //            TokenType = SimpleWebToken.OasisTokenProfile,
            //            ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60,
            //        };

            //        Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401);
        }