public async Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request)
{
var param = request.Raw.Get("win_token");
if (string.IsNullOrWhiteSpace(param))
{
return(await Task.FromResult(new CustomGrantValidationResult("Missing parameter win_token.")));
}
var principal = TryValidateToken(param, request.Options.SigningCertificate);
var nameIdentifierClaim = principal.Claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier);
if (nameIdentifierClaim == null)
{
return(await Task.FromResult(new CustomGrantValidationResult("Missing NameIdentifier claim in win_token.")));
}
var authenticationResult = await AuthenticateUserAsync(nameIdentifierClaim.Value, principal.Claims);
var customGrantResult = new CustomGrantValidationResult()
{
IsError = authenticationResult.IsError,
Error = authenticationResult.ErrorMessage,
ErrorDescription = authenticationResult.ErrorMessage,
Principal = authenticationResult.User
};
return(await Task.FromResult(customGrantResult));
}
Task <CustomGrantValidationResult> ICustomGrantValidator.ValidateAsync(ValidatedTokenRequest request)
{
CustomGrantValidationResult grantResult = null;
var param = request.Raw.Get("token");
if (string.IsNullOrWhiteSpace(param))
{
grantResult = new CustomGrantValidationResult(Constants.TokenErrors.InvalidRequest);
}
var result = _validator.ValidateAccessTokenAsync(param).Result;
if (result.IsError)
{
grantResult = new CustomGrantValidationResult(result.Error);
}
var subjectClaim = result.Claims.FirstOrDefault(x => x.Type == "sub");
if (subjectClaim == null)
{
grantResult = new CustomGrantValidationResult(Constants.TokenErrors.InvalidRequest);
}
if (grantResult == null)
{
grantResult = new CustomGrantValidationResult(subjectClaim.Value, "access_token");
}
return(Task.FromResult(grantResult));
}
/// <inheritdoc/>
public async Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request)
{
CustomGrantValidationResult result = await this.Validator.ValidateAsync(request);
var userId = result.Principal.Claims.FirstOrDefault(v => v.Type == Constants.ClaimTypes.Subject)?.Value;
var userName = result.Principal.Claims.FirstOrDefault(v => v.Type == Constants.ClaimTypes.Name)?.Value;
if (!result.IsError)
{
await this.Logger?.UserSignedInAsync(
userId : userId,
userName : userName,
clientId : request.Client?.ClientId,
clientName : request.Client?.ClientName);
}
else
{
await this.Logger?.UnsuccessfulSigningInAsync(
userName : userName,
clientId : request.Client?.ClientId,
clientName : request.Client?.ClientName,
reason : result?.ErrorDescription);
}
return(result);
}
/// <inheritdoc/>
public async Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request)
{
string userName = request.Raw.Get("name");
IdSrvUserDto user = await this.UserRepository.GetUserByUserNameAsync(userName);
IdSrvClientDto client = await this.ClientRepository.GetClientByIdAsync(request.Client.ClientId);
string password = request.Raw.Get("password");
// Выполняем проверку учетки пользователя
// Значение ContextType.Machine для домена вероятно надо будет поменять на ContextType.Domain (не тестировал)
var pc = new PrincipalContext(ContextType.Machine);
bool isCredentialValid = false;
if (user != null && !user.IsBlocked && client != null && !client.IsBlocked)
{
isCredentialValid = pc.ValidateCredentials(userName, password);
}
var authResult = new AuthenticateResult(
subject: user != null ? user.Id.ToString() : "-",
name: userName);
var grantResult = new CustomGrantValidationResult
{
IsError = !isCredentialValid,
Error = authResult.ErrorMessage,
ErrorDescription = (user != null && user.IsBlocked) ? $"User \"{userName}\" is blocked" : authResult.ErrorMessage,
Principal = authResult.User,
};
return(grantResult);
}
public Task <CustomGrantValidationResult> ValidateAsync(string userName, string password, ValidatedTokenRequest request)
{
if (userName == password)
{
var result = new CustomGrantValidationResult(request.UserName, "password");
return(Task.FromResult(result));
}
else
{
var result = new CustomGrantValidationResult("Username and/or password incorrect");
return(Task.FromResult(result));
}
}
Task <CustomGrantValidationResult> ICustomGrantValidator.ValidateAsync(ValidatedTokenRequest request)
{
var param = request.Raw.Get("some_custom_parameter");
if (string.IsNullOrWhiteSpace(param))
{
return(Task.FromResult <CustomGrantValidationResult>(
new CustomGrantValidationResult("Missing parameters.")));
}
// bob has to exist in the user db.
var result = new CustomGrantValidationResult("bob", "customGrant");
return(Task.FromResult(result));
}
public Task <customgrantvalidationresult> ValidateAsync(string userName, string password, ValidatedTokenRequest request)
{
// Check The UserName And Password In Database, Return The Subject If Correct, Return Null Otherwise
// subject = ......
if (subject == null)
{
var result = new CustomGrantValidationResult("Username Or Password Incorrect");
return(Task.FromResult(result));
}
else
{
var result = new CustomGrantValidationResult(subject, "password");
return(Task.FromResult(result));
}
}
public Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request)
{
var accessToken = request.Raw.Get("access_token");
var identity = JwtUtils.ValidateToken(new Uri("https://login.microsoftonline.com/opcfoundationprototyping.onmicrosoft.com"), "https://localhost:62540/prototypeserver", accessToken);
IssuedIdentityToken token = identity.GetIdentityToken() as IssuedIdentityToken;
JwtSecurityToken azureToken = new JwtSecurityToken(new UTF8Encoding(false).GetChars(token.DecryptedTokenData).ToString());
var scope = request.Raw.Get("scope");
var nonce = request.Raw.Get("nonce");
DateTime now = DateTime.UtcNow;
double maxClockSkewInMinutes = 10;
if (azureToken.ValidFrom.AddMinutes(-maxClockSkewInMinutes) > now || azureToken.ValidTo.AddMinutes(maxClockSkewInMinutes) < now)
{
return(Task.FromResult(new CustomGrantValidationResult(
"Access token provided with the request has expired (" +
azureToken.ValidTo.ToLocalTime().ToString("yyy-MM-dd HH:mm:ss") +
") or is not yet valid (" +
azureToken.ValidFrom.ToLocalTime().ToString("yyy-MM-dd HH:mm:ss") + ").")));
}
List <Claim> claims = new List <Claim>();
string subject = request.Client.ClientId;
foreach (var claim in azureToken.Claims)
{
switch (claim.Type)
{
case "unique_name": { subject = claim.Value; claims.Add(claim); break; }
case "name": { claims.Add(claim); break; }
}
}
claims.Add(new Claim("nonce", nonce));
request.Client.AccessTokenLifetime = (int)(azureToken.ValidTo - now).TotalSeconds;
var result = new CustomGrantValidationResult(
subject,
"site_token",
claims,
"gds");
return(Task.FromResult(result));
}
public Task <CustomGrantValidationResult> ValidateAsync(string userName, string password, ValidatedTokenRequest request)
{
bool validCredential = _userRepository.ValidateCredentials(userName, password);
if (validCredential)
{
var user = _userRepository.FindByName(userName);
//CustomGrantValidationResult 传入的subject,和Claims参数,将会在GetProfileDataAsync中被获取到,
//并用于生成access_token
var result = new CustomGrantValidationResult(user.Id, "password");
return(Task.FromResult(result));
}
else
{
var result = new CustomGrantValidationResult("Username Or Password Incorrect");
return(Task.FromResult(result));
}
}
public Task <CustomGrantValidationResult> ValidateAsync(string userName, string password,
ValidatedTokenRequest request)
{
var user = GetUserByLogin(userName);
if (user != null && user.Password == password)
{
var result = new CustomGrantValidationResult(user.Login, "password", new[]
{
new Claim(JwtClaimTypes.Name, user.Name),
new Claim(JwtClaimTypes.FamilyName, user.Surname)
});
return(Task.FromResult(result));
}
else
{
var result = new CustomGrantValidationResult("Username Or Password Incorrect");
return(Task.FromResult(result));
}
}
Task <CustomGrantValidationResult> IResourceOwnerPasswordValidator.ValidateAsync(string userName, string password, ValidatedTokenRequest request)
{
// Check The UserName And Password In Database, Return The Subject If Correct, Return Null Otherwise
string subject = null;
if (userName == "*****@*****.**" && password == "Oryx@101")
{
subject = "*****@*****.**";
}
if (subject == null)
{
var result = new CustomGrantValidationResult("Username Or Password Incorrect");
return(Task.FromResult(result));
}
else
{
var result = new CustomGrantValidationResult(subject, "password");
return(Task.FromResult(result));
}
}
Task <CustomGrantValidationResult> ICustomGrantValidator.ValidateAsync(ValidatedTokenRequest request)
{
CustomGrantValidationResult grantResult = null;
var param = request.Raw.Get("token");
if (string.IsNullOrWhiteSpace(param))
{
grantResult = new CustomGrantValidationResult(Constants.TokenErrors.InvalidRequest);
}
var result = _validator.ValidateAccessTokenAsync(param).Result;
if (result.IsError)
{
grantResult = new CustomGrantValidationResult(result.Error);
}
var subjectClaim = result.Claims.FirstOrDefault(x => x.Type == "sub");
if (subjectClaim == null)
{
grantResult = new CustomGrantValidationResult(Constants.TokenErrors.InvalidRequest);
}
if (grantResult == null)
{
var subject = subjectClaim.Value;
grantResult = new CustomGrantValidationResult(subject, "access_token", new Claim[]
{
new Claim(P5.IdentityServerCore.Constants.ClaimTypes.AccountGuid, Guid.NewGuid().ToString()),
});
}
return(Task.FromResult(grantResult));
}
