Exemplo n.º 1
0
        public async Task <CustomerAuthenticationDTO> GetAsync(CustomerAuthenticationId id)
        {
            var sqlParams = new
            {
                Id = id.RawValue
            };
            string sql = @";
                SELECT Id,
                       CustomerId,
                       CredentialType,
                       Secret,
                       DisplayName,
                       CreationTime,
                       CreatedBy,
                       IsRevoked,
                       RevokeTime
                FROM dbo.CustomerAuthenticationMethods 
                WHERE Id = @Id;
            ";

            return(await _db.QuerySingleOrDefault(async (db) =>
            {
                return await db.FetchAsync <CustomerAuthenticationDTO>(sql, sqlParams);
            }));
        }
Exemplo n.º 2
0
        public async Task <ClaimsPrincipal> GetOneTimeLoginAsync(CustomerAuthenticationId id, string secret, CredentialType credentialType)
        {
            var customerAuth = await _persistence.CustomerAuthentications.GetAsync(id);

            if (customerAuth == null)
            {
                return(null);
            }

            if (customerAuth.CredentialType != credentialType || !customerAuth.Secret.Equals(secret, StringComparison.InvariantCultureIgnoreCase))
            {
                return(null);
            }

            if (customerAuth.IsRevoked)
            {
                return(null);
            }

            var claimsIdentity = new ClaimsIdentity(Options.APIAuthenticationScheme);

            AddCustomerIdClaim(claimsIdentity, customerAuth.CustomerId);
            AddCustomerAuthClaim(claimsIdentity, customerAuth.Id);
            return(new ClaimsPrincipal(claimsIdentity));
        }
Exemplo n.º 3
0
        protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
        {
            // Is this relevant to us?
            if (!Request.Headers.TryGetValue(Options.HTTPHeader, out var authValue))
            {
                return(AuthenticateResult.NoResult());
            }

            // Is it a good pair?
            var actualAuthValue = authValue.FirstOrDefault();
            var apiValues       = actualAuthValue.Split(':', 2);

            if (apiValues.Length != 2 || String.IsNullOrEmpty(apiValues[0]) || String.IsNullOrEmpty(apiValues[1]))
            {
                return(AuthenticateResult.Fail($"Invalid authentication format, expected 'id:secret'"));
            }


            var customerAuthId = CustomerAuthenticationId.FromString(apiValues[0]);
            var secret         = apiValues[1];
            var principal      = await _membership.GetOneTimeLoginAsync(customerAuthId, secret, CredentialType.CustomerAPIKey);

            if (principal == null)
            {
                return(AuthenticateResult.Fail("Invalid authentication provided, access denied."));
            }

            var ticket = new AuthenticationTicket(principal, Options.AuthenticationScheme);

            return(AuthenticateResult.Success(ticket));
        }
Exemplo n.º 4
0
 public CustomerAuthenticationDTO(CustomerAuthenticationId id, CustomerId customerid, CredentialType credentialtype, string secret, string displayname, DateTime creationtime, UserId createdby, bool isrevoked = false, DateTime?revoketime = null)
 {
     Id             = id;
     CustomerId     = customerid;
     CredentialType = credentialtype;
     Secret         = secret;
     DisplayName    = displayname;
     CreationTime   = creationtime;
     CreatedBy      = createdby;
     IsRevoked      = isrevoked;
     RevokeTime     = revoketime;
 }
Exemplo n.º 5
0
 private void AddCustomerAuthClaim(ClaimsIdentity identity, CustomerAuthenticationId customerAuthId)
 {
     identity.AddClaim(new Claim("customerAuthId", customerAuthId.RawValue.ToString()));
 }