public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { _iAuthorizationBus = (IAuthorizationBus)GlobalConfiguration.Configuration.DependencyResolver.GetService(typeof(IAuthorizationBus)); string clientId = string.Empty; string clientSecret = string.Empty; ClientDTO client = null; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.Validated(); return(Task.FromResult <object>(null)); } client = _iAuthorizationBus.FindClient(context.ClientId); if (client == null) { context.SetError("invalid_clientId"); return(Task.FromResult <object>(null)); } if (client.ApplicationType == ApplicationTypes.Client_NativeConfidentialApplication) { if (string.IsNullOrWhiteSpace(clientSecret)) { context.SetError("invalid_clientId", Resources.ClientSecretShouldBeSent); return(Task.FromResult <object>(null)); } else { if (client.Secret != Helper.GetHash(clientSecret)) { context.SetError("invalid_clientId", Resources.InvalidClientSecret); return(Task.FromResult <object>(null)); } } } if (!client.Active) { context.SetError("invalid_clientId", Resources.ClientInactive); return(Task.FromResult <object>(null)); } context.OwinContext.Set <string>("as:clientAllowedOrigin", client.AllowedOrigin); context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString()); context.Validated(); return(Task.FromResult <object>(null)); }
private string ValidateClientAndRedirectUri(HttpRequestMessage request, ref string redirectUriOutput) { Uri redirectUri; var redirectUriString = GetQueryString(Request, "redirect_uri"); if (string.IsNullOrWhiteSpace(redirectUriString)) { throw new ValidationException(Resources.InvalidRedirectUri); } bool validUri = Uri.TryCreate(redirectUriString, UriKind.Absolute, out redirectUri); if (!validUri) { throw new ValidationException(Resources.InvalidRedirectUri); } var clientId = GetQueryString(Request, "client_id"); if (string.IsNullOrWhiteSpace(clientId)) { throw new ValidationException(Resources.ClientIdIsRequired); } var client = _iAuthorizationBus.FindClient(clientId); if (client == null) { throw new ForbiddenException(string.Format(Resources.ClientIdNotRegistred, clientId)); } if (!string.Equals(client.AllowedOrigin, "*") && !string.Equals(client.AllowedOrigin, redirectUri.GetLeftPart(UriPartial.Authority), StringComparison.OrdinalIgnoreCase)) { throw new UnauthorizedAccessException(string.Format(Resources.ClientIdDoesNotHaveEnoughRight, clientId)); } redirectUriOutput = redirectUri.AbsoluteUri; return(string.Empty); }