public ActionResult Token(ResourceOwnerCredentialRequest request)
{
Tracing.Verbose("OAuth2 endpoint called.");
if (!ConfigurationRepository.Endpoints.OAuth2)
{
Tracing.Error("OAuth2 endpoint called, but disabled in configuration");
return new HttpNotFoundResult();
}
if (!ModelState.IsValid)
{
Tracing.Error("OAuth2 called with malformed request");
return new HttpStatusCodeResult(400);
}
var auth = new AuthenticationHelper();
Uri uri;
if (!Uri.TryCreate(request.Scope, UriKind.Absolute, out uri))
{
Tracing.Error("OAuth2 endpoint called with malformed realm: " + request.Scope);
return new HttpStatusCodeResult(400);
}
ClaimsPrincipal principal = null;
if (auth.TryGetPrincipalFromOAuth2Request(Request, request, out principal))
{
if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
{
Tracing.Error("User not authorized");
return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401);
}
SecurityToken token;
if (auth.TryIssueToken(new EndpointAddress(uri), principal, ConfigurationRepository.Configuration.HttpTokenType, out token))
{
var handler = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers[ConfigurationRepository.Configuration.HttpTokenType];
var response = new AccessTokenResponse
{
AccessToken = handler.WriteToken(token),
TokenType = TokenTypes.JsonWebToken,
ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60,
};
Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401);
}
public ActionResult Issue(string realm, string tokenType)
{
Tracing.Verbose("JSNotify endpoint called.");
if (!ConfigurationRepository.Endpoints.JSNotify)
{
Tracing.Warning("JSNotify endpoint called, but disabled in configuration");
return new HttpNotFoundResult();
}
Tracing.Information("JSNotify endpoint called for realm: " + realm);
if (tokenType == null)
{
tokenType = ConfigurationRepository.Configuration.HttpTokenType;
}
Tracing.Information("Token type: " + tokenType);
Uri uri;
if (!Uri.TryCreate(realm, UriKind.Absolute, out uri))
{
Tracing.Error("Realm parameter is malformed.");
return new HttpStatusCodeResult(400);
}
var endpoint = new EndpointAddress(uri);
var auth = new AuthenticationHelper();
TokenResponse response;
if (auth.TryIssueToken(endpoint, Thread.CurrentPrincipal as ClaimsPrincipal, tokenType, out response))
{
var jsresponse = new AccessTokenResponse
{
AccessToken = response.TokenString,
TokenType = response.TokenType,
ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60
};
Tracing.Information("JSNotify issue successful for user: " + User.Identity.Name);
return new JSNotifyResult(jsresponse);
}
else
{
return new HttpStatusCodeResult(400);
}
}
public OAuth2AccessTokenResult(AccessTokenResponse response)
{
_response = response;
}
public JSNotifyResult(AccessTokenResponse response)
{
_response = response;
}
public OAuth2AccessTokenResult(AccessTokenResponse response)
{
_response = response;
}
public JSNotifyResult(AccessTokenResponse response)
{
_response = response;
}
public ActionResult Token(ResourceOwnerCredentialRequest request)
{
Tracing.Verbose("OAuth2 endpoint called.");
if (!ConfigurationRepository.Endpoints.OAuth2)
{
Tracing.Error("OAuth2 endpoint called, but disabled in configuration");
return new HttpNotFoundResult();
}
if (!ModelState.IsValid)
{
Tracing.Error("OAuth2 called with malformed request");
return new HttpStatusCodeResult(400);
}
var auth = new AuthenticationHelper();
Uri uri;
if (!Uri.TryCreate(request.Scope, UriKind.Absolute, out uri))
{
Tracing.Error("OAuth2 endpoint called with malformed realm: " + request.Scope);
return new HttpStatusCodeResult(400);
}
IClaimsPrincipal principal = null;
if (auth.TryGetPrincipalFromOAuth2Request(Request, request, out principal))
{
if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
{
Tracing.Error("User not authorized");
return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401);
}
SecurityToken token;
if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token))
{
var swt = token as SimpleWebToken;
var response = new AccessTokenResponse
{
AccessToken = swt.RawToken,
TokenType = SimpleWebToken.OasisTokenProfile,
ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60,
};
Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401);
//if (UserRepository.ValidateUser(request.UserName ?? "", request.Password ?? ""))
//{
// var principal = auth.CreatePrincipal(request.UserName, AuthenticationMethods.Password);
// if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
// {
// Tracing.Error("User not authorized");
// return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401);
// }
// SecurityToken token;
// if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token))
// {
// var swt = token as SimpleWebToken;
// var response = new AccessTokenResponse
// {
// AccessToken = swt.RawToken,
// TokenType = SimpleWebToken.OasisTokenProfile,
// ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60,
// };
// Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401);
}
