public ActionResult AuthorizeExternalAccess()
{
//var pendingRequest = this.authorizationServer.ReadAuthorizationRequest(Request);
var authorizationRequest = Session["AuthorizationRequest"] as OpenIdConnectAuthorizationRequest;
if (authorizationRequest == null)
{
throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
}
var requestingClient = MvcApplication.registeredUsers.FirstOrDefault(c => c.Email == User.Identity.Name);
var model = new AlhambraOAuth2Authorization
{
UserId = User.Identity.Name,
AuthorizedAt = DateTime.UtcNow,
Scope = authorizationRequest.scope,
AuthorizationRequest = authorizationRequest,
State = authorizationRequest.state
};
MvcApplication.registeredAuthorizations.Add(model);
return(View(model));
}
public ActionResult AuthorizeExternalAccessResponse(bool isApproved)
{
var authorizationRequest = Session["AuthorizationRequest"] as OpenIdConnectAuthorizationRequest;
if (authorizationRequest == null)
{
throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
}
if (isApproved)
{
var client = MvcApplication.registeredUsers.FirstOrDefault(c => c.Email == User.Identity.Name);
string newCode = GenerateHexEncodedGUI();
//register the new code and set the 'used' flag as false
MvcApplication.codesGenerated.Add(newCode, false);
Guid newAccessToken = Guid.NewGuid();
Guid newRefreshToken = Guid.NewGuid();
MvcApplication.tokensGenerated.Add(newAccessToken, newRefreshToken);
var model = new AlhambraOAuth2Authorization {
AccessToken = newAccessToken.ToString(),
RefreshToken = newRefreshToken.ToString(),
AuthorizationRequest = authorizationRequest,
ExpiresAt = DateTime.Now.AddMinutes(2),
AuthorizedAt = DateTime.UtcNow,
Scope = authorizationRequest.scope,
UserId = client.Email,
Code = newCode,
State = authorizationRequest.state
};
var account = MvcApplication.registeredAuthorizations.FirstOrDefault(x => x.UserId == User.Identity.Name);
//update existent info
account.AccessToken = newAccessToken.ToString();
account.RefreshToken = newRefreshToken.ToString();
account.Code = newCode;
account.ExpiresAt = DateTime.Now.AddMinutes(2);
account.AuthorizedAt = DateTime.UtcNow;
string url = authorizationRequest.redirect_uri + "?code=" + model.Code + "&state=" + model.State;
return(Redirect(url.ToString()));
}
else
{
throw new HttpException((int)HttpStatusCode.Unauthorized, "Missing authorization request.");
}
}
public ActionResult UserInfo()
{
var authorizationRequest = Session["AuthorizationRequest"] as OpenIdConnectAuthorizationRequest;
AlhambraOAuth2Authorization authorization = null;
RegisteredUser registeredUser = null;
if (HttpContext.Request.Headers["Authorization"].StartsWith("Bearer ", StringComparison.InvariantCultureIgnoreCase))
{
string accessToken = ASCIIEncoding.ASCII.GetString(Convert.FromBase64String(HttpContext.Request.Headers["Authorization"].Substring(7)));
if (String.IsNullOrEmpty(accessToken))
{
throw new HttpException((int)HttpStatusCode.Unauthorized, "The credentials are invalid");
}
if (!(MvcApplication.registeredAuthorizations.Exists(x => x.AccessToken == accessToken)))
{
throw new HttpException((int)HttpStatusCode.Unauthorized, "The access token is invalid");
}
else
{
authorization = MvcApplication.registeredAuthorizations.FirstOrDefault(x => x.AccessToken == accessToken);
registeredUser = MvcApplication.registeredUsers.FirstOrDefault(x => x.Email == authorization.UserId);
}
}
else
{
throw new HttpException((int)HttpStatusCode.Unauthorized, "The authorization request only supports Bearer Token Usage");
}
OAuth2Graph graph = new OAuth2Graph()
{
Id = registeredUser.Id
};
//use the scopes
if (authorizationRequest.scope.Contains(OpenIdConnectScopes.OpenId))
{
foreach (string scope in authorizationRequest.scope.Split(' '))
{
switch (scope)
{
case OpenIdConnectScopes.Profile:
graph.FirstName = registeredUser.FirstName;
graph.LastName = registeredUser.LastName;
graph.FullName = registeredUser.FullName;
graph.Profile = registeredUser.Profile;
graph.Email = registeredUser.Email;
break;
case OpenIdConnectScopes.Email:
graph.Email = registeredUser.Email;
break;
case OpenIdConnectScopes.FirstName:
graph.FirstName = registeredUser.FirstName;
break;
case OpenIdConnectScopes.LastName:
graph.FirstName = registeredUser.LastName;
break;
}
}
}
else
{
throw new HttpException((int)HttpStatusCode.BadRequest, "The request is not valid");
}
string result = JsonConvert.SerializeObject(graph);
return(Content(result, "application/json"));
}
