public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { //Normal bearer token Authentication // context.Validated(); string clientId = string.Empty; string clientSecret = string.Empty; string symmetricKeyAsBase64 = string.Empty; if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.SetError("invalid_clientId", "client_Id is not set"); return(Task.FromResult <object>(null)); } var audience = InMemoryAudineceStore.GetAudience(context.ClientId); if (audience == null) { context.SetError("invalid_clientId", string.Format("Invalid client_id '{0}'", context.ClientId)); return(Task.FromResult <object>(null)); } context.Validated(); return(Task.FromResult <object>(null)); }
public IHttpActionResult AddAudience(AudienceModel value) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } Audience audience = InMemoryAudineceStore.AddAudience(value.Name); return(Ok <Audience>(audience)); }
public string Protect(AuthenticationTicket data) { if (data == null) { throw new ArgumentNullException("data"); } string audienceId = data.Properties.Dictionary.ContainsKey(AudiencePropertyKey) ? data.Properties.Dictionary[AudiencePropertyKey] : null; if (string.IsNullOrWhiteSpace(audienceId)) { throw new InvalidOperationException("AuthenticationTicket.Properties does not include audience"); } Audience audience = InMemoryAudineceStore.GetAudience(audienceId); string symmetricKeyAsBase64 = audience.Base64Secret; var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64); var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(keyByteArray); var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials( securityKey, SecurityAlgorithms.HmacSha256Signature); // var signingKey = new HmacSigningCredentials(keyByteArray); var issued = data.Properties.IssuedUtc; var expires = data.Properties.ExpiresUtc; var token = new JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingCredentials); var handler = new JwtSecurityTokenHandler(); var jwt = handler.WriteToken(token); return(jwt); }