private HttpResponseMessage CreateTokenResponse(string userName, Client client, EndpointReference scope,
string tokenType, bool includeRefreshToken)
{
var auth = new AuthenticationHelper();
var principal = auth.CreatePrincipal(userName, "OAuth2",
new[]
{
new Claim(Constants.Claims.Client, client.Name),
new Claim(Constants.Claims.Scope, scope.Uri.AbsoluteUri)
});
if (!ClaimsAuthorization.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
{
Tracing.Error("OAuth2 endpoint authorization failed for user: " + userName);
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant));
}
var sts = new STS();
TokenResponse tokenResponse;
if (sts.TryIssueToken(scope, principal, tokenType, out tokenResponse))
{
if (includeRefreshToken)
{
tokenResponse.RefreshToken = CodeTokenRepository.AddCode(CodeTokenType.RefreshTokenIdentifier,
client.ID, userName, scope.Uri.AbsoluteUri);
}
var resp = Request.CreateResponse(HttpStatusCode.OK, tokenResponse);
return(resp);
}
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest));
}
private ActionResult PerformImplicitGrant(AuthorizeRequest request, Client client)
{
var sts = new STS();
TokenResponse tokenResponse;
if (sts.TryIssueToken(
new EndpointReference(request.scope),
ClaimsPrincipal.Current,
Configuration.Global.DefaultHttpTokenType,
out tokenResponse))
{
var tokenString = string.Format("access_token={0}&token_type={1}&expires_in={2}",
tokenResponse.AccessToken,
tokenResponse.TokenType,
tokenResponse.ExpiresIn);
if (!string.IsNullOrEmpty(request.state))
{
tokenString = string.Format("{0}&state={1}", tokenString, Server.UrlEncode(request.state));
}
var redirectString = string.Format("{0}#{1}",
client.RedirectUri.AbsoluteUri,
tokenString);
return(Redirect(redirectString));
}
// return right error code
return(ClientError(client.RedirectUri, OAuth2Constants.Errors.InvalidRequest, request.response_type, request.state));
}
private void CreateTokenButton_Click(object sender, RoutedEventArgs e)
{
var principal = Principal.Create("InMemory",
new Claim(ClaimTypes.Name, UserName.Text));
var tokenType = GetTokenType();
var sts = new STS();
SecurityToken token;
var success = sts.TryIssueToken(
new EndpointReference(Realm.Text),
principal,
tokenType,
out token);
if (success)
{
if (tokenType == TokenTypes.Saml2TokenProfile11 || tokenType == TokenTypes.Saml11TokenProfile11)
{
var xml = token.ToTokenXmlString();
Output.Text = XElement.Parse(xml).ToString();
}
if (tokenType == TokenTypes.JsonWebToken)
{
var tokenString = new JsonWebTokenHandler().WriteToken(token);
Output.Text = tokenString;
}
}
else
{
throw new Exception("Error");
}
}
public HttpResponseMessage Get(HttpRequestMessage request)
{
Tracing.Information("Simple HTTP endpoint called.");
var query = request.GetQueryNameValuePairs();
var auth = new AuthenticationHelper();
var realm = query.FirstOrDefault(p => p.Key.Equals("realm", System.StringComparison.OrdinalIgnoreCase)).Value;
var tokenType = query.FirstOrDefault(p => p.Key.Equals("tokenType", System.StringComparison.OrdinalIgnoreCase)).Value;
if (string.IsNullOrWhiteSpace(realm))
{
return(request.CreateErrorResponse(HttpStatusCode.BadRequest, "realm parameter is missing."));
}
EndpointReference appliesTo;
try
{
appliesTo = new EndpointReference(realm);
Tracing.Information("Simple HTTP endpoint called for realm: " + realm);
}
catch
{
Tracing.Error("Malformed realm: " + realm);
return(request.CreateErrorResponse(HttpStatusCode.BadRequest, "malformed realm name."));
}
if (string.IsNullOrWhiteSpace(tokenType))
{
tokenType = ConfigurationRepository.Global.DefaultHttpTokenType;
}
Tracing.Verbose("Token type: " + tokenType);
TokenResponse tokenResponse;
var sts = new STS();
if (sts.TryIssueToken(appliesTo, ClaimsPrincipal.Current, tokenType, out tokenResponse))
{
var resp = request.CreateResponse <TokenResponse>(HttpStatusCode.OK, tokenResponse);
return(resp);
}
else
{
return(request.CreateErrorResponse(HttpStatusCode.BadRequest, "invalid request."));
}
}
private HttpResponseMessage ProcessResourceOwnerCredentialRequest(string userName, string password, EndpointReference appliesTo, string tokenType, Client client)
{
Tracing.Information("Starting resource owner password credential flow for client: " + client.Name);
if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(password))
{
Tracing.Error("Invalid resource owner credentials for: " + appliesTo.Uri.AbsoluteUri);
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant));
}
var auth = new AuthenticationHelper();
ClaimsPrincipal principal;
if (UserRepository.ValidateUser(userName, password))
{
principal = auth.CreatePrincipal(userName, "OAuth2",
new Claim[]
{
new Claim(Constants.Claims.Client, client.Name),
new Claim(Constants.Claims.Scope, appliesTo.Uri.AbsoluteUri)
});
if (!ClaimsAuthorization.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
{
Tracing.Error("OAuth2 endpoint authorization failed for user: "******"Resource owner credential validation failed: " + userName);
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant));
}
var sts = new STS();
TokenResponse tokenResponse;
if (sts.TryIssueToken(appliesTo, principal, tokenType, out tokenResponse))
{
var resp = Request.CreateResponse <TokenResponse>(HttpStatusCode.OK, tokenResponse);
return(resp);
}
else
{
return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest));
}
}
public HttpResponseMessage Get(HttpRequestMessage request)
{
Tracing.Information("Simple HTTP endpoint called.");
var query = request.GetQueryNameValuePairs();
var auth = new AuthenticationHelper();
var realm = query.FirstOrDefault(p => p.Key.Equals("realm", System.StringComparison.OrdinalIgnoreCase)).Value;
var tokenType = query.FirstOrDefault(p => p.Key.Equals("tokenType", System.StringComparison.OrdinalIgnoreCase)).Value;
if (string.IsNullOrWhiteSpace(realm))
{
return request.CreateErrorResponse(HttpStatusCode.BadRequest, "realm parameter is missing.");
}
EndpointReference appliesTo;
try
{
appliesTo = new EndpointReference(realm);
Tracing.Information("Simple HTTP endpoint called for realm: " + realm);
}
catch
{
Tracing.Error("Malformed realm: " + realm);
return request.CreateErrorResponse(HttpStatusCode.BadRequest, "malformed realm name.");
}
if (string.IsNullOrWhiteSpace(tokenType))
{
tokenType = ConfigurationRepository.Global.DefaultHttpTokenType;
}
Tracing.Verbose("Token type: " + tokenType);
TokenResponse tokenResponse;
var sts = new STS();
if (sts.TryIssueToken(appliesTo, ClaimsPrincipal.Current, tokenType, out tokenResponse))
{
var resp = request.CreateResponse<TokenResponse>(HttpStatusCode.OK, tokenResponse);
return resp;
}
else
{
return request.CreateErrorResponse(HttpStatusCode.BadRequest, "invalid request.");
}
}
public ActionResult Issue()
{
Tracing.Verbose("Sitefinity endpoint called.");
var query = _currrenContext.Request.QueryString;
var realm = query[query.AllKeys.FirstOrDefault(p => p.Equals("realm", System.StringComparison.OrdinalIgnoreCase))];
var tokenType = query[query.AllKeys.FirstOrDefault(p => p.Equals("tokenType", System.StringComparison.OrdinalIgnoreCase))];
var reply = query[query.AllKeys.FirstOrDefault(p => p.Equals("redirect_uri", System.StringComparison.OrdinalIgnoreCase))];
var deflateTemp = query[query.AllKeys.FirstOrDefault(p => p.Equals("deflate", System.StringComparison.OrdinalIgnoreCase))];
var isSignout = query[query.AllKeys.FirstOrDefault(p => p.Equals("sign_out", System.StringComparison.OrdinalIgnoreCase))];
//if this is a signout request, sign out the user and redirect
if (!string.IsNullOrWhiteSpace(isSignout))
{
Tracing.Verbose("Sitefinity signout request detected - signout var = " + isSignout);
if (isSignout.Equals("true", StringComparison.OrdinalIgnoreCase))
{
Tracing.Verbose("Sitefinity logout request");
FederatedAuthentication.SessionAuthenticationModule.SignOut();
return(Redirect((new Uri(new Uri(realm), reply)).AbsoluteUri));
}
}
if (string.IsNullOrWhiteSpace(deflateTemp))
{
deflateTemp = "false";
}
var deflate = "true".Equals(deflateTemp, StringComparison.OrdinalIgnoreCase);
Tracing.Verbose("Sitefinity query string parsed");
if (string.IsNullOrWhiteSpace(realm))
{
Tracing.Error("Malformed realm: " + realm);
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "realm parameter is missing."));
}
EndpointReference appliesTo;
try
{
appliesTo = new EndpointReference(realm);
Tracing.Information("Sitefinity Simple HTTP endpoint called for realm: " + realm);
}
catch
{
Tracing.Error("Malformed realm: " + realm);
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "malformed realm name."));// request.CreateErrorResponse(HttpStatusCode.BadRequest, "malformed realm name.");
}
if (string.IsNullOrWhiteSpace(tokenType))
{
tokenType = TokenTypes.SimpleWebToken;
}
Tracing.Verbose("Sitefinity Token type: " + tokenType);
Tracing.Verbose("Sitefinity Current Claims Principal: " + ClaimsPrincipal.Current.Claims.ToString() + ", " + ClaimsPrincipal.Current.Identity.Name + ", " + appliesTo.Uri + ", " + appliesTo.Details.ToString());
SecurityToken tokenResponse;
var sts = new STS();
if (sts.TryIssueToken(appliesTo, ClaimsPrincipal.Current, tokenType, out tokenResponse))
{
NameValueCollection queryString;
if (tokenResponse != null)
{
Tracing.Verbose(string.Join(", ", "UID: " + tokenResponse.Id));
}
else
{
Tracing.Error("Token is null after being issued");
}
var token = new SFSimpleWebToken(tokenResponse as SimpleWebToken);
//if (token != null)
// Tracing.Verbose("Sitefinity Token: " + token.ToString());
//else
// Tracing.Error("Sitefinity Token is null");
try
{
if (!String.IsNullOrEmpty(reply))
{
string path;
var issuer = HttpContext.Request.Url.AbsoluteUri;
var idx = issuer.IndexOf("?");
idx = reply.IndexOf('?');
if (idx != -1)
{
path = reply.Substring(0, idx);
queryString = HttpUtility.ParseQueryString(reply.Substring(idx + 1));
}
else
{
path = reply;
queryString = new NameValueCollection();
}
Tracing.Verbose("Begin wrapping SWT");
SFHelper.WrapSWT(queryString, token, deflate);
Tracing.Verbose("Begin building path and query for return url");
path = String.Concat(path, SFHelper.ToQueryString(queryString));
var uri = new Uri(new Uri(realm), path);
return(Redirect(uri.AbsoluteUri));
}
queryString = new NameValueCollection();
SFHelper.WrapSWT(queryString, token, deflate);
return(File(SFHelper.ToQueryString(queryString), "application/x-www-form-urlencoded", "token"));
}
catch (Exception e)
{
Tracing.Error(e.Message + " " + e.InnerException);
Tracing.Error("invalid request - token couldn't issue for realm " + realm);
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "invalid request."));
}
}
else
{
Tracing.Error("invalid request - token couldn't issue for realm " + realm);
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "invalid request."));
}
}
private HttpResponseMessage ProcessResourceOwnerCredentialRequest(string userName, string password, EndpointReference appliesTo, string tokenType, Client client)
{
Tracing.Information("Starting resource owner password credential flow for client: " + client.Name);
if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(password))
{
Tracing.Error("Invalid resource owner credentials for: " + appliesTo.Uri.AbsoluteUri);
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant);
}
var auth = new AuthenticationHelper();
ClaimsPrincipal principal;
if (UserRepository.ValidateUser(userName, password))
{
principal = auth.CreatePrincipal(userName, "OAuth2",
new Claim[]
{
new Claim(Constants.Claims.Client, client.Name),
new Claim(Constants.Claims.Scope, appliesTo.Uri.AbsoluteUri)
});
if (!ClaimsAuthorization.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
{
Tracing.Error("OAuth2 endpoint authorization failed for user: "******"Resource owner credential validation failed: " + userName);
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant);
}
var sts = new STS();
TokenResponse tokenResponse;
if (sts.TryIssueToken(appliesTo, principal, tokenType, out tokenResponse))
{
var resp = Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, tokenResponse);
return resp;
}
else
{
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest);
}
}
private ActionResult HandleImplicitGrant(AuthorizeRequest request, Client client)
{
var sts = new STS();
TokenResponse tokenResponse;
if (sts.TryIssueToken(
new EndpointReference(request.scope),
ClaimsPrincipal.Current,
Configuration.Global.DefaultHttpTokenType,
out tokenResponse))
{
var redirectString = string.Format("{0}#access_token={1}&token_type={2}&expires_in={3}",
client.RedirectUri.AbsoluteUri,
tokenResponse.AccessToken,
tokenResponse.TokenType,
tokenResponse.ExpiresIn);
if (!string.IsNullOrEmpty(request.state))
{
redirectString = string.Format("{0}&state={1}", redirectString, request.state);
}
return Redirect(redirectString);
}
// return right error code
return Error(client.RedirectUri, OAuth2Constants.Errors.InvalidRequest, request.state);
}
private HttpResponseMessage CreateTokenResponse(string userName, Client client, EndpointReference scope, string tokenType, bool includeRefreshToken)
{
var auth = new AuthenticationHelper();
var principal = auth.CreatePrincipal(userName, "OAuth2",
new Claim[]
{
new Claim(Constants.Claims.Client, client.Name),
new Claim(Constants.Claims.Scope, scope.Uri.AbsoluteUri)
});
if (!ClaimsAuthorization.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
{
Tracing.Error("OAuth2 endpoint authorization failed for user: " + userName);
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant);
}
var sts = new STS();
TokenResponse tokenResponse;
if (sts.TryIssueToken(scope, principal, tokenType, out tokenResponse))
{
if (includeRefreshToken)
{
tokenResponse.RefreshToken = RefreshTokenRepository.AddCode(CodeTokenType.RefreshTokenIdentifier, client.ID, userName, scope.Uri.AbsoluteUri);
}
var resp = Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, tokenResponse);
return resp;
}
else
{
return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest);
}
}
public ActionResult Issue()
{
Tracing.Verbose("Sitefinity endpoint called.");
var query = _currrenContext.Request.QueryString;
var realm = query[query.AllKeys.FirstOrDefault(p => p.Equals("realm", System.StringComparison.OrdinalIgnoreCase))];
var tokenType = query[query.AllKeys.FirstOrDefault(p => p.Equals("tokenType", System.StringComparison.OrdinalIgnoreCase))];
var reply = query[query.AllKeys.FirstOrDefault(p => p.Equals("redirect_uri", System.StringComparison.OrdinalIgnoreCase))];
var deflateTemp = query[query.AllKeys.FirstOrDefault(p => p.Equals("deflate", System.StringComparison.OrdinalIgnoreCase))];
var isSignout = query[query.AllKeys.FirstOrDefault(p => p.Equals("sign_out", System.StringComparison.OrdinalIgnoreCase))];
//if this is a signout request, sign out the user and redirect
if (!string.IsNullOrWhiteSpace(isSignout))
{
Tracing.Verbose("Sitefinity signout request detected - signout var = " + isSignout);
if (isSignout.Equals("true", StringComparison.OrdinalIgnoreCase))
{
Tracing.Verbose("Sitefinity logout request");
FederatedAuthentication.SessionAuthenticationModule.SignOut();
return Redirect((new Uri(new Uri(realm), reply)).AbsoluteUri);
}
}
if (string.IsNullOrWhiteSpace(deflateTemp))
deflateTemp = "false";
var deflate = "true".Equals(deflateTemp, StringComparison.OrdinalIgnoreCase);
Tracing.Verbose("Sitefinity query string parsed");
if (string.IsNullOrWhiteSpace(realm))
{
Tracing.Error("Malformed realm: " + realm);
return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "realm parameter is missing.");
}
EndpointReference appliesTo;
try
{
appliesTo = new EndpointReference(realm);
Tracing.Information("Sitefinity Simple HTTP endpoint called for realm: " + realm);
}
catch
{
Tracing.Error("Malformed realm: " + realm);
return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "malformed realm name.");// request.CreateErrorResponse(HttpStatusCode.BadRequest, "malformed realm name.");
}
if (string.IsNullOrWhiteSpace(tokenType))
tokenType = TokenTypes.SimpleWebToken;
Tracing.Verbose("Sitefinity Token type: " + tokenType);
Tracing.Verbose("Sitefinity Current Claims Principal: " + ClaimsPrincipal.Current.Claims.ToString() + ", " + ClaimsPrincipal.Current.Identity.Name + ", " + appliesTo.Uri + ", " + appliesTo.Details.ToString());
SecurityToken tokenResponse;
var sts = new STS();
if (sts.TryIssueToken(appliesTo, ClaimsPrincipal.Current, tokenType, out tokenResponse))
{
NameValueCollection queryString;
if (tokenResponse != null)
Tracing.Verbose(string.Join(", ", "UID: " + tokenResponse.Id));
else
Tracing.Error("Token is null after being issued");
var token = new SFSimpleWebToken(tokenResponse as SimpleWebToken);
//if (token != null)
// Tracing.Verbose("Sitefinity Token: " + token.ToString());
//else
// Tracing.Error("Sitefinity Token is null");
try
{
if (!String.IsNullOrEmpty(reply))
{
string path;
var issuer = HttpContext.Request.Url.AbsoluteUri;
var idx = issuer.IndexOf("?");
idx = reply.IndexOf('?');
if (idx != -1)
{
path = reply.Substring(0, idx);
queryString = HttpUtility.ParseQueryString(reply.Substring(idx + 1));
}
else
{
path = reply;
queryString = new NameValueCollection();
}
Tracing.Verbose("Begin wrapping SWT");
SFHelper.WrapSWT(queryString, token, deflate);
Tracing.Verbose("Begin building path and query for return url");
path = String.Concat(path, SFHelper.ToQueryString(queryString));
var uri = new Uri(new Uri(realm), path);
return Redirect(uri.AbsoluteUri);
}
queryString = new NameValueCollection();
SFHelper.WrapSWT(queryString, token, deflate);
return File(SFHelper.ToQueryString(queryString), "application/x-www-form-urlencoded", "token");
}
catch (Exception e)
{
Tracing.Error(e.Message + " " + e.InnerException);
Tracing.Error("invalid request - token couldn't issue for realm " + realm);
return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "invalid request.");
}
}
else
{
Tracing.Error("invalid request - token couldn't issue for realm " + realm);
return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "invalid request.");
}
}
