public HttpResponseMessage Get()
{
var identity = this.User.Identity as ClaimsIdentity;
if (identity == null)
{
return(ServiceResponseMessage.BadRequest("Could not parse identity as claims identity"));
}
var model = ParseClaims(identity.Claims);
return(ServiceResponseMessage.Ok(model));
}
/// <summary>
/// POST to STS to get an OAuth Token
/// </summary>
/// <returns>An OAuth2 Token</returns>
public async Task <HttpResponseMessage> Post()
{
try
{
var requestContext = this.Request.Properties[STSConstants.STSRequestContext] as ITokenServiceRequestContext;
if (requestContext == null)
{
throw new HttpResponseException(ServiceResponseMessage.BadRequest("STS Context is null"));
}
// Create Identity and Set Claims
var authType = OwinStartUp.OAuthBearerOptions.AuthenticationType;
var identity = new ClaimsIdentity(authType);
if (requestContext.Version == 1.0)
{
var body = requestContext.TokenRequestBody as TokenRequestV1;
if (body == null)
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent("Could not parse request body")
});
}
//identity.AddClaim(new Claim(ClaimTypes.Name, body.UserName));
//identity.AddClaim(new Claim(ClaimTypes.Email, body.Email));
//identity.AddClaim(new Claim(ClaimTypes.MobilePhone, body.MobilePhone));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString()));
var auth = ServiceLocator.Instance.GetAuthenticationProvider(body.AuthenticationProvider);
if (auth == null)
{
return(ServiceResponseMessage.BadRequest("Invalid Authentication Provider passed"));
}
// Call the auth provider here
if (!body.AuthenticationProvider.Equals("none", StringComparison.InvariantCultureIgnoreCase))
{
if (!await auth.IsAuthenticatedAsync(body.Email, body.Password))
{
return(ServiceResponseMessage.Unauthorized());
}
else
{
identity.AddClaim(new Claim(ClaimTypes.Authentication, "Full"));
}
}
}
var ticket = new AuthenticationTicket(identity, new AuthenticationProperties
{
IsPersistent = false
});
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30));
var token = OwinStartUp.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
var bytes = Encoding.UTF8.GetBytes(token);
var encoded = "NORD " + Convert.ToBase64String(bytes);
return(ServiceResponseMessage.Ok(encoded));
}
catch (Exception ex)
{
// Test all of these exceptions
return(ServiceResponseMessage.InternalServerError(ex.Message));
}
finally
{
// Log event
}
}
/// <summary>
/// POST to STS to get a Bearer Token
/// </summary>
/// <returns>An OAuth2 Bearer Token</returns>
public async Task <HttpResponseMessage> Post()
{
try
{
var requestContext = this.Request.Properties[STSConstants.STSRequestContext] as ITokenServiceRequestContext;
if (requestContext == null)
{
throw new HttpResponseException(ServiceResponseMessage.BadRequest("STS Context is null"));
}
// Create Identity and Set Claims
var authType = OwinStartUp.OAuthBearerOptions.AuthenticationType;
var identity = new ClaimsIdentity(authType);
/// LEFTOFF - make this code cleaner, create type by version (type converter). Also take authprovider,
/// start building simple factory and inject providers
if (requestContext.Version == 1.0)
{
// push auth rules to plug ins and take a provider/default provider and pass provider in request
var body = requestContext.TokenRequestBody as TokenRequestV1;
// TODO: validate the parts
identity.AddClaim(new Claim(ClaimTypes.Name, body.UserName));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, Guid.NewGuid().ToString()));
identity.AddClaim(new Claim(ClaimTypes.Email, body.Email));
identity.AddClaim(new Claim(ClaimTypes.MobilePhone, body.MobilePhone));
identity.AddClaim(new Claim(ClaimTypes.Authentication, "Partial"));
}
var properties = new AuthenticationProperties
{
IsPersistent = false
};
var ticket = new AuthenticationTicket(identity, properties);
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
// Set expiration
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30));
// TODO: ticket needs to be signed with a certificate. Create new signing cert and use that same cert of other services.
return(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(OwinStartUp.OAuthBearerOptions.AccessTokenFormat.Protect(ticket))
});
}
catch (Exception ex)
{
// Test all of these exceptions
return(new HttpResponseMessage(HttpStatusCode.InternalServerError)
{
Content = new StringContent(ex.Message)
});
}
finally
{
// Log event
}
}