/// <summary>
/// Called when a request to the Token endpoint arrives with a "grant_type" of "password".
/// This occurs when the user has provided name and password credentials directly into the
/// client application's user interface, and the client application is using those to acquire an
/// "access_token" and optional "refresh_token". If the web application supports the resource owner
/// credentials grant type it must validate the context.Username and context.Password as appropriate.
/// To issue an access token the context.Validated must be called with a new ticket containing the
/// claims about the resource owner which should be associated with the access token.
/// The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers.
/// The default behavior is to reject this grant type. See also http://tools.ietf.org/html/rfc6749#section-4.3.2
/// </summary>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Headers", new[] { "Content-Type" });
if (context.UserName == "Pussy" && context.Password == "Cat")
{
// create identity
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", "test"));
identity.AddClaim(new Claim("role", "user"));
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
// create metadata to pass on to refresh token provider
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{ "as:client_id", context.ClientId }
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
//context.Validated(identity);
return;
}
context.Rejected();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
//var client = new UserClient();
//var result = client.Login(request, out status, out message);
//using (AuthRepository _repo = new AuthRepository())
//{
// IdentityUser user = await _repo.FindUser(context.UserName, context.Password);
// if (user == null)
// {
// context.SetError("invalid_grant", "The user name or password is incorrect.");
// return;
// }
//}
//create identity
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
//var identity = new ClaimsIdentity("Embedded");
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("role", "user"));
// create metadata to pass on to refresh token provider
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{ "as:client_id", context.ClientId }
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = "*";
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
if (!user.EmailConfirmed)
{
context.SetError("invalid_grant", "User did not confirm email.");
return;
}
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, "JWT");
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{"audience", context.ClientId ?? string.Empty }
});
var ticket = new AuthenticationTicket(oAuthIdentity, props);
context.Validated(ticket);
}
public ActionResult GoogleLogin(string returnUrl) {
var properties = new AuthenticationProperties {
RedirectUri = Url.Action("GoogleLoginCallback", new {returnUrl = returnUrl})
};
HttpContext.GetOwinContext().Authentication.Challenge(properties, "Google");
return new HttpUnauthorizedResult();
}
public ActionResult LogIn(AuthLogInModel model)
{
if (!ModelState.IsValid)
{
return View();
}
User user = userManager.Find(model.UserName, model.Password);
if (user != null)
{
IAuthenticationManager authenticationManager = HttpContext.GetOwinContext().Authentication;
authenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
ClaimsIdentity identity = userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationProperties props = new AuthenticationProperties();
props.IsPersistent = model.RememberMe;
authenticationManager.SignIn(props, identity);
if (Url.IsLocalUrl(model.ReturnUrl))
{
return Redirect(model.ReturnUrl);
}
else
{
return RedirectToAction("Index", "Question");
}
}
else
{
ModelState.AddModelError("", "Invalid username or password.");
}
return View();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var credentials = Validator.ValidateUser(context.UserName, context.Password);
if (credentials == null)
{
context.Rejected();
return;
}
// create identity
var id = new ClaimsIdentity(context.Options.AuthenticationType);
id.AddClaim(new Claim("sub", context.UserName));
id.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
id.AddClaim(new Claim(ClaimTypes.Role,credentials.Role));
// create metadata to pass on to refresh token provider
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{"oauth:client_id", context.ClientId}
});
var ticket = new AuthenticationTicket(id, props);
context.Validated(ticket);
}
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var authenticationResult = _authenticationSerivce.AuthenticateAsync(context.UserName, context.Password).Result;
if (!authenticationResult.IsSuccessfull)
{
context.SetError("invalid_grant", authenticationResult.Message);
return Task.FromResult<object>(null);
}
var identity = _authenticationSerivce.CreateIdentityAsync(authenticationResult.AuthenticatedUser).Result;
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{
"as:client_id", context.ClientId ?? string.Empty
},
{
"userName", context.UserName
}
});
var ticket = new AuthenticationTicket(identity, props);
return Task.FromResult(context.Validated(ticket));
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (var userPasswordStore = _userPasswordStoreFactory())
{
var user = await userPasswordStore.FindByNameAsync(context.UserName);
if (user == null)
{
context.SetError("invalid_grant", "No user by that user name exists.");
return;
}
var passwordHash = await userPasswordStore.GetPasswordHashAsync(user);
if (_passwordHasher.VerifyHashedPassword(passwordHash, context.Password) == PasswordVerificationResult.Failed)
{
context.SetError("invalid_grant", "The password is incorrect.");
return;
}
ClaimsIdentity oauthIdentity = user.CreateIdentity(OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = user.CreateIdentity(CookieAuthenticationDefaults.AuthenticationType);
var properties = new AuthenticationProperties(new Dictionary<string, string> { { "userName", user.UserName } });
var ticket = new AuthenticationTicket(oauthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
}
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = context.OwinContext.Get<string>(OAuthDefaults.OwinKeyAllowedOrigin) ?? "*";
context.OwinContext.Response.Headers.Add(OAuthDefaults.HeaderKeyAllowedOrigin, new[] { allowedOrigin });
if (ValidateUserNameAndPassword != null && !ValidateUserNameAndPassword(context.UserName, context.Password))
{
context.SetError("invalid_grant", "The user name or password is incorrect");
return Task.FromResult<object>(null);
}
var identity = new ClaimsIdentity(OAuthDefaults.TokenFormat);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(OAuthDefaults.ClaimKeySub, context.UserName));
identity.AddClaim(new Claim(OAuthDefaults.ClaimKeySite, context.Request.Uri.Host.Split('.')[0]));
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{
OAuthDefaults.HeaderKeyClientId, context.ClientId ?? string.Empty
},
{
OAuthDefaults.HeaderKeyUserName, context.UserName
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
return Task.FromResult<object>(null);
}
public async Task<AuthenticationTicket> ValidateTicket(IOwinRequest request, IOwinContext context, HttpClient httpClient,
string ticket, AuthenticationProperties properties, string service)
{
// Now, we need to get the ticket validated
string validateUrl = _options.CasServerUrlBase + "/validate" +
"?service=" + service +
"&ticket=" + Uri.EscapeDataString(ticket);
HttpResponseMessage response = await httpClient.GetAsync(validateUrl, request.CallCancelled);
response.EnsureSuccessStatusCode();
string responseBody = await response.Content.ReadAsStringAsync();
String validatedUserName = null;
var responseParts = responseBody.Split('\n');
if (responseParts.Length >= 2 && responseParts[0] == "yes")
validatedUserName = responseParts[1];
if (!String.IsNullOrEmpty(validatedUserName))
{
var identity = new ClaimsIdentity(_options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", _options.AuthenticationType));
identity.AddClaim(new Claim(ClaimTypes.Name, validatedUserName, "http://www.w3.org/2001/XMLSchema#string", _options.AuthenticationType));
var authenticatedContext = new CasAuthenticatedContext(context, identity, properties);
await _options.Provider.Authenticated(authenticatedContext);
return new AuthenticationTicket(authenticatedContext.Identity, authenticatedContext.Properties);
}
return new AuthenticationTicket(null, properties);
}
public ActionResult Login(string userName, string password)
{
var user = Authenticate(userName, password);
if (user != null)
{
var claims = new[] { new Claim(ClaimTypes.Name, userName) };
var identity = new ClaimsIdentity(
claims,
DefaultAuthenticationTypes.ApplicationCookie,
ClaimTypes.Name,
ClaimTypes.Role);
foreach (var role in user.Roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
}
// Tell OWIN the identity provider, optional
// identity.AddClaim(new Claim(IdentityProvider, "Simplest Auth"));
var properties = new AuthenticationProperties
{
IsPersistent = false,
};
Authentication.SignIn(properties, identity);
return RedirectToAction("index", "home");
}
return View("index", "Could not log you in");
}
public AuthenticationTicket CreateTicket(IdentityUser user, string clientId = null)
{
var tokenExpiration = TimeSpan.FromDays(1);
var identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
identity.AddClaim(new Claim("UserId", user.Id));
identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
identity.AddClaim(new Claim("role", "user"));
foreach (var claim in user.Claims)
{
identity.AddClaim(new Claim(claim.ClaimType, claim.ClaimValue));
}
var props = new AuthenticationProperties()
{
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration),
};
props.Dictionary.Add("as:client_id", clientId ?? string.Empty);
props.Dictionary.Add("userName", user.UserName);
props.Dictionary.Add("userId", user.Id);
var ticket = new AuthenticationTicket(identity, props);
return ticket;
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] {"*"});
var user = await _userService.Authenticate(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{
"as:client_id", context.ClientId ?? string.Empty
},
{
"userName", context.UserName
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
user = Mapper.Map<UserModel>(await userService.FindAsync(context.UserName, context.Password));
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
else
{
ClaimsIdentity identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
// Proporties
IDictionary<string, string> prop = new Dictionary<string, string>()
{
{ "username", user.UserName },
{ "id", user.Id}
};
// Add dictionary to auth proporties
AuthenticationProperties proporties = new AuthenticationProperties(prop);
AuthenticationTicket ticket = new AuthenticationTicket(identity, proporties);
context.Validated(ticket);
}
}
public override async Task GrantResourceOwnerCredentials
(OAuthGrantResourceOwnerCredentialsContext context)
{
// validate user credentials (demo!)
// user credentials should be stored securely (salted, iterated, hashed…)
if (!((context.UserName == "*****@*****.**" && context.Password == "test123")||
(context.UserName == "*****@*****.**" && context.Password == "test123")))
{
context.Rejected();
return;
}
// create identity
var id = new ClaimsIdentity("Embedded");
id.AddClaim(new Claim("sub", context.UserName));
id.AddClaim(new Claim("role", "user"));
id.AddClaim(new Claim("privileges", "Admin,AccountViewer,AccountSubmit"));
// create metadata to pass on to refresh token provider
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{"client_key", context.ClientId}
});
var ticket = new AuthenticationTicket(id, props);
context.Validated(ticket);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
var identity = _accountService.FindUser(context);
if (identity == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
else
{
var props = new AuthenticationProperties(new Dictionary<string, string>());
foreach (var claim in identity.Claims)
{
props.Dictionary.Add(claim.Type, claim.Value);
}
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
var provider = Request.Form["provider"];
if (provider == null)
{
return;
}
// Request a redirect to the external login provider
string redirectUrl = ResolveUrl(String.Format(CultureInfo.InvariantCulture, "~/Account/RegisterExternalLogin?{0}={1}&returnUrl={2}", IdentityHelper.ProviderNameKey, provider, ReturnUrl));
var properties = new AuthenticationProperties() { RedirectUri = redirectUrl };
// Add xsrf verification when linking accounts
if (Context.User.Identity.IsAuthenticated)
{
properties.Dictionary[IdentityHelper.XsrfKey] = Context.User.Identity.GetUserId();
}
Context.GetOwinContext().Authentication.Challenge(properties, provider);
Response.StatusCode = 401;
Response.End();
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] {"*"});
try
{
using (var userManager = new UserManager<User>(new UserStore<User>(new ElearningDbContext())))
{
var user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invaild_grant", "The user name or password is incorrect");
return;
}
}
}
catch (Exception ex)
{
var a = ex;
throw;
}
var identity = new ClaimsIdentity("JWT");
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
var properties = new AuthenticationProperties(new Dictionary<string, string>
{
{
"audience", context.ClientId ?? string.Empty
}
});
var ticket = new AuthenticationTicket(identity, properties);
context.Validated(ticket);
}
/// <summary>
/// Generate API autentication token
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public ApiTokenDto GenerateApiToken(User user)
{
Trace.WriteLine("[SecurityHelper] Generating API token.");
var identity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Sid, user.Id.ToString(CultureInfo.InvariantCulture)));
var tokenExpiration = TimeSpan.FromDays(365);
var props = new AuthenticationProperties
{
IssuedUtc = DateTime.UtcNow,
ExpiresUtc = DateTime.UtcNow.Add(tokenExpiration),
};
var ticket = new AuthenticationTicket(identity, props);
var token = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket);
if (ticket.Properties.IssuedUtc == null || ticket.Properties.ExpiresUtc == null) return null;
var tokenResponse = new ApiTokenDto
{
User = _mappingEngine.Map<User, UserDto>(user),
AccessToken = token,
TokenType = "bearer",
ExpiresIn = tokenExpiration.TotalSeconds.ToString(CultureInfo.InvariantCulture),
Issued = GetUtcDateTime(ticket.Properties.IssuedUtc.Value).ToString("s"),
Expires = GetUtcDateTime(ticket.Properties.ExpiresUtc.Value).ToString("s")
};
return tokenResponse;
}
public ActionResult Login(LoginModel model, string returnUrl)
{
if (model.UserName != model.Password) return View();
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, model.UserName),
new Claim(ClaimTypes.Email, "*****@*****.**"),
new Claim(ClaimTypes.Role, "Administrator"),
new Claim("Data", "Read"),
};
var id = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationType);
var authenticationManager = Request.GetOwinContext().Authentication;
var authProperties = new AuthenticationProperties { IsPersistent = true };
authenticationManager.SignIn(authProperties, id);
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
return RedirectToAction("Index", "Home");
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var allowedOrigin = "*";
ApplicationUser appUser = null;
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
using (AuthRepository _repo = new AuthRepository())
{
appUser = await _repo.FindUser(context.UserName, context.Password);
if (appUser == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
identity.AddClaim(new Claim("PSK", appUser.PSK));
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{
"userName", context.UserName
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
// Dummy check here, you need to do your DB checks against membership system http://bit.ly/SPAAuthCode
if (context.UserName != context.Password)
{
context.SetError("invalid_grant", "The user name or password is incorrect");
//return;
return Task.FromResult<object>(null);
}
var identity = new ClaimsIdentity("JWT");
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "Manager"));
identity.AddClaim(new Claim(ClaimTypes.Role, "Supervisor"));
var props =
new AuthenticationProperties(
new Dictionary<string, string>
{
{
"audience",
context.ClientId ?? string.Empty
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
return Task.FromResult<object>(null);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
IdentityUser user;
using (var _repo = new AuthRepository())
{
user = await _repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("userId", user.Id));
if (user.Id == "c417fc8e-5bae-410f-b2ee-463afe2fdeaa")
identity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{
"userId", user.Id
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
public void GoogleOAuth2Configuration(IAppBuilder app)
{
app.UseAuthSignInCookie();
var option = new GoogleOAuth2AuthenticationOptions()
{
ClientId = "581497791735.apps.googleusercontent.com",
ClientSecret = "-N8rQkJ_MKbhpaxyjdVYbFpO",
};
app.UseGoogleAuthentication(option);
app.Run(async context =>
{
if (context.Authentication.User == null || !context.Authentication.User.Identity.IsAuthenticated)
{
var authenticationProperties = new AuthenticationProperties();
authenticationProperties.Dictionary.Add("access_type", "custom_accessType");
authenticationProperties.Dictionary.Add("approval_prompt", "custom_approval_prompt");
authenticationProperties.Dictionary.Add("login_hint", "custom_login_hint");
context.Authentication.Challenge(authenticationProperties, "Google");
await context.Response.WriteAsync("Unauthorized");
}
});
}
public ActionResult Login(LoginModel model, string returnUrl)
{
if (model.UserName == model.Password) //valdiate credentials there
{
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, model.UserName),
new Claim(ClaimTypes.Email, "*****@*****.**"),
new Claim(ClaimTypes.Role, "Administrator"),
new Claim("Custom", "Custom Claim Value")
};
var id = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationType);
var authenticationManager = this.Request.GetOwinContext().Authentication;
var authProperties = new AuthenticationProperties() { IsPersistent = true };
authenticationManager.SignIn(authProperties, id);
if (Url.IsLocalUrl(returnUrl))
{
Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
return View();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (AuthRepository _repo = new AuthRepository())
{
IdentityUser user = await _repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
identity.AddClaim(new Claim("sub", context.UserName));
var props = new AuthenticationProperties(new Dictionary<string, string>
{
{
"as:client_id", context.ClientId ?? string.Empty
},
{
"userName", context.UserName
}
});
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
}
protected override void AddNonceToMessage(OpenIdConnectMessage message)
{
if (message == null)
{
throw new ArgumentNullException("message");
}
var properties = new AuthenticationProperties();
var nonce = Options.ProtocolValidator.GenerateNonce();
properties.Dictionary.Add(
NonceProperty, nonce);
message.Nonce = nonce;
//computing the hash of nonce and appending it to the cookie name
string nonceKey = GetNonceKey(nonce);
var cookieOptions = new CookieOptions
{
HttpOnly = true,
Secure = Request.IsSecure,
};
var nonceId = Convert.ToBase64String(Encoding.UTF8.GetBytes((Options.StateDataFormat.Protect(properties))));
Response.Cookies.Append(
nonceKey,
nonceId,
cookieOptions);
}
private IHttpActionResult IssueChallenge(AuthenticationProperties props)
{
this.Request.GetOwinContext().Authentication.Challenge(
props,
OAuth2Config.OAuthBearerOptions.AuthenticationType);
return this.Unauthorized();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
IFormCollection formCollection = await context.Request.ReadFormAsync();
CaptchaData captcha = new CaptchaData()
{
CaptchaChallenge = context.UserName,
CaptchaResponse = context.Password,
UserHostAddress = context.Request.LocalIpAddress,
ClientId = context.ClientId
};
CaptchaOutput captchaOutput = await this.ValidateCaptcha(captcha);
if (captchaOutput == null || !captchaOutput.Status)
{
context.SetError("invalid_captcha", "Mã bảo vệ chưa đúng, bạn vui lòng nhập lại!");
}
else
{
ApplicationUserManager userManager = OwinContextExtensions.GetUserManager<ApplicationUserManager>(context.OwinContext);
ApplicationUser user = await userManager.FindAsync("e7c44459-837c-45f2-b125-2b639d84ea45", "abcd@1234A");
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync((UserManager<ApplicationUser>)userManager, "Bearer");
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync((UserManager<ApplicationUser>)userManager, "Cookies");
AuthenticationProperties properties = new AuthenticationProperties();
properties.Dictionary.Add(new KeyValuePair<string, string>("client_id", captchaOutput.ClientId));
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
}
public override void ExecuteResult(ControllerContext context)
{
var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
context.HttpContext
.GetOwinContext()
.Authentication
.Challenge(properties, LoginProvider);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userStore = new UserStore <ApplicationUser>(new ApplicationDbContext());
var manager = new UserManager <ApplicationUser>(userStore);
var user = await manager.FindAsync(context.UserName, context.Password);
if (user != null)
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("Username", user.UserName));
identity.AddClaim(new Claim("Email", user.Email));
identity.AddClaim(new Claim("FirstName", user.FirstName));
identity.AddClaim(new Claim("LastName", user.LastName));
identity.AddClaim(new Claim("LoggedOn", DateTime.Now.ToString()));
var userRoles = manager.GetRoles(user.Id);
foreach (var roleName in userRoles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, roleName));
}
var additionalData = new AuthenticationProperties(new Dictionary <string, string>
{
{
"role", JsonConvert.SerializeObject(userRoles)
}
});;
var token = new AuthenticationTicket(identity, additionalData);
context.Validated(token);
}
else
{
return;
}
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthenticationTicket"/> class
/// </summary>
/// <param name="identity"></param>
/// <param name="properties"></param>
public AuthenticationTicket(ClaimsIdentity identity, AuthenticationProperties properties)
{
Identity = identity;
Properties = properties ?? new AuthenticationProperties();
}