public ActionResult AuthorizeExternalAccess() { //var pendingRequest = this.authorizationServer.ReadAuthorizationRequest(Request); var authorizationRequest = Session["AuthorizationRequest"] as OpenIdConnectAuthorizationRequest; if (authorizationRequest == null) { throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request."); } var requestingClient = MvcApplication.registeredUsers.FirstOrDefault(c => c.Email == User.Identity.Name); var model = new AlhambraOAuth2Authorization { UserId = User.Identity.Name, AuthorizedAt = DateTime.UtcNow, Scope = authorizationRequest.scope, AuthorizationRequest = authorizationRequest, State = authorizationRequest.state }; MvcApplication.registeredAuthorizations.Add(model); return(View(model)); }
public ActionResult AuthorizeExternalAccessResponse(bool isApproved) { var authorizationRequest = Session["AuthorizationRequest"] as OpenIdConnectAuthorizationRequest; if (authorizationRequest == null) { throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request."); } if (isApproved) { var client = MvcApplication.registeredUsers.FirstOrDefault(c => c.Email == User.Identity.Name); string newCode = GenerateHexEncodedGUI(); //register the new code and set the 'used' flag as false MvcApplication.codesGenerated.Add(newCode, false); Guid newAccessToken = Guid.NewGuid(); Guid newRefreshToken = Guid.NewGuid(); MvcApplication.tokensGenerated.Add(newAccessToken, newRefreshToken); var model = new AlhambraOAuth2Authorization { AccessToken = newAccessToken.ToString(), RefreshToken = newRefreshToken.ToString(), AuthorizationRequest = authorizationRequest, ExpiresAt = DateTime.Now.AddMinutes(2), AuthorizedAt = DateTime.UtcNow, Scope = authorizationRequest.scope, UserId = client.Email, Code = newCode, State = authorizationRequest.state }; var account = MvcApplication.registeredAuthorizations.FirstOrDefault(x => x.UserId == User.Identity.Name); //update existent info account.AccessToken = newAccessToken.ToString(); account.RefreshToken = newRefreshToken.ToString(); account.Code = newCode; account.ExpiresAt = DateTime.Now.AddMinutes(2); account.AuthorizedAt = DateTime.UtcNow; string url = authorizationRequest.redirect_uri + "?code=" + model.Code + "&state=" + model.State; return(Redirect(url.ToString())); } else { throw new HttpException((int)HttpStatusCode.Unauthorized, "Missing authorization request."); } }
public ActionResult UserInfo() { var authorizationRequest = Session["AuthorizationRequest"] as OpenIdConnectAuthorizationRequest; AlhambraOAuth2Authorization authorization = null; RegisteredUser registeredUser = null; if (HttpContext.Request.Headers["Authorization"].StartsWith("Bearer ", StringComparison.InvariantCultureIgnoreCase)) { string accessToken = ASCIIEncoding.ASCII.GetString(Convert.FromBase64String(HttpContext.Request.Headers["Authorization"].Substring(7))); if (String.IsNullOrEmpty(accessToken)) { throw new HttpException((int)HttpStatusCode.Unauthorized, "The credentials are invalid"); } if (!(MvcApplication.registeredAuthorizations.Exists(x => x.AccessToken == accessToken))) { throw new HttpException((int)HttpStatusCode.Unauthorized, "The access token is invalid"); } else { authorization = MvcApplication.registeredAuthorizations.FirstOrDefault(x => x.AccessToken == accessToken); registeredUser = MvcApplication.registeredUsers.FirstOrDefault(x => x.Email == authorization.UserId); } } else { throw new HttpException((int)HttpStatusCode.Unauthorized, "The authorization request only supports Bearer Token Usage"); } OAuth2Graph graph = new OAuth2Graph() { Id = registeredUser.Id }; //use the scopes if (authorizationRequest.scope.Contains(OpenIdConnectScopes.OpenId)) { foreach (string scope in authorizationRequest.scope.Split(' ')) { switch (scope) { case OpenIdConnectScopes.Profile: graph.FirstName = registeredUser.FirstName; graph.LastName = registeredUser.LastName; graph.FullName = registeredUser.FullName; graph.Profile = registeredUser.Profile; graph.Email = registeredUser.Email; break; case OpenIdConnectScopes.Email: graph.Email = registeredUser.Email; break; case OpenIdConnectScopes.FirstName: graph.FirstName = registeredUser.FirstName; break; case OpenIdConnectScopes.LastName: graph.FirstName = registeredUser.LastName; break; } } } else { throw new HttpException((int)HttpStatusCode.BadRequest, "The request is not valid"); } string result = JsonConvert.SerializeObject(graph); return(Content(result, "application/json")); }