public async Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { var param = request.Raw.Get("win_token"); if (string.IsNullOrWhiteSpace(param)) { return(await Task.FromResult(new CustomGrantValidationResult("Missing parameter win_token."))); } var principal = TryValidateToken(param, request.Options.SigningCertificate); var nameIdentifierClaim = principal.Claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier); if (nameIdentifierClaim == null) { return(await Task.FromResult(new CustomGrantValidationResult("Missing NameIdentifier claim in win_token."))); } var authenticationResult = await AuthenticateUserAsync(nameIdentifierClaim.Value, principal.Claims); var customGrantResult = new CustomGrantValidationResult() { IsError = authenticationResult.IsError, Error = authenticationResult.ErrorMessage, ErrorDescription = authenticationResult.ErrorMessage, Principal = authenticationResult.User }; return(await Task.FromResult(customGrantResult)); }
Task <CustomGrantValidationResult> ICustomGrantValidator.ValidateAsync(ValidatedTokenRequest request) { CustomGrantValidationResult grantResult = null; var param = request.Raw.Get("token"); if (string.IsNullOrWhiteSpace(param)) { grantResult = new CustomGrantValidationResult(Constants.TokenErrors.InvalidRequest); } var result = _validator.ValidateAccessTokenAsync(param).Result; if (result.IsError) { grantResult = new CustomGrantValidationResult(result.Error); } var subjectClaim = result.Claims.FirstOrDefault(x => x.Type == "sub"); if (subjectClaim == null) { grantResult = new CustomGrantValidationResult(Constants.TokenErrors.InvalidRequest); } if (grantResult == null) { grantResult = new CustomGrantValidationResult(subjectClaim.Value, "access_token"); } return(Task.FromResult(grantResult)); }
/// <inheritdoc/> public async Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { CustomGrantValidationResult result = await this.Validator.ValidateAsync(request); var userId = result.Principal.Claims.FirstOrDefault(v => v.Type == Constants.ClaimTypes.Subject)?.Value; var userName = result.Principal.Claims.FirstOrDefault(v => v.Type == Constants.ClaimTypes.Name)?.Value; if (!result.IsError) { await this.Logger?.UserSignedInAsync( userId : userId, userName : userName, clientId : request.Client?.ClientId, clientName : request.Client?.ClientName); } else { await this.Logger?.UnsuccessfulSigningInAsync( userName : userName, clientId : request.Client?.ClientId, clientName : request.Client?.ClientName, reason : result?.ErrorDescription); } return(result); }
/// <inheritdoc/> public async Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { string userName = request.Raw.Get("name"); IdSrvUserDto user = await this.UserRepository.GetUserByUserNameAsync(userName); IdSrvClientDto client = await this.ClientRepository.GetClientByIdAsync(request.Client.ClientId); string password = request.Raw.Get("password"); // Выполняем проверку учетки пользователя // Значение ContextType.Machine для домена вероятно надо будет поменять на ContextType.Domain (не тестировал) var pc = new PrincipalContext(ContextType.Machine); bool isCredentialValid = false; if (user != null && !user.IsBlocked && client != null && !client.IsBlocked) { isCredentialValid = pc.ValidateCredentials(userName, password); } var authResult = new AuthenticateResult( subject: user != null ? user.Id.ToString() : "-", name: userName); var grantResult = new CustomGrantValidationResult { IsError = !isCredentialValid, Error = authResult.ErrorMessage, ErrorDescription = (user != null && user.IsBlocked) ? $"User \"{userName}\" is blocked" : authResult.ErrorMessage, Principal = authResult.User, }; return(grantResult); }
public Task <CustomGrantValidationResult> ValidateAsync(string userName, string password, ValidatedTokenRequest request) { if (userName == password) { var result = new CustomGrantValidationResult(request.UserName, "password"); return(Task.FromResult(result)); } else { var result = new CustomGrantValidationResult("Username and/or password incorrect"); return(Task.FromResult(result)); } }
Task <CustomGrantValidationResult> ICustomGrantValidator.ValidateAsync(ValidatedTokenRequest request) { var param = request.Raw.Get("some_custom_parameter"); if (string.IsNullOrWhiteSpace(param)) { return(Task.FromResult <CustomGrantValidationResult>( new CustomGrantValidationResult("Missing parameters."))); } // bob has to exist in the user db. var result = new CustomGrantValidationResult("bob", "customGrant"); return(Task.FromResult(result)); }
public Task <customgrantvalidationresult> ValidateAsync(string userName, string password, ValidatedTokenRequest request) { // Check The UserName And Password In Database, Return The Subject If Correct, Return Null Otherwise // subject = ...... if (subject == null) { var result = new CustomGrantValidationResult("Username Or Password Incorrect"); return(Task.FromResult(result)); } else { var result = new CustomGrantValidationResult(subject, "password"); return(Task.FromResult(result)); } }
public Task <CustomGrantValidationResult> ValidateAsync(ValidatedTokenRequest request) { var accessToken = request.Raw.Get("access_token"); var identity = JwtUtils.ValidateToken(new Uri("https://login.microsoftonline.com/opcfoundationprototyping.onmicrosoft.com"), "https://localhost:62540/prototypeserver", accessToken); IssuedIdentityToken token = identity.GetIdentityToken() as IssuedIdentityToken; JwtSecurityToken azureToken = new JwtSecurityToken(new UTF8Encoding(false).GetChars(token.DecryptedTokenData).ToString()); var scope = request.Raw.Get("scope"); var nonce = request.Raw.Get("nonce"); DateTime now = DateTime.UtcNow; double maxClockSkewInMinutes = 10; if (azureToken.ValidFrom.AddMinutes(-maxClockSkewInMinutes) > now || azureToken.ValidTo.AddMinutes(maxClockSkewInMinutes) < now) { return(Task.FromResult(new CustomGrantValidationResult( "Access token provided with the request has expired (" + azureToken.ValidTo.ToLocalTime().ToString("yyy-MM-dd HH:mm:ss") + ") or is not yet valid (" + azureToken.ValidFrom.ToLocalTime().ToString("yyy-MM-dd HH:mm:ss") + ")."))); } List <Claim> claims = new List <Claim>(); string subject = request.Client.ClientId; foreach (var claim in azureToken.Claims) { switch (claim.Type) { case "unique_name": { subject = claim.Value; claims.Add(claim); break; } case "name": { claims.Add(claim); break; } } } claims.Add(new Claim("nonce", nonce)); request.Client.AccessTokenLifetime = (int)(azureToken.ValidTo - now).TotalSeconds; var result = new CustomGrantValidationResult( subject, "site_token", claims, "gds"); return(Task.FromResult(result)); }
public Task <CustomGrantValidationResult> ValidateAsync(string userName, string password, ValidatedTokenRequest request) { bool validCredential = _userRepository.ValidateCredentials(userName, password); if (validCredential) { var user = _userRepository.FindByName(userName); //CustomGrantValidationResult 传入的subject,和Claims参数,将会在GetProfileDataAsync中被获取到, //并用于生成access_token var result = new CustomGrantValidationResult(user.Id, "password"); return(Task.FromResult(result)); } else { var result = new CustomGrantValidationResult("Username Or Password Incorrect"); return(Task.FromResult(result)); } }
public Task <CustomGrantValidationResult> ValidateAsync(string userName, string password, ValidatedTokenRequest request) { var user = GetUserByLogin(userName); if (user != null && user.Password == password) { var result = new CustomGrantValidationResult(user.Login, "password", new[] { new Claim(JwtClaimTypes.Name, user.Name), new Claim(JwtClaimTypes.FamilyName, user.Surname) }); return(Task.FromResult(result)); } else { var result = new CustomGrantValidationResult("Username Or Password Incorrect"); return(Task.FromResult(result)); } }
Task <CustomGrantValidationResult> IResourceOwnerPasswordValidator.ValidateAsync(string userName, string password, ValidatedTokenRequest request) { // Check The UserName And Password In Database, Return The Subject If Correct, Return Null Otherwise string subject = null; if (userName == "*****@*****.**" && password == "Oryx@101") { subject = "*****@*****.**"; } if (subject == null) { var result = new CustomGrantValidationResult("Username Or Password Incorrect"); return(Task.FromResult(result)); } else { var result = new CustomGrantValidationResult(subject, "password"); return(Task.FromResult(result)); } }
Task <CustomGrantValidationResult> ICustomGrantValidator.ValidateAsync(ValidatedTokenRequest request) { CustomGrantValidationResult grantResult = null; var param = request.Raw.Get("token"); if (string.IsNullOrWhiteSpace(param)) { grantResult = new CustomGrantValidationResult(Constants.TokenErrors.InvalidRequest); } var result = _validator.ValidateAccessTokenAsync(param).Result; if (result.IsError) { grantResult = new CustomGrantValidationResult(result.Error); } var subjectClaim = result.Claims.FirstOrDefault(x => x.Type == "sub"); if (subjectClaim == null) { grantResult = new CustomGrantValidationResult(Constants.TokenErrors.InvalidRequest); } if (grantResult == null) { var subject = subjectClaim.Value; grantResult = new CustomGrantValidationResult(subject, "access_token", new Claim[] { new Claim(P5.IdentityServerCore.Constants.ClaimTypes.AccountGuid, Guid.NewGuid().ToString()), }); } return(Task.FromResult(grantResult)); }