public async Task <IHttpActionResult> RegisterWithExternalToken(LoginWithExternalTokenBindingModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } // validate token ExternalLoginData externalLogin = await FromToken(model.Provider, model.ExternalToken); if (externalLogin == null) { return(BadRequest("External login could not be found")); } if (externalLogin.LoginProvider != model.Provider) { Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie); return(BadRequest("Login provider does not match")); } var passedLoginInfo = new UserLoginInfo(externalLogin.LoginProvider, externalLogin.ProviderKey); // if we reached this point then token is valid, so query the user var user = await UserManager.FindAsync(passedLoginInfo); bool hasRegistered = user != null; if (!hasRegistered) { // the user has not been registered into the database yet // first we need to retrieve info for the user and register him/her user = await RetrieveUserDetailsWithProvider(model.Provider, model.ExternalToken); var result = await UserManager.CreateAsync(user); if (result.Succeeded) { var userLoginInfo = new UserLoginInfo(externalLogin.LoginProvider, externalLogin.ProviderKey); result = await UserManager.AddLoginAsync(user.Id, userLoginInfo); if (result.Succeeded) { // TODO: gseng - add this user to the "asp_net_user_roles" table AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName); Authentication.SignIn(properties); } } } else { AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName); Authentication.SignIn(properties); } return(Ok()); }
public async Task <IHttpActionResult> LoginWithExternalToken(LoginWithExternalTokenBindingModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } // validate token ExternalLoginData externalLogin = await FromToken(model.Provider, model.ExternalToken); if (externalLogin == null) { return(BadRequest("External login could not be found")); } if (externalLogin.LoginProvider != model.Provider) { Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie); return(BadRequest("Login provider does not match")); } var passedLoginInfo = new UserLoginInfo(externalLogin.LoginProvider, externalLogin.ProviderKey); // if we reached this point then token is valid, so query the user var user = await UserManager.FindAsync(passedLoginInfo); bool hasRegistered = user != null; if (!hasRegistered) { return(BadRequest("User has not been registered yet, must be a business error.")); } else { ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookieIdentity = await user.GenerateUserIdentityAsync(UserManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName); Authentication.SignIn(properties, oAuthIdentity, cookieIdentity); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, user.UserName)); oAuthIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id)); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties()); DateTime currentUtc = DateTime.UtcNow; ticket.Properties.IssuedUtc = currentUtc; ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromDays(365)); string accessToken = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket); Request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken); int expiryInDays = int.Parse(ConfigurationManager.AppSettings["TokenExpiryInDays"]); // Create the response building a JSON object that mimics exactly the one issued by the default /Token endpoint JObject token = new JObject( new JProperty("userName", user.UserName), new JProperty("access_token", accessToken), new JProperty("token_type", "bearer"), new JProperty("expires_in", TimeSpan.FromDays(expiryInDays).TotalSeconds.ToString()), new JProperty("issued", currentUtc.ToString("ddd, dd MMM yyyy HH':'mm':'ss 'GMT'", CultureInfo.InvariantCulture)), new JProperty("expires", currentUtc.Add(TimeSpan.FromDays(expiryInDays)).ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'", CultureInfo.InvariantCulture)) ); return(Ok(token)); } }