public override Task ValidateIdentity(OAuthValidateIdentityContext context) { var ipToken = context.Ticket.Properties.Dictionary["UserIp"]; var ipRequest = context.Request.RemoteIpAddress; if (!ipToken.Equals(ipRequest)) { context.Rejected(); context.SetError("MENSAJE_ERROR_TOKEN_IP_INVALIDA"); return(Task.FromResult <object>(null)); } if (context.Request.Headers.ContainsKey("Authorization")) { var tokenRequest = context.Request.Headers["Authorization"].Replace("Bearer ", "").Trim(); var strIdUsuario = context.Ticket.Properties.Dictionary["IdUsuario"]; //var tokenTaskHelper = TokenTaskHelper.GetInstance(); var tokenUsuario = TokenTaskHelper.GetToken(strIdUsuario); if (tokenUsuario == null || !tokenUsuario.Equals(tokenRequest)) { var login = new LoginController(); var idUsuario = Int64.Parse(strIdUsuario); var tokenAux = login.GetTokenUsuario(idUsuario); tokenUsuario = TokenTaskHelper.SetToken(strIdUsuario, tokenAux); } if (!tokenUsuario.Equals(tokenRequest)) { context.Rejected(); context.SetError("MENSAJE_ERROR_TOKEN_USUAIRO_INCONSISTENTE"); return(Task.FromResult <object>(null)); } } return(base.ValidateIdentity(context)); }
bool checkInjection(OAuthValidateIdentityContext context) { bool isInvalid = false; foreach (string key in HttpContext.Current.Request.QueryString) { if (CheckInput(HttpContext.Current.Request.QueryString[key], key, context)) { isInvalid = true; break; } } foreach (string key in HttpContext.Current.Request.Form) { if (CheckInput(HttpContext.Current.Request.Form[key], key, context)) { isInvalid = true; break; } } foreach (string key in HttpContext.Current.Request.Cookies) { if (CheckInput(HttpContext.Current.Request.Cookies[key].Value, key, context)) { isInvalid = true; break; } } return(isInvalid); }
/// <summary> /// Handles processing OAuth bearer token. /// </summary> /// <param name="context"></param> /// <returns></returns> public virtual Task RequestToken(OAuthRequestTokenContext context) { var idContext = new OAuthValidateIdentityContext(context.OwinContext, null, null); this.ValidateIdentity(idContext); return(Task.FromResult <int>(0)); }
private Task AddClaim(OAuthValidateIdentityContext context) { var userName = context.Ticket.Identity.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier).Value; context.Ticket.Identity.AddClaim(new Claim(ClaimTypes.Name, userName)); return(Task.CompletedTask); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { var claims = context.Ticket.Identity.Claims; //examine claims here base.ValidateIdentity(context); return(Task.FromResult <object>(null)); }
public override async Task ValidateIdentity(OAuthValidateIdentityContext context) { var result = base.ValidateIdentity(context); if (context.IsValidated) { var ticket = context.Ticket; if (ticket != null && ticket.Identity.IsAuthenticated && ticket.Properties.ExpiresUtc > DateTime.UtcNow) { string name = ticket.Identity.Name; if (!string.IsNullOrEmpty(name)) { ApplicationUser u = await _repo.FindUserByUserName(name); if (u == null)//TODO: put your server side condition here { context.SetError("User Not found!"); } else if (u.IsSuspend.HasValue && u.IsSuspend.Value) { context.SetError("User Has Suspended!"); } } } } //return result; }
public Task ValidateIdentity(OAuthValidateIdentityContext context) { //為了回傳Task void, 隨便傳入一個值 return(Task.FromResult(0)); //.net framework 4.6才有 //return Task.CompletedTask }
/// <summary> /// Called each time a request identity has been validated by the middleware. By implementing this method the /// application may alter or reject the identity which has arrived with the request. /// </summary> /// <param name="context">Contains information about the login session as well as the user <see cref="T:System.Security.Claims.ClaimsIdentity" />.</param> /// <returns> /// A <see cref="T:System.Threading.Tasks.Task" /> representing the completed operation. /// </returns> public Task ValidateIdentity(OAuthValidateIdentityContext context) { if (_inner != null) { return(_inner.ValidateIdentity(context)); } return(Task.FromResult(0)); }
private static Task OnValidateIdentity(OAuthValidateIdentityContext context) { var calimsIdentity = context.Ticket.Identity; //Add custom claim if needed calimsIdentity.AddClaim(new Claim("ClaimType", "ClaimValue")); return(Task.FromResult <int>(0)); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { var claims = context.Ticket.Identity.Claims; if (claims.Count() == 0 || claims.Any(claim => claim.Issuer != "Facebook" && claim.Issuer != "Twitter" && claim.Issuer != "LOCAL_AUTHORITY")) { context.Rejected(); } return(Task.FromResult <object>(null)); }
// This validates the identity based on the issuer of the claim. // The issuer is set in the API endpoint that logs the user in public override Task ValidateIdentity(OAuthValidateIdentityContext context) { IEnumerable <Claim> claims = context.Ticket.Identity.Claims; if (null == claims || 0 == claims.Count() || claims.Any(claim => claim.Issuer.ToString() != "Facebook" && claim.Issuer.ToString() != "Google" && claim.Issuer.ToString() != "LOCAL_AUTHORITY")) { context.Rejected(); } return(Task.FromResult <object>(null)); }
/// <summary> /// Handles validating the identity produced from an OAuth bearer token. /// </summary> /// <param name="context">The identity context.</param> /// <returns>The task for asynchronous operations.</returns> public override Task ValidateIdentity(OAuthValidateIdentityContext context) { // Get Claims to find out if user actually is permitted to actual api // Then you can add an attribute over the api method to define what role // the user needs to that funtionality var claims = context.Ticket.Identity.Claims; return(base.ValidateIdentity(context)); }
// This validates the identity based on the issuer of the claim. // The issuer is set in the API endpoint that logs the user in public override Task ValidateIdentity(OAuthValidateIdentityContext context) { IEnumerable <Claim> claims = context.Ticket.Identity.Claims; if (!claims.Any() || claims.Any(claim => claim.Type != "GoogleAccessToken")) // modify claim name { context.Rejected(); } return(Task.FromResult <object>(null)); }
// This validates the identity based on the issuer of the claim. // The issuer is set in the API endpoint that logs the user in public override Task ValidateIdentity(OAuthValidateIdentityContext context) { var claims = context.Ticket.Identity.Claims; var enumerable = claims as Claim[] ?? claims.ToArray(); if (!enumerable.Any() || enumerable.Any(claim => claim.Issuer != "Facebook" && claim.Issuer != "LOCAL_AUTHORITY")) { context.Rejected(); } return(Task.FromResult <object>(null)); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { base.OnValidateIdentity(context); _oidcNotificationHandlerService.OnAuthenticationSuccess( new AuthenticationSuccessMessage() { Identity = context.Ticket.Identity } ); return(Task.FromResult(0)); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { if (context == null) { throw new ArgumentNullException("context"); } if (context.Ticket.Identity.Claims.Any(c => c.Issuer != ClaimsIdentity.DefaultIssuer)) { context.Rejected(); } return(Task.FromResult <object>(null)); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { var identity = context.Ticket?.Identity; var userIdClaim = identity?.Claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier); if (userIdClaim == null) { context.Rejected(); } return(base.ValidateIdentity(context)); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { var claims = context.Ticket.Identity.Claims; var enumerable = claims as IList <Claim> ?? claims.ToList(); if (!enumerable.Any() || enumerable.Any(claim => claim.Issuer != ClaimsIdentity.DefaultIssuer)) { context.Rejected(); } return(Task.FromResult <object>(null)); }
/// <summary> /// Handles validating the identity produced from an OAuth bearer token. /// </summary> /// <param name="context"></param> /// <returns></returns> public virtual Task ValidateIdentity(OAuthValidateIdentityContext context) { try { if (!context.Request.Headers.ContainsKey("Authorization")) { return(Task.FromResult <object>(null)); } // Retrieve the JWT token in Authorization Header var jwt = context.Request.Headers["Authorization"].Replace("Bearer ", string.Empty); var handler = new JwtSecurityTokenHandler(); var token = new JwtSecurityToken(jwt); var claimIdentity = new ClaimsIdentity(token.Claims, DefaultAuthenticationTypes.ExternalBearer); var param = new TokenValidationParameters { ValidateAudience = true, // Make this false if token was generated without clientId ValidAudience = "8ebd73587a354f948ec-93260410010c", //Replace with Client Id Registered on CRM. Token should have been fetched with the same clientId. ValidateIssuer = true, IssuerSigningKey = _signingKey, IssuerValidator = (issuer, securityToken, parameters) => { var allowed = GetAllowedPortal().Trim().ToLowerInvariant(); if (issuer.ToLowerInvariant().Equals(allowed)) { return(issuer); } throw new Exception("Token Issuer is not a known Portal"); } }; SecurityToken validatedToken = null; handler.ValidateToken(token.RawData, param, out validatedToken); var claimPrincipal = new ClaimsPrincipal(claimIdentity); context.Response.Context.Authentication.User = claimPrincipal; context.Validated(claimIdentity); } catch (Exception exception) { System.Diagnostics.Debug.WriteLine(exception); return(null); } return(Task.FromResult <object>(null)); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { var wispContext = context.GetWispContext(); wispContext.SetIdentity(context); if (wispContext.CurrentUser == null || !wispContext.CurrentUser.Active) { throw new WispHttpException(System.Net.HttpStatusCode.Unauthorized); } context.Validated(); return(Task.FromResult(0)); }
private bool CheckInput(string parameter, string KEY, OAuthValidateIdentityContext context) { bool isInvalid = false; for (int i = 0; i < blackList.Length; i++) { if ((parameter.IndexOf(blackList[i], StringComparison.OrdinalIgnoreCase) >= 0)) { isInvalid = true; break; } } return(isInvalid); }
public Task ValidateIdentity(OAuthValidateIdentityContext context) { // if token valid var userGuid = context.Ticket.Identity.Claims.Where(c => c.Type == "UserGuid").First().Value; if (!memCache.Contains(userGuid, null)) { context.Rejected(); // if i want to reject the token return(null); } return(Task.FromResult <object>(null)); }
public override System.Threading.Tasks.Task ValidateIdentity(OAuthValidateIdentityContext context) { if (context == null) { throw new ArgumentNullException("context"); } if (context.Ticket.Identity.Claims.Any(c => c.Issuer != "LOCAL AUTHORITY")) { context.Rejected(); } return(Task.FromResult <object>((object)null)); }
// This validates the identity based on the issuer of the claim. // The issuer is set in the API endpoint that logs the user in public override Task ValidateIdentity(OAuthValidateIdentityContext context) { UserManager <ApplicationUser> userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); var user = userManager.FindById(context.Ticket.Identity.GetUserId()); var claims = context.Ticket.Identity.Claims; if (user == null || (claims.FirstOrDefault(claim => claim.Type == "AspNet.Identity.SecurityStamp") == null || claims.Any(claim => claim.Type == "AspNet.Identity.SecurityStamp" && !claim.Value.Equals(user.SecurityStamp)))) { // Client could not be validated. context.SetError("invalid_token", "Client token is invalid."); context.Rejected(); } return(Task.FromResult <object>(null)); //return Simple.FromResult(0); }
public Task ValidateIdentity(OAuthValidateIdentityContext context) { System.Security.Claims.Claim claim = context.Ticket.Identity.Claims.Where(x => x.Type == "userGetwayIP" && x.Value.ToString() == HttpContext.Current.Request.UserHostAddress.ToString()).FirstOrDefault(); if (claim == null) { context.SetError("Inform that you are a good boy :) don't try this step again"); context.Rejected(); context.Response.StatusCode = 400; } else if (checkInjection(context)) { context.SetError("Not acceptable input"); context.Rejected(); context.Response.StatusCode = 406; } return(Task.FromResult <object>(null)); }
public async Task ValidateIdentity(OAuthValidateIdentityContext context) { if (context == null) { throw new ArgumentNullException("context"); } if (context.Ticket.Identity.Claims.Count() == 0) { context.Rejected(); } else if (context.Ticket.Identity.Claims.All(c => c.Issuer == ClaimsIdentity.DefaultIssuer)) { context.Rejected(); } else { var accessToken = context.Ticket.Identity.FindFirst(Security.ClaimTypes.AccessToken); if (accessToken != null && !string.IsNullOrEmpty(accessToken.Value)) { try { var response = await "https://www.googleapis.com/oauth2/v3/tokeninfo" .SetQueryParam("access_token", accessToken.Value) .GetAsync(); if (!response.IsSuccessStatusCode) { context.Rejected(); } else { context.Validated(); } } catch (FlurlHttpException ex) { context.Rejected(); } } else { context.Rejected(); } } }
public Task ValidateIdentity(OAuthValidateIdentityContext context) { if (!string.IsNullOrEmpty(token)) { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters() { ValidAudience = "all", IssuerSigningToken = new BinarySecretSecurityToken(Convert.FromBase64String("KJiuweUH2234KJBJbkjk234234fgdfc56566")), ValidIssuer = "http://vcdbpoc-staging.azurewebsites.net" }; try { SecurityToken securityToken; var claimsPrinciple = tokenHandler.ValidateToken(token, validationParameters, out securityToken); context.Validated(new ClaimsIdentity(claimsPrinciple.Claims, OAuthDefaults.AuthenticationType)); return(Task.FromResult(0)); } catch (Exception ex) { context.Rejected(); return(Task.FromResult(0)); } //var notPadded = token.Split('.')[1]; //var padded = notPadded.PadRight(notPadded.Length + (4 - notPadded.Length % 4) % 4, '='); //var urlUnescaped = padded.Replace('-', '+').Replace('_', '/'); //var claimsPart = Convert.FromBase64String(urlUnescaped); //var obj = JObject.Parse(Encoding.UTF8.GetString(claimsPart, 0, claimsPart.Length)); //// simple, not handling specific types, arrays, etc. //foreach (var prop in obj.Properties().AsJEnumerable()) //{ // if (!context.Ticket.Identity.HasClaim(prop.Name, prop.Value.Value<string>())) // { // context.Ticket.Identity.AddClaim(new Claim(prop.Name, prop.Value.Value<string>())); // } //} } context.Rejected(); return(Task.FromResult(0)); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { var identity = context.Ticket?.Identity; var masterIdClaim = identity?.Claims.FirstOrDefault(x => x.Type == "masterId"); if (masterIdClaim == null) { context.Rejected(); } else { var storedIdentity = this.principalStorage[masterIdClaim.Value]; if (storedIdentity == null) { context.Rejected(); } } return(base.ValidateIdentity(context)); }
private Task OnValidateIdentityHandle(OAuthValidateIdentityContext context) { var Db = new WIKIDbContext(); var cache = MemoryCache.Default; CacheItemPolicy policy = new CacheItemPolicy(); policy.AbsoluteExpiration = DateTimeOffset.FromUnixTimeSeconds(60 * 30); var userId = Guid.Parse(context.Ticket.Identity.FindFirst("sub").Value); var obj = cache.Get(userId.ToString()); if (obj == null) { var entity = Db.Account.Where(m => m.WUCC_UserId == userId).FirstOrDefault(); if (entity == null) { entity = new Account { WUCC_UserId = userId, Department = context.Ticket.Identity.Claims.FirstOrDefault(m => m.Type == "SalesDepartment").Value, UserName = context.Ticket.Identity.Name, FullName = context.Ticket.Identity.Claims.FirstOrDefault(m => m.Type == "FullName").Value, }; Db.Account.Add(entity); } else { entity.Department = context.Ticket.Identity.Claims.FirstOrDefault(m => m.Type == "SalesDepartment").Value; entity.UserName = context.Ticket.Identity.Name; entity.FullName = context.Ticket.Identity.Claims.FirstOrDefault(m => m.Type == "FullName").Value; } Db.SaveChanges(); cache.Add(userId.ToString(), entity, policy); } return(Task.FromResult(0)); }
public override Task ValidateIdentity(OAuthValidateIdentityContext context) { var result = base.ValidateIdentity(context); if (context.IsValidated) { var ticket = context.Ticket; if (ticket != null && ticket.Identity.IsAuthenticated && ticket.Properties.ExpiresUtc > DateTime.UtcNow) { if (1 == 2) //TODO: put your server side condition here { context.SetError("HaHa!"); } } } return(result); }