示例#1
0
        public async Task <IActionResult> Exchange(OpenIdConnectRequest request)
        {
            if (request.IsPasswordGrantType())
            {
                // Validate the user credentials.
                // Note: to mitigate brute force attacks, you SHOULD strongly consider
                // applying a key derivation function like PBKDF2 to slow down
                // the password validation process. You SHOULD also consider
                // using a time-constant comparer to prevent timing attacks.

                var user = await _userService.GetByName(request.Username);

                // || !PasswordHelper.CheckPassword(user, request.Password)
                if (user == null || !PasswordHelper.CompareHash(request.Password, user.Password, user.Salt))
                {
                    return(Forbid(OpenIdConnectServerDefaults.AuthenticationScheme));
                }
                // Create a new ClaimsIdentity holding the user identity.
                var identity = new ClaimsIdentity(
                    OpenIdConnectServerDefaults.AuthenticationScheme,
                    OpenIdConnectConstants.Claims.Name,
                    OpenIdConnectConstants.Claims.Role);
                // Add a "sub" claim containing the user identifier, and attach
                // the "access_token" destination to allow OpenIddict to store it
                // in the access token, so it can be retrieved from your controllers.
                identity.AddClaim(OpenIdConnectConstants.Claims.Name, user.UserName,
                                  OpenIdConnectConstants.Destinations.AccessToken);
                identity.AddClaim(OpenIdConnectConstants.Claims.Subject, user.UserId.ToString(),
                                  OpenIdConnectConstants.Destinations.AccessToken);
                identity.AddClaim(OpenIdConnectConstants.Claims.Role, (await _roleService.GetRoleById(user.RoleId)).Name,
                                  OpenIdConnectConstants.Destinations.AccessToken);
                // ... add other claims, if necessary.
                var principal = new ClaimsPrincipal(identity);
                // Ask OpenIddict to generate a new token and return an OAuth2 token response.
                return(SignIn(principal, OpenIdConnectServerDefaults.AuthenticationScheme));
            }
            throw new InvalidOperationException("The specified grant type is not supported.");
        }
示例#2
0
 private bool ComparePassword(string clearPassword, string transformedPassword)
 {
     return(PasswordHelper.CompareHash(clearPassword, transformedPassword));
 }