private HttpResponseMessage CreateTokenResponse(string userName, Client client, EndpointReference scope, string tokenType, bool includeRefreshToken) { var auth = new AuthenticationHelper(); var principal = auth.CreatePrincipal(userName, "OAuth2", new[] { new Claim(Constants.Claims.Client, client.Name), new Claim(Constants.Claims.Scope, scope.Uri.AbsoluteUri) }); if (!ClaimsAuthorization.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2)) { Tracing.Error("OAuth2 endpoint authorization failed for user: " + userName); return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant)); } var sts = new STS(); TokenResponse tokenResponse; if (sts.TryIssueToken(scope, principal, tokenType, out tokenResponse)) { if (includeRefreshToken) { tokenResponse.RefreshToken = CodeTokenRepository.AddCode(CodeTokenType.RefreshTokenIdentifier, client.ID, userName, scope.Uri.AbsoluteUri); } var resp = Request.CreateResponse(HttpStatusCode.OK, tokenResponse); return(resp); } return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest)); }
private ActionResult PerformImplicitGrant(AuthorizeRequest request, Client client) { var sts = new STS(); TokenResponse tokenResponse; if (sts.TryIssueToken( new EndpointReference(request.scope), ClaimsPrincipal.Current, Configuration.Global.DefaultHttpTokenType, out tokenResponse)) { var tokenString = string.Format("access_token={0}&token_type={1}&expires_in={2}", tokenResponse.AccessToken, tokenResponse.TokenType, tokenResponse.ExpiresIn); if (!string.IsNullOrEmpty(request.state)) { tokenString = string.Format("{0}&state={1}", tokenString, Server.UrlEncode(request.state)); } var redirectString = string.Format("{0}#{1}", client.RedirectUri.AbsoluteUri, tokenString); return(Redirect(redirectString)); } // return right error code return(ClientError(client.RedirectUri, OAuth2Constants.Errors.InvalidRequest, request.response_type, request.state)); }
private void CreateTokenButton_Click(object sender, RoutedEventArgs e) { var principal = Principal.Create("InMemory", new Claim(ClaimTypes.Name, UserName.Text)); var tokenType = GetTokenType(); var sts = new STS(); SecurityToken token; var success = sts.TryIssueToken( new EndpointReference(Realm.Text), principal, tokenType, out token); if (success) { if (tokenType == TokenTypes.Saml2TokenProfile11 || tokenType == TokenTypes.Saml11TokenProfile11) { var xml = token.ToTokenXmlString(); Output.Text = XElement.Parse(xml).ToString(); } if (tokenType == TokenTypes.JsonWebToken) { var tokenString = new JsonWebTokenHandler().WriteToken(token); Output.Text = tokenString; } } else { throw new Exception("Error"); } }
public HttpResponseMessage Get(HttpRequestMessage request) { Tracing.Information("Simple HTTP endpoint called."); var query = request.GetQueryNameValuePairs(); var auth = new AuthenticationHelper(); var realm = query.FirstOrDefault(p => p.Key.Equals("realm", System.StringComparison.OrdinalIgnoreCase)).Value; var tokenType = query.FirstOrDefault(p => p.Key.Equals("tokenType", System.StringComparison.OrdinalIgnoreCase)).Value; if (string.IsNullOrWhiteSpace(realm)) { return(request.CreateErrorResponse(HttpStatusCode.BadRequest, "realm parameter is missing.")); } EndpointReference appliesTo; try { appliesTo = new EndpointReference(realm); Tracing.Information("Simple HTTP endpoint called for realm: " + realm); } catch { Tracing.Error("Malformed realm: " + realm); return(request.CreateErrorResponse(HttpStatusCode.BadRequest, "malformed realm name.")); } if (string.IsNullOrWhiteSpace(tokenType)) { tokenType = ConfigurationRepository.Global.DefaultHttpTokenType; } Tracing.Verbose("Token type: " + tokenType); TokenResponse tokenResponse; var sts = new STS(); if (sts.TryIssueToken(appliesTo, ClaimsPrincipal.Current, tokenType, out tokenResponse)) { var resp = request.CreateResponse <TokenResponse>(HttpStatusCode.OK, tokenResponse); return(resp); } else { return(request.CreateErrorResponse(HttpStatusCode.BadRequest, "invalid request.")); } }
private HttpResponseMessage ProcessResourceOwnerCredentialRequest(string userName, string password, EndpointReference appliesTo, string tokenType, Client client) { Tracing.Information("Starting resource owner password credential flow for client: " + client.Name); if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(password)) { Tracing.Error("Invalid resource owner credentials for: " + appliesTo.Uri.AbsoluteUri); return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant)); } var auth = new AuthenticationHelper(); ClaimsPrincipal principal; if (UserRepository.ValidateUser(userName, password)) { principal = auth.CreatePrincipal(userName, "OAuth2", new Claim[] { new Claim(Constants.Claims.Client, client.Name), new Claim(Constants.Claims.Scope, appliesTo.Uri.AbsoluteUri) }); if (!ClaimsAuthorization.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2)) { Tracing.Error("OAuth2 endpoint authorization failed for user: "******"Resource owner credential validation failed: " + userName); return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant)); } var sts = new STS(); TokenResponse tokenResponse; if (sts.TryIssueToken(appliesTo, principal, tokenType, out tokenResponse)) { var resp = Request.CreateResponse <TokenResponse>(HttpStatusCode.OK, tokenResponse); return(resp); } else { return(OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest)); } }
public HttpResponseMessage Get(HttpRequestMessage request) { Tracing.Information("Simple HTTP endpoint called."); var query = request.GetQueryNameValuePairs(); var auth = new AuthenticationHelper(); var realm = query.FirstOrDefault(p => p.Key.Equals("realm", System.StringComparison.OrdinalIgnoreCase)).Value; var tokenType = query.FirstOrDefault(p => p.Key.Equals("tokenType", System.StringComparison.OrdinalIgnoreCase)).Value; if (string.IsNullOrWhiteSpace(realm)) { return request.CreateErrorResponse(HttpStatusCode.BadRequest, "realm parameter is missing."); } EndpointReference appliesTo; try { appliesTo = new EndpointReference(realm); Tracing.Information("Simple HTTP endpoint called for realm: " + realm); } catch { Tracing.Error("Malformed realm: " + realm); return request.CreateErrorResponse(HttpStatusCode.BadRequest, "malformed realm name."); } if (string.IsNullOrWhiteSpace(tokenType)) { tokenType = ConfigurationRepository.Global.DefaultHttpTokenType; } Tracing.Verbose("Token type: " + tokenType); TokenResponse tokenResponse; var sts = new STS(); if (sts.TryIssueToken(appliesTo, ClaimsPrincipal.Current, tokenType, out tokenResponse)) { var resp = request.CreateResponse<TokenResponse>(HttpStatusCode.OK, tokenResponse); return resp; } else { return request.CreateErrorResponse(HttpStatusCode.BadRequest, "invalid request."); } }
public ActionResult Issue() { Tracing.Verbose("Sitefinity endpoint called."); var query = _currrenContext.Request.QueryString; var realm = query[query.AllKeys.FirstOrDefault(p => p.Equals("realm", System.StringComparison.OrdinalIgnoreCase))]; var tokenType = query[query.AllKeys.FirstOrDefault(p => p.Equals("tokenType", System.StringComparison.OrdinalIgnoreCase))]; var reply = query[query.AllKeys.FirstOrDefault(p => p.Equals("redirect_uri", System.StringComparison.OrdinalIgnoreCase))]; var deflateTemp = query[query.AllKeys.FirstOrDefault(p => p.Equals("deflate", System.StringComparison.OrdinalIgnoreCase))]; var isSignout = query[query.AllKeys.FirstOrDefault(p => p.Equals("sign_out", System.StringComparison.OrdinalIgnoreCase))]; //if this is a signout request, sign out the user and redirect if (!string.IsNullOrWhiteSpace(isSignout)) { Tracing.Verbose("Sitefinity signout request detected - signout var = " + isSignout); if (isSignout.Equals("true", StringComparison.OrdinalIgnoreCase)) { Tracing.Verbose("Sitefinity logout request"); FederatedAuthentication.SessionAuthenticationModule.SignOut(); return(Redirect((new Uri(new Uri(realm), reply)).AbsoluteUri)); } } if (string.IsNullOrWhiteSpace(deflateTemp)) { deflateTemp = "false"; } var deflate = "true".Equals(deflateTemp, StringComparison.OrdinalIgnoreCase); Tracing.Verbose("Sitefinity query string parsed"); if (string.IsNullOrWhiteSpace(realm)) { Tracing.Error("Malformed realm: " + realm); return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "realm parameter is missing.")); } EndpointReference appliesTo; try { appliesTo = new EndpointReference(realm); Tracing.Information("Sitefinity Simple HTTP endpoint called for realm: " + realm); } catch { Tracing.Error("Malformed realm: " + realm); return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "malformed realm name."));// request.CreateErrorResponse(HttpStatusCode.BadRequest, "malformed realm name."); } if (string.IsNullOrWhiteSpace(tokenType)) { tokenType = TokenTypes.SimpleWebToken; } Tracing.Verbose("Sitefinity Token type: " + tokenType); Tracing.Verbose("Sitefinity Current Claims Principal: " + ClaimsPrincipal.Current.Claims.ToString() + ", " + ClaimsPrincipal.Current.Identity.Name + ", " + appliesTo.Uri + ", " + appliesTo.Details.ToString()); SecurityToken tokenResponse; var sts = new STS(); if (sts.TryIssueToken(appliesTo, ClaimsPrincipal.Current, tokenType, out tokenResponse)) { NameValueCollection queryString; if (tokenResponse != null) { Tracing.Verbose(string.Join(", ", "UID: " + tokenResponse.Id)); } else { Tracing.Error("Token is null after being issued"); } var token = new SFSimpleWebToken(tokenResponse as SimpleWebToken); //if (token != null) // Tracing.Verbose("Sitefinity Token: " + token.ToString()); //else // Tracing.Error("Sitefinity Token is null"); try { if (!String.IsNullOrEmpty(reply)) { string path; var issuer = HttpContext.Request.Url.AbsoluteUri; var idx = issuer.IndexOf("?"); idx = reply.IndexOf('?'); if (idx != -1) { path = reply.Substring(0, idx); queryString = HttpUtility.ParseQueryString(reply.Substring(idx + 1)); } else { path = reply; queryString = new NameValueCollection(); } Tracing.Verbose("Begin wrapping SWT"); SFHelper.WrapSWT(queryString, token, deflate); Tracing.Verbose("Begin building path and query for return url"); path = String.Concat(path, SFHelper.ToQueryString(queryString)); var uri = new Uri(new Uri(realm), path); return(Redirect(uri.AbsoluteUri)); } queryString = new NameValueCollection(); SFHelper.WrapSWT(queryString, token, deflate); return(File(SFHelper.ToQueryString(queryString), "application/x-www-form-urlencoded", "token")); } catch (Exception e) { Tracing.Error(e.Message + " " + e.InnerException); Tracing.Error("invalid request - token couldn't issue for realm " + realm); return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "invalid request.")); } } else { Tracing.Error("invalid request - token couldn't issue for realm " + realm); return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "invalid request.")); } }
private HttpResponseMessage ProcessResourceOwnerCredentialRequest(string userName, string password, EndpointReference appliesTo, string tokenType, Client client) { Tracing.Information("Starting resource owner password credential flow for client: " + client.Name); if (string.IsNullOrWhiteSpace(userName) || string.IsNullOrWhiteSpace(password)) { Tracing.Error("Invalid resource owner credentials for: " + appliesTo.Uri.AbsoluteUri); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } var auth = new AuthenticationHelper(); ClaimsPrincipal principal; if (UserRepository.ValidateUser(userName, password)) { principal = auth.CreatePrincipal(userName, "OAuth2", new Claim[] { new Claim(Constants.Claims.Client, client.Name), new Claim(Constants.Claims.Scope, appliesTo.Uri.AbsoluteUri) }); if (!ClaimsAuthorization.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2)) { Tracing.Error("OAuth2 endpoint authorization failed for user: "******"Resource owner credential validation failed: " + userName); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } var sts = new STS(); TokenResponse tokenResponse; if (sts.TryIssueToken(appliesTo, principal, tokenType, out tokenResponse)) { var resp = Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, tokenResponse); return resp; } else { return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest); } }
private ActionResult HandleImplicitGrant(AuthorizeRequest request, Client client) { var sts = new STS(); TokenResponse tokenResponse; if (sts.TryIssueToken( new EndpointReference(request.scope), ClaimsPrincipal.Current, Configuration.Global.DefaultHttpTokenType, out tokenResponse)) { var redirectString = string.Format("{0}#access_token={1}&token_type={2}&expires_in={3}", client.RedirectUri.AbsoluteUri, tokenResponse.AccessToken, tokenResponse.TokenType, tokenResponse.ExpiresIn); if (!string.IsNullOrEmpty(request.state)) { redirectString = string.Format("{0}&state={1}", redirectString, request.state); } return Redirect(redirectString); } // return right error code return Error(client.RedirectUri, OAuth2Constants.Errors.InvalidRequest, request.state); }
private HttpResponseMessage CreateTokenResponse(string userName, Client client, EndpointReference scope, string tokenType, bool includeRefreshToken) { var auth = new AuthenticationHelper(); var principal = auth.CreatePrincipal(userName, "OAuth2", new Claim[] { new Claim(Constants.Claims.Client, client.Name), new Claim(Constants.Claims.Scope, scope.Uri.AbsoluteUri) }); if (!ClaimsAuthorization.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2)) { Tracing.Error("OAuth2 endpoint authorization failed for user: " + userName); return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidGrant); } var sts = new STS(); TokenResponse tokenResponse; if (sts.TryIssueToken(scope, principal, tokenType, out tokenResponse)) { if (includeRefreshToken) { tokenResponse.RefreshToken = RefreshTokenRepository.AddCode(CodeTokenType.RefreshTokenIdentifier, client.ID, userName, scope.Uri.AbsoluteUri); } var resp = Request.CreateResponse<TokenResponse>(HttpStatusCode.OK, tokenResponse); return resp; } else { return OAuthErrorResponseMessage(OAuth2Constants.Errors.InvalidRequest); } }
public ActionResult Issue() { Tracing.Verbose("Sitefinity endpoint called."); var query = _currrenContext.Request.QueryString; var realm = query[query.AllKeys.FirstOrDefault(p => p.Equals("realm", System.StringComparison.OrdinalIgnoreCase))]; var tokenType = query[query.AllKeys.FirstOrDefault(p => p.Equals("tokenType", System.StringComparison.OrdinalIgnoreCase))]; var reply = query[query.AllKeys.FirstOrDefault(p => p.Equals("redirect_uri", System.StringComparison.OrdinalIgnoreCase))]; var deflateTemp = query[query.AllKeys.FirstOrDefault(p => p.Equals("deflate", System.StringComparison.OrdinalIgnoreCase))]; var isSignout = query[query.AllKeys.FirstOrDefault(p => p.Equals("sign_out", System.StringComparison.OrdinalIgnoreCase))]; //if this is a signout request, sign out the user and redirect if (!string.IsNullOrWhiteSpace(isSignout)) { Tracing.Verbose("Sitefinity signout request detected - signout var = " + isSignout); if (isSignout.Equals("true", StringComparison.OrdinalIgnoreCase)) { Tracing.Verbose("Sitefinity logout request"); FederatedAuthentication.SessionAuthenticationModule.SignOut(); return Redirect((new Uri(new Uri(realm), reply)).AbsoluteUri); } } if (string.IsNullOrWhiteSpace(deflateTemp)) deflateTemp = "false"; var deflate = "true".Equals(deflateTemp, StringComparison.OrdinalIgnoreCase); Tracing.Verbose("Sitefinity query string parsed"); if (string.IsNullOrWhiteSpace(realm)) { Tracing.Error("Malformed realm: " + realm); return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "realm parameter is missing."); } EndpointReference appliesTo; try { appliesTo = new EndpointReference(realm); Tracing.Information("Sitefinity Simple HTTP endpoint called for realm: " + realm); } catch { Tracing.Error("Malformed realm: " + realm); return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "malformed realm name.");// request.CreateErrorResponse(HttpStatusCode.BadRequest, "malformed realm name."); } if (string.IsNullOrWhiteSpace(tokenType)) tokenType = TokenTypes.SimpleWebToken; Tracing.Verbose("Sitefinity Token type: " + tokenType); Tracing.Verbose("Sitefinity Current Claims Principal: " + ClaimsPrincipal.Current.Claims.ToString() + ", " + ClaimsPrincipal.Current.Identity.Name + ", " + appliesTo.Uri + ", " + appliesTo.Details.ToString()); SecurityToken tokenResponse; var sts = new STS(); if (sts.TryIssueToken(appliesTo, ClaimsPrincipal.Current, tokenType, out tokenResponse)) { NameValueCollection queryString; if (tokenResponse != null) Tracing.Verbose(string.Join(", ", "UID: " + tokenResponse.Id)); else Tracing.Error("Token is null after being issued"); var token = new SFSimpleWebToken(tokenResponse as SimpleWebToken); //if (token != null) // Tracing.Verbose("Sitefinity Token: " + token.ToString()); //else // Tracing.Error("Sitefinity Token is null"); try { if (!String.IsNullOrEmpty(reply)) { string path; var issuer = HttpContext.Request.Url.AbsoluteUri; var idx = issuer.IndexOf("?"); idx = reply.IndexOf('?'); if (idx != -1) { path = reply.Substring(0, idx); queryString = HttpUtility.ParseQueryString(reply.Substring(idx + 1)); } else { path = reply; queryString = new NameValueCollection(); } Tracing.Verbose("Begin wrapping SWT"); SFHelper.WrapSWT(queryString, token, deflate); Tracing.Verbose("Begin building path and query for return url"); path = String.Concat(path, SFHelper.ToQueryString(queryString)); var uri = new Uri(new Uri(realm), path); return Redirect(uri.AbsoluteUri); } queryString = new NameValueCollection(); SFHelper.WrapSWT(queryString, token, deflate); return File(SFHelper.ToQueryString(queryString), "application/x-www-form-urlencoded", "token"); } catch (Exception e) { Tracing.Error(e.Message + " " + e.InnerException); Tracing.Error("invalid request - token couldn't issue for realm " + realm); return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "invalid request."); } } else { Tracing.Error("invalid request - token couldn't issue for realm " + realm); return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "invalid request."); } }