示例#1
0
        public string Protect(AuthenticationTicket data)
        {
            if (data == null)
            {
                throw new ArgumentNullException("data");
            }


            string audience = data.Properties.Dictionary["audience"];

            if (string.IsNullOrWhiteSpace(audience))
            {
                throw new InvalidOperationException("ClientId e AccessKey não foi encontrado");
            }
            var keys              = audience.Split(':');
            var client_id         = keys.First();
            var accessKey         = keys.Last();
            var applicationAccess = WebApplicationAccess.Find(client_id);
            var keyByteArray      = TextEncodings.Base64Url.Decode(applicationAccess.SecretKey);
            var signingKey        = new SigningCredentials(new SymmetricSecurityKey(keyByteArray), SecurityAlgorithms.HmacSha256Signature);
            var issued            = data.Properties.IssuedUtc;
            var expires           = data.Properties.ExpiresUtc;
            var token             = new JwtSecurityToken(_issuer, client_id, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey);
            var handler           = new JwtSecurityTokenHandler();
            var jwt = handler.WriteToken(token);

            return(jwt);
        }
示例#2
0
        public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {
            string clientId             = string.Empty;
            string clientSecret         = string.Empty;
            string symmetricKeyAsBase64 = string.Empty;

            if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
            {
                context.TryGetFormCredentials(out clientId, out clientSecret);
            }
            if (context.ClientId == null)
            {
                context.SetError("invalid_clientId", "client_Id não pode ser nulo");
                return(Task.FromResult <object>(null));
            }
            //Procurando pelo Client Id
            var token             = context.ClientId.Split(':');
            var client_id         = token.First();
            var accessKey         = token.Last();
            var applicationAccess = WebApplicationAccess.Find(client_id);

            if (applicationAccess == null)
            {
                context.SetError("invalid_clientId", "client_Id não encontrado");
                return(Task.FromResult <object>(null));
            }
            if (applicationAccess.AccessKey != accessKey)
            {
                context.SetError("invalid_clientId", "access key não encontrado ou inválido");
                return(Task.FromResult <object>(null));
            }
            context.Validated();
            return(Task.FromResult <object>(null));
        }
示例#3
0
        public static WebApplicationAccess Find(string clientId)
        {
            WebApplicationAccess webApplication = null;

            if (WebApplicationAccessList.TryGetValue(clientId, out webApplication))
            {
                return(webApplication);
            }
            return(null);
        }
示例#4
0
        public static WebApplicationAccess GrantApplication(string name)
        {
            var clientId = Guid.NewGuid().ToString("N");
            var key      = new byte[32];

            RNGCryptoServiceProvider.Create().GetBytes(key);
            var base64Secret = TextEncodings.Base64Url.Encode(key);
            var accessKey    = new byte[32];

            RNGCryptoServiceProvider.Create().GetBytes(key);
            var accessKeyText = TextEncodings.Base64Url.Encode(key);
            WebApplicationAccess newWebApplication = new WebApplicationAccess {
                ClientId = clientId, SecretKey = base64Secret, AccessKey = accessKeyText, ApplicationName = name
            };

            WebApplicationAccessList.TryAdd(clientId, newWebApplication);
            return(newWebApplication);
        }