public ActionResult Token(ResourceOwnerCredentialRequest request)
{
Tracing.Verbose("OAuth2 endpoint called.");
if (!ConfigurationRepository.Endpoints.OAuth2)
{
Tracing.Error("OAuth2 endpoint called, but disabled in configuration");
return new HttpNotFoundResult();
}
if (!ModelState.IsValid)
{
Tracing.Error("OAuth2 called with malformed request");
return new HttpStatusCodeResult(400);
}
var auth = new AuthenticationHelper();
Uri uri;
if (!Uri.TryCreate(request.Scope, UriKind.Absolute, out uri))
{
Tracing.Error("OAuth2 endpoint called with malformed realm: " + request.Scope);
return new HttpStatusCodeResult(400);
}
ClaimsPrincipal principal = null;
if (auth.TryGetPrincipalFromOAuth2Request(Request, request, out principal))
{
if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
{
Tracing.Error("User not authorized");
return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401);
}
SecurityToken token;
if (auth.TryIssueToken(new EndpointAddress(uri), principal, ConfigurationRepository.Configuration.HttpTokenType, out token))
{
var handler = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers[ConfigurationRepository.Configuration.HttpTokenType];
var response = new AccessTokenResponse
{
AccessToken = handler.WriteToken(token),
TokenType = TokenTypes.JsonWebToken,
ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60,
};
Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401);
}
public bool TryGetPrincipalFromOAuth2Request(HttpRequestBase request, ResourceOwnerCredentialRequest tokenRequest, out IClaimsPrincipal principal)
{
principal = null;
// first check for client certificate
if (TryGetClientCertificatePrinciaplFromRequest(request, out principal))
{
return true;
}
// then OAuth2 userName credential
if (UserRepository.ValidateUser(tokenRequest.UserName ?? "", tokenRequest.Password ?? ""))
{
principal = CreatePrincipal(tokenRequest.UserName, AuthenticationMethods.Password);
return true;
}
return false;
}
public ActionResult Token(ResourceOwnerCredentialRequest request)
{
Tracing.Verbose("OAuth2 endpoint called.");
if (!ConfigurationRepository.Endpoints.OAuth2)
{
Tracing.Error("OAuth2 endpoint called, but disabled in configuration");
return new HttpNotFoundResult();
}
if (!ModelState.IsValid)
{
Tracing.Error("OAuth2 called with malformed request");
return new HttpStatusCodeResult(400);
}
var auth = new AuthenticationHelper();
Uri uri;
if (!Uri.TryCreate(request.Scope, UriKind.Absolute, out uri))
{
Tracing.Error("OAuth2 endpoint called with malformed realm: " + request.Scope);
return new HttpStatusCodeResult(400);
}
IClaimsPrincipal principal = null;
if (auth.TryGetPrincipalFromOAuth2Request(Request, request, out principal))
{
if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
{
Tracing.Error("User not authorized");
return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401);
}
SecurityToken token;
if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token))
{
var swt = token as SimpleWebToken;
var response = new AccessTokenResponse
{
AccessToken = swt.RawToken,
TokenType = SimpleWebToken.OasisTokenProfile,
ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60,
};
Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401);
//if (UserRepository.ValidateUser(request.UserName ?? "", request.Password ?? ""))
//{
// var principal = auth.CreatePrincipal(request.UserName, AuthenticationMethods.Password);
// if (!ClaimsAuthorize.CheckAccess(principal, Constants.Actions.Issue, Constants.Resources.OAuth2))
// {
// Tracing.Error("User not authorized");
// return new UnauthorizedResult("OAuth2", UnauthorizedResult.ResponseAction.Send401);
// }
// SecurityToken token;
// if (auth.TryIssueToken(new EndpointAddress(uri), principal, SimpleWebToken.OasisTokenProfile, out token))
// {
// var swt = token as SimpleWebToken;
// var response = new AccessTokenResponse
// {
// AccessToken = swt.RawToken,
// TokenType = SimpleWebToken.OasisTokenProfile,
// ExpiresIn = ConfigurationRepository.Configuration.DefaultTokenLifetime * 60,
// };
// Tracing.Information("OAuth2 issue successful for user: "******"OAuth2 endpoint authentication failed for user: "******"OAuth2", UnauthorizedResult.ResponseAction.Send401);
}