Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using iBoris.IRonline;
- using iBoris.IRonline.Security;
- using iBoris.IRonline.Services.Security;
- using iBoris.Unicorn;
- using iBoris.Unicorn.Security;
- using Microsoft.Owin.Security;
- using Microsoft.Owin.Security.Cookies;
- using Microsoft.Owin.Security.OAuth;
- using System;
- using System.Collections.Generic;
- using System.Net;
- using System.Security.Claims;
- using System.Threading;
- using System.Threading.Tasks;
- using System.Web;
- namespace IRonline.WebApp.Providers
- {
- public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
- {
- public ApplicationOAuthProvider(string publicClientId)
- {
- ExceptionUtil.NotNull(publicClientId, nameof(publicClientId));
- _publicClientId = publicClientId;
- }
- public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
- {
- var username = context.UserName;
- var password = context.Password;
- if (IsUserNameValid(context, username) && IsPasswordValid(context, password))
- {
- var transactionContext = new RootTransactionContext();
- try
- {
- transactionContext.Begin();
- var principal = UnicornAuthentication.Authenticate(username, password);
- var user = ((ClaimsIdentity)principal.Identity).GetUser();
- if (user == null || user.IsAnonymous())
- {
- SetError(context, Strings.ApplicationOAuthProvider_InvalidUserNameOrPassword, Strings.ApplicationOAuthProvider_InvalidUserNameOrPasswordDescription);
- }
- else
- {
- try
- {
- user.LastLogin = DateTime.Now;
- user.NeedsLogout = false;
- var oAuthId = user.GetIdentity(OAuthDefaults.AuthenticationType);
- var cookiesId = user.GetIdentity(CookieAuthenticationDefaults.AuthenticationType);
- IDictionary<string, string> data = new Dictionary<string, string>
- {
- { "userName", user.UserName },
- { "termsAccepted", user.TermsAccepted.ToString() },
- { "passwordReset", (!(user.NeedsPasswordReset)).ToString() },
- { "defaultUrl", "/" }
- };
- AuthenticationProperties properties = CreateProperties(data);
- AuthenticationTicket ticket = new AuthenticationTicket(oAuthId, properties);
- context.Validated(ticket);
- context.Request.Context.Authentication.SignIn(new AuthenticationProperties() { IsPersistent = true }, cookiesId);
- HttpContext.Current.User = principal;
- Thread.CurrentPrincipal = principal;
- Persistence.GetPersisterForEntity(user).Save();
- }
- catch (DomainObjectAuthorizationException ex)
- {
- SetError(context, "PERMISSION", ex.Message);
- }
- }
- transactionContext.Commit();
- }
- catch
- {
- transactionContext.Rollback();
- throw;
- }
- }
- return Task.FromResult(0);
- }
- public override Task TokenEndpoint(OAuthTokenEndpointContext context)
- {
- foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
- {
- context.AdditionalResponseParameters.Add(property.Key, property.Value);
- }
- return Task.FromResult<object>(null);
- }
- public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
- {
- // Resource owner password credentials does not provide a client ID.
- if (context.ClientId == null)
- {
- context.Validated();
- }
- return Task.FromResult<object>(null);
- }
- #region Private Members
- private static AuthenticationProperties CreateProperties(IDictionary<string, string> data)
- {
- return new AuthenticationProperties(data);
- }
- private static void SetError(OAuthGrantResourceOwnerCredentialsContext context, string error, string errorDescription)
- {
- context.SetError(error, errorDescription);
- context.Response.Headers.Add("X-Challenge", new[] { ((int)HttpStatusCode.Unauthorized).ToString() });
- }
- private static bool IsUserNameValid(OAuthGrantResourceOwnerCredentialsContext context, string username)
- {
- var valid = true;
- if (string.IsNullOrEmpty(username))
- {
- SetError(context, Strings.ApplicationOAuthProvider_InvalidUsername.ToUpperInvariant(), Strings.ApplicationOAuthProvider_UserNameIsRequired);
- valid = false;
- }
- return valid;
- }
- private static bool IsPasswordValid(OAuthGrantResourceOwnerCredentialsContext context, string password)
- {
- var valid = true;
- if (string.IsNullOrEmpty(password))
- {
- SetError(context, Strings.ApplicationOAuthProvider_InvalidPassword.ToUpperInvariant(), Strings.ApplicationOAuthProvider_PasswordIsRequired);
- valid = false;
- }
- return valid;
- }
- private readonly string _publicClientId;
- #endregion
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement