- public class OpenAuthorizationServerProvider : OAuthAuthorizationServerProvider
- {/// <summary>
- /// 验证 client 信息
- /// </summary>
- public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
- {
- string clientId;
- string clientSecret;
- if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
- {
- context.TryGetFormCredentials(out clientId, out clientSecret);
- }
- if (string.IsNullOrEmpty(clientId) || string.IsNullOrEmpty(clientSecret))
- {
- context.SetError("PWMIS.OAuth2 invalid_client", "client or clientSecret is null or empty");
- return;
- }
- var identityRepository = IdentityRepositoryFactory.CreateInstance();
- try
- {
- if (!await identityRepository.ValidateClient(clientId, clientSecret))
- {
- context.SetError("PWMIS.OAuth2 invalid_client", "client or clientSecret is not valid");
- return;
- }
- }
- catch (Exception ex)
- {
- context.SetError("PWMIS.OAuth2 identity_repository_error", ex.Message );
- Log("PWMIS.OAuth2 identity_repository_error:" + ex.Message);
- return;
- }
- context.Validated();
- }
- /// <summary>
- /// 生成 access_token(resource owner password credentials 授权方式)
- /// </summary>
- public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
- {
- string validationCode = "";
- string sessionId = "";
- if (string.IsNullOrEmpty(context.UserName))
- {
- context.SetError("PWMIS.OAuth2 invalid_username", "username is not valid");
- return;
- }
- if (string.IsNullOrEmpty(context.Password))
- {
- context.SetError("PWMIS.OAuth2 invalid_password", "password is not valid");
- return;
- }
- if (context.Scope.Count> 0)
- {
- // 处理用户会话标识和验证码
- var temp= context.Scope.FirstOrDefault(p => p.Contains("ValidationCode:"));
- if (temp != null)
- {
- validationCode = temp.Split(':')[1];
- }
- var temp1 = context.Scope.FirstOrDefault(p => p.Contains("SessionID:"));
- if (temp1 != null)
- {
- sessionId = temp1.Split(':')[1];
- }
- }
- IdentityService service = new IdentityService();
- try
- {
- LoginResultModel user = await service.UserLogin(context.UserName, context.Password,sessionId, validationCode);
- if (user == null)
- {
- context.SetError("PWMIS.OAuth2 invalid_identity", "username or password is not valid");
- return;
- }
- else if (string.IsNullOrEmpty(user.UserName))
- {
- context.SetError("PWMIS.OAuth2 invalid_identity", user.ErrorMessage);
- return;
- }
- }
- catch (Exception ex)
- {
- context.SetError("PWMIS.OAuth2 identity_service_error", ex.Message );
- Log("PWMIS.OAuth2 identity_service_error:" + ex.Message);
- return;
- }
- var OAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
- OAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
- context.Validated(OAuthIdentity);
- }
- /// <summary>
- /// 验证 access_token 的请求
- /// </summary>
- public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
- {
- if (context.TokenRequest.IsAuthorizationCodeGrantType ||
- context.TokenRequest.IsRefreshTokenGrantType ||
- context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType ||
- context.TokenRequest.IsClientCredentialsGrantType)
- {
- context.Validated();
- }
- else
- {
- context.Rejected();
- }
- }
- }
- }
来源: https://www.cnblogs.com/bluedoctor/p/8967951.html