notazof
/
yavsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

oidc++

main
Paul Schneider 10 years ago
parent 2978451679
commit 888caf4264
9 changed files with 189 additions and 53 deletions
Show Stats Download Patch File Download Diff File

2
Yavsc/Views/Shared/Authorize.cshtml
Unescape Escape View File

@ -15,8 +15,8 @@
@foreach (var parameter in Model.Message.Parameters) { @foreach (var parameter in Model.Message.Parameters) {
<input type="hidden" name="@parameter.Key" value="@parameter.Value" /> <input type="hidden" name="@parameter.Key" value="@parameter.Value" />
} }
<input formaction="/connect/authorize/accept" class="btn btn-lg btn-success" name="Authorize" type="submit" value="Yeah, sure" /> <input formaction="/connect/authorize/accept" class="btn btn-lg btn-success" name="Authorize" type="submit" value="Yeah, sure" />
<input formaction="/api/token/get" class="btn btn-lg btn-success" name="Authorize" type="submit" value="hum" />
<input formaction="/connect/authorize/deny" class="btn btn-lg btn-danger" name="Deny" type="submit" value="Hell, no" /> <input formaction="/connect/authorize/deny" class="btn btn-lg btn-danger" name="Deny" type="submit" value="Hell, no" />
</form> </form>
</div> </div>

7
Yavsc/Views/Shared/_GetAToken.cshtml
Unescape Escape View File

@ -0,0 +1,7 @@
<form enctype="application/x-www-form-urlencoded" method="post" class="navbar-right">
@Html.AntiForgeryToken()
<label for="username">username:</label><input name="username" placeholder="(Votre Nom d'utilisateur)"/>
<label for="password">password:</label><input name="password" placeholder="(Votre mot de passe)" type="password"/>
<input formaction="/api/token/post" class="btn btn-lg btn-success" name="Getatoken" type="submit" value="Getatoken" />
</form>

8
Yavsc/Views/Shared/_LoginPartial.cshtml
Unescape Escape View File

@ -13,14 +13,6 @@
</li> </li>
</ul> </ul>
</form> </form>
<form enctype="application/x-www-form-urlencoded" method="post" class="navbar-right">
@Html.AntiForgeryToken()
<label for="username">username:</label><input name="username" placeholder="(Votre Nom d'utilisateur)"/>
<label for="password">password:</label><input name="password" placeholder="(Votre mot de passe)" type="password"/>
<input formaction="/api/token/post" class="btn btn-lg btn-success" name="Getatoken" type="submit" value="Getatoken" />
</form>
} }
else else
{ {

152
Yavsc/project.json.new
Unescape Escape View File

@ -0,0 +1,152 @@
{
"version": "1.0.0-*",
"authors": [
"pazof"
],
"tags": [
""
],
"projectUrl": "http://yavsc.pschneider.fr",
"licenseUrl": "",
"userSecretsId": "aspnet5-YavscWeb-a0dadd21-2ced-43d3-96f9-7e504345102f",
"compilationOptions": {
"emitEntryPoint": true
},
"compile": [
"*.cs"
],
"resource": [
"Resources/**/*.resx"
],
"configurations": {
"Debug": {
"compilationOptions": {
"emitEntryPoint": true,
"define": [
"DEBUG",
"TRACE"
],
"optimize": false,
"debugType": "full"
}
},
"Release": {
"compilationOptions": {
"define": [
"RELEASE",
"TRACE"
],
"optimize": true
}
}
},
"webroot": "wwwroot",
"tooling": {
"defaultNamespace": "Yavsc"
},
"dependencies": {
"EntityFramework.Core": "7.0.0-rc1-*",
"EntityFramework.Relational": "7.0.0-rc1-*",
"EntityFramework.Commands": "7.0.0-rc1-*",
"EntityFramework.Sqlite": "7.0.0-rc1-*",
"EntityFramework.MicrosoftSqlServer": "7.0.0-rc1-*",
"EntityFramework7.Npgsql": "3.1.0-*",
"EntityFramework7.Npgsql.Design": "3.1.0-*",
"Microsoft.AspNet.Authentication.Cookies": "1.0.0-rc1-*",
"Microsoft.AspNet.Diagnostics.Entity": "7.0.0-rc1-*",
"Microsoft.AspNet.Identity.EntityFramework": "3.0.0-rc1-*",
"Microsoft.AspNet.IISPlatformHandler": "1.0.0-rc1-*",
"Microsoft.AspNet.Mvc": "6.0.0-rc1-*",
"Microsoft.AspNet.Mvc.TagHelpers": "6.0.0-rc1-*",
"Microsoft.AspNet.Server.Kestrel": "1.0.0-rc1-final",
"Microsoft.AspNet.StaticFiles": "1.0.0-rc1-*",
"Microsoft.AspNet.Tooling.Razor": "1.0.0-rc1-*",
"Microsoft.Extensions.Configuration.FileProviderExtensions": "1.0.0-rc1-*",
"Microsoft.Extensions.Configuration.Json": "1.0.0-rc1-*",
"Microsoft.Extensions.Configuration.Abstractions": "1.0.0-rc1-final",
"Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-rc1-*",
"Microsoft.Extensions.Logging": "1.0.0-rc1-final",
"Microsoft.Extensions.Logging.Console": "1.0.0-rc1-final",
"Microsoft.Extensions.Logging.Debug": "1.0.0-rc1-final",
"Microsoft.Framework.DependencyInjection": "1.0.0-beta8",
"Microsoft.Extensions.DependencyInjection.Abstractions": "1.0.0-rc1-final",
"Microsoft.AspNet.Authentication.Facebook": "1.0.0-rc1-final",
"Microsoft.AspNet.Authentication.Twitter": "1.0.0-rc1-final",
"Microsoft.Extensions.Localization": "1.0.0-rc1-final",
"Microsoft.Extensions.Localization.Abstractions": "1.0.0-rc1-final",
"Microsoft.Extensions.Globalization.CultureInfoCache": "1.0.0-rc1-final",
"Microsoft.AspNet.Localization": "1.0.0-rc1-final",
"Microsoft.Framework.ConfigurationModel.Json": "1.0.0-beta4",
"MarkdownDeep-av.NET": "1.5.2",
"Microsoft.Extensions.CodeGeneration": "1.0.0-rc1-final",
"Microsoft.Extensions.PlatformAbstractions": "1.0.0-rc1-final",
"Microsoft.Extensions.CodeGenerators.Mvc": "1.0.0-rc1-final",
"Microsoft.AspNet.Session": "1.0.0-rc1-final",
"Microsoft.NETCore.Platforms": "1.0.1-beta-23516",
"Microsoft.AspNet.SignalR.JS": "2.2.0",
"Microsoft.AspNet.WebSockets.Server": "1.0.0-rc1-final",
"Microsoft.AspNet.Http.Abstractions": "1.0.0-rc1-final",
"Microsoft.AspNet.SignalR.Owin": "1.2.2",
"Microsoft.AspNet.Owin": "1.0.0-rc1-final",
"Microsoft.AspNet.SignalR.Core": "2.2.0",
"Microsoft.AspNet.Server.WebListener": "1.0.0-rc1-final",
"Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.0.1-alpha",
"Microsoft.AspNetCore.Authentication.Cookies": "0.0.1-alpha",
"Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-rc1-final",
"MailKit": "1.3.0-beta7",
"Microsoft.Framework.Configuration.Abstractions": "1.0.0-beta8",
"Microsoft.Framework.Configuration.Json": "1.0.0-beta8",
"Microsoft.Framework.DependencyInjection.Abstractions": "1.0.0-beta8",
"Microsoft.Framework.Configuration.Binder": "1.0.0-beta8",
"Microsoft.AspNet.Web.Optimization": "1.1.3",
"PayPalCoreSDK": "1.7.1",
"Microsoft.Extensions.WebEncoders.Core": "1.0.0-rc1-final",
"Microsoft.AspNetCore.Authentication.OAuth": "0.0.1-alpha",
"Microsoft.Extensions.Options": "0.0.1-alpha",
"Microsoft.Extensions.WebEncoders": "1.0.0-rc1-final",
"Google.Apis.Core": "1.11.1",
"Google.Apis": "1.11.1",
"PayPalButtonManagerSDK": "2.10.109",
"Microsoft.AspNet.DataProtection": "1.0.0-rc1-final",
"Microsoft.AspNet.DataProtection.SystemWeb": "1.0.0-rc1-final",
"Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-rc1-final",
"System.IdentityModel.Tokens": "5.0.0-rc1-211161024",
"System.IdentityModel.Tokens.Jwt": "5.0.0-rc1-211161024",
"Microsoft.AspNet.Authorization": "1.0.0-rc1-final",
"AspNet.Security.OpenIdConnect.Server": "1.0.0-beta4"
},
"commands": {
"web": "Microsoft.AspNet.Server.Kestrel --server.urls http://*:5000",
"lua": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:85",
"kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:5000",
"booking": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:87",
"yavsc": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:86",
"yavscpre": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:84",
"ef": "EntityFramework.Commands",
"gen": "Microsoft.Extensions.CodeGeneration"
},
"frameworks": {
"dnx451": {}
},
"exclude": [
"wwwroot",
"node_modules",
"bower_components",
"contrib"
],
"publishExclude": [
"**.user",
"**.vspscc",
"contrib/**/*.*"
],
"scripts": {
"prebuild": "echo before building",
"postbuild": "echo after building",
"prepack": "gulp min",
"postpack": "echo after packing",
"prerestore": "echo before restoring packages",
"postrestore": "echo after restoring packages",
"prepublish": "gulp min",
"postpublish": "./postPublish.sh"
}
}

43
Yavsc/src/Controllers/OAuthController.cs
Unescape Escape View File

@ -182,9 +182,7 @@ namespace Yavsc.Controllers
if (!User.Identities.Any(identity => identity.IsAuthenticated)) if (!User.Identities.Any(identity => identity.IsAuthenticated))
{ {
return new ChallengeResult(new AuthenticationProperties { return new ChallengeResult(new AuthenticationProperties {
RedirectUri = Url.Action(nameof(Authorize), new { RedirectUri = Url.Action(nameof(Authorize), request.BuildRedirectUrl())});
unique_id = request.GetUniqueIdentifier()
})});
} }
// Note: ASOS automatically ensures that an application corresponds to the client_id specified // Note: ASOS automatically ensures that an application corresponds to the client_id specified
// in the authorization request by calling IOpenIdConnectServerProvider.ValidateAuthorizationRequest. // in the authorization request by calling IOpenIdConnectServerProvider.ValidateAuthorizationRequest.
@ -204,18 +202,13 @@ namespace Yavsc.Controllers
} }
// Note: in a real world application, you'd probably prefer creating a specific view model. // Note: in a real world application, you'd probably prefer creating a specific view model.
return View("Authorize", new AuthorisationView { Message = request, Application = application}); return View("Authorize", new AuthorisationView { Message = request,
Application = application});
} }
[HttpPost("~/connect/authorize/accept"), ValidateAntiForgeryToken] [HttpPost("~/connect/authorize/accept"),Authorize]
public async Task<IActionResult> Accept(CancellationToken cancellationToken) public async Task<IActionResult> Accept(CancellationToken cancellationToken)
{ {
var response = HttpContext.GetOpenIdConnectResponse();
if (response != null)
{
return View("OidcError", response);
}
var request = HttpContext.GetOpenIdConnectRequest(); var request = HttpContext.GetOpenIdConnectRequest();
if (request == null) if (request == null)
{ {
@ -230,18 +223,24 @@ namespace Yavsc.Controllers
// will be used to create an id_token, a token or a code. // will be used to create an id_token, a token or a code.
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier,"name",User.GetUserId()));
if (User.IsInRole(Constants.AdminGroupName))
identity.AddClaim(new Claim(ClaimTypes.Actor,"role",Constants.AdminGroupName));
// Copy the claims retrieved from the external identity provider // Copy the claims retrieved from the external identity provider
// (e.g Google, Facebook, a WS-Fed provider or another OIDC server). // (e.g Google, Facebook, a WS-Fed provider or another OIDC server).
foreach (var claim in HttpContext.User.Claims) foreach (var claim in User.Claims)
{ {
// Allow ClaimTypes.Name to be added in the id_token. // Allow ClaimTypes.Name to be added in the id_token.
// ClaimTypes.NameIdentifier is automatically added, even if its // ClaimTypes.NameIdentifier is automatically added, even if its
// destination is not defined or doesn't include "id_token". // destination is not defined or doesn't include "id_token".
// The other claims won't be visible for the client application. // The other claims won't be visible for the client application.
if (claim.Type == ClaimTypes.Name) { if (claim.Type == ClaimTypes.Role
|| claim.Type == ClaimTypes.Email
|| claim.Type == ClaimTypes.NameIdentifier ) {
claim.WithDestination( "code" );
claim.WithDestination( "id_token" ); claim.WithDestination( "id_token" );
claim.WithDestination( "access_token" );
} }
identity.AddClaim(claim); identity.AddClaim(claim);
@ -250,14 +249,12 @@ namespace Yavsc.Controllers
var application = await GetApplicationAsync(request.ClientId, cancellationToken); var application = await GetApplicationAsync(request.ClientId, cancellationToken);
if (application == null) if (application == null)
{ {
_logger.LogError($"OidcError: {request.ClientId} {response.ClientId} ");
return View("OidcError", new OpenIdConnectMessage return View("OidcError", new OpenIdConnectMessage
{ {
Error = OpenIdConnectConstants.Errors.InvalidClient, Error = OpenIdConnectConstants.Errors.InvalidClient,
ErrorDescription = "Details concerning the calling client application cannot be found in the database" ErrorDescription = "Details concerning the calling client application cannot be found in the database"
}); });
} }
// Create a new ClaimsIdentity containing the claims associated with the application. // Create a new ClaimsIdentity containing the claims associated with the application.
// Note: setting identity.Actor is not mandatory but can be useful to access // Note: setting identity.Actor is not mandatory but can be useful to access
// the whole delegation chain from the resource server (see ResourceController.cs). // the whole delegation chain from the resource server (see ResourceController.cs).
@ -282,6 +279,7 @@ namespace Yavsc.Controllers
_siteSettings.Audience _siteSettings.Audience
}); });
// This call will instruct AspNet.Security.OpenIdConnect.Server to serialize // This call will instruct AspNet.Security.OpenIdConnect.Server to serialize
// the specified identity to build appropriate tokens (id_token and token). // the specified identity to build appropriate tokens (id_token and token).
// Note: you should always make sure the identities you return contain either // Note: you should always make sure the identities you return contain either
@ -289,7 +287,7 @@ namespace Yavsc.Controllers
// identities always contain the name identifier returned by the external provider. // identities always contain the name identifier returned by the external provider.
// Note: the authenticationScheme parameter must match the value configured in Startup.cs. // Note: the authenticationScheme parameter must match the value configured in Startup.cs.
await HttpContext.Authentication.SignInAsync( await HttpContext.Authentication.SignInAsync(
OpenIdConnectServerDefaults.AuthenticationScheme, "oidc-server",
new ClaimsPrincipal(identity), properties); new ClaimsPrincipal(identity), properties);
return new EmptyResult(); return new EmptyResult();
@ -298,12 +296,6 @@ namespace Yavsc.Controllers
[HttpPost("~/connect/authorize/deny"), ValidateAntiForgeryToken] [HttpPost("~/connect/authorize/deny"), ValidateAntiForgeryToken]
public IActionResult Deny(CancellationToken cancellationToken) public IActionResult Deny(CancellationToken cancellationToken)
{ {
var response = HttpContext.GetOpenIdConnectResponse();
if (response != null)
{
return View("OidcError", response);
}
var request = HttpContext.GetOpenIdConnectRequest(); var request = HttpContext.GetOpenIdConnectRequest();
if (request == null) if (request == null)
{ {
@ -326,7 +318,6 @@ namespace Yavsc.Controllers
State = request.State State = request.State
}); });
return new EmptyResult(); return new EmptyResult();
} }
@ -383,10 +374,6 @@ namespace Yavsc.Controllers
where application.ApplicationID == identifier where application.ApplicationID == identifier
select application).SingleOrDefaultAsync(cancellationToken); select application).SingleOrDefaultAsync(cancellationToken);
} }
private async Task<ApplicationUser> GetCurrentUserAsync()
{
return await _userManager.FindByIdAsync(HttpContext.User.GetUserId());
}
private IActionResult RedirectToLocal(string returnUrl) private IActionResult RedirectToLocal(string returnUrl)
{ {

23
Yavsc/src/Controllers/TokenController.cs
Unescape Escape View File

@ -24,11 +24,9 @@ namespace Yavsc.Controllers
UserManager<ApplicationUser> manager; UserManager<ApplicationUser> manager;
SignInManager<ApplicationUser> signInManager; SignInManager<ApplicationUser> signInManager;
public class TokenResponse {  public class TokenResponse { 
public bool authenticated { get; set; }
public string user_id { get; set; }
public string access_token { get; set; } public string access_token { get; set; }
public int expires_in { get; set; } public int expires_in { get; set; }
public int entity_id { get; set; } public string grant_type { get; set; }
} }
UserTokenProvider tokenProvider; UserTokenProvider tokenProvider;
@ -51,7 +49,7 @@ namespace Yavsc.Controllers
/// the user is authenticated, which will reset the expiry. /// the user is authenticated, which will reset the expiry.
/// </summary> /// </summary>
/// <returns></returns> /// <returns></returns>
[HttpGet,Authorize] [HttpGet,HttpPost,Authorize]
[Route("~/api/token/get")] [Route("~/api/token/get")]
public async Task<dynamic> Get() public async Task<dynamic> Get()
{ {
@ -72,12 +70,12 @@ namespace Yavsc.Controllers
foreach (Claim c in currentUser.Claims) if (c.Type == "EntityID") entityId = Convert.ToInt32(c.Value); foreach (Claim c in currentUser.Claims) if (c.Type == "EntityID") entityId = Convert.ToInt32(c.Value);
tokenExpires = DateTime.UtcNow.AddMinutes(2); tokenExpires = DateTime.UtcNow.AddMinutes(2);
token = await GetToken(user, tokenExpires); token = await GetToken("id_token", user, tokenExpires);
return new TokenResponse { authenticated = authenticated, user_id = user, entity_id = entityId, access_token = token, expires_in = 3400 }; return new TokenResponse { access_token = token, expires_in = 3400, grant_type="id_token" };
} }
} }
return new { authenticated = false }; return new { authenticated = false, grant_type="id_token" };
} }
public class AuthRequest public class AuthRequest
@ -102,20 +100,19 @@ namespace Yavsc.Controllers
if (signResult.Succeeded) if (signResult.Succeeded)
{ {
DateTime? expires = DateTime.UtcNow.AddMinutes(tokenOptions.ExpiresIn); DateTime? expires = DateTime.UtcNow.AddMinutes(tokenOptions.ExpiresIn);
var token = await GetToken(User.GetUserId(), expires); var token = await GetToken("id_token",User.GetUserId(), expires);
return Ok(new TokenResponse { authenticated = true, user_id = User.GetUserId(), access_token = token }); return Ok(new TokenResponse {access_token = token, expires_in = 3400, grant_type="id_token" });
} }
return Ok(new TokenResponse { authenticated = false }); return new BadRequestObjectResult(new { authenticated = false } ) ;
} }
private async Task<string> GetToken(string userid, DateTime? expires) private async Task<string> GetToken(string purpose, string userid, DateTime? expires)
{ {
// Here, you should create or look up an identity for the user which is being authenticated. // Here, you should create or look up an identity for the user which is being authenticated.
// For now, just creating a simple generic identity. // For now, just creating a simple generic identity.
var identuser = await manager.FindByIdAsync(userid); var identuser = await manager.FindByIdAsync(userid);
return await tokenProvider.GenerateAsync("id_token",manager,identuser); return await tokenProvider.GenerateAsync(purpose,manager,identuser);
} }
} }
} }

2
Yavsc/src/Startup.cs
Unescape Escape View File

@ -432,7 +432,7 @@ namespace Yavsc
options.TokenEndpointPath = new PathString("/connect/authorize/accept"); options.TokenEndpointPath = new PathString("/connect/authorize/accept");
options.UseSlidingExpiration = true; options.UseSlidingExpiration = true;
options.AllowInsecureHttp = true; options.AllowInsecureHttp = true;
options.AuthenticationScheme = "ServerCookie"; // was = OpenIdConnectDefaults.AuthenticationScheme || "oidc"; options.AuthenticationScheme = "oidc-server"; // was = OpenIdConnectDefaults.AuthenticationScheme || "oidc";
options.LogoutEndpointPath = new PathString("/connect/logout"); options.LogoutEndpointPath = new PathString("/connect/logout");
// options.ValidationEndpointPath = new PathString("/connect/introspect"); // options.ValidationEndpointPath = new PathString("/connect/introspect");

1
Yavsc/src/ViewModels/Auth/AuthorisationView.cs
Unescape Escape View File

@ -7,6 +7,5 @@ namespace Yavsc
public class AuthorisationView {  public class AuthorisationView { 
public OpenIdConnectMessage Message { get; set; } public OpenIdConnectMessage Message { get; set; }
public Application Application { get; set; } public Application Application { get; set; }
} }
} }

4
testOauthClient/Startup.cs
Unescape Escape View File

@ -94,7 +94,9 @@ namespace testOauthClient
// Note: the resource property represents the different endpoints the // Note: the resource property represents the different endpoints the
// access token should be issued for (values must be space-delimited). // access token should be issued for (values must be space-delimited).
options.Resource = "http://dev.pschneider.fr/"; options.Resource = "http://dev.pschneider.fr/";
// options.Scope.Add("api-resource-controller"); options.Scope.Clear();
options.Scope.Add("openid");
// .Add("api-resource-controller");
}); });

Write Preview
Loading…