notazof
/
yavsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity
yavsc/Yavsc/Auth/AuthServer/OAuthValidateClientAuthenti...

109 lines
4.2 KiB
C#
Raw Blame History Unescape Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

using Microsoft.AspNet.Http;
using System;
using System.Text;
namespace OAuth.AspNet.AuthServer
{
/// <summary>
/// Contains information about the client credentials.
/// </summary>
public class OAuthValidateClientAuthenticationContext : BaseValidatingClientContext
{
/// <summary>
/// Initializes a new instance of the <see cref="OAuthValidateClientAuthenticationContext"/> class
/// </summary>
/// <param name="context"></param>
/// <param name="options"></param>
/// <param name="parameters"></param>
public OAuthValidateClientAuthenticationContext(HttpContext context, OAuthAuthorizationServerOptions options, IReadableStringCollection parameters, IApplicationStore applicationStore) : base(context, options, null)
{
Parameters = parameters;
ApplicationStore = applicationStore;
}
public IApplicationStore ApplicationStore { get; private set;}
/// <summary>
/// Gets the set of form parameters from the request.
/// </summary>
public IReadableStringCollection Parameters { get; private set; }
/// <summary>
/// Sets the client id and marks the context as validated by the application.
/// </summary>
/// <param name="clientId"></param>
/// <returns></returns>
public bool Validated(string clientId)
{
ClientId = clientId;
return Validated();
}
/// <summary>
/// Extracts HTTP basic authentication credentials from the HTTP authenticate header.
/// </summary>
/// <param name="clientId"></param>
/// <param name="clientSecret"></param>
/// <returns></returns>
[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1021:AvoidOutParameters", MessageId = "0#", Justification = "Optimized for usage")]
public bool TryGetBasicCredentials(out string clientId, out string clientSecret)
{
// Client Authentication http://tools.ietf.org/html/rfc6749#section-2.3
// Client Authentication Password http://tools.ietf.org/html/rfc6749#section-2.3.1
string authorization = Request.Headers["Authorization"];
if (!string.IsNullOrWhiteSpace(authorization) && authorization.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase))
{
try
{
byte[] data = Convert.FromBase64String(authorization.Substring("Basic ".Length).Trim());
string text = Encoding.UTF8.GetString(data);
int delimiterIndex = text.IndexOf(':');
if (delimiterIndex >= 0)
{
clientId = text.Substring(0, delimiterIndex);
clientSecret = text.Substring(delimiterIndex + 1);
ClientId = clientId;
return true;
}
}
catch (FormatException)
{
// Bad Base64 string
}
catch (ArgumentException)
{
// Bad utf-8 string
}
}
clientId = null;
clientSecret = null;
return false;
}
/// <summary>
/// Extracts forms authentication credentials from the HTTP request body.
/// </summary>
/// <param name="clientId"></param>
/// <param name="clientSecret"></param>
/// <returns></returns>
[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1021:AvoidOutParameters", MessageId = "0#", Justification = "Optimized for usage")]
public bool TryGetFormCredentials(out string clientId, out string clientSecret)
{
clientId = Parameters[Constants.Parameters.ClientId];
if (!string.IsNullOrEmpty(clientId))
{
clientSecret = Parameters[Constants.Parameters.ClientSecret];
ClientId = clientId;
return true;
}
clientId = null;
clientSecret = null;
return false;
}
}
}
Reference in New Issue View Git Blame Copy Permalink