paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

oidc++

Browse Source
This commit is contained in:
Paul Schneider
2016-06-06 17:13:39 +02:00
parent 2978451679
commit 888caf4264
9 changed files with 189 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Yavsc/Views/Shared/Authorize.cshtml
View File

@ -15,8 +15,8 @@
@foreach (var parameter in Model.Message.Parameters) {
<input type="hidden" name="@parameter.Key" value="@parameter.Value" />
}
<input formaction="/connect/authorize/accept" class="btn btn-lg btn-success" name="Authorize" type="submit" value="Yeah, sure" />
<input formaction="/api/token/get" class="btn btn-lg btn-success" name="Authorize" type="submit" value="hum" />
<input formaction="/connect/authorize/deny" class="btn btn-lg btn-danger" name="Deny" type="submit" value="Hell, no" />
</form>
</div>

7
Yavsc/Views/Shared/_GetAToken.cshtml Normal file
View File

@ -0,0 +1,7 @@
<form enctype="application/x-www-form-urlencoded" method="post" class="navbar-right">
@Html.AntiForgeryToken()
<label for="username">username:</label><input name="username" placeholder="(Votre Nom d'utilisateur)"/>
<label for="password">password:</label><input name="password" placeholder="(Votre mot de passe)" type="password"/>
<input formaction="/api/token/post" class="btn btn-lg btn-success" name="Getatoken" type="submit" value="Getatoken" />
</form>

8
Yavsc/Views/Shared/_LoginPartial.cshtml
View File

@ -13,14 +13,6 @@
</li>
</ul>
</form>
<form enctype="application/x-www-form-urlencoded" method="post" class="navbar-right">
@Html.AntiForgeryToken()
<label for="username">username:</label><input name="username" placeholder="(Votre Nom d'utilisateur)"/>
<label for="password">password:</label><input name="password" placeholder="(Votre mot de passe)" type="password"/>
<input formaction="/api/token/post" class="btn btn-lg btn-success" name="Getatoken" type="submit" value="Getatoken" />
</form>
}
else
{

152
Yavsc/project.json.new Executable file
View File

@ -0,0 +1,152 @@
{
"version": "1.0.0-*",
"authors": [
"pazof"
],
"tags": [
""
],
"projectUrl": "http://yavsc.pschneider.fr",
"licenseUrl": "",
"userSecretsId": "aspnet5-YavscWeb-a0dadd21-2ced-43d3-96f9-7e504345102f",
"compilationOptions": {
"emitEntryPoint": true
},
"compile": [
"*.cs"
],
"resource": [
"Resources/**/*.resx"
],
"configurations": {
"Debug": {
"compilationOptions": {
"emitEntryPoint": true,
"define": [
"DEBUG",
"TRACE"
],
"optimize": false,
"debugType": "full"
}
},
"Release": {
"compilationOptions": {
"define": [
"RELEASE",
"TRACE"
],
"optimize": true
}
}
},
"webroot": "wwwroot",
"tooling": {
"defaultNamespace": "Yavsc"
},
"dependencies": {
"EntityFramework.Core": "7.0.0-rc1-*",
"EntityFramework.Relational": "7.0.0-rc1-*",
"EntityFramework.Commands": "7.0.0-rc1-*",
"EntityFramework.Sqlite": "7.0.0-rc1-*",
"EntityFramework.MicrosoftSqlServer": "7.0.0-rc1-*",
"EntityFramework7.Npgsql": "3.1.0-*",
"EntityFramework7.Npgsql.Design": "3.1.0-*",
"Microsoft.AspNet.Authentication.Cookies": "1.0.0-rc1-*",
"Microsoft.AspNet.Diagnostics.Entity": "7.0.0-rc1-*",
"Microsoft.AspNet.Identity.EntityFramework": "3.0.0-rc1-*",
"Microsoft.AspNet.IISPlatformHandler": "1.0.0-rc1-*",
"Microsoft.AspNet.Mvc": "6.0.0-rc1-*",
"Microsoft.AspNet.Mvc.TagHelpers": "6.0.0-rc1-*",
"Microsoft.AspNet.Server.Kestrel": "1.0.0-rc1-final",
"Microsoft.AspNet.StaticFiles": "1.0.0-rc1-*",
"Microsoft.AspNet.Tooling.Razor": "1.0.0-rc1-*",
"Microsoft.Extensions.Configuration.FileProviderExtensions": "1.0.0-rc1-*",
"Microsoft.Extensions.Configuration.Json": "1.0.0-rc1-*",
"Microsoft.Extensions.Configuration.Abstractions": "1.0.0-rc1-final",
"Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-rc1-*",
"Microsoft.Extensions.Logging": "1.0.0-rc1-final",
"Microsoft.Extensions.Logging.Console": "1.0.0-rc1-final",
"Microsoft.Extensions.Logging.Debug": "1.0.0-rc1-final",
"Microsoft.Framework.DependencyInjection": "1.0.0-beta8",
"Microsoft.Extensions.DependencyInjection.Abstractions": "1.0.0-rc1-final",
"Microsoft.AspNet.Authentication.Facebook": "1.0.0-rc1-final",
"Microsoft.AspNet.Authentication.Twitter": "1.0.0-rc1-final",
"Microsoft.Extensions.Localization": "1.0.0-rc1-final",
"Microsoft.Extensions.Localization.Abstractions": "1.0.0-rc1-final",
"Microsoft.Extensions.Globalization.CultureInfoCache": "1.0.0-rc1-final",
"Microsoft.AspNet.Localization": "1.0.0-rc1-final",
"Microsoft.Framework.ConfigurationModel.Json": "1.0.0-beta4",
"MarkdownDeep-av.NET": "1.5.2",
"Microsoft.Extensions.CodeGeneration": "1.0.0-rc1-final",
"Microsoft.Extensions.PlatformAbstractions": "1.0.0-rc1-final",
"Microsoft.Extensions.CodeGenerators.Mvc": "1.0.0-rc1-final",
"Microsoft.AspNet.Session": "1.0.0-rc1-final",
"Microsoft.NETCore.Platforms": "1.0.1-beta-23516",
"Microsoft.AspNet.SignalR.JS": "2.2.0",
"Microsoft.AspNet.WebSockets.Server": "1.0.0-rc1-final",
"Microsoft.AspNet.Http.Abstractions": "1.0.0-rc1-final",
"Microsoft.AspNet.SignalR.Owin": "1.2.2",
"Microsoft.AspNet.Owin": "1.0.0-rc1-final",
"Microsoft.AspNet.SignalR.Core": "2.2.0",
"Microsoft.AspNet.Server.WebListener": "1.0.0-rc1-final",
"Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.0.1-alpha",
"Microsoft.AspNetCore.Authentication.Cookies": "0.0.1-alpha",
"Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-rc1-final",
"MailKit": "1.3.0-beta7",
"Microsoft.Framework.Configuration.Abstractions": "1.0.0-beta8",
"Microsoft.Framework.Configuration.Json": "1.0.0-beta8",
"Microsoft.Framework.DependencyInjection.Abstractions": "1.0.0-beta8",
"Microsoft.Framework.Configuration.Binder": "1.0.0-beta8",
"Microsoft.AspNet.Web.Optimization": "1.1.3",
"PayPalCoreSDK": "1.7.1",
"Microsoft.Extensions.WebEncoders.Core": "1.0.0-rc1-final",
"Microsoft.AspNetCore.Authentication.OAuth": "0.0.1-alpha",
"Microsoft.Extensions.Options": "0.0.1-alpha",
"Microsoft.Extensions.WebEncoders": "1.0.0-rc1-final",
"Google.Apis.Core": "1.11.1",
"Google.Apis": "1.11.1",
"PayPalButtonManagerSDK": "2.10.109",
"Microsoft.AspNet.DataProtection": "1.0.0-rc1-final",
"Microsoft.AspNet.DataProtection.SystemWeb": "1.0.0-rc1-final",
"Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-rc1-final",
"System.IdentityModel.Tokens": "5.0.0-rc1-211161024",
"System.IdentityModel.Tokens.Jwt": "5.0.0-rc1-211161024",
"Microsoft.AspNet.Authorization": "1.0.0-rc1-final",
"AspNet.Security.OpenIdConnect.Server": "1.0.0-beta4"
},
"commands": {
"web": "Microsoft.AspNet.Server.Kestrel --server.urls http://*:5000",
"lua": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:85",
"kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:5000",
"booking": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:87",
"yavsc": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:86",
"yavscpre": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:84",
"ef": "EntityFramework.Commands",
"gen": "Microsoft.Extensions.CodeGeneration"
},
"frameworks": {
"dnx451": {}
},
"exclude": [
"wwwroot",
"node_modules",
"bower_components",
"contrib"
],
"publishExclude": [
"**.user",
"**.vspscc",
"contrib/**/*.*"
],
"scripts": {
"prebuild": "echo before building",
"postbuild": "echo after building",
"prepack": "gulp min",
"postpack": "echo after packing",
"prerestore": "echo before restoring packages",
"postrestore": "echo after restoring packages",
"prepublish": "gulp min",
"postpublish": "./postPublish.sh"
}
}

43
Yavsc/src/Controllers/OAuthController.cs
View File

@ -182,9 +182,7 @@ namespace Yavsc.Controllers
if (!User.Identities.Any(identity => identity.IsAuthenticated))
{
return new ChallengeResult(new AuthenticationProperties {
RedirectUri = Url.Action(nameof(Authorize), new {
unique_id = request.GetUniqueIdentifier()
})});
RedirectUri = Url.Action(nameof(Authorize), request.BuildRedirectUrl())});
}
// Note: ASOS automatically ensures that an application corresponds to the client_id specified
// in the authorization request by calling IOpenIdConnectServerProvider.ValidateAuthorizationRequest.
@ -204,18 +202,13 @@ namespace Yavsc.Controllers
}
// Note: in a real world application, you'd probably prefer creating a specific view model.
return View("Authorize", new AuthorisationView { Message = request, Application = application});
return View("Authorize", new AuthorisationView { Message = request,
Application = application});
}
[HttpPost("~/connect/authorize/accept"), ValidateAntiForgeryToken]
[HttpPost("~/connect/authorize/accept"),Authorize]
public async Task<IActionResult> Accept(CancellationToken cancellationToken)
{
var response = HttpContext.GetOpenIdConnectResponse();
if (response != null)
{
return View("OidcError", response);
}
var request = HttpContext.GetOpenIdConnectRequest();
if (request == null)
{
@ -230,18 +223,24 @@ namespace Yavsc.Controllers
// will be used to create an id_token, a token or a code.
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier,"name",User.GetUserId()));
if (User.IsInRole(Constants.AdminGroupName))
identity.AddClaim(new Claim(ClaimTypes.Actor,"role",Constants.AdminGroupName));
// Copy the claims retrieved from the external identity provider
// (e.g Google, Facebook, a WS-Fed provider or another OIDC server).
foreach (var claim in HttpContext.User.Claims)
foreach (var claim in User.Claims)
{
// Allow ClaimTypes.Name to be added in the id_token.
// ClaimTypes.NameIdentifier is automatically added, even if its
// destination is not defined or doesn't include "id_token".
// The other claims won't be visible for the client application.
if (claim.Type == ClaimTypes.Name) {
if (claim.Type == ClaimTypes.Role
|| claim.Type == ClaimTypes.Email
|| claim.Type == ClaimTypes.NameIdentifier ) {
claim.WithDestination( "code" );
claim.WithDestination( "id_token" );
claim.WithDestination( "access_token" );
}
identity.AddClaim(claim);
@ -250,14 +249,12 @@ namespace Yavsc.Controllers
var application = await GetApplicationAsync(request.ClientId, cancellationToken);
if (application == null)
{
_logger.LogError($"OidcError: {request.ClientId} {response.ClientId} ");
return View("OidcError", new OpenIdConnectMessage
{
Error = OpenIdConnectConstants.Errors.InvalidClient,
ErrorDescription = "Details concerning the calling client application cannot be found in the database"
});
}
// Create a new ClaimsIdentity containing the claims associated with the application.
// Note: setting identity.Actor is not mandatory but can be useful to access
// the whole delegation chain from the resource server (see ResourceController.cs).
@ -281,6 +278,7 @@ namespace Yavsc.Controllers
properties.SetResources(new[] {
_siteSettings.Audience
});
// This call will instruct AspNet.Security.OpenIdConnect.Server to serialize
// the specified identity to build appropriate tokens (id_token and token).
@ -289,7 +287,7 @@ namespace Yavsc.Controllers
// identities always contain the name identifier returned by the external provider.
// Note: the authenticationScheme parameter must match the value configured in Startup.cs.
await HttpContext.Authentication.SignInAsync(
OpenIdConnectServerDefaults.AuthenticationScheme,
"oidc-server",
new ClaimsPrincipal(identity), properties);
return new EmptyResult();
@ -298,12 +296,6 @@ namespace Yavsc.Controllers
[HttpPost("~/connect/authorize/deny"), ValidateAntiForgeryToken]
public IActionResult Deny(CancellationToken cancellationToken)
{
var response = HttpContext.GetOpenIdConnectResponse();
if (response != null)
{
return View("OidcError", response);
}
var request = HttpContext.GetOpenIdConnectRequest();
if (request == null)
{
@ -326,7 +318,6 @@ namespace Yavsc.Controllers
State = request.State
});
return new EmptyResult();
}
@ -383,10 +374,6 @@ namespace Yavsc.Controllers
where application.ApplicationID == identifier
select application).SingleOrDefaultAsync(cancellationToken);
}
private async Task<ApplicationUser> GetCurrentUserAsync()
{
return await _userManager.FindByIdAsync(HttpContext.User.GetUserId());
}
private IActionResult RedirectToLocal(string returnUrl)
{

23
Yavsc/src/Controllers/TokenController.cs
View File

@ -24,11 +24,9 @@ namespace Yavsc.Controllers
UserManager<ApplicationUser> manager;
SignInManager<ApplicationUser> signInManager;
public class TokenResponse { 
public bool authenticated { get; set; }
public string user_id { get; set; }
public string access_token { get; set; }
public int expires_in { get; set; }
public int entity_id { get; set; }
public string grant_type { get; set; }
}
UserTokenProvider tokenProvider;
@ -51,7 +49,7 @@ namespace Yavsc.Controllers
/// the user is authenticated, which will reset the expiry.
/// </summary>
/// <returns></returns>
[HttpGet,Authorize]
[HttpGet,HttpPost,Authorize]
[Route("~/api/token/get")]
public async Task<dynamic> Get()
{
@ -72,12 +70,12 @@ namespace Yavsc.Controllers
foreach (Claim c in currentUser.Claims) if (c.Type == "EntityID") entityId = Convert.ToInt32(c.Value);
tokenExpires = DateTime.UtcNow.AddMinutes(2);
token = await GetToken(user, tokenExpires);
return new TokenResponse { authenticated = authenticated, user_id = user, entity_id = entityId, access_token = token, expires_in = 3400 };
token = await GetToken("id_token", user, tokenExpires);
return new TokenResponse { access_token = token, expires_in = 3400, grant_type="id_token" };
}
}
return new { authenticated = false };
return new { authenticated = false, grant_type="id_token" };
}
public class AuthRequest
@ -102,20 +100,19 @@ namespace Yavsc.Controllers
if (signResult.Succeeded)
{
DateTime? expires = DateTime.UtcNow.AddMinutes(tokenOptions.ExpiresIn);
var token = await GetToken(User.GetUserId(), expires);
return Ok(new TokenResponse { authenticated = true, user_id = User.GetUserId(), access_token = token });
var token = await GetToken("id_token",User.GetUserId(), expires);
return Ok(new TokenResponse {access_token = token, expires_in = 3400, grant_type="id_token" });
}
return Ok(new TokenResponse { authenticated = false });
return new BadRequestObjectResult(new { authenticated = false } ) ;
}
private async Task<string> GetToken(string userid, DateTime? expires)
private async Task<string> GetToken(string purpose, string userid, DateTime? expires)
{
// Here, you should create or look up an identity for the user which is being authenticated.
// For now, just creating a simple generic identity.
var identuser = await manager.FindByIdAsync(userid);
return await tokenProvider.GenerateAsync("id_token",manager,identuser);
return await tokenProvider.GenerateAsync(purpose,manager,identuser);
}
}
}

2
Yavsc/src/Startup.cs
View File

@ -432,7 +432,7 @@ namespace Yavsc
options.TokenEndpointPath = new PathString("/connect/authorize/accept");
options.UseSlidingExpiration = true;
options.AllowInsecureHttp = true;
options.AuthenticationScheme = "ServerCookie"; // was = OpenIdConnectDefaults.AuthenticationScheme || "oidc";
options.AuthenticationScheme = "oidc-server"; // was = OpenIdConnectDefaults.AuthenticationScheme || "oidc";
options.LogoutEndpointPath = new PathString("/connect/logout");
// options.ValidationEndpointPath = new PathString("/connect/introspect");

1
Yavsc/src/ViewModels/Auth/AuthorisationView.cs
View File

@ -7,6 +7,5 @@ namespace Yavsc
public class AuthorisationView { 
public OpenIdConnectMessage Message { get; set; }
public Application Application { get; set; }
}
}

4
testOauthClient/Startup.cs
View File

@ -94,7 +94,9 @@ namespace testOauthClient
// Note: the resource property represents the different endpoints the
// access token should be issued for (values must be space-delimited).
options.Resource = "http://dev.pschneider.fr/";
// options.Scope.Add("api-resource-controller");
options.Scope.Clear();
options.Scope.Add("openid");
// .Add("api-resource-controller");
});