tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Versatile OpenID Connect stack for ASP.NET Core and Microsoft.Owin (compatible with ASP.NET 4.6.1)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
990 Commits
2 Branches
79 Tags
29 MiB
 
 
 
 
 
 
Tree: 0db0007f31
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0db0007f31'
${ noResults }
openiddict-core/sandbox/OpenIddict.Sandbox.AspNet.S.../Controllers/ResourceController.cs

62 lines
2.9 KiB
Raw Blame History

using System.Collections.Generic;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin.Security;
using OpenIddict.Validation.Owin;
using static OpenIddict.Abstractions.OpenIddictConstants;
namespace OpenIddict.Sandbox.AspNet.Server.Controllers
{
public class ResourceController : Controller
{
[HttpGet, Route("~/api/message")]
public async Task<ActionResult> GetMessage()
{
var context = HttpContext.GetOwinContext();
var result = await context.Authentication.AuthenticateAsync(OpenIddictValidationOwinDefaults.AuthenticationType);
if (result is null)
{
context.Authentication.Challenge(OpenIddictValidationOwinDefaults.AuthenticationType);
return new EmptyResult();
}
// This demo action requires that the client application be granted the "demo_api" scope.
// If it was not granted, a detailed error is returned to the client application to inform it
// that the authorization process must be restarted with the specified scope to access this API.
if (!result.Identity.HasClaim(Claims.Private.Scope, "demo_api"))
{
context.Authentication.Challenge(
authenticationTypes: OpenIddictValidationOwinDefaults.AuthenticationType,
properties: new AuthenticationProperties(new Dictionary<string, string>
{
[OpenIddictValidationOwinConstants.Properties.Scope] = "demo_api",
[OpenIddictValidationOwinConstants.Properties.Error] = Errors.InsufficientScope,
[OpenIddictValidationOwinConstants.Properties.ErrorDescription] =
"The 'demo_api' scope is required to perform this action."
}));
return new EmptyResult();
}
var user = await context.GetUserManager<ApplicationUserManager>()
.FindByIdAsync(result.Identity.FindFirst(Claims.Subject).Value);
if (user is null)
{
context.Authentication.Challenge(
authenticationTypes: OpenIddictValidationOwinDefaults.AuthenticationType,
properties: new AuthenticationProperties(new Dictionary<string, string>
{
[OpenIddictValidationOwinConstants.Properties.Error] = Errors.InvalidToken,
[OpenIddictValidationOwinConstants.Properties.ErrorDescription] =
"The specified access token is bound to an account that no longer exists."
}));
return new EmptyResult();
}
return Content($"{user.UserName} has been successfully authenticated.");
}
}
}