tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Versatile OpenID Connect stack for ASP.NET Core and Microsoft.Owin (compatible with ASP.NET 4.6.1)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2042 Commits
2 Branches
79 Tags
29 MiB
 
 
 
 
 
 
Tree: 9a74ea5e4f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9a74ea5e4f'
${ noResults }
openiddict-core/sandbox/OpenIddict.Sandbox.AspNet.S.../Controllers/ResourceController.cs

60 lines
2.7 KiB
Raw Blame History

using System.Collections.Generic;
using System.Net;
using System.Net.Http;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web.Http;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin.Security;
using OpenIddict.Abstractions;
using OpenIddict.Validation.Owin;
using static OpenIddict.Abstractions.OpenIddictConstants;
namespace OpenIddict.Sandbox.AspNet.Server.Controllers;
[HostAuthentication(OpenIddictValidationOwinDefaults.AuthenticationType)]
public class ResourceController : ApiController
{
[Authorize, HttpGet, Route("~/api/message")]
public async Task<IHttpActionResult> GetMessage()
{
var context = Request.GetOwinContext();
// This demo action requires that the client application be granted the "demo_api" scope.
// If it was not granted, a detailed error is returned to the client application to inform it
// that the authorization process must be restarted with the specified scope to access this API.
if (User is not ClaimsPrincipal principal || !principal.HasScope("demo_api"))
{
context.Authentication.Challenge(
authenticationTypes: OpenIddictValidationOwinDefaults.AuthenticationType,
properties: new AuthenticationProperties(new Dictionary<string, string?>
{
[OpenIddictValidationOwinConstants.Properties.Scope] = "demo_api",
[OpenIddictValidationOwinConstants.Properties.Error] = Errors.InsufficientScope,
[OpenIddictValidationOwinConstants.Properties.ErrorDescription] =
"The 'demo_api' scope is required to perform this action."
}));
return Unauthorized();
}
var user = await context.GetUserManager<ApplicationUserManager>().FindByIdAsync(
((ClaimsPrincipal) User).FindFirst(Claims.Subject).Value);
if (user is null)
{
context.Authentication.Challenge(
authenticationTypes: OpenIddictValidationOwinDefaults.AuthenticationType,
properties: new AuthenticationProperties(new Dictionary<string, string?>
{
[OpenIddictValidationOwinConstants.Properties.Error] = Errors.InvalidToken,
[OpenIddictValidationOwinConstants.Properties.ErrorDescription] =
"The specified access token is bound to an account that no longer exists."
}));
return Unauthorized();
}
return ResponseMessage(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent($"{user.UserName} has been successfully authenticated.")
});
}
}