diff --git a/Sevomin.Models/Helpers/SevominUserValidator.cs b/Sevomin.Models/Helpers/SevominUserValidator.cs new file mode 100644 index 0000000..5db8b1b --- /dev/null +++ b/Sevomin.Models/Helpers/SevominUserValidator.cs @@ -0,0 +1,35 @@ +using Microsoft.AspNet.Identity; +using Microsoft.AspNet.Identity.EntityFramework; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; + +namespace Sevomin.Models.Helpers +{ + public class SevominUserValidator : IIdentityValidator + { + private readonly UserManager manager; + + public SevominUserValidator() + { + manager = new UserManager(new UserStore(new UsersDbContext())); + } + + public async Task ValidateAsync(User item) + { + var errors = new List(); + + if (string.IsNullOrWhiteSpace(item.UserName)) + errors.Add("نام کاربری نمی تواند خالی باشد. لطفا ایمیل خود را وارد نمایید."); + else if (await (manager.FindByNameAsync(item.UserName)) != null) + errors.Add("ایمیل وارد شده قبلا در سایت استفاده شده است. کلمه عبور خود را فراموش کرده اید؟"); + + return errors.Any() ? + IdentityResult.Failed(errors.ToArray()) + : IdentityResult.Success; + } + } + +} diff --git a/Sevomin.Models/LoginViewModel.cs b/Sevomin.Models/LoginViewModel.cs index d5ede70..ceca141 100644 --- a/Sevomin.Models/LoginViewModel.cs +++ b/Sevomin.Models/LoginViewModel.cs @@ -1,10 +1,15 @@  +using System.ComponentModel; +using System.ComponentModel.DataAnnotations; namespace Sevomin.Models { public class LoginViewModel { + [DisplayName("نام کاربری")] + [Required(ErrorMessage = "ورود {0} الزامی است.")] public string Username { get; set; } - public string Password { get; set; } - public bool RememberMe { get; set; } + [DisplayName("کلمه عبور")] + [Required(ErrorMessage = "ورود {0} الزامی است.")] + public string Password { get; set; } } } diff --git a/Sevomin.Models/Sevomin.Models.csproj b/Sevomin.Models/Sevomin.Models.csproj index 650dd82..7a04f7e 100644 --- a/Sevomin.Models/Sevomin.Models.csproj +++ b/Sevomin.Models/Sevomin.Models.csproj @@ -49,6 +49,10 @@ + + False + ..\packages\Microsoft.AspNet.Mvc.5.0.0\lib\net45\System.Web.Mvc.dll + @@ -59,6 +63,7 @@ + diff --git a/Sevomin.Models/SignupViewModel.cs b/Sevomin.Models/SignupViewModel.cs index 1502ba5..1aa2855 100644 --- a/Sevomin.Models/SignupViewModel.cs +++ b/Sevomin.Models/SignupViewModel.cs @@ -1,11 +1,26 @@ - +using Sevomin.Models.Helpers; +using System.ComponentModel; +using System.ComponentModel.DataAnnotations; +using System.Web.Mvc; + namespace Sevomin.Models { public class SignupViewModel { + [Required(ErrorMessage = "برای آشنایی بیشتر ما با شما لطفا نام خود را وارد کنید.")] public string DisplayName { get; set; } + + [Required(ErrorMessage = "ورود {0} الزامی است.")] + [DisplayName("ایمیل")] + [EmailValidation(ErrorMessage = "لطفا ایمیل معتبر وارد نمایید.")] + [RegularExpression(@"^([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*[\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+@((((([a-zA-Z0-9]{1}[a-zA-Z0-9\-]{0,62}[a-zA-Z0-9]{1})|[a-zA-Z])\.)+[a-zA-Z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)$", ErrorMessage = "لطفا ایمیل معتبر وارد کنید.")] + [Remote("CheckUsername", "Account")] public string Email { get; set; } + + [Required(ErrorMessage="ورود {0} الزامی است.")] + [DisplayName("کلمه عبور")] public string Password { get; set; } + public bool IsAvalin { get; set; } } } diff --git a/Sevomin.WebFrontend.Controllers/AccountController.cs b/Sevomin.WebFrontend.Controllers/AccountController.cs index 3d57ae3..dcd8a53 100644 --- a/Sevomin.WebFrontend.Controllers/AccountController.cs +++ b/Sevomin.WebFrontend.Controllers/AccountController.cs @@ -18,7 +18,8 @@ namespace Sevomin.WebFrontend.Controllers public AccountController(UserManager userManager) { - UserManager = userManager; + UserManager = userManager; + UserManager.UserValidator = new Sevomin.Models.Helpers.SevominUserValidator(); } public UserManager UserManager { get; private set; } @@ -32,6 +33,7 @@ namespace Sevomin.WebFrontend.Controllers } [HttpPost] + [ValidateAntiForgeryToken] public async Task Signup(SignupViewModel model) { User user; @@ -43,10 +45,10 @@ namespace Sevomin.WebFrontend.Controllers else { int spaceIndex = model.DisplayName.IndexOf(' '); - user = new Dovomin(model.Email, model.DisplayName.Substring(0, spaceIndex), model.DisplayName.Substring(spaceIndex + 1)); + user = new Dovomin(model.Email, model.DisplayName, string.Empty); user.SignUpDate = DateTime.UtcNow; } - var result = await UserManager.CreateAsync(user); + var result = await UserManager.CreateAsync(user, model.Password); if (result.Succeeded) { await SignInAsync(user, isPersistent: false); @@ -57,16 +59,30 @@ namespace Sevomin.WebFrontend.Controllers AddErrors(result); } - return View(model); + return View("Intro", model); } + + public async Task CheckUsername(string Email) + { + bool result = (await UserManager.FindByNameAsync(Email)) == null; + if(result) + return Json(true, JsonRequestBehavior.AllowGet); + + return Json("این ایمیل قبلا در سایت استفاده شده. کلمه عبور خود را فراموش کرده اید؟", JsonRequestBehavior.AllowGet); + } + public ActionResult Login(string returnUrl) { + if(Request.IsAuthenticated) + return RedirectToAction("Index", "Home"); + ViewBag.ReturnUrl = returnUrl; return View(); } [HttpPost] + [ValidateAntiForgeryToken] public async Task Login(LoginViewModel model, string returnUrl) { if (ModelState.IsValid) @@ -74,12 +90,12 @@ namespace Sevomin.WebFrontend.Controllers var user = await UserManager.FindAsync(model.Username, model.Password); if (user != null) { - await SignInAsync(user, model.RememberMe); + await SignInAsync(user, true); return RedirectToLocal(returnUrl); } else { - ModelState.AddModelError("", "Invalid username or password."); + ModelState.AddModelError("", "نام کاربری و یا کلمه عبور وارد شده صحیح نمی باشد."); } } @@ -87,6 +103,14 @@ namespace Sevomin.WebFrontend.Controllers return View(model); } + + public ActionResult Logout() + { + AuthenticationManager.SignOut(); + return RedirectToAction("Index", "Home"); + } + + private async Task SignInAsync(User user, bool isPersistent) { AuthenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie); diff --git a/Sevomin.WebFrontend.Controllers/HomeController.cs b/Sevomin.WebFrontend.Controllers/HomeController.cs index 95537e1..1d4120b 100644 --- a/Sevomin.WebFrontend.Controllers/HomeController.cs +++ b/Sevomin.WebFrontend.Controllers/HomeController.cs @@ -6,7 +6,10 @@ namespace Sevomin.WebFrontend.Controllers { public ActionResult Index() { - return View(); + if (!Request.IsAuthenticated) + return View("Intro"); + else + return View("Intro"); } } diff --git a/Sevomin.WebFrontend/App_Start/Startup.cs b/Sevomin.WebFrontend/App_Start/Startup.cs new file mode 100644 index 0000000..306b30f --- /dev/null +++ b/Sevomin.WebFrontend/App_Start/Startup.cs @@ -0,0 +1,43 @@ +using Microsoft.AspNet.Identity; +using Microsoft.Owin; +using Microsoft.Owin.Security.Cookies; +using Owin; + +namespace Sevomin.WebFrontend +{ + public class Startup + { + public void Configuration(IAppBuilder app) + { + ConfigureAuth(app); + } + + // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864 + public void ConfigureAuth(IAppBuilder app) + { + // Enable the application to use a cookie to store information for the signed in user + app.UseCookieAuthentication(new CookieAuthenticationOptions + { + AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, + LoginPath = new PathString("/Account/Login") + }); + // Use a cookie to temporarily store information about a user logging in with a third party login provider + app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); + + // Uncomment the following lines to enable logging in with third party login providers + //app.UseMicrosoftAccountAuthentication( + // clientId: "", + // clientSecret: ""); + + //app.UseTwitterAuthentication( + // consumerKey: "", + // consumerSecret: ""); + + //app.UseFacebookAuthentication( + // appId: "", + // appSecret: ""); + + //app.UseGoogleAuthentication(); + } + } +} \ No newline at end of file diff --git a/Sevomin.WebFrontend/Content/common.css b/Sevomin.WebFrontend/Content/common.css new file mode 100644 index 0000000..edb89ad --- /dev/null +++ b/Sevomin.WebFrontend/Content/common.css @@ -0,0 +1,36 @@ +@font-face { + font-family: 'Koodak'; + src: url('/fonts/BKoodakBold.eot?#') format('eot'), /* IE6–8 */ + url('/fonts/BKoodakBold.woff') format('woff'), /* FF3.6+, IE9, Chrome6+, Saf5.1+*/ + url('/fonts/BKoodakBold.ttf') format('truetype'); /* Saf3—5, Chrome4+, FF3.5, Opera 10+ */ +} @font-face { + font-family: 'Yekan'; + src: url('/fonts/BYekan.eot?#') format('eot'), /* IE6–8 */ + url('/fonts/BYekan.woff') format('woff'), /* FF3.6+, IE9, Chrome6+, Saf5.1+*/ + url('/fonts/BYekan.ttf') format('truetype'); /* Saf3—5, Chrome4+, FF3.5, Opera 10+ */ +} + +body{ + font-family: Yekan, "Helvetica Neue",Helvetica,Arial,sans-serif; +} + +h1, h2, h3, h4, h5, h6, .h1, .h2, .h3, .h4, .h5, .h6{ + font-family: Koodak, "Helvetica Neue",Helvetica,Arial,sans-serif; +} + +.rtl{ + direction: rtl; + text-align: right; +} + +.ltr{ + direction: ltr; + text-align: left; +} + +.pull-right{ + float: right; +} +.pull-left{ + float: left; +} \ No newline at end of file diff --git a/Sevomin.WebFrontend/Content/forms.css b/Sevomin.WebFrontend/Content/forms.css new file mode 100644 index 0000000..951e98a --- /dev/null +++ b/Sevomin.WebFrontend/Content/forms.css @@ -0,0 +1,18 @@ +button, label{ + font-family: Koodak; +} +label{ + font-size: 1.5em; +} + +.input-validation-error{ + border-color: #ee4646; +} +.field-validation-valid{ + display: inline-block; + min-height: 1.3em; +} +.field-validation-error{ + font-family: Koodak; + font-size: 1.2em; +} \ No newline at end of file diff --git a/Sevomin.WebFrontend/Scripts/sevomin-ui.js b/Sevomin.WebFrontend/Scripts/sevomin-ui.js new file mode 100644 index 0000000..822c91d --- /dev/null +++ b/Sevomin.WebFrontend/Scripts/sevomin-ui.js @@ -0,0 +1,4 @@ +// This file depends heavily on jquery and jquery validation. So be nice and include them on the page. +$(function () { + $('form').validate(); +}); \ No newline at end of file diff --git a/Sevomin.WebFrontend/Sevomin.WebFrontend.csproj b/Sevomin.WebFrontend/Sevomin.WebFrontend.csproj index e39d429..97d4394 100644 --- a/Sevomin.WebFrontend/Sevomin.WebFrontend.csproj +++ b/Sevomin.WebFrontend/Sevomin.WebFrontend.csproj @@ -38,7 +38,38 @@ 4 + + False + ..\packages\Microsoft.AspNet.Identity.Core.2.0.0\lib\net45\Microsoft.AspNet.Identity.Core.dll + + + False + ..\packages\Microsoft.AspNet.Identity.Owin.2.0.0\lib\net45\Microsoft.AspNet.Identity.Owin.dll + + + False + ..\packages\Microsoft.Owin.2.1.0\lib\net45\Microsoft.Owin.dll + + + False + ..\packages\Microsoft.Owin.Security.2.1.0\lib\net45\Microsoft.Owin.Security.dll + + + False + ..\packages\Microsoft.Owin.Security.Cookies.2.1.0\lib\net45\Microsoft.Owin.Security.Cookies.dll + + + False + ..\packages\Microsoft.Owin.Security.OAuth.2.1.0\lib\net45\Microsoft.Owin.Security.OAuth.dll + + + ..\packages\Newtonsoft.Json.4.5.11\lib\net40\Newtonsoft.Json.dll + + + False + ..\packages\Owin.1.0\lib\net40\Owin.dll + @@ -85,11 +116,19 @@ + + + + + + + + @@ -100,10 +139,12 @@ + + Global.asax @@ -113,10 +154,11 @@ - + - + + Web.config @@ -134,7 +176,9 @@ Sevomin.WebFrontend.Controllers - + + + 10.0 $(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion) diff --git a/Sevomin.WebFrontend/Views/Account/Login.cshtml b/Sevomin.WebFrontend/Views/Account/Login.cshtml new file mode 100644 index 0000000..d6de565 --- /dev/null +++ b/Sevomin.WebFrontend/Views/Account/Login.cshtml @@ -0,0 +1,49 @@ +@model Sevomin.Models.LoginViewModel + +@{ + ViewBag.Title = "ورود به سومین"; +} + +
+

ورود به سومین

+
+

+ @Html.ValidationSummary() +

+ @using (Html.BeginForm("Login", "Account", FormMethod.Post, new { role = "form" })) + { + @Html.AntiForgeryToken() +
+ +
+ @Html.LabelFor(model => model.Username, new { @class = "control-label" }) +
+ @Html.TextBoxFor(model => model.Username, new { @class = "form-control ltr" }) + @Html.ValidationMessageFor(model => model.Username) +
+
+ +
+ @Html.LabelFor(model => model.Password, new { @class = "control-label" }) +
+ @Html.PasswordFor(model => model.Password, new { @class = "form-control ltr" }) + @Html.ValidationMessageFor(model => model.Password) +
+
+ +
+
+ +
+
+
+ } +
+
+

+ لورم ایپسوم متنی است که ساختگی برای طراحی و چاپ آن مورد است. صنعت چاپ زمانی لازم بود شرایطی شما باید فکر ثبت نام و طراحی، لازمه خروج می باشد. در ضمن قاعده همفکری ها جوابگوی سئوالات زیاد شاید باشد، آنچنان که لازم بود طراحی گرافیکی خوب بود. کتابهای زیادی شرایط سخت ، دشوار و کمی در سالهای دور لازم است. هدف از این نسخه فرهنگ پس از آن و دستاوردهای خوب شاید باشد. حروفچینی لازم در شرایط فعلی لازمه تکنولوژی بود که گذشته، حال و آینده را شامل گردد. سی و پنج درصد از طراحان در قرن پانزدهم میبایست پرینتر در ستون و سطر حروف لازم است، بلکه شناخت این ابزار گاه اساسا بدون هدف بود و سئوالهای زیادی در گذشته بوجود می آید، تنها لازمه آن بود. + +لورم ایپسوم متنی است که ساختگی برای طراحی و چاپ آن مورد است. صنعت چاپ زمانی لازم بود شرایطی شما باید فکر ثبت نام و طراحی، لازمه خروج می باشد. در ضمن قاعده همفکری ها جوابگوی سئوالات زیاد شاید باشد، آنچنان که لازم بود طراحی گرافیکی خوب بود. کتابهای زیادی شرایط سخت ، دشوار و کمی در سالهای دور لازم است. هدف از این نسخه فرهنگ پس از آن و دستاوردهای خوب شاید باشد. حروفچینی لازم در شرایط فعلی لازمه تکنولوژی بود که گذشته، حال و آینده را شامل گردد. سی و پنج درصد از طراحان در قرن پانزدهم میبایست پرینتر در ستون و سطر حروف لازم است، بلکه شناخت این ابزار گاه اساسا بدون هدف بود و سئوالهای زیادی در گذشته بوجود می آید، تنها لازمه آن بود. +

+
+
\ No newline at end of file diff --git a/Sevomin.WebFrontend/Views/Home/Index.cshtml b/Sevomin.WebFrontend/Views/Home/Index.cshtml deleted file mode 100644 index 9bcbc3a..0000000 --- a/Sevomin.WebFrontend/Views/Home/Index.cshtml +++ /dev/null @@ -1,18 +0,0 @@ -@{ - Layout = null; -} - - - - - - سومین: مرکز کاریابی برنامه‌ریزی و کنترل پروژه - - - -
- @{Html.RenderPartial("Signup");} -
- - - diff --git a/Sevomin.WebFrontend/Views/Shared/Intro.cshtml b/Sevomin.WebFrontend/Views/Shared/Intro.cshtml new file mode 100644 index 0000000..90eab16 --- /dev/null +++ b/Sevomin.WebFrontend/Views/Shared/Intro.cshtml @@ -0,0 +1,25 @@ +@{ + Layout = null; +} + + + + + + سومین: مرکز کاریابی برنامه‌ریزی و کنترل پروژه + + + + + + +
+ @{Html.RenderPartial("IntroSignup");} +
+ + + + + + + diff --git a/Sevomin.WebFrontend/Views/Home/Signup.cshtml b/Sevomin.WebFrontend/Views/Shared/IntroSignup.cshtml similarity index 56% rename from Sevomin.WebFrontend/Views/Home/Signup.cshtml rename to Sevomin.WebFrontend/Views/Shared/IntroSignup.cshtml index afcda9c..38bb595 100644 --- a/Sevomin.WebFrontend/Views/Home/Signup.cshtml +++ b/Sevomin.WebFrontend/Views/Shared/IntroSignup.cshtml @@ -1,41 +1,54 @@ @model Sevomin.Models.SignupViewModel
-
+ @if (!ViewData.ModelState.IsValid) { +
+ @Html.ValidationSummary(true) +
+ } +
@using (Html.BeginForm("Signup", "Account", FormMethod.Post, new { role = "form" })) { + @Html.AntiForgeryToken()
@Html.LabelFor(m => m.Email) - @Html.TextBoxFor(m => m.Email, new { @class = "form-control" }) + @Html.TextBoxFor(m => m.Email, new { @class = "form-control ltr" }) + @Html.ValidationMessageFor(m => m.Email)
- @Html.LabelFor(m => m.DisplayName) - @Html.TextBoxFor(m => m.DisplayName, new { @class = "form-control" }) + @Html.Label("نام شرکت") + @Html.TextBoxFor(m => m.DisplayName, new { @class = "form-control" }) + @Html.ValidationMessageFor(m => m.DisplayName)
@Html.LabelFor(m => m.Password) - @Html.PasswordFor(m => m.Password, new { @class = "form-control" }) + @Html.PasswordFor(m => m.Password, new { @class = "form-control ltr" }) + @Html.ValidationMessageFor(m => m.Password)
@Html.Hidden("IsAvalin", "true") - + }
-
+
@using (Html.BeginForm("Signup", "Account", FormMethod.Post, new { role = "form" })) { + @Html.AntiForgeryToken()
@Html.LabelFor(m => m.Email) - @Html.TextBoxFor(m => m.Email, new { @class = "form-control" }) + @Html.TextBoxFor(m => m.Email, new { @class = "form-control ltr" }) + @Html.ValidationMessageFor(m => m.Email)
- @Html.LabelFor(m => m.DisplayName) + @Html.Label("نام و نام خانوادگی") @Html.TextBoxFor(m => m.DisplayName, new { @class = "form-control" }) + @Html.ValidationMessageFor(m => m.DisplayName)
@Html.LabelFor(m => m.Password) - @Html.PasswordFor(m => m.Password, new { @class = "form-control" }) + @Html.PasswordFor(m => m.Password, new { @class = "form-control ltr" }) + @Html.ValidationMessageFor(m => m.Password)
@Html.Hidden("IsAvalin", "false") - + }
diff --git a/Sevomin.WebFrontend/Views/Shared/_Layout.cshtml b/Sevomin.WebFrontend/Views/Shared/_Layout.cshtml index 583feb0..12a7c2a 100644 --- a/Sevomin.WebFrontend/Views/Shared/_Layout.cshtml +++ b/Sevomin.WebFrontend/Views/Shared/_Layout.cshtml @@ -2,12 +2,21 @@ - + سومین: مرکز کاریابی برنامه‌ریزی و کنترل پروژه - @ViewBag.Title + + + + -
+
@RenderBody()
+ + + + + diff --git a/Sevomin.WebFrontend/Web.config b/Sevomin.WebFrontend/Web.config index de43b08..06c94d0 100644 --- a/Sevomin.WebFrontend/Web.config +++ b/Sevomin.WebFrontend/Web.config @@ -8,7 +8,7 @@
- + @@ -26,7 +26,7 @@ - + @@ -46,11 +46,11 @@ - + - + diff --git a/Sevomin.WebFrontend/fonts/BKoodakBold.eot b/Sevomin.WebFrontend/fonts/BKoodakBold.eot new file mode 100644 index 0000000..efc213e Binary files /dev/null and b/Sevomin.WebFrontend/fonts/BKoodakBold.eot differ diff --git a/Sevomin.WebFrontend/fonts/BKoodakBold.ttf b/Sevomin.WebFrontend/fonts/BKoodakBold.ttf new file mode 100644 index 0000000..35ae332 Binary files /dev/null and b/Sevomin.WebFrontend/fonts/BKoodakBold.ttf differ diff --git a/Sevomin.WebFrontend/fonts/BKoodakBold.woff b/Sevomin.WebFrontend/fonts/BKoodakBold.woff new file mode 100644 index 0000000..7d1e466 Binary files /dev/null and b/Sevomin.WebFrontend/fonts/BKoodakBold.woff differ diff --git a/Sevomin.WebFrontend/fonts/BYekan.eot b/Sevomin.WebFrontend/fonts/BYekan.eot new file mode 100644 index 0000000..1e032e2 Binary files /dev/null and b/Sevomin.WebFrontend/fonts/BYekan.eot differ diff --git a/Sevomin.WebFrontend/fonts/BYekan.ttf b/Sevomin.WebFrontend/fonts/BYekan.ttf new file mode 100644 index 0000000..d96a729 Binary files /dev/null and b/Sevomin.WebFrontend/fonts/BYekan.ttf differ diff --git a/Sevomin.WebFrontend/fonts/BYekan.woff b/Sevomin.WebFrontend/fonts/BYekan.woff new file mode 100644 index 0000000..bf95c57 Binary files /dev/null and b/Sevomin.WebFrontend/fonts/BYekan.woff differ diff --git a/Sevomin.WebFrontend/packages.config b/Sevomin.WebFrontend/packages.config index 9951d74..ef3aff1 100644 --- a/Sevomin.WebFrontend/packages.config +++ b/Sevomin.WebFrontend/packages.config @@ -3,10 +3,18 @@ + + + + + + + + \ No newline at end of file diff --git a/packages/Microsoft.AspNet.Identity.Owin.2.0.0/Microsoft.AspNet.Identity.Owin.2.0.0.nupkg b/packages/Microsoft.AspNet.Identity.Owin.2.0.0/Microsoft.AspNet.Identity.Owin.2.0.0.nupkg new file mode 100644 index 0000000..339a810 Binary files /dev/null and b/packages/Microsoft.AspNet.Identity.Owin.2.0.0/Microsoft.AspNet.Identity.Owin.2.0.0.nupkg differ diff --git a/packages/Microsoft.AspNet.Identity.Owin.2.0.0/Microsoft.AspNet.Identity.Owin.2.0.0.nuspec b/packages/Microsoft.AspNet.Identity.Owin.2.0.0/Microsoft.AspNet.Identity.Owin.2.0.0.nuspec new file mode 100644 index 0000000..69a998f --- /dev/null +++ b/packages/Microsoft.AspNet.Identity.Owin.2.0.0/Microsoft.AspNet.Identity.Owin.2.0.0.nuspec @@ -0,0 +1,24 @@ + + + + Microsoft.AspNet.Identity.Owin + 2.0.0 + Microsoft ASP.NET Identity Owin + Microsoft + Microsoft + http://www.microsoft.com/web/webpi/eula/aspnetcomponent_rtw_ENU.htm + true + Owin implementation for ASP.NET Identity. + Owin implementation for ASP.NET Identity. + + © Microsoft Corporation. All rights reserved. + + Identity Membership + + + + + + + + \ No newline at end of file diff --git a/packages/Microsoft.AspNet.Identity.Owin.2.0.0/lib/net45/Microsoft.AspNet.Identity.Owin.dll b/packages/Microsoft.AspNet.Identity.Owin.2.0.0/lib/net45/Microsoft.AspNet.Identity.Owin.dll new file mode 100644 index 0000000..c586452 Binary files /dev/null and b/packages/Microsoft.AspNet.Identity.Owin.2.0.0/lib/net45/Microsoft.AspNet.Identity.Owin.dll differ diff --git a/packages/Microsoft.AspNet.Identity.Owin.2.0.0/lib/net45/Microsoft.AspNet.Identity.Owin.xml b/packages/Microsoft.AspNet.Identity.Owin.2.0.0/lib/net45/Microsoft.AspNet.Identity.Owin.xml new file mode 100644 index 0000000..3d23eed --- /dev/null +++ b/packages/Microsoft.AspNet.Identity.Owin.2.0.0/lib/net45/Microsoft.AspNet.Identity.Owin.xml @@ -0,0 +1,397 @@ + + + + Microsoft.AspNet.Identity.Owin + + + + + OwinMiddleware that initializes an object for use in the OwinContext via the Get/Set generic extensions method + + + + + + + Constructor + + The next middleware in the OWIN pipeline to invoke + Configuration options for the middleware + + + + Create an object using the Options.Provider, storing it in the OwinContext and then disposes the object when finished + + + + + + + Configuration options + + + + + Configuration options for a IdentityFactoryMiddleware + + + + + + Used to configure the data protection provider + + + + + Provider used to Create and Dispose objects + + + + + Interface used to create objects per request + + + + + + Called once per request to create an object + + + + + + + + Called at the end of the request to dispose the object created + + + + + + + Used to configure how the IdentityFactoryMiddleware will create an instance of the specified type for each OwinContext + + + + + + Constructor + + + + + Calls the OnCreate Delegate + + + + + + + + Calls the OnDispose delegate + + + + + + + A delegate assigned to this property will be invoked when the related method is called + + + + + A delegate assigned to this property will be invoked when the related method is called + + + + + Token provider that uses an IDataProtector to generate encrypted tokens based off of the security stamp + + + + + Token provider that uses an IDataProtector to generate encrypted tokens based off of the security stamp + + + + + Constructor + + + + + + Generate a protected string for a user + + + + + + + + + Return false if the token is not valid + + + + + + + + + + Returns true if the provider can be used to generate tokens for this user + + + + + + + + This provider no-ops by default when asked to notify a user + + + + + + + + + IDataProtector for the token + + + + + Lifespan after which the token is considered expired + + + + + Constructor + + + + + + Extensions off of IAppBuilder to make it easier to configure the SignInCookies + + + + + Registers a callback that will be invoked to create an instance of type T that will be stored in the OwinContext + which can fetched via context.Get + + + The passed to the configuration method + Invoked to create an instance of T + The updated + + + + Registers a callback that will be invoked to create an instance of type T that will be stored in the OwinContext + which can fetched via context.Get + + + + + + + + + Configure the app to use owin middleware based cookie authentication for external identities + + + + + + Configure the app to use owin middleware based cookie authentication for external identities + + + + + + + Configures a cookie intended to be used to store the partial credentials for two factor authentication + + + + + + + + Configures a cookie intended to be used to store whether two factor authentication has been done already + + + + + + + Configure the app to use owin middleware based oauth bearer tokens + + + + + + + Extensions methods on IAuthenticationManager that add methods for using the default Application and External + authentication type constants + + + + + Return the authentication types which are considered external because they have captions + + + + + + + Return the identity associated with the default external authentication type + + + + + + Extracts login info out of an external identity + + + + + + + Extracts login info out of an external identity + + + + + + + Extracts login info out of an external identity + + + key that will be used to find the userId to verify + + the value expected to be found using the xsrfKey in the AuthenticationResult.Properties + dictionary + + + + + + Extracts login info out of an external identity + + + key that will be used to find the userId to verify + + the value expected to be found using the xsrfKey in the AuthenticationResult.Properties + dictionary + + + + + + Returns true if there is a TwoFactorRememberBrowser cookie for a user + + + + + + + + Creates a TwoFactorRememberBrowser cookie for a user + + + + + + + + Extension methods for OwinContext/> + + + + + Stores an object in the OwinContext using a key based on the AssemblyQualified type name + + + + + + + + + Retrieves an object from the OwinContext using a key based on the AssemblyQualified type name + + + + + + + + Get the user manager from the context + + + + + + + + Used to return information needed to associate an external login + + + + + Associated login data + + + + + Suggested user name for a user + + + + + Email claim from the external identity + + + + + The external identity + + + + + Static helper class used to configure a CookieAuthenticationProvider to validate a cookie against a user's security + stamp + + + + + Can be used as the ValidateIdentity method for a CookieAuthenticationProvider which will check a user's security + stamp after validateInterval + Rejects the identity if the stamp changes, and otherwise will call regenerateIdentity to sign in a new + ClaimsIdentity + + + + + + + + + + Can be used as the ValidateIdentity method for a CookieAuthenticationProvider which will check a user's security + stamp after validateInterval + Rejects the identity if the stamp changes, and otherwise will call regenerateIdentity to sign in a new + ClaimsIdentity + + + + + + + + + + + diff --git a/packages/Microsoft.Owin.Security.2.1.0/Microsoft.Owin.Security.2.1.0.nupkg b/packages/Microsoft.Owin.Security.2.1.0/Microsoft.Owin.Security.2.1.0.nupkg new file mode 100644 index 0000000..4e3c3f5 Binary files /dev/null and b/packages/Microsoft.Owin.Security.2.1.0/Microsoft.Owin.Security.2.1.0.nupkg differ diff --git a/packages/Microsoft.Owin.Security.2.1.0/Microsoft.Owin.Security.2.1.0.nuspec b/packages/Microsoft.Owin.Security.2.1.0/Microsoft.Owin.Security.2.1.0.nuspec new file mode 100644 index 0000000..96dc496 --- /dev/null +++ b/packages/Microsoft.Owin.Security.2.1.0/Microsoft.Owin.Security.2.1.0.nuspec @@ -0,0 +1,22 @@ + + + + Microsoft.Owin.Security + 2.1.0 + Microsoft.Owin.Security + Microsoft + Microsoft + http://www.microsoft.com/web/webpi/eula/aspnetcomponent_rtw_enu.htm + http://katanaproject.codeplex.com/ + true + Common types which are shared by the various authentication middleware components. + + + + Microsoft OWIN Katana + + + + + + \ No newline at end of file diff --git a/packages/Microsoft.Owin.Security.2.1.0/lib/net45/Microsoft.Owin.Security.XML b/packages/Microsoft.Owin.Security.2.1.0/lib/net45/Microsoft.Owin.Security.XML new file mode 100644 index 0000000..b20db1b --- /dev/null +++ b/packages/Microsoft.Owin.Security.2.1.0/lib/net45/Microsoft.Owin.Security.XML @@ -0,0 +1,452 @@ + + + + Microsoft.Owin.Security + + + + + Provides extensions methods for app.Property values that are only needed by implementations of authentication middleware. + + + + + Returns the previously set AuthenticationType that external sign in middleware should use when the + browser navigates back to their return url. + + App builder passed to the application startup code + + + + + Called by middleware to change the name of the AuthenticationType that external middleware should use + when the browser navigates back to their return url. + + App builder passed to the application startup code + AuthenticationType that external middleware should sign in as. + + + + Controls the behavior of authentication middleware + + + + + In Active mode the authentication middleware will alter the user identity as the request arrives, and + will also alter a plain 401 as the response leaves. + + + + + In Passive mode the authentication middleware will only provide user identity when asked, and will only + alter 401 responses where the authentication type named in the extra challenge data. + + + + + Base Options for all authentication middleware + + + + + Initialize properties of AuthenticationOptions base class + + Assigned to the AuthenticationType property + + + + The AuthenticationType in the options corresponds to the IIdentity AuthenticationType property. A different + value may be assigned in order to use the same authentication middleware type more than once in a pipeline. + + + + + If Active the authentication middleware alter the request user coming in and + alter 401 Unauthorized responses going out. If Passive the authentication middleware will only provide + identity and alter responses when explicitly indicated by the AuthenticationType. + + + + + Additional information about the authentication type which is made available to the application. + + + + + String constants used only by the Security assembly + + + + + Used by middleware extension methods to coordinate the default value Options property SignInAsAuthenticationType + + + + + Factory used to create IDataProtection instances + + + + + Returns a new instance of IDataProtection for the provider. + + Additional entropy used to ensure protected data may only be unprotected for the correct purposes. + An instance of a data protection service + + + + Service used to protect and unprotect data + + + + + Called to protect user data. + + The original data that must be protected + A different byte array that may be unprotected or altered only by software that has access to + the an identical IDataProtection service. + + + + Called to unprotect user data + + The byte array returned by a call to Protect on an identical IDataProtection service. + The byte array identical to the original userData passed to Protect. + + + + Base class for the per-request work performed by most authentication middleware. + + Specifies which type for of AuthenticationOptions property + + + + Base class for the per-request work performed by most authentication middleware. + + + + + Called once per request after Initialize and Invoke. + + async completion + + + + Called once by common code after initialization. If an authentication middleware responds directly to + specifically known paths it must override this virtual, compare the request path to it's known paths, + provide any response information as appropriate, and true to stop further processing. + + Returning false will cause the common code to call the next middleware in line. Returning true will + cause the common code to begin the async completion journey without calling the rest of the middleware + pipeline. + + + + Causes the authentication logic in AuthenticateCore to be performed for the current request + at most once and returns the results. Calling Authenticate more than once will always return + the original value. + + This method should always be called instead of calling AuthenticateCore directly. + + The ticket data provided by the authentication logic + + + + The core authentication logic which must be provided by the handler. Will be invoked at most + once per request. Do not call directly, call the wrapping Authenticate method instead. + + The ticket data provided by the authentication logic + + + + Causes the ApplyResponseCore to be invoked at most once per request. This method will be + invoked either earlier, when the response headers are sent as a result of a response write or flush, + or later, as the last step when the original async call to the middleware is returning. + + + + + + Core method that may be overridden by handler. The default behavior is to call two common response + activities, one that deals with sign-in/sign-out concerns, and a second to deal with 401 challenges. + + + + + + Override this method to dela with sign-in/sign-out concerns, if an authentication scheme in question + deals with grant/revoke as part of it's request flow. (like setting/deleting cookies) + + + + + + Override this method to dela with 401 challenge concerns, if an authentication scheme in question + deals an authentication interaction as part of it's request flow. (like adding a response header, or + changing the 401 result to 302 of a login page or external sign-in location.) + + + + + + Initialize is called once per request to contextualize this instance with appropriate state. + + The original options passed by the application control behavior + The utility object to observe the current request and response + async completion + + + + Contains user identity information as well as additional authentication state. + + + + + Initializes a new instance of the class + + + + + + + Gets the authenticated user identity. + + + + + Additional state values for the authentication session. + + + + + Interface for providing pinned certificate validation, which checks HTTPS + communication against a known good list of certificates to protect against + compromised or rogue CAs issuing certificates for hosts without the + knowledge of the host owner. + + + + + Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication. + + An object that contains state information for this validation. + The certificate used to authenticate the remote party. + The chain of certificate authorities associated with the remote certificate. + One or more errors associated with the remote certificate. + A Boolean value that determines whether the specified certificate is accepted for authentication. + + + + Provides pinned certificate validation based on the certificate thumbprint. + + + + + Initializes a new instance of the class. + + A set of thumbprints which are valid for an HTTPS request. + + + + Validates that the certificate thumbprints in the signing chain match at least one whitelisted thumbprint. + + An object that contains state information for this validation. + The certificate used to authenticate the remote party. + The chain of certificate authorities associated with the remote certificate. + One or more errors associated with the remote certificate. + A Boolean value that determines whether the specified certificate is accepted for authentication. + + + + Used to provide the data protection services that are derived from the Data Protection API. It is the best choice of + data protection when you application is not hosted by ASP.NET and all processes are running as the same domain identity. + + + + + Initializes a new DpapiDataProtectionProvider with a random application + name. This is only useful to protect data for the duration of the + current application execution. + + + + + Initializes a new DpapiDataProtectionProvider which uses the given + appName as part of the protection algorithm + + A user provided value needed to round-trip secured + data. The default value comes from the IAppBuilder.Properties["owin.AppName"] + when self-hosted. + + + + Returns a new instance of IDataProtection for the provider. + + Additional entropy used to ensure protected data may only be unprotected for the correct purposes. + An instance of a data protection service + + + + Helper code used when implementing authentication middleware + + + + + Helper code used when implementing authentication middleware + + + + + + Add an additional ClaimsIdentity to the ClaimsPrincipal in the "server.User" environment key + + + + + + Find response challenge details for a specific authentication middleware + + The authentication type to look for + The authentication mode the middleware is running under + The information instructing the middleware how it should behave + + + + Find response sign-in details for a specific authentication middleware + + The authentication type to look for + The information instructing the middleware how it should behave + + + + Find response sign-out details for a specific authentication middleware + + The authentication type to look for + The authentication mode the middleware is running under + The information instructing the middleware how it should behave + + + + Base class used for certain event contexts + + + + + Base class used for certain event contexts + + + + + Creates an instance of this context + + + + + Prevents the request from being processed further by other components. + IsRequestCompleted becomes true after calling. + + + + + True if the request should not be processed further by other components. + + + + + A strongly-typed resource class, for looking up localized strings, etc. + + + + + Returns the cached ResourceManager instance used by this class. + + + + + Overrides the current thread's CurrentUICulture property for all + resource lookups using this strongly typed resource class. + + + + + Looks up a localized string similar to The AuthenticationTokenProvider's required synchronous events have not been registered.. + + + + + Looks up a localized string similar to The default data protection provider may only be used when the IAppBuilder.Properties contains an appropriate 'host.AppName' key.. + + + + + Looks up a localized string similar to A default value for SignInAsAuthenticationType was not found in IAppBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing.. + + + + + Looks up a localized string similar to The state passed to UnhookAuthentication may only be the return value from HookAuthentication.. + + + + + Provides pinned certificate validation based on the subject key identifier of the certificate. + + + + + Initializes a new instance of the class. + + A set of subject key identifiers which are valid for an HTTPS request. + + + + Verifies the remote Secure Sockets Layer (SSL) certificate used for authentication. + + An object that contains state information for this validation. + The certificate used to authenticate the remote party. + The chain of certificate authorities associated with the remote certificate. + One or more errors associated with the remote certificate. + A Boolean value that determines whether the specified certificate is accepted for authentication. + + + + The algorithm used to generate the subject public key information blob hashes. + + + + + Implements a cert pinning validator passed on + http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/?include_text=1 + + + + + Initializes a new instance of the class. + + A collection of valid base64 encoded hashes of the certificate public key information blob. + The algorithm used to generate the hashes. + + + + Validates at least one SPKI hash is known. + + An object that contains state information for this validation. + The certificate used to authenticate the remote party. + The chain of certificate authorities associated with the remote certificate. + One or more errors associated with the remote certificate. + A Boolean value that determines whether the specified certificate is accepted for authentication. + + + + Encodes a structure of the type indicated by the value of the lpszStructType parameter. + + Type of encoding used. + The high-order word is zero, the low-order word specifies the integer identifier for the type of the specified structure so + we can use the constants in http://msdn.microsoft.com/en-us/library/windows/desktop/aa378145%28v=vs.85%29.aspx + A pointer to the structure to be encoded. + A pointer to a buffer to receive the encoded structure. This parameter can be NULL to retrieve the size of this information for memory allocation purposes. + A pointer to a DWORD variable that contains the size, in bytes, of the buffer pointed to by the pbEncoded parameter. + + + + diff --git a/packages/Microsoft.Owin.Security.2.1.0/lib/net45/Microsoft.Owin.Security.dll b/packages/Microsoft.Owin.Security.2.1.0/lib/net45/Microsoft.Owin.Security.dll new file mode 100644 index 0000000..e44dc6a Binary files /dev/null and b/packages/Microsoft.Owin.Security.2.1.0/lib/net45/Microsoft.Owin.Security.dll differ diff --git a/packages/Microsoft.Owin.Security.Cookies.2.1.0/Microsoft.Owin.Security.Cookies.2.1.0.nupkg b/packages/Microsoft.Owin.Security.Cookies.2.1.0/Microsoft.Owin.Security.Cookies.2.1.0.nupkg new file mode 100644 index 0000000..9ae63e1 Binary files /dev/null and b/packages/Microsoft.Owin.Security.Cookies.2.1.0/Microsoft.Owin.Security.Cookies.2.1.0.nupkg differ diff --git a/packages/Microsoft.Owin.Security.Cookies.2.1.0/Microsoft.Owin.Security.Cookies.2.1.0.nuspec b/packages/Microsoft.Owin.Security.Cookies.2.1.0/Microsoft.Owin.Security.Cookies.2.1.0.nuspec new file mode 100644 index 0000000..c91846b --- /dev/null +++ b/packages/Microsoft.Owin.Security.Cookies.2.1.0/Microsoft.Owin.Security.Cookies.2.1.0.nuspec @@ -0,0 +1,23 @@ + + + + Microsoft.Owin.Security.Cookies + 2.1.0 + Microsoft.Owin.Security.Cookies + Microsoft + Microsoft + http://www.microsoft.com/web/webpi/eula/aspnetcomponent_rtw_enu.htm + http://katanaproject.codeplex.com/ + true + Middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication. + + + + Microsoft OWIN Katana + + + + + + + \ No newline at end of file diff --git a/packages/Microsoft.Owin.Security.Cookies.2.1.0/lib/net45/Microsoft.Owin.Security.Cookies.dll b/packages/Microsoft.Owin.Security.Cookies.2.1.0/lib/net45/Microsoft.Owin.Security.Cookies.dll new file mode 100644 index 0000000..a16a29a Binary files /dev/null and b/packages/Microsoft.Owin.Security.Cookies.2.1.0/lib/net45/Microsoft.Owin.Security.Cookies.dll differ diff --git a/packages/Microsoft.Owin.Security.Cookies.2.1.0/lib/net45/Microsoft.Owin.Security.Cookies.xml b/packages/Microsoft.Owin.Security.Cookies.2.1.0/lib/net45/Microsoft.Owin.Security.Cookies.xml new file mode 100644 index 0000000..9e80687 --- /dev/null +++ b/packages/Microsoft.Owin.Security.Cookies.2.1.0/lib/net45/Microsoft.Owin.Security.Cookies.xml @@ -0,0 +1,356 @@ + + + + Microsoft.Owin.Security.Cookies + + + + + Default values related to cookie-based authentication middleware + + + + + The default value used for CookieAuthenticationOptions.AuthenticationType + + + + + The prefix used to provide a default CookieAuthenticationOptions.CookieName + + + + + The default value of the CookieAuthenticationOptions.ReturnUrlParameter + + + + + The default value used by UseApplicationSignInCookie for the + CookieAuthenticationOptions.LoginPath + + + + + The default value used by UseApplicationSignInCookie for the + CookieAuthenticationOptions.LogoutPath + + + + + Determines how the identity cookie's security property is set. + + + + + If the URI that provides the cookie is HTTPS, then the cookie will only be returned to the server on + subsequent HTTPS requests. Otherwise if the URI that provides the cookie is HTTP, then the cookie will + be returned to the server on all HTTP and HTTPS requests. This is the default value because it ensures + HTTPS for all authenticated requests on deployed servers, and also supports HTTP for localhost development + and for servers that do not have HTTPS support. + + + + + CookieOptions.Secure is never marked true. Use this value when your login page is HTTPS, but other pages + on the site which are HTTP also require authentication information. This setting is not recommended because + the authentication information provided with an HTTP request may be observed and used by other computers + on your local network or wireless connection. + + + + + CookieOptions.Secure is always marked true. Use this value when your login page and all subsequent pages + requiring the authenticated identity are HTTPS. Local development will also need to be done with HTTPS urls. + + + + + Extension methods provided by the cookies authentication middleware + + + + + Adds a cookie-based authentication middleware to your web application pipeline. + + The IAppBuilder passed to your configuration method + An options class that controls the middleware behavior + The original app parameter + + + + Contains the options used by the CookiesAuthenticationMiddleware + + + + + Create an instance of the options initialized with the default values + + + + + Determines the cookie name used to persist the identity. The default value is ".AspNet.Cookies". + This value should be changed if you change the name of the AuthenticationType, especially if your + system uses the cookie authentication middleware multiple times. + + + + + Determines the domain used to create the cookie. Is not provided by default. + + + + + Determines the path used to create the cookie. The default value is "/" for highest browser compatability. + + + + + Determines if the browser should allow the cookie to be accessed by client-side javascript. The + default is true, which means the cookie will only be passed to http requests and is not made available + to script on the page. + + + + + Determines if the cookie should only be transmitted on HTTPS request. The default is to limit the cookie + to HTTPS requests if the page which is doing the SignIn is also HTTPS. If you have an HTTPS sign in page + and portions of your site are HTTP you may need to change this value. + + + + + Controls how much time the cookie will remain valid from the point it is created. The expiration + information is in the protected cookie ticket. Because of that an expired cookie will be ignored + even if it is passed to the server after the browser should have purged it + + + + + The SlidingExpiration is set to true to instruct the middleware to re-issue a new cookie with a new + expiration time any time it processes a request which is more than halfway through the expiration window. + + + + + The LoginPath property informs the middleware that it should change an outgoing 401 Unauthorized status + code into a 302 redirection onto the given login path. The current url which generated the 401 is added + to the LoginPath as a query string parameter named by the ReturnUrlParameter. Once a request to the + LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect the browser back + to the url which caused the original unauthorized status code. + + If the LoginPath is null or empty, the middleware will not look for 401 Unauthorized status codes, and it will + not redirect automatically when a login occurs. + + + + + If the LogoutPath is provided the middleware then a request to that path will redirect based on the ReturnUrlParameter. + + + + + The ReturnUrlParameter determines the name of the query string parameter which is appended by the middleware + when a 401 Unauthorized status code is changed to a 302 redirect onto the login path. This is also the query + string parameter looked for when a request arrives on the login path or logout path, in order to return to the + original url after the action is performed. + + + + + The Provider may be assigned to an instance of an object created by the application at startup time. The middleware + calls methods on the provider which give the application control at certain points where processing is occuring. + If it is not provided a default instance is supplied which does nothing when the methods are called. + + + + + The TicketDataFormat is used to protect and unprotect the identity and other properties which are stored in the + cookie value. If it is not provided a default data handler is created using the data protection service contained + in the IAppBuilder.Properties. The default data protection service is based on machine key when running on ASP.NET, + and on DPAPI when running in a different process. + + + + + The SystemClock provides access to the system's current time coordinates. If it is not provided a default instance is + used which calls DateTimeOffset.UtcNow. This is typically not replaced except for unit testing. + + + + + Context passed when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware + + + + + Creates a new context object. + + The OWIN request context + The cookie middleware options + The initial redirect URI + + + + Gets or Sets the URI used for the redirect operation. + + + + + This default implementation of the ICookieAuthenticationProvider may be used if the + application only needs to override a few of the interface methods. This may be used as a base class + or may be instantiated directly. + + + + + Specifies callback methods which the invokes to enable developer control over the authentication process. /> + + + + + Called each time a request identity has been validated by the middleware. By implementing this method the + application may alter or reject the identity which has arrived with the request. + + Contains information about the login session as well as the user . + A representing the completed operation. + + + + Called when an endpoint has provided sign in information before it is converted into a cookie. By + implementing this method the claims and extra information that go into the ticket may be altered. + + Contains information about the login session as well as the user . + + + + Called when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware + + Contains information about the event + + + + Create a new instance of the default provider. + + + + + Implements the interface method by invoking the related delegate method + + + + + + + Implements the interface method by invoking the related delegate method + + + + + + Called when a Challenge, SignIn, or SignOut causes a redirect in the cookie middleware + + Contains information about the event + + + + A delegate assigned to this property will be invoked when the related method is called + + + + + A delegate assigned to this property will be invoked when the related method is called + + + + + A delegate assigned to this property will be invoked when the related method is called + + + + + Context object passed to the ICookieAuthenticationProvider method ResponseSignIn. + + + + + Creates a new instance of the context object. + + Initializes Request property + Initializes Response property + Initializes AuthenticationType property + Initializes Identity property + Initializes Extra property + + + + Creates a new instance of the context object. + + The OWIN request context + The middleware options + Initializes AuthenticationType property + Initializes Identity property + Initializes Extra property + + + + The name of the AuthenticationType creating a cookie + + + + + Contains the claims about to be converted into the outgoing cookie. + May be replaced or altered during the ResponseSignIn call. + + + + + Contains the extra data about to be contained in the outgoing cookie. + May be replaced or altered during the ResponseSignIn call. + + + + + Context object passed to the ICookieAuthenticationProvider method ValidateIdentity. + + + + + Creates a new instance of the context object. + + Contains the initial values for identity and extra data + + + + Creates a new instance of the context object. + + + Contains the initial values for identity and extra data + + + + + Called to replace the claims identity. The supplied identity will replace the value of the + Identity property, which determines the identity of the authenticated request. + + The identity used as the replacement + + + + Called to reject the incoming identity. This may be done if the application has determined the + account is no longer active, and the request should be treated as if it was anonymous. + + + + + Contains the claims identity arriving with the request. May be altered to change the + details of the authenticated user. + + + + + Contains the extra metadata arriving with the request ticket. May be altered. + + + + diff --git a/packages/Microsoft.Owin.Security.OAuth.2.1.0/Microsoft.Owin.Security.OAuth.2.1.0.nupkg b/packages/Microsoft.Owin.Security.OAuth.2.1.0/Microsoft.Owin.Security.OAuth.2.1.0.nupkg new file mode 100644 index 0000000..f03a061 Binary files /dev/null and b/packages/Microsoft.Owin.Security.OAuth.2.1.0/Microsoft.Owin.Security.OAuth.2.1.0.nupkg differ diff --git a/packages/Microsoft.Owin.Security.OAuth.2.1.0/Microsoft.Owin.Security.OAuth.2.1.0.nuspec b/packages/Microsoft.Owin.Security.OAuth.2.1.0/Microsoft.Owin.Security.OAuth.2.1.0.nuspec new file mode 100644 index 0000000..09b8a58 --- /dev/null +++ b/packages/Microsoft.Owin.Security.OAuth.2.1.0/Microsoft.Owin.Security.OAuth.2.1.0.nuspec @@ -0,0 +1,21 @@ + + + + Microsoft.Owin.Security.OAuth + 2.1.0 + Microsoft.Owin.Security.OAuth + Microsoft + Microsoft + http://www.microsoft.com/web/webpi/eula/aspnetcomponent_rtw_enu.htm + http://katanaproject.codeplex.com/ + true + Middleware that enables an application to support any standard OAuth 2.0 authentication workflow. + Microsoft OWIN Katana + + + + + + + + \ No newline at end of file diff --git a/packages/Microsoft.Owin.Security.OAuth.2.1.0/lib/net45/Microsoft.Owin.Security.OAuth.XML b/packages/Microsoft.Owin.Security.OAuth.2.1.0/lib/net45/Microsoft.Owin.Security.OAuth.XML new file mode 100644 index 0000000..f6d2b19 --- /dev/null +++ b/packages/Microsoft.Owin.Security.OAuth.2.1.0/lib/net45/Microsoft.Owin.Security.OAuth.XML @@ -0,0 +1,1463 @@ + + + + Microsoft.Owin.Security.OAuth + + + + + Data object used by TokenEndpointRequest which contains parameter information when the "grant_type" is unrecognized. + + + + + The parameter information when the "grant_type" is unrecognized. + + + + + Data object used by TokenEndpointRequest when the "grant_type" parameter is "refresh_token". + + + + + The value passed to the Token endpoint in the "refresh_token" parameter + + + + + The value passed to the Token endpoint in the "scope" parameter + + + + + Data object used by TokenEndpointRequest when the "grant_type" is "authorization_code". + + + + + The value passed to the Token endpoint in the "code" parameter + + + + + The value passed to the Token endpoint in the "redirect_uri" parameter. This MUST be provided by the caller + if the original visit to the Authorize endpoint contained a "redirect_uri" parameter. + + + + + Data object representing the information contained in the query string of an Authorize endpoint request. + + + + + Creates a new instance populated with values from the query string parameters. + + Query string parameters from a request. + + + + The "response_type" query string parameter of the Authorize request. Known values are "code" and "token". + + + + + The "client_id" query string parameter of the Authorize request. + + + + + The "redirect_uri" query string parameter of the Authorize request. May be absent if the server should use the + redirect uri known to be registered to the client id. + + + + + The "scope" query string parameter of the Authorize request. May be absent if the server should use default scopes. + + + + + The "scope" query string parameter of the Authorize request. May be absent if the client does not require state to be + included when returning to the RedirectUri. + + + + + True if the "response_type" query string parameter is "code". + See also, http://tools.ietf.org/html/rfc6749#section-4.1.1 + + + + + True if the "response_type" query string parameter is "token". + See also, http://tools.ietf.org/html/rfc6749#section-4.2.1 + + + + + Data object representing the information contained in form encoded body of a Token endpoint request. + + + + + Creates a new instance populated with values from the form encoded body parameters. + + Form encoded body parameters from a request. + + + + The form encoded body parameters of the Token endpoint request + + + + + The "grant_type" parameter of the Token endpoint request. This parameter is required. + + + + + The "client_id" parameter of the Token endpoint request. This parameter is optional. It might not + be present if the request is authenticated in a different way, for example, by using basic authentication + credentials. + + + + + Data object available when the "grant_type" is "authorization_code". + See also http://tools.ietf.org/html/rfc6749#section-4.1.3 + + + + + Data object available when the "grant_type" is "client_credentials". + See also http://tools.ietf.org/html/rfc6749#section-4.4.2 + + + + + Data object available when the "grant_type" is "refresh_token". + See also http://tools.ietf.org/html/rfc6749#section-6 + + + + + Data object available when the "grant_type" is "password". + See also http://tools.ietf.org/html/rfc6749#section-4.3.2 + + + + + Data object available when the "grant_type" is unrecognized. + See also http://tools.ietf.org/html/rfc6749#section-4.5 + + + + + True when the "grant_type" is "authorization_code". + See also http://tools.ietf.org/html/rfc6749#section-4.1.3 + + + + + True when the "grant_type" is "client_credentials". + See also http://tools.ietf.org/html/rfc6749#section-4.4.2 + + + + + True when the "grant_type" is "refresh_token". + See also http://tools.ietf.org/html/rfc6749#section-6 + + + + + True when the "grant_type" is "password". + See also http://tools.ietf.org/html/rfc6749#section-4.3.2 + + + + + True when the "grant_type" is unrecognized. + See also http://tools.ietf.org/html/rfc6749#section-4.5 + + + + + Data object used by TokenEndpointRequest when the "grant_type" is "client_credentials". + + + + + The value passed to the Token endpoint in the "scope" parameter + + + + + Data object used by TokenEndpointRequest when the "grant_type" is "password". + + + + + The value passed to the Token endpoint in the "username" parameter + + + + + The value passed to the Token endpoint in the "password" parameter + + + + + The value passed to the Token endpoint in the "scope" parameter + + + + + Extension methods to add Authorization Server capabilities to an OWIN pipeline + + + + + Adds OAuth2 Authorization Server capabilities to an OWIN web application. This middleware + performs the request processing for the Authorize and Token endpoints defined by the OAuth2 specification. + See also http://tools.ietf.org/html/rfc6749 + + The web application builder + Options which control the behavior of the Authorization Server. + The application builder + + + + Options class provides information needed to control Authorization Server middleware behavior + + + + + Creates an instance of authorization server options with default values. + + + + + The request path where client applications will redirect the user-agent in order to + obtain user consent to issue a token. Must begin with a leading slash, like "/Authorize". + + + + + The request path client applications communicate with directly as part of the OAuth protocol. + Must begin with a leading slash, like "/Token". If the client is issued a client_secret, it must + be provided to this endpoint. + + + + + The object provided by the application to process events raised by the Authorization Server middleware. + The application may implement the interface fully, or it may create an instance of OAuthAuthorizationServerProvider + and assign delegates only to the events it wants to process. + + + + + The data format used to protect and unprotect the information contained in the authorization code. + If not provided by the application the default data protection provider depends on the host server. + The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted + servers will use DPAPI data protection. + + + + + The data format used to protect the information contained in the access token. + If not provided by the application the default data protection provider depends on the host server. + The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted + servers will use DPAPI data protection. If a different access token + provider or format is assigned, a compatible instance must be assigned to the OAuthBearerAuthenticationOptions.AccessTokenProvider + or OAuthBearerAuthenticationOptions.AccessTokenFormat property of the resource server. + + + + + The data format used to protect and unprotect the information contained in the refresh token. + If not provided by the application the default data protection provider depends on the host server. + The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted + servers will use DPAPI data protection. + + + + + The period of time the authorization code remains valid after being issued. The default is five minutes. + This time span must also take into account clock synchronization between servers in a web farm, so a very + brief value could result in unexpectedly expired tokens. + + + + + The period of time the access token remains valid after being issued. The default is twenty minutes. + The client application is expected to refresh or acquire a new access token after the token has expired. + + + + + Produces a single-use authorization code to return to the client application. For the OAuth server to be secure the + application MUST provide an instance for AuthorizationCodeProvider where the token produced by the OnCreate or OnCreateAsync event + is considered valid for only one call to OnReceive or OnReceiveAsync. + + + + + Produces a bearer token the client application will typically be providing to resource server as the authorization bearer + http request header. If not provided the token produced on the server's default data protection. If a different access token + provider or format is assigned, a compatible instance must be assigned to the OAuthBearerAuthenticationOptions.AccessTokenProvider + or OAuthBearerAuthenticationOptions.AccessTokenFormat property of the resource server. + + + + + Produces a refresh token which may be used to produce a new access token when needed. If not provided the authorization server will + not return refresh tokens from the /Token endpoint. + + + + + Set to true if the web application is able to render error messages on the /Authorize endpoint. This is only needed for cases where + the browser is not redirected back to the client application, for example, when the client_id or redirect_uri are incorrect. The + /Authorize endpoint should expect to see "oauth.Error", "oauth.ErrorDescription", "oauth.ErrorUri" properties added to the owin environment. + + + + + Used to know what the current clock time is when calculating or validating token expiration. When not assigned default is based on + DateTimeOffset.UtcNow. This is typically needed only for unit testing. + + + + + True to allow authorize and token requests to arrive on http URI addresses, and to allow incoming + redirect_uri authorize request parameter to have http URI addresses. + + + + + Authorization Server middleware component which is added to an OWIN pipeline. This class is not + created by application code directly, instead it is added by calling the the IAppBuilder UseOAuthAuthorizationServer + extension method. + + + + + Authorization Server middleware component which is added to an OWIN pipeline. This constructor is not + called by application code directly, instead it is added by calling the the IAppBuilder UseOAuthAuthorizationServer + extension method. + + + + + Called by the AuthenticationMiddleware base class to create a per-request handler. + + A new instance of the request handler + + + + Extension methods to add OAuth Bearer authentication capabilities to an OWIN application pipeline + + + + + Adds Bearer token processing to an OWIN application pipeline. This middleware understands appropriately + formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the + claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode + is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at + any time to obtain the claims from the request's bearer token. + See also http://tools.ietf.org/html/rfc6749 + + The web application builder + Options which control the processing of the bearer header. + The application builder + + + + Bearer authentication middleware component which is added to an OWIN pipeline. This class is not + created by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication + extension method. + + + + + Bearer authentication component which is added to an OWIN pipeline. This constructor is not + called by application code directly, instead it is added by calling the the IAppBuilder UseOAuthBearerAuthentication + extension method. + + + + + Called by the AuthenticationMiddleware base class to create a per-request handler. + + A new instance of the request handler + + + + Options class provides information needed to control Bearer Authentication middleware behavior + + + + + Creates an instance of bearer authentication options with default values. + + + + + Determines what realm value is included when the bearer middleware adds a response header to an unauthorized request. + If not assigned, the response header does not have a realm. + + + + + Specifies the full challenge to send to the client, and should start with "Bearer". If a challenge is provided then the + Realm property is ignored. If no challenge is specified then one is created using "Bearer" and the value of the Realm + property. + + + + + The object provided by the application to process events raised by the bearer authentication middleware. + The application may implement the interface fully, or it may create an instance of OAuthBearerAuthenticationProvider + and assign delegates only to the events it wants to process. + + + + + The data format used to un-protect the information contained in the access token. + If not provided by the application the default data protection provider depends on the host server. + The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted + servers will use DPAPI data protection. If a different access token + provider or format is assigned, a compatible instance must be assigned to the OAuthAuthorizationServerOptions.AccessTokenProvider + and OAuthAuthorizationServerOptions.AccessTokenFormat of the authorization server. + + + + + Receives the bearer token the client application will be providing to web application. If not provided the token + produced on the server's default data protection by using the AccessTokenFormat. If a different access token + provider or format is assigned, a compatible instance must be assigned to the OAuthAuthorizationServerOptions.AccessTokenProvider + and OAuthAuthorizationServerOptions.AccessTokenFormat of the authorization server. + + + + + Used to know what the current clock time is when calculating or validating token expiration. When not assigned default is based on + DateTimeOffset.UtcNow. This is typically needed only for unit testing. + + + + + Default values used by authorization server and bearer authentication. + + + + + Default value for AuthenticationType property in the OAuthBearerAuthenticationOptions and + OAuthAuthorizationServerOptions. + + + + + Base class used for certain event contexts + + + + + Base class used for certain event contexts + + + + + Initializes base class used for certain event contexts + + + + + Marks this context as validated by the application. IsValidated becomes true and HasError becomes false as a result of calling. + + True if the validation has taken effect. + + + + Marks this context as not validated by the application. IsValidated and HasError become false as a result of calling. + + + + + Marks this context as not validated by the application and assigns various error information properties. + HasError becomes true and IsValidated becomes false as a result of calling. + + Assigned to the Error property + + + + Marks this context as not validated by the application and assigns various error information properties. + HasError becomes true and IsValidated becomes false as a result of calling. + + Assigned to the Error property + Assigned to the ErrorDescription property + + + + Marks this context as not validated by the application and assigns various error information properties. + HasError becomes true and IsValidated becomes false as a result of calling. + + Assigned to the Error property + Assigned to the ErrorDescription property + Assigned to the ErrorUri property + + + + True if application code has called any of the Validate methods on this context. + + + + + True if application code has called any of the SetError methods on this context. + + + + + The error argument provided when SetError was called on this context. This is eventually + returned to the client app as the OAuth "error" parameter. + + + + + The optional errorDescription argument provided when SetError was called on this context. This is eventually + returned to the client app as the OAuth "error_description" parameter. + + + + + The optional errorUri argument provided when SetError was called on this context. This is eventually + returned to the client app as the OAuth "error_uri" parameter. + + + + + Initializes base class used for certain event contexts + + + + + The "client_id" parameter for the current request. The Authorization Server application is responsible for + validating this value identifies a registered client. + + + + + Base class used for certain event contexts + + + + + Initializes base class used for certain event contexts + + + + + Replaces the ticket information on this context and marks it as as validated by the application. + IsValidated becomes true and HasError becomes false as a result of calling. + + Assigned to the Ticket property + True if the validation has taken effect. + + + + Alters the ticket information on this context and marks it as as validated by the application. + IsValidated becomes true and HasError becomes false as a result of calling. + + Assigned to the Ticket.Identity property + True if the validation has taken effect. + + + + Contains the identity and properties for the application to authenticate. If the Validated method + is invoked with an AuthenticationTicket or ClaimsIdentity argument, that new value is assigned to + this property in addition to changing IsValidated to true. + + + + + An event raised after the Authorization Server has processed the request, but before it is passed on to the web application. + Calling RequestCompleted will prevent the request from passing on to the web application. + + + + + Creates an instance of this context + + + + + Interface for OAuthAuthorizationServerOptions.Provider property used by Authorization + Server to communicate with the web application while processing requests. + + + + + Called to determine if an incoming request is treated as an Authorize or Token + endpoint. If Options.AuthorizeEndpointPath or Options.TokenEndpointPath + are assigned values, then handling this event is optional and context.IsAuthorizeEndpoint and context.IsTokenEndpoint + will already be true if the request path matches. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called to validate that the context.ClientId is a registered "client_id", and that the context.RedirectUri a "redirect_uri" + registered for that client. This only occurs when processing the Authorize endpoint. The application MUST implement this + call, and it MUST validate both of those factors before calling context.Validated. If the context.Validated method is called + with a given redirectUri parameter, then IsValidated will only become true if the incoming redirect URI matches the given redirect URI. + If context.Validated is not called the request will not proceed further. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that client are + present on the request. If the web application accepts Basic authentication credentials, + context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header. If the web + application accepts "client_id" and "client_secret" as form encoded POST parameters, + context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body. + If context.Validated is not called the request will not proceed further. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called for each request to the Authorize endpoint to determine if the request is valid and should continue. + The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with + validated client redirect URI, should continue processing. An application may add any additional constraints. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called for each request to the Authorize endpoint to determine if the request is valid and should continue. + The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with + validated client credentials, should continue processing. An application may add any additional constraints. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "authorization_code". This occurs after the Authorize + endpoint as redirected the user-agent back to the client with a "code" parameter, and the client is exchanging that for an "access_token". + The claims and properties + associated with the authorization code are present in the context.Ticket. The application must call context.Validated to instruct the Authorization + Server middleware to issue an access token based on those claims and properties. The call to context.Validated may be given a different + AuthenticationTicket or ClaimsIdentity in order to control which information flows from authorization code to access token. + The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the authorization code to + the access token unmodified. + See also http://tools.ietf.org/html/rfc6749#section-4.1.3 + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "refresh_token". This occurs if your application has issued a "refresh_token" + along with the "access_token", and the client is attempting to use the "refresh_token" to acquire a new "access_token", and possibly a new "refresh_token". + To issue a refresh token the an Options.RefreshTokenProvider must be assigned to create the value which is returned. The claims and properties + associated with the refresh token are present in the context.Ticket. The application must call context.Validated to instruct the + Authorization Server middleware to issue an access token based on those claims and properties. The call to context.Validated may + be given a different AuthenticationTicket or ClaimsIdentity in order to control which information flows from the refresh token to + the access token. The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the refresh token to + the access token unmodified. + See also http://tools.ietf.org/html/rfc6749#section-6 + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password + credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and + optional "refresh_token". If the web application supports the + resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an + access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated + with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. . + The default behavior is to reject this grant type. + See also http://tools.ietf.org/html/rfc6749#section-4.3.2 + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials". This occurs when a registered client + application wishes to acquire an "access_token" to interact with protected resources on it's own behalf, rather than on behalf of an authenticated user. + If the web application supports the client credentials it may assume the context.ClientId has been validated by the ValidateClientAuthentication call. + To issue an access token the context.Validated must be called with a new ticket containing the claims about the client application which should be associated + with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. + The default behavior is to reject this grant type. + See also http://tools.ietf.org/html/rfc6749#section-4.4.2 + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called when a request to the Token andpoint arrives with a "grant_type" of any other value. If the application supports custom grant types + it is entirely responsible for determining if the request should result in an access_token. If context.Validated is called with ticket + information the response body is produced in the same way as the other standard grant types. If additional response parameters must be + included they may be added in the final TokenEndpoint call. + See also http://tools.ietf.org/html/rfc6749#section-4.5 + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called at the final stage of an incoming Authorize endpoint request before the execution continues on to the web application component + responsible for producing the html response. Anything present in the OWIN pipeline following the Authorization Server may produce the + response for the Authorize page. If running on IIS any ASP.NET technology running on the server may produce the response for the + Authorize page. If the web application wishes to produce the response directly in the AuthorizeEndpoint call it may write to the + context.Response directly and should call context.RequestCompleted to stop other handlers from executing. If the web application wishes + to grant the authorization directly in the AuthorizeEndpoint call it cay call context.OwinContext.Authentication.SignIn with the + appropriate ClaimsIdentity and should call context.RequestCompleted to stop other handlers from executing. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called at the final stage of a successful Token endpoint request. An application may implement this call in order to do any final + modification of the claims being used to issue access or refresh tokens. This call may also be used in order to add additional + response parameters to the Token endpoint's json response body. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Default implementation of IOAuthAuthorizationServerProvider used by Authorization + Server to communicate with the web application while processing requests. OAuthAuthorizationServerProvider provides some default behavior, + may be used as a virtual base class, and offers delegate properties which may be used to + handle individual calls without declaring a new class type. + + + + + Creates new instance of default provider behavior + + + + + Called to determine if an incoming request is treated as an Authorize or Token + endpoint. If Options.AuthorizeEndpointPath or Options.TokenEndpointPath + are assigned values, then handling this event is optional and context.IsAuthorizeEndpoint and context.IsTokenEndpoint + will already be true if the request path matches. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called to validate that the context.ClientId is a registered "client_id", and that the context.RedirectUri a "redirect_uri" + registered for that client. This only occurs when processing the Authorize endpoint. The application MUST implement this + call, and it MUST validate both of those factors before calling context.Validated. If the context.Validated method is called + with a given redirectUri parameter, then IsValidated will only become true if the incoming redirect URI matches the given redirect URI. + If context.Validated is not called the request will not proceed further. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that client are + present on the request. If the web application accepts Basic authentication credentials, + context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header. If the web + application accepts "client_id" and "client_secret" as form encoded POST parameters, + context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body. + If context.Validated is not called the request will not proceed further. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called for each request to the Authorize endpoint to determine if the request is valid and should continue. + The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with + validated client redirect URI, should continue processing. An application may add any additional constraints. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called for each request to the Authorize endpoint to determine if the request is valid and should continue. + The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with + validated client credentials, should continue processing. An application may add any additional constraints. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "authorization_code". This occurs after the Authorize + endpoint as redirected the user-agent back to the client with a "code" parameter, and the client is exchanging that for an "access_token". + The claims and properties + associated with the authorization code are present in the context.Ticket. The application must call context.Validated to instruct the Authorization + Server middleware to issue an access token based on those claims and properties. The call to context.Validated may be given a different + AuthenticationTicket or ClaimsIdentity in order to control which information flows from authorization code to access token. + The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the authorization code to + the access token unmodified. + See also http://tools.ietf.org/html/rfc6749#section-4.1.3 + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "refresh_token". This occurs if your application has issued a "refresh_token" + along with the "access_token", and the client is attempting to use the "refresh_token" to acquire a new "access_token", and possibly a new "refresh_token". + To issue a refresh token the an Options.RefreshTokenProvider must be assigned to create the value which is returned. The claims and properties + associated with the refresh token are present in the context.Ticket. The application must call context.Validated to instruct the + Authorization Server middleware to issue an access token based on those claims and properties. The call to context.Validated may + be given a different AuthenticationTicket or ClaimsIdentity in order to control which information flows from the refresh token to + the access token. The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the refresh token to + the access token unmodified. + See also http://tools.ietf.org/html/rfc6749#section-6 + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password + credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and + optional "refresh_token". If the web application supports the + resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an + access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated + with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. + The default behavior is to reject this grant type. + See also http://tools.ietf.org/html/rfc6749#section-4.3.2 + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials". This occurs when a registered client + application wishes to acquire an "access_token" to interact with protected resources on it's own behalf, rather than on behalf of an authenticated user. + If the web application supports the client credentials it may assume the context.ClientId has been validated by the ValidateClientAuthentication call. + To issue an access token the context.Validated must be called with a new ticket containing the claims about the client application which should be associated + with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. + The default behavior is to reject this grant type. + See also http://tools.ietf.org/html/rfc6749#section-4.4.2 + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called when a request to the Token andpoint arrives with a "grant_type" of any other value. If the application supports custom grant types + it is entirely responsible for determining if the request should result in an access_token. If context.Validated is called with ticket + information the response body is produced in the same way as the other standard grant types. If additional response parameters must be + included they may be added in the final TokenEndpoint call. + See also http://tools.ietf.org/html/rfc6749#section-4.5 + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called at the final stage of an incoming Authorize endpoint request before the execution continues on to the web application component + responsible for producing the html response. Anything present in the OWIN pipeline following the Authorization Server may produce the + response for the Authorize page. If running on IIS any ASP.NET technology running on the server may produce the response for the + Authorize page. If the web application wishes to produce the response directly in the AuthorizeEndpoint call it may write to the + context.Response directly and should call context.RequestCompleted to stop other handlers from executing. If the web application wishes + to grant the authorization directly in the AuthorizeEndpoint call it cay call context.OwinContext.Authentication.SignIn with the + appropriate ClaimsIdentity and should call context.RequestCompleted to stop other handlers from executing. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called at the final stage of a successful Token endpoint request. An application may implement this call in order to do any final + modification of the claims being used to issue access or refresh tokens. This call may also be used in order to add additional + response parameters to the Token endpoint's json response body. + + The context of the event carries information in and results out. + Task to enable asynchronous execution + + + + Called to determine if an incoming request is treated as an Authorize or Token + endpoint. If Options.AuthorizeEndpointPath or Options.TokenEndpointPath + are assigned values, then handling this event is optional and context.IsAuthorizeEndpoint and context.IsTokenEndpoint + will already be true if the request path matches. + + + + + Called to validate that the context.ClientId is a registered "client_id", and that the context.RedirectUri a "redirect_uri" + registered for that client. This only occurs when processing the Authorize endpoint. The application MUST implement this + call, and it MUST validate both of those factors before calling context.Validated. If the context.Validated method is called + with a given redirectUri parameter, then IsValidated will only become true if the incoming redirect URI matches the given redirect URI. + If context.Validated is not called the request will not proceed further. + + + + + Called to validate that the origin of the request is a registered "client_id", and that the correct credentials for that client are + present on the request. If the web application accepts Basic authentication credentials, + context.TryGetBasicCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request header. If the web + application accepts "client_id" and "client_secret" as form encoded POST parameters, + context.TryGetFormCredentials(out clientId, out clientSecret) may be called to acquire those values if present in the request body. + If context.Validated is not called the request will not proceed further. + + + + + Called for each request to the Authorize endpoint to determine if the request is valid and should continue. + The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with + validated client redirect URI, should continue processing. An application may add any additional constraints. + + + + + Called for each request to the Authorize endpoint to determine if the request is valid and should continue. + The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with + validated client credentials, should continue processing. An application may add any additional constraints. + + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "authorization_code". This occurs after the Authorize + endpoint as redirected the user-agent back to the client with a "code" parameter, and the client is exchanging that for an "access_token". + The claims and properties + associated with the authorization code are present in the context.Ticket. The application must call context.Validated to instruct the Authorization + Server middleware to issue an access token based on those claims and properties. The call to context.Validated may be given a different + AuthenticationTicket or ClaimsIdentity in order to control which information flows from authorization code to access token. + The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the authorization code to + the access token unmodified. + See also http://tools.ietf.org/html/rfc6749#section-4.1.3 + + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password + credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and + optional "refresh_token". If the web application supports the + resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an + access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated + with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. + The default behavior is to reject this grant type. + See also http://tools.ietf.org/html/rfc6749#section-4.3.2 + + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "client_credentials". This occurs when a registered client + application wishes to acquire an "access_token" to interact with protected resources on it's own behalf, rather than on behalf of an authenticated user. + If the web application supports the client credentials it may assume the context.ClientId has been validated by the ValidateClientAuthentication call. + To issue an access token the context.Validated must be called with a new ticket containing the claims about the client application which should be associated + with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. + The default behavior is to reject this grant type. + See also http://tools.ietf.org/html/rfc6749#section-4.4.2 + + + + + Called when a request to the Token endpoint arrives with a "grant_type" of "refresh_token". This occurs if your application has issued a "refresh_token" + along with the "access_token", and the client is attempting to use the "refresh_token" to acquire a new "access_token", and possibly a new "refresh_token". + To issue a refresh token the an Options.RefreshTokenProvider must be assigned to create the value which is returned. The claims and properties + associated with the refresh token are present in the context.Ticket. The application must call context.Validated to instruct the + Authorization Server middleware to issue an access token based on those claims and properties. The call to context.Validated may + be given a different AuthenticationTicket or ClaimsIdentity in order to control which information flows from the refresh token to + the access token. The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the refresh token to + the access token unmodified. + See also http://tools.ietf.org/html/rfc6749#section-6 + + + + + Called when a request to the Token andpoint arrives with a "grant_type" of any other value. If the application supports custom grant types + it is entirely responsible for determining if the request should result in an access_token. If context.Validated is called with ticket + information the response body is produced in the same way as the other standard grant types. If additional response parameters must be + included they may be added in the final TokenEndpoint call. + See also http://tools.ietf.org/html/rfc6749#section-4.5 + + + + + Called at the final stage of an incoming Authorize endpoint request before the execution continues on to the web application component + responsible for producing the html response. Anything present in the OWIN pipeline following the Authorization Server may produce the + response for the Authorize page. If running on IIS any ASP.NET technology running on the server may produce the response for the + Authorize page. If the web application wishes to produce the response directly in the AuthorizeEndpoint call it may write to the + context.Response directly and should call context.RequestCompleted to stop other handlers from executing. If the web application wishes + to grant the authorization directly in the AuthorizeEndpoint call it cay call context.OwinContext.Authentication.SignIn with the + appropriate ClaimsIdentity and should call context.RequestCompleted to stop other handlers from executing. + + + + + Called at the final stage of a successful Token endpoint request. An application may implement this call in order to do any final + modification of the claims being used to issue access or refresh tokens. This call may also be used in order to add additional + response parameters to the Token endpoint's json response body. + + + + + OAuth bearer token middleware provider + + + + + Specifies callback methods which the invokes to enable developer control over the authentication process. /> + + + + + Invoked before the is created. Gives the application an + opportunity to find the identity from a different location, adjust, or reject the token. + + Contains the token string. + A representing the completed operation. + + + + Called each time a request identity has been validated by the middleware. By implementing this method the + application may alter or reject the identity which has arrived with the request. + + Contains information about the login session as well as the user . + A representing the completed operation. + + + + Called each time a challenge is being sent to the client. By implementing this method the application + may modify the challenge as needed. + + Contains the default challenge. + A representing the completed operation. + + + + Initializes a new instance of the class + + + + + Handles processing OAuth bearer token. + + + + + + + Handles validating the identity produced from an OAuth bearer token. + + + + + + + Handles applying the authentication challenge to the response message. + + + + + + + Handles processing OAuth bearer token. + + + + + Handles validating the identity produced from an OAuth bearer token. + + + + + Handles applying the authentication challenge to the response message. + + + + + Specifies the HTTP response header for the bearer authentication scheme. + + + + + Initializes a new + + OWIN environment + The www-authenticate header value. + + + + The www-authenticate header value. + + + + + Provides context information when handling an OAuth authorization code grant. + + + + + Initializes a new instance of the class + + + + + + + + Provides context information used when granting an OAuth refresh token. + + + + + Initializes a new instance of the class + + + + + + + + + The OAuth client id. + + + + + Specifies the HTTP request header for the bearer authentication scheme. + + + + + Initializes a new + + OWIN environment + The authorization header value. + + + + The authorization header value + + + + + Contains information about the client credentials. + + + + + Initializes a new instance of the class + + + + + + + + Sets the client id and marks the context as validated by the application. + + + + + + + Extracts HTTP basic authentication credentials from the HTTP authenticate header. + + + + + + + + Extracts forms authentication credentials from the HTTP request body. + + + + + + + + Gets the set of form parameters from the request. + + + + + Provides context information used when determining the OAuth flow type based on the request. + + + + + Initializes a new instance of the class + + + + + + + Sets the endpoint type to authorize endpoint. + + + + + Sets the endpoint type to token endpoint. + + + + + Sets the endpoint type to neither authorize nor token. + + + + + Gets whether or not the endpoint is an OAuth authorize endpoint. + + + + + Gets whether or not the endpoint is an OAuth token endpoint. + + + + + Provides context information used when processing an OAuth token request. + + + + + Initializes a new instance of the class + + + + + + + + + Issues the token. + + + + + + + Gets the identity of the resource owner. + + + + + Dictionary containing the state of the authentication session. + + + + + Gets information about the token endpoint request. + + + + + Gets whether or not the token should be issued. + + + + + Enables additional values to be appended to the token response. + + + + + Provides context information used in handling an OAuth client credentials grant. + + + + + Initializes a new instance of the class + + + + + + + + + OAuth client id. + + + + + List of scopes allowed by the resource owner. + + + + + Provides context information used when handling OAuth extension grant types. + + + + + Initializes a new instance of the class + + + + + + + + + + Gets the OAuth client id. + + + + + Gets the name of the OAuth extension grant type. + + + + + Gets a list of additional parameters from the token request. + + + + + Provides context information used in validating an OAuth authorization request. + + + + + Initializes a new instance of the class + + + + + + + + + Gets OAuth authorization request data. + + + + + Gets data about the OAuth client. + + + + + Contains data about the OAuth client redirect URI + + + + + Initializes a new instance of the class + + + + + + + + + Marks this context as validated by the application. IsValidated becomes true and HasError becomes false as a result of calling. + + + + + + Checks the redirect URI to determine whether it equals . + + + + + + + Gets the client redirect URI + + + + + Contains the authentication ticket data from an OAuth bearer token. + + + + + Initializes a new instance of the class + + + + + + + + Provides context information used in handling an OAuth resource owner grant. + + + + + Initializes a new instance of the class + + + + + + + + + + + OAuth client id. + + + + + Resource owner username. + + + + + Resource owner password. + + + + + List of scopes allowed by the resource owner. + + + + + Provides context information used in validating an OAuth token request. + + + + + Initializes a new instance of the class + + + + + + + + + Gets the token request data. + + + + + Gets information about the client. + + + + diff --git a/packages/Microsoft.Owin.Security.OAuth.2.1.0/lib/net45/Microsoft.Owin.Security.OAuth.dll b/packages/Microsoft.Owin.Security.OAuth.2.1.0/lib/net45/Microsoft.Owin.Security.OAuth.dll new file mode 100644 index 0000000..2b1d0f6 Binary files /dev/null and b/packages/Microsoft.Owin.Security.OAuth.2.1.0/lib/net45/Microsoft.Owin.Security.OAuth.dll differ