vgheri · March 1, 2014 13:55
diff --git a/Startup.cs b/Startup.cs
 public partial class Startup
 {
    /// <summary>
    /// This part has been added to have an API endpoint to authenticate users that accept a Facebook access token
    /// </summary>
    static Startup()
    {
        PublicClientId = "self";

        UserManagerFactory = () => 
        {
            var userManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext()));
            userManager.UserValidator = new UserValidator<ApplicationUser>(userManager) { AllowOnlyAlphanumericUserNames = false };
            return userManager;
        };

        OAuthOptions = new OAuthAuthorizationServerOptions
        {
            TokenEndpointPath = new PathString("/Token"),
            Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory),
            AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
            AllowInsecureHttp = true
        };
 
        // This is a key step of the solution as we need to supply a meaningful and fully working
        // implementation of the OAuthBearerOptions object when we configure the OAuth Bearer authentication mechanism. 
        // The trick here is to reuse the previously defined OAuthOptions object that already
        // implements almost everything we need
        OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
        OAuthBearerOptions.AccessTokenFormat = OAuthOptions.AccessTokenFormat;
        OAuthBearerOptions.AccessTokenProvider = OAuthOptions.AccessTokenProvider;
        OAuthBearerOptions.AuthenticationMode = OAuthOptions.AuthenticationMode;
        OAuthBearerOptions.AuthenticationType = OAuthOptions.AuthenticationType;
        OAuthBearerOptions.Description = OAuthOptions.Description;
        // The provider is the only object we need to redefine. See below for the implementation
        OAuthBearerOptions.Provider = new CustomBearerAuthenticationProvider();          
        OAuthBearerOptions.SystemClock = OAuthOptions.SystemClock;
    }

    public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; }

    public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }

    public static Func<UserManager<ApplicationUser>> UserManagerFactory { get; set; }

    public static string PublicClientId { get; private set; }

    // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
    public void ConfigureAuth(IAppBuilder app)
    {
        //[Initial boilerplate code]
        
        //Here we use the OAuthBearerOptions object 
        OAuthBearerAuthenticationExtensions.UseOAuthBearerAuthentication(app, OAuthBearerOptions);

        //[More boilerplate code]
    }
 }

 public class CustomBearerAuthenticationProvider : OAuthBearerAuthenticationProvider
 {
    // This validates the identity based on the issuer of the claim.
    // The issuer is set in the API endpoint that logs the user in
    public override Task ValidateIdentity(OAuthValidateIdentityContext context)
    {
        var claims = context.Ticket.Identity.Claims;
        if (claims.Count() == 0 || claims.Any(claim => claim.Issuer != "Facebook" && claim.Issuer != "LOCAL_AUTHORITY" ))
            context.Rejected();
        return Task.FromResult<object>(null);
    }
 }
	public partial class Startup
	{
	/// <summary>
	/// This part has been added to have an API endpoint to authenticate users that accept a Facebook access token
	/// </summary>
	static Startup()
	{
	PublicClientId = "self";

	UserManagerFactory = () =>
	{
	var userManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext()));
	userManager.UserValidator = new UserValidator<ApplicationUser>(userManager) { AllowOnlyAlphanumericUserNames = false };
	return userManager;
	};

	OAuthOptions = new OAuthAuthorizationServerOptions
	{
	TokenEndpointPath = new PathString("/Token"),
	Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory),
	AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
	AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
	AllowInsecureHttp = true
	};

	// This is a key step of the solution as we need to supply a meaningful and fully working
	// implementation of the OAuthBearerOptions object when we configure the OAuth Bearer authentication mechanism.
	// The trick here is to reuse the previously defined OAuthOptions object that already
	// implements almost everything we need
	OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
	OAuthBearerOptions.AccessTokenFormat = OAuthOptions.AccessTokenFormat;
	OAuthBearerOptions.AccessTokenProvider = OAuthOptions.AccessTokenProvider;
	OAuthBearerOptions.AuthenticationMode = OAuthOptions.AuthenticationMode;
	OAuthBearerOptions.AuthenticationType = OAuthOptions.AuthenticationType;
	OAuthBearerOptions.Description = OAuthOptions.Description;
	// The provider is the only object we need to redefine. See below for the implementation
	OAuthBearerOptions.Provider = new CustomBearerAuthenticationProvider();
	OAuthBearerOptions.SystemClock = OAuthOptions.SystemClock;
	}

	public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; }

	public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }

	public static Func<UserManager<ApplicationUser>> UserManagerFactory { get; set; }

	public static string PublicClientId { get; private set; }

	// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
	public void ConfigureAuth(IAppBuilder app)
	{
	//[Initial boilerplate code]

	//Here we use the OAuthBearerOptions object
	OAuthBearerAuthenticationExtensions.UseOAuthBearerAuthentication(app, OAuthBearerOptions);

	//[More boilerplate code]
	}
	}

	public class CustomBearerAuthenticationProvider : OAuthBearerAuthenticationProvider
	{
	// This validates the identity based on the issuer of the claim.
	// The issuer is set in the API endpoint that logs the user in
	public override Task ValidateIdentity(OAuthValidateIdentityContext context)
	{
	var claims = context.Ticket.Identity.Claims;
	if (claims.Count() == 0 \|\| claims.Any(claim => claim.Issuer != "Facebook" && claim.Issuer != "LOCAL_AUTHORITY" ))
	context.Rejected();
	return Task.FromResult<object>(null);
	}
	}