Add OAuth middleware

src/Church/Church.ConsoleApp/App.config

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.1" />
+    </startup>
+</configuration>

src/Church/Church.ConsoleApp/Church.ConsoleApp.csproj

@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{678CD616-5FCD-4484-B8D1-60C187085B9C}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>Church.ConsoleApp</RootNamespace>
+    <AssemblyName>Church.ConsoleApp</AssemblyName>
+    <TargetFrameworkVersion>v4.5.1</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Newtonsoft.Json">
+      <HintPath>..\packages\Newtonsoft.Json.6.0.5\lib\net45\Newtonsoft.Json.dll</HintPath>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Net.Http.Extensions">
+      <HintPath>..\packages\Microsoft.Net.Http.2.2.28\lib\net45\System.Net.Http.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.Primitives">
+      <HintPath>..\packages\Microsoft.Net.Http.2.2.28\lib\net45\System.Net.Http.Primitives.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Net.Http.WebRequest" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+    <Reference Include="Thinktecture.IdentityModel.Client">
+      <HintPath>..\packages\Thinktecture.IdentityModel.Client.2.0.0\lib\portable-net45+wp80+win8+wpa81\Thinktecture.IdentityModel.Client.dll</HintPath>
+    </Reference>
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+    <None Include="packages.config" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <Import Project="..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets" Condition="Exists('..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets')" />
+  <Target Name="EnsureBclBuildImported" BeforeTargets="BeforeBuild" Condition="'$(BclBuildImported)' == ''">
+    <Error Condition="!Exists('..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets')" Text="This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=317567." HelpKeyword="BCLBUILD2001" />
+    <Error Condition="Exists('..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets')" Text="The build restored NuGet packages. Build the project again to include these packages in the build. For more information, see http://go.microsoft.com/fwlink/?LinkID=317568." HelpKeyword="BCLBUILD2002" />
+  </Target>
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>

src/Church/Church.ConsoleApp/Program.cs

@@ -0,0 +1,32 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Text;
+using System.Threading.Tasks;
+using Thinktecture.IdentityModel.Client;
+
+namespace Church.ConsoleApp
+{
+    class Program
+    {
+        static void Main(string[] args)
+        {
+            const string tokenUrl = @"http://localhost:12345/token";
+            const string resourceUrl = @"http://localhost:12345/api/church/1";
+
+            var client = new OAuth2Client(new Uri(tokenUrl));
+            var tokenResponse = client.RequestResourceOwnerPasswordAsync("dav", "dav").Result;
+
+            Console.WriteLine("got token {0}.", tokenResponse.AccessToken);
+
+            var httpClient = new HttpClient();
+            httpClient.SetBearerToken(tokenResponse.AccessToken);
+            var json = httpClient.GetStringAsync(resourceUrl).Result;
+
+            Console.WriteLine("Result {0}.", json);
+
+            Console.ReadLine();
+        }
+    }
+}

src/Church/Church.ConsoleApp/Properties/AssemblyInfo.cs

@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following 
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Church.ConsoleApp")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Church.ConsoleApp")]
+[assembly: AssemblyCopyright("Copyright ©  2014")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible 
+// to COM components.  If you need to access a type in this assembly from 
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("069ebbd5-c7bb-4cc3-a05a-3b0d87bcbe1c")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version 
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers 
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

src/Church/Church.ConsoleApp/packages.config

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="Microsoft.Bcl" version="1.1.9" targetFramework="net451" />
+  <package id="Microsoft.Bcl.Build" version="1.0.14" targetFramework="net451" />
+  <package id="Microsoft.Net.Http" version="2.2.28" targetFramework="net451" />
+  <package id="Newtonsoft.Json" version="6.0.5" targetFramework="net451" />
+  <package id="Thinktecture.IdentityModel.Client" version="2.0.0" targetFramework="net451" />
+</packages>

src/Church/Church.Host.Owin.Core/Authentication/ChurchOAuthAuthorizationServerProvider.cs

@@ -0,0 +1,31 @@
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.Owin.Security.OAuth;
+
+namespace Church.Host.Owin.Core.Authentication
+{
+    public class ChurchOAuthAuthorizationServerProvider : OAuthAuthorizationServerProvider
+    {
+        public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
+        {
+            context.Validated();
+            return Task.FromResult(0);
+        }
+
+        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
+        {
+
+            if (context.UserName != context.Password)
+            {
+                context.Rejected();
+                return;
+            }
+
+            var id = new ClaimsIdentity(context.Options.AuthenticationType);
+            id.AddClaim(new Claim("sub", context.UserName));
+            id.AddClaim(new Claim("role", "user"));
+
+            context.Validated(id);
+        }
+    }
+}

src/Church/Church.Host.Owin.Core/Church.Host.Owin.Core.csproj

@@ -50,14 +50,22 @@
       <HintPath>..\packages\log4net.2.0.3\lib\net40-full\log4net.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.CSharp" />
-    <Reference Include="Microsoft.Owin">
-      <HintPath>..\packages\Microsoft.Owin.2.1.0\lib\net45\Microsoft.Owin.dll</HintPath>
+    <Reference Include="Microsoft.Owin, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Microsoft.Owin.3.0.0\lib\net45\Microsoft.Owin.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Owin.Host.SystemWeb">
       <HintPath>..\packages\Microsoft.Owin.Host.SystemWeb.2.1.0\lib\net45\Microsoft.Owin.Host.SystemWeb.dll</HintPath>
     </Reference>
-    <Reference Include="Newtonsoft.Json">
-      <HintPath>..\packages\Newtonsoft.Json.4.5.11\lib\net40\Newtonsoft.Json.dll</HintPath>
+    <Reference Include="Microsoft.Owin.Security">
+      <HintPath>..\packages\Microsoft.Owin.Security.3.0.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Security.OAuth">
+      <HintPath>..\packages\Microsoft.Owin.Security.OAuth.3.0.0\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
+    </Reference>
+    <Reference Include="Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\packages\Newtonsoft.Json.6.0.4\lib\net45\Newtonsoft.Json.dll</HintPath>
     </Reference>
     <Reference Include="Owin">
       <HintPath>..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
@@ -109,6 +117,7 @@
     <Content Include="Web.config" />
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="Authentication\ChurchOAuthAuthorizationServerProvider.cs" />
     <Compile Include="Controllers\ChurchController.cs" />
     <Compile Include="HttpConfiguration.cs" />
     <Compile Include="MappingConfiguration.cs" />

src/Church/Church.Host.Owin.Core/Controllers/ChurchController.cs

@@ -15,6 +15,7 @@
 
 namespace Church.Host.Owin.Core.Controllers
 {
+    [Authorize]
     public class ChurchController : ApiController
     {
         private readonly IChurchService _churchService;

src/Church/Church.Host.Owin.Core/Startup.cs

@@ -1,11 +1,14 @@
-using System.Web.Http;
+using System;
+using System.Web.Http;
 using Church.Common.Extensions;
 using Church.Common.Logging;
 using Church.Common.Service;
 using Church.Common.Settings;
 using Church.Components.Core;
 using Church.Components.Core.Repository;
+using Church.Host.Owin.Core.Authentication;
 using Microsoft.Owin;
+using Microsoft.Owin.Security.OAuth;
 using Owin;
 using SimpleInjector;
 
@@ -23,13 +26,26 @@ public void Configuration(IAppBuilder appBuilder)
             var container = new Container();
 
             HttpConfiguration = new HttpConfiguration();
-            appBuilder.UseWebApi(HttpConfiguration);
+
 
             MappingConfiguration.Configure();
             HttpConfiguration.MapHttpAttributeRoutes();
 
             SetContainer(container);
 
+
+            //Auth
+            appBuilder.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
+            {
+                AllowInsecureHttp = true,
+                TokenEndpointPath = new PathString("/token"),
+                AccessTokenExpireTimeSpan = TimeSpan.FromHours(1),
+                Provider = new ChurchOAuthAuthorizationServerProvider()
+            });
+
+            appBuilder.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
+            appBuilder.UseWebApi(HttpConfiguration);
+
             //start IServices
             var services = _container.GetAllInstances<IService>();
             services.ForEach(s => s.Start());

src/Church/Church.Host.Owin.Core/Web.config

@@ -37,12 +37,16 @@
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-2.1.0.0" newVersion="2.1.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="5.2.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
 </configuration>

src/Church/Church.Host.Owin.Core/packages.config

@@ -5,9 +5,11 @@
   <package id="Microsoft.AspNet.WebApi.Client" version="5.2.0" targetFramework="net451" />
   <package id="Microsoft.AspNet.WebApi.Core" version="5.2.0" targetFramework="net451" />
   <package id="Microsoft.AspNet.WebApi.Owin" version="5.2.0" targetFramework="net451" />
-  <package id="Microsoft.Owin" version="2.1.0" targetFramework="net451" />
+  <package id="Microsoft.Owin" version="3.0.0" targetFramework="net451" />
   <package id="Microsoft.Owin.Host.SystemWeb" version="2.1.0" targetFramework="net451" />
-  <package id="Newtonsoft.Json" version="4.5.11" targetFramework="net451" />
+  <package id="Microsoft.Owin.Security" version="3.0.0" targetFramework="net451" />
+  <package id="Microsoft.Owin.Security.OAuth" version="3.0.0" targetFramework="net451" />
+  <package id="Newtonsoft.Json" version="6.0.4" targetFramework="net451" />
   <package id="Owin" version="1.0" targetFramework="net451" />
   <package id="OwinHost" version="2.1.0" targetFramework="net451" />
   <package id="SimpleInjector" version="2.5.2" targetFramework="net451" />

src/Church/Church.IntegrationTests/app.config

@@ -17,6 +17,10 @@
         <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-5.2.0.0" newVersion="5.2.0.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-4.5.0.0" newVersion="4.5.0.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
 </configuration>

src/Church/Church.sln

@@ -17,6 +17,10 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Church.Types", "Church.Type
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Church.UnitTests", "Church.UnitTests\Church.UnitTests.csproj", "{CFBC092D-108F-494A-9F52-3A9BD3AC14E4}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Test", "Test", "{A376A92E-A66B-483F-9719-63C6E6A70593}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Church.ConsoleApp", "Church.ConsoleApp\Church.ConsoleApp.csproj", "{678CD616-5FCD-4484-B8D1-60C187085B9C}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -51,10 +55,19 @@ Global
 		{CFBC092D-108F-494A-9F52-3A9BD3AC14E4}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{CFBC092D-108F-494A-9F52-3A9BD3AC14E4}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{CFBC092D-108F-494A-9F52-3A9BD3AC14E4}.Release|Any CPU.Build.0 = Release|Any CPU
+		{678CD616-5FCD-4484-B8D1-60C187085B9C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{678CD616-5FCD-4484-B8D1-60C187085B9C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{678CD616-5FCD-4484-B8D1-60C187085B9C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{678CD616-5FCD-4484-B8D1-60C187085B9C}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{3BB84EC6-7033-41DF-A9B5-70EFC5532E2C} = {A376A92E-A66B-483F-9719-63C6E6A70593}
+		{CFBC092D-108F-494A-9F52-3A9BD3AC14E4} = {A376A92E-A66B-483F-9719-63C6E6A70593}
+		{678CD616-5FCD-4484-B8D1-60C187085B9C} = {A376A92E-A66B-483F-9719-63C6E6A70593}
+	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		EnterpriseLibraryConfigurationToolBinariesPathV6 = packages\EnterpriseLibrary.Common.6.0.1304.0\lib\NET45;packages\EnterpriseLibrary.Data.6.0.1304.0\lib\NET45
 	EndGlobalSection

src/Church/packages/repositories.config

@@ -2,6 +2,7 @@
 <repositories>
   <repository path="..\Church.Common\packages.config" />
   <repository path="..\Church.Components.Core\packages.config" />
+  <repository path="..\Church.ConsoleApp\packages.config" />
   <repository path="..\Church.Host.Owin.Core\packages.config" />
   <repository path="..\Church.IntegrationTests\packages.config" />
   <repository path="..\Church.Model\packages.config" />