/// <summary> /// Validates the auth header for WebSocket upgrade requests. /// </summary> /// <remarks> /// Returns a ClaimsIdentity for successful auth and when auth is disabled. Returns null for failed auth. /// </remarks> /// <param name="httpRequest">The connection request.</param> private async Task <ClaimsIdentity> AuthenticateRequestAsync(HttpRequest httpRequest) { try { if (!await CredentialProvider.IsAuthenticationDisabledAsync().ConfigureAwait(false)) { var authHeader = httpRequest.Headers.First(x => string.Equals(x.Key, AuthHeaderName, StringComparison.OrdinalIgnoreCase)).Value.FirstOrDefault(); var channelId = httpRequest.Headers.First(x => string.Equals(x.Key, ChannelIdHeaderName, StringComparison.OrdinalIgnoreCase)).Value.FirstOrDefault(); if (string.IsNullOrWhiteSpace(authHeader)) { await WriteUnauthorizedResponseAsync(AuthHeaderName, httpRequest).ConfigureAwait(false); return(null); } if (string.IsNullOrWhiteSpace(channelId)) { await WriteUnauthorizedResponseAsync(ChannelIdHeaderName, httpRequest).ConfigureAwait(false); return(null); } var claimsIdentity = await JwtTokenValidation.ValidateAuthHeader(authHeader, CredentialProvider, ChannelProvider, channelId).ConfigureAwait(false); if (!claimsIdentity.IsAuthenticated) { httpRequest.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; return(null); } // Add ServiceURL to the cache of trusted sites in order to allow token refreshing. AppCredentials.TrustServiceUrl(claimsIdentity.FindFirst(AuthenticationConstants.ServiceUrlClaim).Value); ClaimsIdentity = claimsIdentity; return(claimsIdentity); } // Authentication is not enabled, therefore return an anonymous ClaimsIdentity. return(new ClaimsIdentity(new List <Claim>(), "anonymous")); } catch (Exception) { httpRequest.HttpContext.Response.StatusCode = (int)HttpStatusCode.InternalServerError; await httpRequest.HttpContext.Response.WriteAsync("Error while attempting to authorize connection.").ConfigureAwait(false); throw; } }
private async Task <bool> AuthenticateRequestAsync(HttpRequest httpRequest) { try { if (!await CredentialProvider.IsAuthenticationDisabledAsync().ConfigureAwait(false)) { var authHeader = httpRequest.Headers.First(x => x.Key.ToLower() == AuthHeaderName).Value.FirstOrDefault(); var channelId = httpRequest.Headers.First(x => x.Key.ToLower() == ChannelIdHeaderName).Value.FirstOrDefault(); if (string.IsNullOrWhiteSpace(authHeader)) { await WriteUnauthorizedResponseAsync(AuthHeaderName, httpRequest).ConfigureAwait(false); return(false); } if (string.IsNullOrWhiteSpace(channelId)) { await WriteUnauthorizedResponseAsync(ChannelIdHeaderName, httpRequest).ConfigureAwait(false); return(false); } var claimsIdentity = await JwtTokenValidation.ValidateAuthHeader(authHeader, CredentialProvider, ChannelProvider, channelId).ConfigureAwait(false); if (!claimsIdentity.IsAuthenticated) { httpRequest.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; return(false); } // Add ServiceURL to the cache of trusted sites in order to allow token refreshing. AppCredentials.TrustServiceUrl(claimsIdentity.FindFirst(AuthenticationConstants.ServiceUrlClaim).Value); ClaimsIdentity = claimsIdentity; } return(true); } catch (Exception ex) { httpRequest.HttpContext.Response.StatusCode = (int)HttpStatusCode.InternalServerError; await httpRequest.HttpContext.Response.WriteAsync("Error while attempting to authorize connection.").ConfigureAwait(false); throw ex; } }
private async Task <bool> AuthenticateRequestAsync(HttpRequestMessage httpRequest, HttpResponseMessage httpResponse) { try { if (!await CredentialProvider.IsAuthenticationDisabledAsync().ConfigureAwait(false)) { #pragma warning disable CA1308 // Normalize strings to uppercase (header names come in lowercase, ignoring) var authHeader = httpRequest.Headers.GetValues(AuthHeaderName.ToLowerInvariant()).FirstOrDefault(); var channelId = httpRequest.Headers.GetValues(ChannelIdHeaderName.ToLowerInvariant()).FirstOrDefault(); #pragma warning restore CA1308 // Normalize strings to uppercase if (string.IsNullOrWhiteSpace(authHeader)) { WriteUnauthorizedResponse(AuthHeaderName, httpResponse); return(false); } if (string.IsNullOrWhiteSpace(channelId)) { WriteUnauthorizedResponse(ChannelIdHeaderName, httpResponse); return(false); } var claimsIdentity = await JwtTokenValidation.ValidateAuthHeader(authHeader, CredentialProvider, ChannelProvider, channelId).ConfigureAwait(false); if (!claimsIdentity.IsAuthenticated) { httpResponse.StatusCode = HttpStatusCode.Unauthorized; return(false); } // Add ServiceURL to the cache of trusted sites in order to allow token refreshing. AppCredentials.TrustServiceUrl(claimsIdentity.FindFirst(AuthenticationConstants.ServiceUrlClaim).Value); ClaimsIdentity = claimsIdentity; } return(true); } catch (Exception) { httpResponse.StatusCode = HttpStatusCode.InternalServerError; httpResponse.Content = new StringContent("Error while attempting to authorize connection."); throw; } }
private async Task <bool> AuthenticateRequestAsync(HttpRequestMessage httpRequest, HttpResponseMessage httpResponse) { try { if (!await CredentialProvider.IsAuthenticationDisabledAsync().ConfigureAwait(false)) { var authHeader = httpRequest.Headers.GetValues(AuthHeaderName.ToLowerInvariant()).FirstOrDefault(); var channelId = httpRequest.Headers.GetValues(ChannelIdHeaderName.ToLowerInvariant()).FirstOrDefault(); if (string.IsNullOrWhiteSpace(authHeader)) { WriteUnauthorizedResponse(AuthHeaderName, httpResponse); return(false); } if (string.IsNullOrWhiteSpace(channelId)) { WriteUnauthorizedResponse(ChannelIdHeaderName, httpResponse); return(false); } var claimsIdentity = await JwtTokenValidation.ValidateAuthHeader(authHeader, CredentialProvider, ChannelProvider, channelId).ConfigureAwait(false); if (!claimsIdentity.IsAuthenticated) { httpResponse.StatusCode = HttpStatusCode.Unauthorized; return(false); } ClaimsIdentity = claimsIdentity; } return(true); } catch (Exception) { httpResponse.StatusCode = HttpStatusCode.InternalServerError; httpResponse.Content = new StringContent("Error while attempting to authorize connection."); throw; } }