Beispiel #1
0
        public override void OnActionExecuting(ActionExecutingContext context)
        {
            if (!_authOptions.AuthHeaderCheckEnabled)
            {
                return;
            }

            var logger = context.HttpContext.RequestServices.GetService <ILogger <DiagnosticKeysController> >();

            try
            {
                string authHeader = context.HttpContext.Request.Headers["Authorization"];
                if (authHeader != null && authHeader.Contains("Bearer"))
                {
                    var token = authHeader.Replace("Bearer", "");

                    _jwtValidationService.IsTokenValid(token);
                    return;
                }
                else
                {
                    logger.LogWarning("Missing token or invalid scheme. Header value:" + authHeader);
                    context.Result = new UnauthorizedObjectResult("Missing token or invalid scheme.");
                }
            }
            catch (Exception e)
            {
                logger.LogError("Error on authorization:" + e);
                context.Result = new UnauthorizedObjectResult(e.Message);
            }
        }
        public override async void OnActionExecuting(ActionExecutingContext context)
        {
            var logger = context.HttpContext.RequestServices.GetService <ILogger <DiagnosticKeysController> >();

            try
            {
                string authHeader = context.HttpContext.Request.Headers["Authorization"];
                if (authHeader != null && authHeader.Contains("Bearer"))
                {
                    var token = authHeader.Replace("Bearer", string.Empty);
                    token = token.Trim();

                    _jwtValidationService.IsTokenValid(token);

                    return;
                }

                if (_anonymousTokenConfig.Enabled)
                {
                    if (authHeader != null && authHeader.StartsWith("Anonymous "))
                    {
                        var anonymousToken = authHeader.Replace("Anonymous ", string.Empty);
                        var isValid        = await _anonymousTokenValidationService.IsTokenValid(anonymousToken);

                        if (!isValid)
                        {
                            context.Result = new UnauthorizedObjectResult("Invalid token");
                        }

                        return;
                    }
                }

                logger.LogWarning("Missing token or invalid scheme. Header value:" + authHeader);
                context.Result = new UnauthorizedObjectResult("Missing token or invalid scheme.");
            }
            catch (Exception e)
            {
                logger.LogError("Error on authorization:" + e);
                context.Result = new UnauthorizedObjectResult(e.Message);
            }
        }
        public void TestValidateToken_WithValidToken()
        {
            var validationResult = _jwtValidationService.IsTokenValid(ValidToken);

            validationResult.Should().BeTrue();
        }