public override async Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken) { var identity = actionContext.RequestContext.Principal.Identity as ClaimsIdentity; // User has not authenticated / signed in if (identity != null && !identity.IsAuthenticated) { var requestErrorModel = new ResponseErrorModel { Error = Core.Constants.ErrorCodes.Unauthorized, ErrorDescription = "not authorized for request" }; actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new List <ResponseErrorModel> { requestErrorModel }); } else if (identity != null && !identity.HasClaim(ClaimType, ClaimValue)) { Log.Logger .ForContext <ClaimAuthorizeAttribute>() .Information("({eventCode:l}) {user} does not have claim {claimType}.{claimValue}", EventCodes.Authorization, identity.Name, ClaimType, ClaimValue); actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden); } // Implicit authentication will need to verify if user is either locked or need verification if (identity?.Name != null) { await ValidateUser(actionContext, identity); } }
public async Task <IActionResult> Login(LoginRequestDto request) { var encryptedPassword = _cryptographer.Encrypt(request.Password); request.Password = encryptedPassword; var resultData = await _authenticationService.Login(request); if (!resultData.IsSuccessfulLogin) { var responseErrorModel = new ResponseErrorModel(400, "Incorrect Username or Password"); return(BadRequest(responseErrorModel)); } var token = BuildToken(resultData); return(Ok(token)); }
public static ResponseErrorModel ToModel(this ModelError error, string field) { var model = new ResponseErrorModel { Field = field }; var codedMessage = error.ErrorMessage.Split(new[] { "::" }, StringSplitOptions.RemoveEmptyEntries); if (codedMessage.Length == 2) { model.Error = codedMessage[0]; model.ErrorDescription = codedMessage[1]; } else { model.ErrorDescription = error.ErrorMessage; } return(model); }
public static List <ResponseErrorModel> ToRequestErrorModel(this string message) { var model = new ResponseErrorModel(); var codedMessage = message.Split(new[] { "::" }, StringSplitOptions.RemoveEmptyEntries); if (codedMessage.Length == 2) { model.Error = codedMessage[0]; model.ErrorDescription = codedMessage[1]; } else { model.ErrorDescription = message; } return(new List <ResponseErrorModel> { model }); }
public async void OnException(ExceptionContext context) { context = context ?? throw new ArgumentNullException(nameof(context)); if (context.Exception is KeyNotFoundException) { var response = new ResponseErrorModel(404, context.Exception.Message); var responseJson = JsonConvert.SerializeObject(response); var responseBytes = Encoding.UTF8.GetBytes(responseJson); context.HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound; context.HttpContext.Response.ContentType = "application/json"; context.HttpContext.Response.ContentLength = responseBytes.Length; await HttpResponseWritingExtensions.WriteAsync(context.HttpContext.Response, responseJson); context.ExceptionHandled = true; return; } }
private static Task HandleExceptionAsync(HttpContext context, Exception exception) //, ILogger logger) { var code = HttpStatusCode.InternalServerError; // 500 if unexpected ResponseErrorModel rem; if (exception is DomainValidationException validationException) { rem = new ResponseErrorModel() { ErrorCode = validationException.ErrorCode, ErrorMessage = validationException.Message }; code = HttpStatusCode.BadRequest; } else if (exception is DomainEntityNotFoundException notFoundException) { rem = new ResponseErrorModel() { ErrorCode = notFoundException.Code, ErrorMessage = notFoundException.Message }; code = HttpStatusCode.NotFound; } else { rem = new ResponseErrorModel() { ErrorCode = code.ToString(), ErrorMessage = exception.Message }; } //if (exception is BadRequestException) code = HttpStatusCode.BadRequest; //else if (exception is MyUnauthorizedException) code = HttpStatusCode.Unauthorized; //else if (exception is MyException) code = HttpStatusCode.BadRequest; //logger.LogError(exception, exception.Message); var result = JsonConvert.SerializeObject(rem); context.Response.ContentType = "application/json"; context.Response.StatusCode = (int)code; return(context.Response.WriteAsync(result)); }
private async Task ValidateUser(HttpActionContext context, ClaimsIdentity identity) { // Check if log in user needs to be verify or inactive var container = context.Request.GetOwinContext().GetAutofacLifetimeScope(); var userService = container.Resolve <IUserService>(); var user = await userService.GetUserByNameAsync(identity.Name); if (!user.IsActive) { Log.Logger .ForContext <ClaimAuthorizeAttribute>() .Information("({eventCode:l}) {user} is not active.", EventCodes.UserDisabled, identity.Name); var requestErrorModel = new ResponseErrorModel { Error = EventCodes.UserDisabled, ErrorDescription = "User has been disabled." }; context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new List <ResponseErrorModel> { requestErrorModel }); } else if (user.IsVerifyRequired) { Log.Logger .ForContext <ClaimAuthorizeAttribute>() .Information("({eventCode:l}) {user} need a verification.", EventCodes.RequireVerification, identity.Name); var requestErrorModel = new ResponseErrorModel { Error = EventCodes.RequireVerification, ErrorDescription = "User verification is required." }; context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized, new List <ResponseErrorModel> { requestErrorModel }); } }
public override void OnAuthorization(HttpActionContext actionContext) { var identity = actionContext.RequestContext.Principal.Identity as ClaimsIdentity; if (identity != null && !identity.IsAuthenticated) { var requestErrorModel = new ResponseErrorModel { Error = Core.Constants.ErrorCodes.Unauthorized, ErrorDescription = "not authorized for request" }; actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new List <ResponseErrorModel> { requestErrorModel }); } else if (identity != null && !identity.HasClaim(ClaimType, ClaimValue)) { Log.Logger .ForContext <ClaimAuthorizeAttribute>() .Information("({eventCode:l}) {user} does not have claim {claimType}.{claimValue}", EventCodes.Authorization, identity.Name, ClaimType, ClaimValue); actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden); } }
public HttpResponseException(HttpStatusCode statusCode, ResponseErrorModel error) { StatusCode = statusCode; Error = error; }
public ConflictException(string message) : base(message) { this.ResponseErrorModel = new ResponseErrorModel(409, message); }