Beispiel #1
0
        private async Task <string> GetUserAuthorizationJwtAsync(
            HttpContext httpContext,
            IHttpClientFactory httpClientFactory,
            IMemoryCache memoryCache,
            IServiceDiscoveryProvider serviceDiscoveryProvider)
        {
            if (JwtAuthorizationHelper.TryGetTokenValue(httpContext.Request.Headers, out string value))
            {
                int key = CacheHttpHeadersHelper.TryGetValue(
                    httpContext.Request.Headers,
                    _jwtAuthorizationOptions.CacheKeyHttpHeaders,
                    out string cacheKeyPart)
                    ? GetKey(httpContext, value, cacheKeyPart)
                    : GetKey(httpContext, value);

                if (!memoryCache.TryGetValue(key, out string jwtToken))
                {
                    string authUrl =
                        _jwtAuthorizationOptions.GetAuthorizationUrl(serviceDiscoveryProvider) + httpContext.Request.Path.Value;
                    jwtToken = await GetUserAuthorizationJwtAsync(
                        httpContext,
                        httpClientFactory,
                        memoryCache,
                        value,
                        key,
                        authUrl);
                }

                return(jwtToken);
            }
            else if (!string.IsNullOrEmpty(_jwtAuthorizationOptions.HashParameterName) &&
                     httpContext.Request.Query.TryGetValue(_jwtAuthorizationOptions.HashParameterName, out StringValues hashValue))
            {
                int key = GetKey(httpContext, hashValue.ToString());
                if (!memoryCache.TryGetValue(key, out string jwtToken))
                {
                    var uriBuilder = new UriBuilder(_jwtAuthorizationOptions.GetHashAuthorization(serviceDiscoveryProvider));
                    uriBuilder.Query = QueryString.Create(
                        _jwtAuthorizationOptions.HashParameterName,
                        hashValue.ToString()).ToUriComponent();
                    jwtToken = await GetUserAuthorizationJwtAsync(
                        httpContext,
                        httpClientFactory,
                        memoryCache,
                        StringValues.Empty,
                        key,
                        uriBuilder.Uri.ToString());
                }

                return(jwtToken);
            }

            return(string.Empty);
        }
Beispiel #2
0
 private async Task ValidateJwtToken(HttpContext httpContext)
 {
     if (JwtAuthorizationHelper.TryGetTokenValue(httpContext.Request.Headers, out string value, true))
     {
         if (await IsAccessTokenValid(value))
         {
             return;
         }
     }
     throw new UnauthorizedAccessException(Properties.Resources.AuthorizationServiceForbiddenRequest);
 }