private async Task <IdentityToken> TryAuthenticateAsync(JwtTokenExtractor toBotFromChannelExtractor,
JwtTokenExtractor toBotFromEmulatorExtractor,
string scheme,
string token,
CancellationToken cancellationToken)
{
// then auth is disabled
if (await this.credentialProvider.IsAuthenticationDisabledAsync())
{
return(new IdentityToken(true, null));
}
ClaimsIdentity identity = null;
string appId = null;
identity = await toBotFromChannelExtractor.GetIdentityAsync(scheme, token);
if (identity != null)
{
appId = toBotFromChannelExtractor.GetAppIdFromClaimsIdentity(identity);
}
// No identity? If we're allowed to, fall back to MSA
// This code path is used by the emulator
if (identity == null && !this.disableEmulatorTokens)
{
identity = await toBotFromEmulatorExtractor.GetIdentityAsync(scheme, token);
if (identity != null)
{
appId = toBotFromEmulatorExtractor.GetAppIdFromEmulatorClaimsIdentity(identity);
}
}
if (identity != null)
{
if (await credentialProvider.IsValidAppIdAsync(appId) == false) // keep context
{
// not valid appid, drop the identity
identity = null;
}
else
{
var password = await credentialProvider.GetAppPasswordAsync(appId); // Keep context
if (password != null)
{
// add password as claim so that it is part of ClaimsIdentity and accessible by ConnectorClient()
identity.AddClaim(new Claim(ClaimsIdentityEx.AppPasswordClaim, password));
}
}
}
if (identity != null)
{
return(new IdentityToken(true, identity));
}
return(new IdentityToken(false, null));
}
internal async Task <IdentityToken> TryAuthenticateAsync(HttpRequestMessage request,
CancellationToken token)
{
// then auth is disabled
if (await this.credentialProvider.IsAuthenticationDisabledAsync())
{
return(new IdentityToken(true, null));
}
ClaimsIdentity identity = null;
var tokenExtractor = GetTokenExtractor();
identity = await tokenExtractor.GetIdentityAsync(request);
// No identity? If we're allowed to, fall back to MSA
// This code path is used by the emulator
if (identity == null && !this.disableEmulatorTokens)
{
tokenExtractor = new JwtTokenExtractor(JwtConfig.ToBotFromMSATokenValidationParameters, JwtConfig.ToBotFromMSAOpenIdMetadataUrl);
identity = await tokenExtractor.GetIdentityAsync(request);
}
if (identity != null)
{
var appId = tokenExtractor.GetAppIdFromClaimsIdentity(identity);
if (await credentialProvider.IsValidAppIdAsync(appId) == false) // keep context
{
// not valid appid, drop the identity
identity = null;
}
else
{
var password = await credentialProvider.GetAppPasswordAsync(appId); // Keep context
if (password != null)
{
// add password as claim so that it is part of ClaimsIdentity and accessible by ConnectorClient()
identity.AddClaim(new Claim(ClaimsIdentityEx.AppPasswordClaim, password));
}
}
}
if (identity != null)
{
Thread.CurrentPrincipal = new ClaimsPrincipal(identity);
// Inside of ASP.NET this is required
if (HttpContext.Current != null)
{
HttpContext.Current.User = Thread.CurrentPrincipal;
}
return(new IdentityToken(true, identity));
}
return(new IdentityToken(false, null));
}
public override async Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
MicrosoftAppId = MicrosoftAppId ?? ConfigurationManager.AppSettings[MicrosoftAppIdSettingName ?? "MicrosoftAppId"];
if (Debugger.IsAttached && String.IsNullOrEmpty(MicrosoftAppId))
{
// then auth is disabled
return;
}
var tokenExtractor = new JwtTokenExtractor(JwtConfig.GetToBotFromChannelTokenValidationParameters(MicrosoftAppId), OpenIdConfigurationUrl);
var identity = await tokenExtractor.GetIdentityAsync(actionContext.Request);
// No identity? If we're allowed to, fall back to MSA
// This code path is used by the emulator
if (identity == null && !DisableSelfIssuedTokens)
{
tokenExtractor = new JwtTokenExtractor(JwtConfig.ToBotFromMSATokenValidationParameters, JwtConfig.ToBotFromMSAOpenIdMetadataUrl);
identity = await tokenExtractor.GetIdentityAsync(actionContext.Request);
// Check to make sure the app ID in the token is ours
if (identity != null)
{
// If it doesn't match, throw away the identity
if (tokenExtractor.GetBotIdFromClaimsIdentity(identity) != MicrosoftAppId)
{
identity = null;
}
}
}
// Still no identity? Fail out.
if (identity == null)
{
tokenExtractor.GenerateUnauthorizedResponse(actionContext);
return;
}
Thread.CurrentPrincipal = new ClaimsPrincipal(identity);
// Inside of ASP.NET this is required
if (HttpContext.Current != null)
{
HttpContext.Current.User = Thread.CurrentPrincipal;
}
await base.OnAuthorizationAsync(actionContext, cancellationToken);
}
public override async Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
MicrosoftAppId = MicrosoftAppId ?? ConfigurationManager.AppSettings[MicrosoftAppIdSettingName ?? "MicrosoftAppId"];
if (Debugger.IsAttached && String.IsNullOrEmpty(MicrosoftAppId))
// then auth is disabled
return;
var tokenExtractor = new JwtTokenExtractor(JwtConfig.GetToBotFromChannelTokenValidationParameters(MicrosoftAppId), OpenIdConfigurationUrl);
var identity = await tokenExtractor.GetIdentityAsync(actionContext.Request);
// No identity? If we're allowed to, fall back to MSA
// This code path is used by the emulator
if (identity == null && !DisableSelfIssuedTokens)
{
tokenExtractor = new JwtTokenExtractor(JwtConfig.ToBotFromMSATokenValidationParameters, JwtConfig.ToBotFromMSAOpenIdMetadataUrl);
identity = await tokenExtractor.GetIdentityAsync(actionContext.Request);
// Check to make sure the app ID in the token is ours
if (identity != null)
{
// If it doesn't match, throw away the identity
if (tokenExtractor.GetBotIdFromClaimsIdentity(identity) != MicrosoftAppId)
identity = null;
}
}
// Still no identity? Fail out.
if (identity == null)
{
tokenExtractor.GenerateUnauthorizedResponse(actionContext);
return;
}
Thread.CurrentPrincipal = new ClaimsPrincipal(identity);
// Inside of ASP.NET this is required
if (HttpContext.Current != null)
HttpContext.Current.User = Thread.CurrentPrincipal;
await base.OnAuthorizationAsync(actionContext, cancellationToken);
}
public override async Task OnActionExecutionAsync(ActionExecutingContext actionContext, ActionExecutionDelegate next)
{
MicrosoftAppId = MicrosoftAppId ?? _configuration[MicrosoftAppIdSettingName];
if (Debugger.IsAttached && String.IsNullOrEmpty(MicrosoftAppId))
{
// then auth is disabled
return;
}
var tokenExtractor = new JwtTokenExtractor(JwtConfig.GetToBotFromChannelTokenValidationParameters(MicrosoftAppId), OpenIdConfigurationUrl);
var frameRequestHeaders = actionContext.HttpContext.Request.Headers as FrameRequestHeaders;
if (frameRequestHeaders == null)
{
//TODO: ...
throw new NotSupportedException("frameRequestHeaders is null");
}
//TODO: Надо проверить!
var identity = await tokenExtractor.GetIdentityAsync(frameRequestHeaders.HeaderAuthorization.FirstOrDefault());
// No identity? If we're allowed to, fall back to MSA
// This code path is used by the emulator
if (identity == null && !DisableSelfIssuedTokens)
{
tokenExtractor = new JwtTokenExtractor(JwtConfig.ToBotFromMSATokenValidationParameters, JwtConfig.ToBotFromMSAOpenIdMetadataUrl);
//TODO: Надо проверить!
identity = await tokenExtractor.GetIdentityAsync(frameRequestHeaders.HeaderAuthorization.FirstOrDefault());
// Check to make sure the app ID in the token is ours
if (identity != null)
{
// If it doesn't match, throw away the identity
if (tokenExtractor.GetBotIdFromClaimsIdentity(identity) != MicrosoftAppId)
{
identity = null;
}
}
}
// Still no identity? Fail out.
if (identity == null)
{
tokenExtractor.GenerateUnauthorizedResponse(actionContext);
return;
}
var activity = actionContext.ActionArguments.Select(t => t.Value).OfType <Activity>().FirstOrDefault();
if (activity != null)
{
MicrosoftAppCredentials.TrustServiceUrl(activity.ServiceUrl);
}
else
{
// No model binding to activity check if we can find JObject or JArray
var obj = actionContext.ActionArguments.Where(t => t.Value is JObject || t.Value is JArray).Select(t => t.Value).FirstOrDefault();
if (obj != null)
{
Activity[] activities = (obj is JObject) ? new Activity[] { ((JObject)obj).ToObject <Activity>() } : ((JArray)obj).ToObject <Activity[]>();
foreach (var jActivity in activities)
{
if (!string.IsNullOrEmpty(jActivity.ServiceUrl))
{
MicrosoftAppCredentials.TrustServiceUrl(jActivity.ServiceUrl);
}
}
}
else
{
//LOG: Trace.TraceWarning("No activity in the Bot Authentication Action Arguments");
}
}
//Thread.CurrentPrincipal = new ClaimsPrincipal(identity);
// Inside of ASP.NET this is required
if (_httpContextAccessor.HttpContext != null)
{
_httpContextAccessor.HttpContext.User = new ClaimsPrincipal(identity);
}
await base.OnActionExecutionAsync(actionContext, next);
}
public override async Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
MicrosoftAppId = MicrosoftAppId ?? ConfigurationManager.AppSettings[MicrosoftAppIdSettingName ?? "MicrosoftAppId"];
if (Debugger.IsAttached && String.IsNullOrEmpty(MicrosoftAppId))
// then auth is disabled
return;
var tokenExtractor = new JwtTokenExtractor(JwtConfig.GetToBotFromChannelTokenValidationParameters(MicrosoftAppId), OpenIdConfigurationUrl);
var identity = await tokenExtractor.GetIdentityAsync(actionContext.Request);
// No identity? If we're allowed to, fall back to MSA
// This code path is used by the emulator
if (identity == null && !DisableSelfIssuedTokens)
{
tokenExtractor = new JwtTokenExtractor(JwtConfig.ToBotFromMSATokenValidationParameters, JwtConfig.ToBotFromMSAOpenIdMetadataUrl);
identity = await tokenExtractor.GetIdentityAsync(actionContext.Request);
// Check to make sure the app ID in the token is ours
if (identity != null)
{
// If it doesn't match, throw away the identity
if (tokenExtractor.GetBotIdFromClaimsIdentity(identity) != MicrosoftAppId)
identity = null;
}
}
// Still no identity? Fail out.
if (identity == null)
{
tokenExtractor.GenerateUnauthorizedResponse(actionContext);
return;
}
var activity = actionContext.ActionArguments.Select(t => t.Value).OfType<Activity>().FirstOrDefault();
if (activity != null)
{
MicrosoftAppCredentials.TrustServiceUrl(activity.ServiceUrl);
}
else
{
// No model binding to activity check if we can find JObject or JArray
var obj = actionContext.ActionArguments.Where(t => t.Value is JObject || t.Value is JArray).Select(t => t.Value).FirstOrDefault();
if (obj != null)
{
Activity[] activities = (obj is JObject) ? new Activity[] { ((JObject)obj).ToObject<Activity>() } : ((JArray)obj).ToObject<Activity[]>();
foreach (var jActivity in activities)
{
if (!string.IsNullOrEmpty(jActivity.ServiceUrl))
{
MicrosoftAppCredentials.TrustServiceUrl(jActivity.ServiceUrl);
}
}
}
else
{
Trace.TraceWarning("No activity in the Bot Authentication Action Arguments");
}
}
Thread.CurrentPrincipal = new ClaimsPrincipal(identity);
// Inside of ASP.NET this is required
if (HttpContext.Current != null)
HttpContext.Current.User = Thread.CurrentPrincipal;
await base.OnActionExecutingAsync(actionContext, cancellationToken);
}