public override Task ValidateIdentity(OAuthValidateIdentityContext context)
{
var authorizationBearerToken = context.Request.Headers["Authorization"];
if (string.IsNullOrWhiteSpace(authorizationBearerToken))
{
context.Rejected();
return(Task.FromResult(false));
}
else
{
var authorizationBearerTokenParts = authorizationBearerToken
.Split(' ');
var accessToken = authorizationBearerTokenParts
.LastOrDefault();
var claims = new List <Claim>();
StuntmanUser user = null;
if (authorizationBearerTokenParts.Count() != 2 ||
string.IsNullOrWhiteSpace(accessToken))
{
context.Response.StatusCode = 400;
context.Response.ReasonPhrase = "Authorization header is not in correct format.";
context.Rejected();
return(Task.FromResult(false));
}
else
{
user = options.Users
.Where(x => x.AccessToken == accessToken)
.FirstOrDefault();
if (user == null)
{
if (!options.AllowBearerTokenPassthrough)
{
context.Response.StatusCode = 403;
context.Response.ReasonPhrase =
$"options provided does not include the requested '{accessToken}' user.";
context.Rejected();
}
return(Task.FromResult(false));
}
else
{
claims.Add(new Claim("access_token", accessToken));
}
}
claims.Add(new Claim(ClaimTypes.Name, user.Name));
claims.AddRange(user.Claims);
var identity = new ClaimsIdentity(claims, Constants.StuntmanAuthenticationType, user.NameClaimType, user.RoleClaimType);
context.Validated(identity);
var authManager = context.OwinContext.Authentication;
authManager.SignIn(identity);
if (options.AfterBearerValidateIdentity != null)
{
options.AfterBearerValidateIdentity(context);
}
return(Task.FromResult(true));
}
}
private static async Task StuntmanOnMessageReceived(
StuntmanOptions options,
MessageReceivedContext context)
{
var authorizationBearerToken = context.HttpContext.Request.Headers["Authorization"];
if (string.IsNullOrWhiteSpace(authorizationBearerToken))
{
context.Ticket = null;
context.SkipToNextMiddleware();
return;
}
else
{
var authorizationBearerTokenParts = authorizationBearerToken.ToString().Split(' ');
var accessToken = authorizationBearerTokenParts
.LastOrDefault();
var claims = new List <Claim>();
StuntmanUser user = null;
if (authorizationBearerTokenParts.Count() != 2 ||
string.IsNullOrWhiteSpace(accessToken))
{
context.HttpContext.Response.StatusCode = 400;
await context.HttpContext.Response.WriteAsync(
"Authorization header is not in correct format.");
context.Ticket = null;
context.SkipToNextMiddleware();
return;
}
else
{
user = options.Users
.Where(x => x.AccessToken == accessToken)
.FirstOrDefault();
if (user == null)
{
if (!options.AllowBearerTokenPassthrough)
{
context.Response.StatusCode = 403;
await context.HttpContext.Response.WriteAsync(
$"options provided does not include the requested '{accessToken}' user.");
}
context.Ticket = null;
context.SkipToNextMiddleware();
return;
}
else
{
claims.Add(new Claim("access_token", accessToken));
}
}
claims.Add(new Claim(ClaimTypes.Name, user.Name));
claims.AddRange(user.Claims);
var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, Constants.StuntmanAuthenticationType));
context.Ticket = new AuthenticationTicket(principal, new AuthenticationProperties(), Constants.StuntmanAuthenticationType);
context.HandleResponse();
if (options.AfterBearerValidateIdentity != null)
{
options.AfterBearerValidateIdentity(context);
}
}
}