Beispiel #1
0
        public async Task Invoke(HttpContext context)
        {
            string api_key = context.Request.Headers["api-key"];

            if (api_key != null)
            {
                string[] vals = api_key.Split(':');


                var key = ApiKeyManager.Find(vals[0]);

                if (key != null && key.secretKey == vals[1] && key.authorizedIP == context.Request.HttpContext.Connection.RemoteIpAddress.ToString())
                {
                    await _next.Invoke(context);
                }
                else
                {
                    context.Response.StatusCode = 401; //Unauthorized
                    return;
                }
            }
            else
            {
                // no authorization header
                context.Response.StatusCode = 401; //Unauthorized
                return;
            }
        }
Beispiel #2
0
        public static ApiKey getKey(string apiKeyID)
        {
            ApiKey key = ApiKeyManager.Find(apiKeyID);

            if (key != null)
            {
                logger.Debug("Key found: Key={0} ", key.keyID);
                return(key);
            }

            return(null);
        }
        protected override Task <AuthenticateResult> HandleAuthenticateAsync()
        {
            if (!Request.Headers.ContainsKey("api-key"))
            {
                return(Task.FromResult(AuthenticateResult.Fail("Missing api-key Header")));
            }

            string api_key = Request.Headers["api-key"];

            if (api_key != null)
            {
                string[] vals = api_key.Split(':');


                var key = ApiKeyManager.Find(vals[0]);

                if (key != null && key.secretKey == vals[1] && key.authorizedIP == Request.HttpContext.Connection.RemoteIpAddress.ToString())
                {
                    const string Issuer = "https://fgv.br";
                    var          claims = new List <Claim>();

                    claims.Add(new Claim(ClaimTypes.Name, key.keyID, ClaimValueTypes.String, Issuer));

                    List <string> tclaims = HttpSecurity.getClaims(key.secretKey);

                    foreach (string claim in tclaims)
                    {
                        claims.Add(new Claim(claim, "true", ClaimValueTypes.Boolean));
                    }


                    var identity  = new ClaimsIdentity(claims, Scheme.Name);
                    var principal = new ClaimsPrincipal(identity);
                    var ticket    = new AuthenticationTicket(principal, Scheme.Name);


                    return(Task.FromResult(AuthenticateResult.Success(ticket)));
                }
                else
                {
                    _logger.LogDebug("Invalid api-key or IP address ip:" + Request.HttpContext.Connection.RemoteIpAddress.ToString() + " key:" + api_key);
                    // FAILED
                    return(Task.FromResult(AuthenticateResult.Fail("Invalid api-key or IP address")));
                }
            }
            else
            {
                // FAILED
                return(Task.FromResult(AuthenticateResult.Fail("Invalid api-key")));
            }
        }