Ejemplo n.º 1
0
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, IpCheckRequirement requirement)
        {
            Claim ipClaim = _currentUserAccessor.GetIpAddressClaim();

            // token doesn't contain the ip-address claim or ip-address claim isn't required => skip ip check
            if (ipClaim == null || !requirement.IpClaimRequired)
            {
                return(Task.CompletedTask);
            }

            if (ipClaim.Value == HttpContext.Connection.RemoteIpAddress?.ToString())
            {
                // ip-address from token and current matches => access granted
                context.Succeed(requirement);
            }
            else
            {
                // current ip from request doesn't match the ip which the employee had when he generated the access token
                // this could be a potentially stolen token => reject request and block access, will result in a 403 - Forbidden
                context.Fail();
            }

            return(Task.CompletedTask);
        }