Ejemplo n.º 1
0
        public async Task Invoke(HttpContext context, IProxyApplicationService applicationService, IPolicyEvaluator policyEvaluator)
        {
            var activeApplication = applicationService.GetActiveApplication();
            var mode = context.Request.PathBase == ProxyMetaEndpoints.PathBase ? PathAuthOptions.AuthMode.Web :
                       activeApplication.GetPathMode(context.Request.Path);

            if (!mode.HasValue)
            {
                context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                context.SetErrorDetail(Errors.Code.UnconfiguredPath, "Path has no authentication method configured.");
                return;
            }

            if (mode == PathAuthOptions.AuthMode.None)
            {
                await _next(context);

                return;
            }

            var policyName = mode == PathAuthOptions.AuthMode.Web ?
                             ProxyAuthComponents.GetWebPolicyName(activeApplication) :
                             ProxyAuthComponents.GetApiPolicyName(activeApplication);
            var policy = await _policyProvider.GetPolicyAsync(policyName);

            var authenticateResult = await policyEvaluator.AuthenticateAsync(policy, context);

            var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, null);

            var telemetry = context.Features.Get <RequestTelemetry>();

            if (telemetry != null && authenticateResult.Succeeded)
            {
                telemetry.Context.User.Id = context.User.Identity.Name;
            }

            if (authorizeResult.Challenged)
            {
                await context.ChallengeAsync(policy.AuthenticationSchemes.First());
            }
            else if (authorizeResult.Forbidden)
            {
                await context.ForbidAsync(policy.AuthenticationSchemes.First());
            }
            else
            {
                await _next(context);
            }
        }
Ejemplo n.º 2
0
        public async Task Invoke(HttpContext context, IProxyApplicationService applicationService)
        {
            if (context == null)
            {
                throw new ArgumentNullException(nameof(context));
            }

            var application      = applicationService.GetActiveApplication();
            var claimsTransforms = _claimsProviders[application.Name];

            foreach (var claimsTransform in claimsTransforms)
            {
                await claimsTransform.UpdateAsync(context.AuthenticationTicket());
            }

            var client = _clientFactory.CreateClient(application.Name);

            using (var requestMessage = CreateHttpRequestMessageFromIncomingRequest(context))
            {
                try
                {
                    using (var responseMessage = await client.SendAsync(requestMessage, context.RequestAborted))
                    {
                        await CopyProxiedMessageToResponseAsync(context.Response, responseMessage, context.RequestAborted);
                    }
                }
                catch (AuthenticatorException e)
                {
                    context.Response.StatusCode = 403;
                    context.SetErrorDetail(e.Code, e.Message);
                }
                catch (HttpRequestException e)
                {
                    if (e.InnerException is SocketException se && se.SocketErrorCode == SocketError.TimedOut)
                    {
                        context.Response.StatusCode = 504;
                        context.SetErrorDetail(Errors.Code.NoResponse, "The downstream server did not respond.");
                    }
Ejemplo n.º 3
0
        public async Task InvokeAsync(HttpContext context, IProxyApplicationService applicationService)
        {
            var application = applicationService.GetActiveApplication();

            if (application.HasPathMode(PathAuthOptions.AuthMode.Web))
            {
                if (context.Request.Path == ProxyMetaEndpoints.AccessDenied)
                {
                    await context.Response.WriteAsync("Access denied.");

                    return;
                }

                if (context.Request.Path == ProxyMetaEndpoints.PostSignedOutCallback)
                {
                    await context.Response.WriteAsync("Logged out.");

                    return;
                }

                if (context.Request.Path == ProxyMetaEndpoints.UserSignOut)
                {
                    var schemes = ProxyAuthComponents.GetAuthSchemes(application);

                    var properties = new AuthenticationProperties
                    {
                        RedirectUri = ProxyMetaEndpoints.FullPath(ProxyMetaEndpoints.PostSignedOutCallback)
                    };
                    await context.SignOutAsync(schemes.CookieName);

                    await context.SignOutAsync(schemes.OpenIdName, properties);

                    return;
                }
            }

            context.Response.StatusCode = (int)HttpStatusCode.NotFound;
        }
Ejemplo n.º 4
0
 public FilteredAuthenticationHandlerProvider(IAuthenticationSchemeProvider schemes, IProxyApplicationService applicationService)
 {
     _provider           = new AuthenticationHandlerProvider(schemes);
     _applicationService = applicationService;
 }