protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
var endpoint = Context.GetEndpoint();
if (endpoint?.Metadata?.GetMetadata <IAllowAnonymous>() != null)
{
return(AuthenticateResult.NoResult());
}
if (!Request.Headers.ContainsKey("Authorization"))
{
throw new UnauthorizedException("Missing Authorization Header");
}
string[] credentials;
try
{
var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
var credentialBytes = Convert.FromBase64String(authHeader.Parameter);
credentials = Encoding.UTF8.GetString(credentialBytes).Split(new[] { ':' }, 2);
}
catch
{
throw new UnauthorizedException("Invalid Authorization Header");
}
var user = await authService.AuthentificateAsync(credentials[0], credentials[1]);
var claims = new[] {
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Name, user.Name),
};
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
