public void OnAuthorization(AuthorizationFilterContext context)
{
var bearer = context.HttpContext.Request.Headers["Authorization"].FirstOrDefault();
if (bearer == null)
{
context.Result = new UnauthorizedResult();
return;
}
var token = bearer.Split(" ")[1];
if (token == null)
{
context.Result = new UnauthorizedResult();
return;
}
var valid = ValidateCurrentToken(token);
if (!valid)
{
context.Result = new UnauthorizedResult();
return;
}
if (!string.IsNullOrEmpty(_roles))
{
var rolesList = _roles.Split(",").Select(a => a.Trim()).ToList();
var claims = JwtDecoder.GetClaims(token);
if (claims == null)
{
context.Result = new UnauthorizedResult();
return;
}
if (claims != null)
{
bool hasRole = false;
var userRoles = claims.Where(claim => claim.Type == "roles").ToList();
foreach (var r in userRoles)
{
if (rolesList.Contains(r.Value))
{
hasRole = true;
break;
}
}
if (hasRole == false)
{
context.Result = new UnauthorizedResult();
return;
}
}
}
}
public UserDto GetCurrentUser()
{
var token = _httpContextAccessor.HttpContext.Request.Headers["Authorization"].ToString();
if (string.IsNullOrEmpty(token))
{
return(null);
}
token = token.Split(" ")[1].Trim();
var tokenClaim = JwtDecoder.GetClaims(token).ToList();
var tokenType = tokenClaim.FirstOrDefault(a => a.Type == ClaimTypes.TokenType)?.Value;
if (tokenType != TokenType.User)
{
return(null);
}
if (!tokenClaim.Any())
{
return(null);
}
//var roles = tokenClaim.Where(a => a.Type == ClaimTypes.Role).Select(a => a.Value).ToList();
var roles = tokenClaim.Where(claim => claim.Type == "roles").Select(x => x.Value).ToList();
var userDto = new UserDto()
{
Id = tokenClaim.FirstOrDefault(a => a.Type == "id")?.Value,
FirstName = tokenClaim.FirstOrDefault(a => a.Type == ClaimTypes.FirstName)?.Value,
LastName = tokenClaim.FirstOrDefault(a => a.Type == ClaimTypes.LastName)?.Value,
Email = tokenClaim.FirstOrDefault(a => a.Type == ClaimTypes.Email)?.Value,
Roles = roles,
Scopes = tokenClaim.Where(claim => claim.Type == ClaimTypes.Scope)
.Select(a => a.Value.ToLower()).ToList()
};
//var user = _httpContextAccessor.HttpContext.User.FindFirstValue(ClaimTypes.NameIdentifier);
return(userDto);
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var filters = context.Filters;
for (var i = 0; i < filters.Count; i++)
{
if (filters[i] is IAllowAnonymousFilter)
{
return;
}
}
var bearer = context.HttpContext.Request.Headers["Authorization"].ToString();
if (string.IsNullOrWhiteSpace(bearer))
{
context.Result = new UnauthorizedResult();
return;
}
var token = bearer.Split(" ")[1];
var valid = ValidateCurrentToken(token);
if (!valid)
{
context.Result = new UnauthorizedResult();
return;
}
var claims = JwtDecoder.GetClaims(token).ToList();
if (!claims.Any())
{
context.Result = new UnauthorizedResult();
return;
}
var tokenType = claims.FirstOrDefault(a => a.Type == "tokenType");
if (tokenType == null)
{
context.Result = new CustomUnauthorizedResult("unauthorize access");
return;
}
//required roles to get access
var requiredRoles = _roles.Split(',').ToList();
// user roles
var userRole = claims
.Where(claim => claim.Type == ClaimTypes.Role)
.Select(a => a.Value).Select(a => a.ToLower()).ToList();
var userRoles = new List <string>();
userRole.ForEach(a =>
{
var scopes = a.ToLower().Split(',').ToList();
scopes.ForEach(c =>
{
userRoles.Add(c);
});
});
//user has the required roles to get access
var userAccessRoles = requiredRoles.Intersect(userRoles).ToList();
bool hasRoleAcess = userAccessRoles.Any();
//required scopes to get access
var requiredScopes = _scopes.ToLower().Split(',').ToList();
// user scopes
var userScopes = claims
.Where(claim => claim.Type == ClaimTypes.Scope)
.Select(a => a.Value);
var userScope = new List <string>();
userScopes.ForEach(a =>
{
var scopes = a.ToLower().Split(',').ToList();
scopes.ForEach(c =>
{
userScope.Add(c);
});
});
//user has the required scope to get access
var userAccessScopes = requiredScopes.Intersect(userScope).ToList();
var hasScopeAccess = userAccessScopes.Any();
if (string.IsNullOrEmpty(_roles) && string.IsNullOrEmpty(_scopes))
{
return;
}
if (hasRoleAcess || hasScopeAccess)
{
return;
}
if (!hasRoleAcess && !hasScopeAccess)
{
context.Result = new CustomUnauthorizedResult("Forbidden you dont have the privilege to access this resources");
return;
}
}
