Ejemplo n.º 1
0
        public static async Task <bool> AuthAndSetPrinciple(ICacheProvider cacheProvider, IDepartmentsRepository departmentsRepository, string authTokenString)
        {
            if (string.IsNullOrWhiteSpace(authTokenString))
            {
                return(false);
            }

            var encodedUserPass = authTokenString.Trim();

            var authToken = V3AuthToken.Decode(encodedUserPass);

            if (authToken != null)
            {
                string userId;

                if (Config.SecurityConfig.SystemLoginCredentials.ContainsKey(authToken.UserName))
                {
                    if (Config.SecurityConfig.SystemLoginCredentials[authToken.UserName] != encodedUserPass)
                    {
                        return(false);
                    }

                    authToken.UserId = authToken.UserName;
                }
                else
                {
                    var result = await ValidateUserAndDepartmentByUser(cacheProvider, departmentsRepository, authToken.UserName, authToken.DepartmentId, null);

                    if (!result.IsValid)
                    {
                        return(false);
                    }

                    authToken.UserId = result.UserId;
                }

                //var principal = new ResgridPrincipleV3(authToken);
                //Thread.CurrentPrincipal = principal;
                //if (context != null)
                //{
                //	context.User = new System.Security.Claims.ClaimsPrincipal(principal);
                //}
            }

            return(true);
        }
Ejemplo n.º 2
0
        protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
        {
            var endpoint = Context.GetEndpoint();

            if (endpoint?.Metadata?.GetMetadata <IAllowAnonymous>() != null)
            {
                return(AuthenticateResult.NoResult());
            }

            if (!Request.Headers.ContainsKey("Authorization"))
            {
                return(AuthenticateResult.Fail("Missing Authorization Header"));
            }

            try
            {
                var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
                var result     = await AuthAndSetPrinciple(_cacheProvider, _departmentRepository, authHeader.Parameter);

                if (!result)
                {
                    return(AuthenticateResult.Fail("Invalid Authorization Header"));
                }

                var authToken = V3AuthToken.Decode(authHeader.Parameter);
                var user      = await _usersService.GetUserByNameAsync(authToken.UserName);

                var principal = await _claimsPrincipalFactory.CreateAsync(user);

                Thread.CurrentPrincipal = principal;
                Context.User            = principal;

                var ticket = new AuthenticationTicket(principal, Scheme.Name);
                return(AuthenticateResult.Success(ticket));
            }
            catch
            {
                return(AuthenticateResult.Fail("Invalid Authorization Header"));
            }
        }