public override async Task <bool> ValidateAndBuildUser(ClaimsPrincipal principal) { var httpClientFactory = new AddHeaderHttpClientFactory <HalEndpointClient>("bearer", () => { return(principal.GetAccessToken()); }, new DefaultHttpClientFactory()); var claimsId = principal.Identity as ClaimsIdentity; bool valid = false; try { var entryPoints = await HalEndpointClient.Load(new HalLink(entryPoint), httpClientFactory); if (entryPoints.HasLink("listClients")) { valid = true; claimsId.AddClaim(new Claim(claimsId.RoleClaimType, Roles.EditClients)); } if (entryPoints.HasLink("listApiResource")) { valid = true; claimsId.AddClaim(new Claim(claimsId.RoleClaimType, Roles.EditApiResources)); } if (entryPoints.HasLink("SetUser")) { valid = true; claimsId.AddClaim(new Claim(claimsId.RoleClaimType, AuthorizationAdminRoles.EditRoles)); } if (!valid) { var cookieAuthLog = loggerFactory.CreateLogger("CookieAuthentication"); cookieAuthLog.LogError($"Cannot login user {principal.GetUserLogString()}, they do not have a listClients or listApiResources claim"); } } catch (Exception ex) { var cookieAuthLog = loggerFactory.CreateLogger("CookieAuthentication"); cookieAuthLog.LogError($"Cannot login user {principal.GetUserLogString()}, a {ex.GetType()} with message {ex.Message} was thrown while contacting {entryPoint}."); valid = false; } return(await this.ChainNext(valid, principal)); }
public AddUserTokenHttpClientFactory(Func <ClaimsPrincipal, String> userTokenRetriever, IHttpContextAccessor httpContextAccessor, IHttpClientFactory next, ILoggingInUserAccessor loggingInUserAccessor = null) { this.httpContextAccessor = httpContextAccessor; this.next = new AddHeaderHttpClientFactory <TRef>("bearer", () => { String token = null; var httpContext = httpContextAccessor.HttpContext; if (httpContext.User.Identity.IsAuthenticated) { //If the user is authenticated, use its access token token = userTokenRetriever(httpContextAccessor.HttpContext.User); } else if (loggingInUserAccessor != null && loggingInUserAccessor.Principal != null) { //The user might be logging in still, so use that access token token = userTokenRetriever(loggingInUserAccessor.Principal); } return(token); }, next); }