Example #1
0
        public async Task InvokeAsync(IMiddlewareContext context)
        {
            if (context.ContextData.TryGetValue(BewitTokenHeader.Value, out var objectToken) &&
                objectToken is string bewitToken)
            {
                try
                {
                    object payload = await _tokenValidator.ValidateBewitTokenAsync(
                        new BewitToken <T>(bewitToken),
                        context.RequestAborted);

                    _httpContextAccessor.SetBewitPayload(payload);
                }
                catch (Exception ex)
                {
                    CreateError(context, ex);
                }

                await _next(context);
            }
            else
            {
                CreateError(context);
            }
        }
Example #2
0
        private async Task OnActionExecutingAsync(
            ActionExecutingContext context,
            CancellationToken cancellationToken)
        {
            List <ControllerParameterDescriptor> parameters =
                context.ActionDescriptor.Parameters
                .OfType <ControllerParameterDescriptor>()
                .Where(p => p.ParameterInfo
                       .CustomAttributes.Any(a =>
                                             a.AttributeType == typeof(FromBewitAttribute)))
                .ToList();

            IBewitTokenValidator <IDictionary <string, object> > tokenValidator =
                GetBewitTokenValidator(context);

            string bewitToken = GetBewitFromUrl(context);
            IDictionary <string, object> bewit = await
                                                 tokenValidator.ValidateBewitTokenAsync(
                new BewitToken <IDictionary <string, object> >(bewitToken),
                cancellationToken);

            foreach (ControllerParameterDescriptor param in parameters)
            {
                string bewitParameter
                    = bewit.Keys.LastOrDefault(b =>
                                               string.Equals(b, param.Name,
                                                             StringComparison.CurrentCultureIgnoreCase));

                if (bewitParameter != null)
                {
                    context.ActionArguments[param.Name] = bewit[bewitParameter];
                }
            }
        }
        public async Task Invoke(HttpContext context)
        {
            if (context == null)
            {
                throw new ArgumentNullException(nameof(context));
            }

            BewitEndpointAttribute endpointAttribute =
                context.GetEndpoint()?.Metadata.GetMetadata <BewitEndpointAttribute>();

            if (endpointAttribute == null)
            {
                await _next(context);

                return;
            }

            const string bewitQueryStringParameter = "bewit";

            string bewitToken =
                context.Request.Query[bewitQueryStringParameter];

            if (string.IsNullOrEmpty(bewitToken))
            {
                Unauthorize(context);

                return;
            }

            bewitToken = WebUtility.UrlDecode(bewitToken);

            string payload;

            try
            {
                payload = await _tokenValidator.ValidateBewitTokenAsync(
                    new BewitToken <string>(bewitToken),
                    context.RequestAborted);
            }
            catch (BewitException)
            {
                Unauthorize(context);

                return;
            }

            string url = GetRelativeUrl(context, bewitQueryStringParameter);

            if (!string.Equals(url, payload,
                               StringComparison.CurrentCultureIgnoreCase))
            {
                Unauthorize(context);

                return;
            }

            await _next(context);
        }
        private async Task OnAuthorizationAsync(
            AuthorizationFilterContext context,
            CancellationToken cancellationToken)
        {
            const string bewitQueryStringParameter = "bewit";

            IBewitTokenValidator <string> tokenValidator =
                GetBewitTokenValidator(context);

            string path = GetRelativeUrl(context, bewitQueryStringParameter);

            string bewitToken =
                context.HttpContext.Request.Query[bewitQueryStringParameter];

            if (bewitToken != null)
            {
                bewitToken = WebUtility.UrlDecode(bewitToken);

                string payload;

                try
                {
                    payload = await tokenValidator.ValidateBewitTokenAsync(
                        new BewitToken <string>(bewitToken),
                        cancellationToken);
                }
                catch (BewitException)
                {
                    Unauthorize(context);
                    return;
                }

                if (string.Equals(path, payload,
                                  StringComparison.CurrentCultureIgnoreCase))
                {
                    return;
                }
            }

            Unauthorize(context);
        }