public async Task InvokeAsync(HttpContext context, IUserCollection userCollection)
{
var request = context.Request;
if (!request.Headers.ContainsKey("Authorization"))
{
await _next(context);
return;
}
AuthenticationHeaderValue authorizationHeader = AuthenticationHeaderValue.Parse(request.Headers["Authorization"]);
if (authorizationHeader.Scheme != "Bearer")
{
throw new HttpException(HttpStatusCode.BadRequest, "Invalid authorization scheme");
}
if (String.IsNullOrEmpty(authorizationHeader.Parameter))
{
throw new HttpException(HttpStatusCode.BadRequest, "Missing authorization token");
}
string token = authorizationHeader.Parameter;
var user = await userCollection.GetUserByApiTokenAsync(token);
if (user == null)
{
throw new HttpException(HttpStatusCode.Unauthorized, "Invalid authorization token");
}
var identity = new ClaimsIdentity(new BearerTokenUserIdentity(user));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
context.User = new ClaimsPrincipal(identity);
await _next(context);
}
