async Task <bool> AuthenticateAsync(IClientCredentials clientCredentials, bool reAuthenticating)
{
Preconditions.CheckNotNull(clientCredentials);
bool isAuthenticated;
if (clientCredentials.AuthenticationType == AuthenticationType.X509Cert)
{
isAuthenticated = await(reAuthenticating
? this.certificateAuthenticator.ReauthenticateAsync(clientCredentials)
: this.certificateAuthenticator.AuthenticateAsync(clientCredentials));
}
else
{
isAuthenticated = await(reAuthenticating
? this.tokenAuthenticator.ReauthenticateAsync(clientCredentials)
: this.tokenAuthenticator.AuthenticateAsync(clientCredentials));
}
if (isAuthenticated)
{
await this.credentialsCache.Add(clientCredentials);
}
else
{
Metrics.AddAuthenticationFailure(clientCredentials.Identity.Id);
}
Events.AuthResult(clientCredentials, reAuthenticating, isAuthenticated);
return(isAuthenticated);
}
async Task <bool> AuthenticateAsync(IClientCredentials clientCredentials, bool reAuthenticating)
{
Preconditions.CheckNotNull(clientCredentials);
bool isAuthenticated;
if (clientCredentials.AuthenticationType == AuthenticationType.Implicit)
{
// Implicit authentication is executed when in a nested scenario a parent edge device captures a
// an IotHub message on an mqtt broker topic belonging to a device never seen before. In this case the
// child edge device has authenticated the connecting device, the authorization is continously monitoring
// if the device is publishing on allowed topics, so when a message arrives on a topic belonging to
// the device, it is sure that it has been authenticated/authorized before. Now just create an entry
// for it without further checks
isAuthenticated = true;
}
else if (clientCredentials.AuthenticationType == AuthenticationType.X509Cert)
{
isAuthenticated = await(reAuthenticating
? this.certificateAuthenticator.ReauthenticateAsync(clientCredentials)
: this.certificateAuthenticator.AuthenticateAsync(clientCredentials));
}
else
{
isAuthenticated = await(reAuthenticating
? this.tokenAuthenticator.ReauthenticateAsync(clientCredentials)
: this.tokenAuthenticator.AuthenticateAsync(clientCredentials));
}
if (isAuthenticated)
{
try
{
await this.credentialsCache.Add(clientCredentials);
}
catch (Exception ex)
{
// Authenticated but failed to add to cred cache,
// this will eventually cause a re-auth error but
// there's nothing we can do here
Events.CredentialsCacheFailure(ex);
}
}
else if (!reAuthenticating)
{
// only report authentication failure on initial authentication
Metrics.AddAuthenticationFailure(clientCredentials.Identity.Id);
}
Events.AuthResult(clientCredentials, reAuthenticating, isAuthenticated);
return(isAuthenticated);
}
async Task <bool> AuthenticateAsync(IClientCredentials clientCredentials, bool reAuthenticating)
{
Preconditions.CheckNotNull(clientCredentials);
bool isAuthenticated;
if (clientCredentials.AuthenticationType == AuthenticationType.X509Cert)
{
isAuthenticated = await(reAuthenticating
? this.certificateAuthenticator.ReauthenticateAsync(clientCredentials)
: this.certificateAuthenticator.AuthenticateAsync(clientCredentials));
}
else
{
isAuthenticated = await(reAuthenticating
? this.tokenAuthenticator.ReauthenticateAsync(clientCredentials)
: this.tokenAuthenticator.AuthenticateAsync(clientCredentials));
}
if (isAuthenticated)
{
try
{
await this.credentialsCache.Add(clientCredentials);
}
catch (Exception ex)
{
// Authenticated but failed to add to cred cache,
// this will eventually cause a re-auth error but
// there's nothing we can do here
Events.CredentialsCacheFailure(ex);
}
}
else
{
Metrics.AddAuthenticationFailure(clientCredentials.Identity.Id);
}
Events.AuthResult(clientCredentials, reAuthenticating, isAuthenticated);
return(isAuthenticated);
}
