Example #1
0
        public void GetApiKeyFromRequest(RequestMessageContext messageContext)
        {
            ReadOnlySpan <char> authType = AuthTypeApiKey.AsSpan();
            StringValues        tokenValue;
            ReadOnlySpan <char> rawValue;

            // first try the authorization header and then try custom header
            if (
                (this.Request.Headers.TryGetValue(AuthorizationHeader, out tokenValue)) ||
                (this.Options.HeaderName != null && this.Request.Headers.TryGetValue(this.Options.HeaderName, out tokenValue))
                )
            {
                rawValue = tokenValue[0].AsSpan();
                var spaceIndex = rawValue.IndexOf(' ');

                if (spaceIndex <= 0)
                {
                    messageContext.NoResult();
                    return;
                }

                authType = rawValue.Slice(0, spaceIndex);
                rawValue = rawValue.Slice(spaceIndex + 1);
            }
            // then try query string
            else if (this.Options.QueryString != null && this.Request.Query.TryGetValue(this.Options.QueryString, out tokenValue))
            {
                rawValue = tokenValue[0].AsSpan();
            }
            else
            {
                // I didn't find a token anywhere, so give up
                messageContext.NoResult();
                return;
            }

            var SAuthTypeBasic   = AuthTypeBasic.AsSpan();
            var SAuthTypeApiKey  = AuthTypeApiKey.AsSpan();
            var SAuthTypeTApiKey = AuthTypeTApiKey.AsSpan();

            if (this.Options.HttpBasicEnabled && authType.Equals(SAuthTypeBasic, StringComparison.OrdinalIgnoreCase))
            {
                this.Logger.LogDebug($"HTTP Basic authentication detected.");

                var valueDecoded = System.Text.UTF8Encoding.UTF8.GetString(Convert.FromBase64CharArray(rawValue.ToArray(), 0, rawValue.Length)).AsSpan();
                var split        = valueDecoded.IndexOf(':');

                messageContext.ClientID           = valueDecoded.Slice(0, split).ToString();
                messageContext.Token              = valueDecoded.Slice(split + 1).ToString();
                messageContext.AuthenticationType = AuthTypeBasic;

                return;
            }
            else if (
                (this.Options.TimeBasedKeyEnabled && authType.Equals(SAuthTypeApiKey, StringComparison.OrdinalIgnoreCase)) ||
                (this.Options.StaticKeyEnabled && authType.Equals(SAuthTypeTApiKey, StringComparison.OrdinalIgnoreCase))
                )
            {
                this.Logger.LogDebug($"Authorization {authType.ToString()} detected.");

                var indexOfFirstColon = rawValue.IndexOf(':');

                if (indexOfFirstColon <= 0)
                {
                    messageContext.Fail(InvalidAuthHeaderMessage);
                    return;
                }

                messageContext.ClientID           = rawValue.Slice(0, indexOfFirstColon).ToString();
                messageContext.Token              = rawValue.Slice(indexOfFirstColon + 1).ToString();
                messageContext.AuthenticationType = authType.ToString();

                return;
            }
            else
            {
                messageContext.Fail("Invalid authentication type");
            }

            messageContext.NoResult();
        }