C# (CSharp) Steeltoe.Security.Authentication.CloudFoundry.Wcf CloudFoundryTokenValidator.ThrowJwtException Examples

Example #1

        public override IPermission CreatePermission()
        {
            if (Unrestricted)
            {
                return(new PrincipalPermission(PermissionState.Unrestricted));
            }

            string matchACL = Environment.GetEnvironmentVariable(Role);

            if (string.IsNullOrEmpty(matchACL))
            {
                CloudFoundryTokenValidator.ThrowJwtException("Configuration for not provided for Role: " + Role, "insufficient_scope");
            }

            IPrincipal principal = Thread.CurrentPrincipal;

            if (principal.IsInRole(matchACL))
            {
                return(new PrincipalPermission(principal.Identity.Name, matchACL, _authenticated));
            }
            else
            {
                Console.Out.WriteLine("Access denied user is not in Role: " + Role);
                CloudFoundryTokenValidator.ThrowJwtException("Access denied user is not in Role: " + Role, "insufficient_scope");
                return(null);
            }
        }

Example #2

File: ScopePermission.cs Project: ssuluh/Security

        public void Demand()
        {
            ClaimsPrincipal principal = Thread.CurrentPrincipal as ClaimsPrincipal;

            if (principal == null || !principal.HasClaim("scope", this.Scope))
            {
                Console.Out.WriteLine("Access denied token is not in Scope: " + Scope);
                CloudFoundryTokenValidator.ThrowJwtException("Access denied token does not have Scope: " + Scope, "insufficient_scope");
            }
        }

Example #3

File: JwtAuthorizationManager.cs Project: ssuluh/Security

        protected override bool CheckAccessCore(OperationContext operationContext)
        {
            HttpRequestMessageProperty httpRequestMessage;

            if (operationContext.RequestContext.RequestMessage.Properties.TryGetValue(HttpRequestMessageProperty.Name, out object httpRequestMessageObject))
            {
                httpRequestMessage = httpRequestMessageObject as HttpRequestMessageProperty;
                if (string.IsNullOrEmpty(httpRequestMessage.Headers["Authorization"]))
                {
                    CloudFoundryTokenValidator.ThrowJwtException("No Authorization header", null);
                }

                // Get Bearer token
                if (!httpRequestMessage.Headers["Authorization"].StartsWith("Bearer "))
                {
                    CloudFoundryTokenValidator.ThrowJwtException("No Token", null);
                }

                string jwt = httpRequestMessage.Headers["Authorization"].Split(' ')[1];
                if (string.IsNullOrEmpty(jwt))
                {
                    CloudFoundryTokenValidator.ThrowJwtException("Wrong Token Format", null);
                }

                // Get SSO Config
                Options = Options ?? new CloudFoundryOptions();
                if (Options.OAuthServiceUrl == null || Options.OAuthServiceUrl.Length == 0)
                {
                    CloudFoundryTokenValidator.ThrowJwtException("SSO Configuration is missing", null);
                }

                // Validate Token
                ClaimsPrincipal claimsPrincipal = Options.TokenValidator.ValidateToken(jwt);
                if (claimsPrincipal == null)
                {
                    return(false);
                }

                // Set the Principal created from token
                SetPrincipal(operationContext, claimsPrincipal);

                return(true);
            }

            return(false);
        }