public override Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
var workItem = executingContext.Arguments.First().Value as HttpRequestMessage;
ValidationPackage validationPackage = new ValidationPackage();
AuthenticationHeaderValue jwtInput = workItem.Headers.Authorization;
if (jwtInput != null)
{
String jwt = "";
if (jwtInput.ToString().StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
{
jwt = jwtInput.ToString().Substring("Bearer ".Length).Trim();
}
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
if (!string.IsNullOrEmpty(jwt))
{
try
{
validationPackage = ExtractClaims(jwt, handler);
}
catch (Exception e)
{
// log.Error("Exception caught while validating token", e);
}
}
else
{
//log.Error("Auth Token begins with [" + jwtInput.ToString().Substring(0, 12) + "...]");
}
}
if (!validationPackage.validToken)
{
workItem.Headers.Add("AuthorizationStatus", Convert.ToInt32(HttpStatusCode.Unauthorized).ToString());
}
else
{
workItem.Headers.Add("AuthorizationStatus", Convert.ToInt32(HttpStatusCode.Accepted).ToString());
}
return(base.OnExecutingAsync(executingContext, cancellationToken));
}
public static ValidationPackage ExtractClaims(string jwt, JwtSecurityTokenHandler handler)
{
ValidationPackage validationPackage = new ValidationPackage();
validationPackage.token = jwt;
var token = handler.ReadJwtToken(jwt);
// !!!!!!!! Hardcoded Scope !!!!!!!!! \\
validationPackage.scope = "user_impersonation";
try
{
//Extract the payload of the JWT
var claims = token.Claims;
foreach (Claim c in claims)
{
switch (c.Type)
{
case "sub":
case "upn":
// Make sure it's an email address ...
if (c.Value.Contains('@'))
{
validationPackage.principalName = c.Value;
}
//log.Info(Logger.Header() + "upn=" + c.Value);
break;
case "Firstname":
validationPackage.firstName = c.Value;
//log.Info(Logger.Header() + "Firstname=" + c.Value);
break;
case "Lastname":
validationPackage.lastName = c.Value;
//log.Info(Logger.Header() + "Lastname=" + c.Value);
break;
case "client_id":
case "aud":
validationPackage.appID = c.Value;
//log.Info(Logger.Header() + "aud=" + c.Value);
break;
case "iat":
validationPackage.issuedAt = Convert.ToInt64(c.Value);
//log.Info(Logger.Header() + "iat=" + c.Value);
break;
case "exp":
validationPackage.expiresAt = Convert.ToInt64(c.Value);
//log.Info(Logger.Header() + "exp=" + c.Value);
break;
case "scp":
validationPackage.scope = c.Value;
//log.Info(Logger.Header() + "scp=" + c.Value);
break;
}
}
}
catch (Exception e)
{
validationPackage.validToken = false;
}
var currentTimestamp = (long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0)).TotalSeconds;
if ((validationPackage.expiresAt - currentTimestamp) > 0)
{
validationPackage.validToken = true;
}
return(validationPackage);
}
