public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
var request = context.HttpContext.Request;
var hasApiKeyHeader = request.Headers.TryGetValue(ApiKeyHeaderName, out var apiKeyValue);
if (hasApiKeyHeader)
{
_logger.LogDebug("Found the header {ApiKeyHeader}. Starting API Key validation", ApiKeyHeaderName);
if (apiKeyValue.Count != 0 && !string.IsNullOrWhiteSpace(apiKeyValue))
{
if (await _apiKeyService.IsAuthorized(apiKeyValue))
{
_logger.LogDebug("Client {ClientId} successfully logged in with key {ApiKey}", "default", apiKeyValue);
return;
}
_logger.LogWarning("ClientId {ClientId} with ApiKey {ApiKey} is not authorized", "default", apiKeyValue);
}
else
{
_logger.LogWarning("{HeaderName} header found, but api key was null or empty", ApiKeyHeaderName);
}
}
else
{
_logger.LogWarning("No ApiKey header found.");
}
context.Result = new UnauthorizedResult();
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
var request = context.HttpContext.Request;
var hasApiKeyHeader = request.Headers.TryGetValue(ApiKeyHeaderName, out var apiKeyValue);
if (hasApiKeyHeader)
{
_logger.LogDebug("Found the header {ApiKeyHeader}. Starting API Key validation", ApiKeyHeaderName);
if (apiKeyValue.Count != 0 && !string.IsNullOrWhiteSpace(apiKeyValue))
{
if (request.Headers.TryGetValue(ClientIdHeaderName, out var clientIdValue) && clientIdValue.Count != 0 && !string.IsNullOrWhiteSpace(clientIdValue))
{
if (await _apiKeyService.IsAuthorized(apiKeyValue, clientIdValue))
{
_logger.LogDebug("Client {ClientId} successfully logged in with key {ApiKey}", clientIdValue, apiKeyValue);
var apiKeyClaim = new Claim("apikey", apiKeyValue);
var subject = new Claim(ClaimTypes.Name, clientIdValue);
var principal = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim> {
apiKeyClaim, subject
}, "ApiKey"));
context.HttpContext.User = principal;
return;
}
_logger.LogWarning("ClientId {ClientId} with ApiKey {ApiKey} is not authorized", clientIdValue, apiKeyValue);
}
else
{
_logger.LogWarning("{HeaderName} header not found or it was null or empty", ClientIdHeaderName);
}
}
else
{
_logger.LogWarning("{HeaderName} header found, but api key was null or empty", ApiKeyHeaderName);
}
}
else
{
_logger.LogWarning("No ApiKey header found.");
}
context.Result = new UnauthorizedResult();
}
public bool IsAuthorized(AuthorizationFilterContext context, string apiKeyValue)
{
var isApiKeyOK = _apiKeyService.IsAuthorized(apiKeyValue);
return(isApiKeyOK);
}