Exemple #1
0
        protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
        {
            ApiKey keyFromRequest;
            var    requestMessage = new RequestMessageContext();

            await this.Options.Events.OnRequestAsync(requestMessage);

            if (requestMessage.Result != null)
            {
                return(requestMessage.Result);
            }

            keyFromRequest = requestMessage.Key;

            if (keyFromRequest == null)
            {
                // Get clientid and key from the authorization header or another header
                if (this.Options.HeaderName.Equals("Authorization", StringComparison.OrdinalIgnoreCase))
                {
                    requestMessage = GetApiKeyFromAuthorizationHeader();
                }
                else
                {
                    requestMessage = GetApiKeyFromHeader();
                }
            }

            if (requestMessage.Result != null)
            {
                return(requestMessage.Result);
            }

            if (requestMessage?.Key?.ClientID == null)
            {
                this.Logger.LogInformation("ClientID not provided or is malformed.");

                return(AuthenticateResult.Fail("Client is not valid."));
            }

            var keyFromStore = await _keyStore.GetKeyAsync(requestMessage.Key.ClientID);

            if (keyFromStore == null)
            {
                this.Logger.LogInformation("Failed to locate the API key.");

                return(AuthenticateResult.Fail("Client is not valid."));
            }

            if (!(await this.Options.KeyValidator.ValidateKeyAsync(keyFromStore, requestMessage.Key)))
            {
                this.Logger.LogInformation("Key is not valid.");

                return(AuthenticateResult.Fail("Invalid Key"));
            }

            //var keyValidated = await RunKeyValidatedEventAsync(keyFromStore, key);
            //if (keyValidated.Result != null)
            //{
            //    keyValidated.Result.Handled
            //}

            var principal = await CreateUserAsync(requestMessage.Key);

            //TODO: Hook for options to modify claims/user

            return(AuthenticateResult.Success(new AuthenticationTicket(principal, this.Scheme.Name)));
        }
Exemple #2
0
        protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
        {
            var requestMessage = new RequestMessageContext(this.Context, this.Scheme, this.Options);

            await this.Options.Events.OnRequestAsync(requestMessage);

            if (requestMessage.Result != null)
            {
                this.Logger.LogDebug("Using the result returned from the OnRequestAsync event.");
                return(requestMessage.Result);
            }

            // if the token wasn't set in OnRequestAsync(), then try to get it from the Authorization or custom header
            if (requestMessage.Token == null)
            {
                GetApiKeyFromRequest(requestMessage);
            }

            if (requestMessage.Result != null)
            {
                return(requestMessage.Result);
            }

            if (requestMessage?.ClientID == null)
            {
                this.Logger.LogDebug("ClientID not provided or is malformed.");
                return(AuthenticateResult.Fail(InvalidClientMessage));
            }

            var keyFromStore = await _keyStore.GetKeyAsync(requestMessage.ClientID);

            if (keyFromStore == null)
            {
                this.Logger.LogInformation("An API key could not be found for the given ClientID.");
                return(AuthenticateResult.Fail(InvalidClientMessage));
            }

            if (string.IsNullOrEmpty(keyFromStore.Secret))
            {
                this.Logger.LogInformation("The secret for the given ClientID is null or empty.");
                return(AuthenticateResult.Fail(InvalidClientMessage));
            }

            var keyValidator = this.Options.KeyValidator;

            if (requestMessage.AuthenticationType.Equals(AuthTypeBasic, StringComparison.OrdinalIgnoreCase))
            {
                keyValidator = keyValidator ?? new DefaultApiKeyValidator();
            }
            else if (requestMessage.AuthenticationType.Equals(AuthTypeApiKey, StringComparison.OrdinalIgnoreCase))
            {
                keyValidator = keyValidator ?? new DefaultApiKeyValidator();
            }
            else if (requestMessage.AuthenticationType.Equals(AuthTypeTApiKey, StringComparison.OrdinalIgnoreCase))
            {
                keyValidator = keyValidator ?? new TimeBasedApiKeyValidator(this.Clock, new Csg.ApiKeyGenerator.TimeBasedTokenGenerator()
                {
                    IntervalSeconds = this.Options.TimeBasedKeyInterval,
                    AllowedNumberOfDriftIntervals = this.Options.TimeBasedKeyTolerance
                });
            }
            else if (keyValidator == null)
            {
                return(AuthenticateResult.NoResult());
            }

            if (!(await keyValidator.ValidateKeyAsync(keyFromStore, requestMessage.Token)))
            {
                this.Logger.LogInformation($"The ClientID and Key pair provided in the request ({requestMessage.ClientID}, {requestMessage.Token}) is not valid.");
                return(AuthenticateResult.Fail(InvalidApiKeyMessage));
            }

            var userResult = await CreateIdentityAsync(keyFromStore);

            if (userResult.Result != null)
            {
                return(userResult.Result);
            }

            return(AuthenticateResult.Success(new AuthenticationTicket(new System.Security.Claims.ClaimsPrincipal(userResult.Identity), this.Scheme.Name)));
        }