public async Task InvokeAsync(IMiddlewareContext context) { if (context.ContextData.TryGetValue(BewitTokenHeader.Value, out var objectToken) && objectToken is string bewitToken) { try { object payload = await _tokenValidator.ValidateBewitTokenAsync( new BewitToken <T>(bewitToken), context.RequestAborted); _httpContextAccessor.SetBewitPayload(payload); } catch (Exception ex) { CreateError(context, ex); } await _next(context); } else { CreateError(context); } }
private async Task OnActionExecutingAsync( ActionExecutingContext context, CancellationToken cancellationToken) { List <ControllerParameterDescriptor> parameters = context.ActionDescriptor.Parameters .OfType <ControllerParameterDescriptor>() .Where(p => p.ParameterInfo .CustomAttributes.Any(a => a.AttributeType == typeof(FromBewitAttribute))) .ToList(); IBewitTokenValidator <IDictionary <string, object> > tokenValidator = GetBewitTokenValidator(context); string bewitToken = GetBewitFromUrl(context); IDictionary <string, object> bewit = await tokenValidator.ValidateBewitTokenAsync( new BewitToken <IDictionary <string, object> >(bewitToken), cancellationToken); foreach (ControllerParameterDescriptor param in parameters) { string bewitParameter = bewit.Keys.LastOrDefault(b => string.Equals(b, param.Name, StringComparison.CurrentCultureIgnoreCase)); if (bewitParameter != null) { context.ActionArguments[param.Name] = bewit[bewitParameter]; } } }
public async Task Invoke(HttpContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } BewitEndpointAttribute endpointAttribute = context.GetEndpoint()?.Metadata.GetMetadata <BewitEndpointAttribute>(); if (endpointAttribute == null) { await _next(context); return; } const string bewitQueryStringParameter = "bewit"; string bewitToken = context.Request.Query[bewitQueryStringParameter]; if (string.IsNullOrEmpty(bewitToken)) { Unauthorize(context); return; } bewitToken = WebUtility.UrlDecode(bewitToken); string payload; try { payload = await _tokenValidator.ValidateBewitTokenAsync( new BewitToken <string>(bewitToken), context.RequestAborted); } catch (BewitException) { Unauthorize(context); return; } string url = GetRelativeUrl(context, bewitQueryStringParameter); if (!string.Equals(url, payload, StringComparison.CurrentCultureIgnoreCase)) { Unauthorize(context); return; } await _next(context); }
private async Task OnAuthorizationAsync( AuthorizationFilterContext context, CancellationToken cancellationToken) { const string bewitQueryStringParameter = "bewit"; IBewitTokenValidator <string> tokenValidator = GetBewitTokenValidator(context); string path = GetRelativeUrl(context, bewitQueryStringParameter); string bewitToken = context.HttpContext.Request.Query[bewitQueryStringParameter]; if (bewitToken != null) { bewitToken = WebUtility.UrlDecode(bewitToken); string payload; try { payload = await tokenValidator.ValidateBewitTokenAsync( new BewitToken <string>(bewitToken), cancellationToken); } catch (BewitException) { Unauthorize(context); return; } if (string.Equals(path, payload, StringComparison.CurrentCultureIgnoreCase)) { return; } } Unauthorize(context); }