/// <summary> /// Authorize User /// </summary> /// <returns></returns> public async Task OnAuthorizationAsync(AuthorizationFilterContext filterContext) { if (filterContext == null) { return; } var hasAllowAnonymous = filterContext.ActionDescriptor.EndpointMetadata .Any(em => em.GetType() == typeof(Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute)); if (hasAllowAnonymous) { return; } filterContext.HttpContext.Request.Headers.TryGetValue("Authorization", out var authTokens); var token = authTokens.FirstOrDefault(); token = token?.Replace("Bearer ", ""); if (token != null) { if (await _ssoService.ValidateToken(token)) { var handler = new JwtSecurityTokenHandler(); var tokenInformation = handler.ReadToken(token) as JwtSecurityToken; _httpContextAccessor.HttpContext?.Request.HttpContext.Items.Add("UserId", (tokenInformation?.Claims ?? Array.Empty <Claim>()).FirstOrDefault(x => x.Type == "pid") ?.Value); _httpContextAccessor.HttpContext?.Request.HttpContext.Items.Add("UserToken", token); } else { //_logger.LogUnauthorizedAccess("Authentication", "Invalid Token"); filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; filterContext.Result = new UnauthorizedResult(); } } else { //_logger.LogUnauthorizedAccess("Authentication", "Token is NULL"); filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; filterContext.Result = new UnauthorizedResult(); } }
/// <summary> /// Authorize User /// </summary> /// <returns></returns> public void OnAuthorization(AuthorizationFilterContext filterContext) { if (filterContext == null) { return; } var hasAllowAnonymous = filterContext.ActionDescriptor.EndpointMetadata .Any(em => em.GetType() == typeof(Microsoft.AspNetCore.Authorization.AllowAnonymousAttribute)); if (hasAllowAnonymous) { return; } filterContext.HttpContext.Request.Headers.TryGetValue("Authorization", out var authTokens); var token = authTokens.FirstOrDefault(); if (token != null) { if (_ssoService.ValidateToken(token).Result) { var handler = new JwtSecurityTokenHandler(); var tokenInformation = handler.ReadToken(token) as JwtSecurityToken; _httpContextAccessor.HttpContext?.Request.HttpContext.Items.Add("UserId", (tokenInformation?.Claims ?? Array.Empty <Claim>()).FirstOrDefault(x => x.Type == "pid") ?.Value); } else { filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized; filterContext.Result = new UnauthorizedResult(); } } else { filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.ExpectationFailed; filterContext.Result = new UnauthorizedResult(); } }