async Task <bool> AuthenticateAsync(IClientCredentials clientCredentials, bool reAuthenticating) { Preconditions.CheckNotNull(clientCredentials); bool isAuthenticated; if (clientCredentials.AuthenticationType == AuthenticationType.X509Cert) { isAuthenticated = await(reAuthenticating ? this.certificateAuthenticator.ReauthenticateAsync(clientCredentials) : this.certificateAuthenticator.AuthenticateAsync(clientCredentials)); } else { isAuthenticated = await(reAuthenticating ? this.tokenAuthenticator.ReauthenticateAsync(clientCredentials) : this.tokenAuthenticator.AuthenticateAsync(clientCredentials)); } if (isAuthenticated) { await this.credentialsCache.Add(clientCredentials); } else { Metrics.AddAuthenticationFailure(clientCredentials.Identity.Id); } Events.AuthResult(clientCredentials, reAuthenticating, isAuthenticated); return(isAuthenticated); }
async Task <bool> AuthenticateAsync(IClientCredentials clientCredentials, bool reAuthenticating) { Preconditions.CheckNotNull(clientCredentials); bool isAuthenticated; if (clientCredentials.AuthenticationType == AuthenticationType.Implicit) { // Implicit authentication is executed when in a nested scenario a parent edge device captures a // an IotHub message on an mqtt broker topic belonging to a device never seen before. In this case the // child edge device has authenticated the connecting device, the authorization is continously monitoring // if the device is publishing on allowed topics, so when a message arrives on a topic belonging to // the device, it is sure that it has been authenticated/authorized before. Now just create an entry // for it without further checks isAuthenticated = true; } else if (clientCredentials.AuthenticationType == AuthenticationType.X509Cert) { isAuthenticated = await(reAuthenticating ? this.certificateAuthenticator.ReauthenticateAsync(clientCredentials) : this.certificateAuthenticator.AuthenticateAsync(clientCredentials)); } else { isAuthenticated = await(reAuthenticating ? this.tokenAuthenticator.ReauthenticateAsync(clientCredentials) : this.tokenAuthenticator.AuthenticateAsync(clientCredentials)); } if (isAuthenticated) { try { await this.credentialsCache.Add(clientCredentials); } catch (Exception ex) { // Authenticated but failed to add to cred cache, // this will eventually cause a re-auth error but // there's nothing we can do here Events.CredentialsCacheFailure(ex); } } else if (!reAuthenticating) { // only report authentication failure on initial authentication Metrics.AddAuthenticationFailure(clientCredentials.Identity.Id); } Events.AuthResult(clientCredentials, reAuthenticating, isAuthenticated); return(isAuthenticated); }
async Task <bool> AuthenticateAsync(IClientCredentials clientCredentials, bool reAuthenticating) { Preconditions.CheckNotNull(clientCredentials); bool isAuthenticated; if (clientCredentials.AuthenticationType == AuthenticationType.X509Cert) { isAuthenticated = await(reAuthenticating ? this.certificateAuthenticator.ReauthenticateAsync(clientCredentials) : this.certificateAuthenticator.AuthenticateAsync(clientCredentials)); } else { isAuthenticated = await(reAuthenticating ? this.tokenAuthenticator.ReauthenticateAsync(clientCredentials) : this.tokenAuthenticator.AuthenticateAsync(clientCredentials)); } if (isAuthenticated) { try { await this.credentialsCache.Add(clientCredentials); } catch (Exception ex) { // Authenticated but failed to add to cred cache, // this will eventually cause a re-auth error but // there's nothing we can do here Events.CredentialsCacheFailure(ex); } } else { Metrics.AddAuthenticationFailure(clientCredentials.Identity.Id); } Events.AuthResult(clientCredentials, reAuthenticating, isAuthenticated); return(isAuthenticated); }