protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { // Check if there is a token in the request if (!HasToken(request)) { // If token does not exist return back an unauthorized HttpResponseMessage with a 401 status code return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(HttpStatusCode.Unauthorized), cancellationToken)); } // Get token from request if (!TryGetToken(request, out var token)) { // If unable to fetch token with valid Authorization scheme, then return back an unauthorized HttpResponseMessage with a 401 status code return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(HttpStatusCode.Unauthorized), cancellationToken)); } try { var signingKey = GetSigningKey(); // Validate token before applying business logic var ssoTokenStrategy = new SsoTokenValidationStrategy(token, signingKey); var result = ssoTokenStrategy.ExecuteStrategy(); if (!result.Data) { // Store invalid token into database using (var ssoGateway = new SsoGateway()) { var getTokenResult = ssoGateway.GetInvalidSsoToken(token); if (getTokenResult.Data == null) { var storeTokenResult = ssoGateway.StoreInvalidSsoToken(new InvalidSsoToken(token)); } } return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(HttpStatusCode.Unauthorized), cancellationToken)); } return(base.SendAsync(request, cancellationToken)); } catch (SecurityTokenValidationException) { return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(HttpStatusCode.Unauthorized), cancellationToken)); } catch (Exception) { return(Task <HttpResponseMessage> .Factory.StartNew(() => new HttpResponseMessage(HttpStatusCode.InternalServerError), cancellationToken)); } }
/// <summary> /// Store an invalid token from Sso /// <para> /// @author: Jennifer Nguyen, Brian Fann /// @updated: 4/23/2018 /// </para> /// </summary> /// <returns></returns> private ResponseDto <bool> StoreInvalidToken() { using (var ssoGateway = new SsoGateway()) { var getTokenResult = ssoGateway.GetInvalidSsoToken(_ssoToken.Token); if (getTokenResult.Data == null) { return(ssoGateway.StoreInvalidSsoToken(new InvalidSsoToken(_ssoToken.Token))); } return(new ResponseDto <bool> { Data = false }); } }